Not logged in. · Lost password · Register
Forum: agsXMPP RSS
Basic login fails
Avatar
jbriguet #1
Member since Mar 2008 · 4 posts
Group memberships: Members
Show profile · Link to this post
Subject: Authentification error with an @ in username and openfire
Hi, i'm using agsXMPP to run some tests with openfire, and i run into some problems with authentification.

Using this code :

private void button1_Click(object sender, EventArgs e)
        {
            try
            {
                xmpp = new XmppClientConnection("games.my.lan");
                xmpp.AutoResolveConnectServer = false;
                xmpp.ConnectServer = "games.my.lan";


                xmpp.OnSaslStart += new agsXMPP.sasl.SaslEventHandler(xmpp_OnSaslStart);

                xmpp.OnLogin += new ObjectHandler(xmpp_OnLogin);
                xmpp.OnError += new ErrorHandler(xmpp_OnError);
                xmpp.OnXmppConnectionStateChanged += new XmppConnectionStateHandler(xmpp_OnXmppConnectionStateChanged);
                xmpp.OnSocketError += new ErrorHandler(xmpp_OnSocketError);
                xmpp.OnAuthError += new XmppElementHandler(xmpp_OnAuthError);

                xmpp.Open("jbriguet@my.lan", "correctpassword");
            }
            catch(Exception e2)
            {

            }
        }

I got an error while authenticating saying : Not Authorized. ( <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized /></failure> )

I got the same thing using the miniclient, here the detailed log :

SEND: <stream:stream to='games.my.lan' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="my.lan" version="1.0" xml:lang="en" id="c4324f0a" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
SEND: <stream:stream to='games.my.lan' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="my.lan" version="1.0" xml:lang="en" id="c4324f0a" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><auth xmlns="http://jabber.org/features/iq-auth" /></stream:features>
SEND: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">XXXXXXXXXXXXXXXXXX</auth>
RECV: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
SEND: <stream:stream to='games.my.lan' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="my.lan" version="1.0" xml:lang="en" id="c4324f0a" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /><session xmlns="urn:ietf:params:xml:ns:xmpp-session" /></stream:features>
SEND: <iq id="agsXMPP_1" type="set" to="games.my.lan"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /></iq>
RECV: <iq xmlns="jabber:client" from="games.my.lan" to="my.lan/c4324f0a" type="error" id="agsXMPP_1"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /><error code="400" type="modify"><bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /></error></iq>

I tried with different authentification types (Plain, normal (md5 i think)), with different configuration of JiD/server. May the @ in the username still cause a problem here ?
Or would it be a server misconfiguration ? or is my code incorrect ?

Thank you in advance !
This post was edited 2 times, last on 2008-03-19, 13:08 by jbriguet.
Avatar
Alex #2
Member since Feb 2003 · 4317 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
there is no authentication problem in your debug. The authentication succeeded.

SEND: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">XXXXX</auth>
RECV: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />

but I also see no @ in your username when I decrypt/decode your SASL message.
Please escape it if this are real passwords.

The problem is at the resource binding.

Why are you using usernames with @? Please don't use them until you have to. The @ will be escaped according to XEP-0106 JID Escaping

Using usernames with @ will confuse your users and is only there to map such usernames in scenarios where other solutions are not possible.

There may be also a problem with your server configuration:


SEND: <stream:stream to='games.my.lan' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="my.lan" version="1.0" xml:lang="en" id="c4324f0a" >

the server domain from and to do not match: my.lan != games.my.lan

Alex
Avatar
jbriguet #3
Member since Mar 2008 · 4 posts
Group memberships: Members
Show profile · Link to this post
When i debug the program, the @ is changed to \\40, so i guess it's escaped fine.
I don't have the choice of using @ in username, actually, the in place system use the active directory tree to get users, and they contains @.

For the server configuration, i have to check with the administrator :) But, would it impact others software to modify the domain on the server ?
(Actually, games.my.lan is a machine name, while my.lan is a domain name)
And, in the case where we couldn't change the domain for any reason, what would be the possibilities for a workaround ?
This post was edited on 2008-03-19, 13:49 by jbriguet.
Avatar
Alex #4
Member since Feb 2003 · 4317 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by jbriguet:
When i debug the program, the @ is changed to \\40, so i guess it's
escaped fine.
yes, which is correct. Jid escaping is used there.

Quote by jbriguet:
I don't have the choice of using @ in username...
no, because the @ is the separator between in username and domain in
jabberIDs.

Quote by jbriguet:
actually, the in place system use the active directory tree to get users, and they contains @.
If my email address or active directory account is alex@server.com then I set my xmpp domain to server.com.
So my email address == my AD acount == my JabberId
AD has domains, so make the AD domain your XMPP domain. Everything is confusing your users and other federated users which will add your users to the contact list.

Quote by jbriguet:
Actually, games.my.lan is a machine name, while my.lan is a domain name
Openfire takes the machine name as the XMPP domain by default. So you
have to change it.

Alex
Avatar
jbriguet #5
Member since Mar 2008 · 4 posts
Group memberships: Members
Show profile · Link to this post
Well, as my sysadmin didn't change the domain (which is probably incorrect) on the server side (they don't touch if it works for most people, aka spark users), i tried to cheat, and it worked. I added an entry in the c:\windows\system32\drivers\etc\hosts file, which refers my.lan to the ip of the matching machine (games.my.lan). (192.168.xxx.xxx my.lan). And suddenly, it begans to works fine. So, well, i guess openfire and spark would work together even if the server configuration is incorrect, but, it's weird that agsXMPP wouldnt. Anyway, now it works, i'm looking for a proper way to cheat hosts, and it will be perfect :) Thanks a lot.

(If you get more advices, feel free to post)
Avatar
Alex #6
Member since Feb 2003 · 4317 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
as I said before your configuration is wrong. Which you can see in the stream headers here:
SEND: <stream:stream to='games.my.lan' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" from="my.lan" version="1.0" xml:lang="en" id="c4324f0a" >
If you send a stream header to a non existing domain the server MUST close the stream. People told me that Openfire accepts any domain in the stream header which is wrong too. According to your logs your server accepts only SASL PLAIN which will never detect the wrong domain. Even if authentication works this will cause you lots trouble later.
So please configure your server correctly, everything else makes no sense.

Quote by jbriguet:
I added an entry in the c:\windows\system32\drivers\etc\hosts file, which refers my.lan to the ip of the matching machine (games.my.lan). (192.168.xxx.xxx my.lan). And suddenly, it begans to works fine.
this is a hack only .As you see yourself agsXMPP tries to connect to the xmpp domain in the jid if no SRV records are setup. Fix your server or setup SRV records for XMPP.

Quote by jbriguet:
So, well, i guess openfire and spark would work together even if the server configuration is incorrect, but, it's weird that agsXMPP wouldnt. Anyway, now it works, i'm looking for a proper way to cheat hosts, and it will be perfect :)
No idea why Spark would work with such a configuration. Fix you config and agsXMPP will work.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: agsXMPP RSS