Cannot login users with name having a captial letter

peter · October 4, 2003, 6:25pm

I use Exodus to login to the server. I can create users without problems, but when Exodus login the user the server will return a 401 and 403. I fould out that user name with cap letter will always fail to login. For example, user “UPPER” will fail to login, while user “lower” will succeed. Why is cpatial letter username forbidden?

I am using the embedded database.

Here are the xml packets:

User “UPPER” failed to login:

SENT: <stream:stream to=“192.168.2.74” xmlns=“jabber:client” xmlns:stream=“http://etherx.jabber.org/streams” version=“1.0” >

RECV: <stream:stream xmlns=’‘jabber:client’’ xmlns:stream=’‘http://etherx.jabber.org/streams’’ from=’‘192.168.2.74’’ id=’‘e0fc621c’’>

SENT: UPPER

RECV:

SENT: UPPERtesttest</passwo rd>

RECV:

SENT: UPPER

RECV:

SENT: UPPERtesttest</passwo rd>

RECV:

Iain_Shigeoka · October 5, 2003, 9:51pm

Hi,

Can you log into the web admin UI and see how the user accounts were created (e.g. if the user was created but with a different name or wasn’'t created at all)?

Thanks

-iain

peter · October 5, 2003, 11:21pm

The account “UPPER” is there. I just can’'t login with it. I reproduced the behavior many times and I spent many hours just to figure out the cause.

Iain_Shigeoka · October 6, 2003, 5:45pm

Hi,

I located the bug and am working on a fix. I’'ll try to have a patch available soon.

-iain

peter · October 6, 2003, 11:39pm

Thanks for the quick response and support.

Iain_Shigeoka · October 7, 2003, 4:26pm

My pleasure. I have the issue fixed and I’‘m looking into getting another patch in before making the 1.0.7 release (depends on if I can get someone’‘s time to add the other patch quickly). If we can’‘t get the other patch in, we’'ll just release 1.0.7 with this one patch and worry about the other issue in a future release.

-iain

Iain_Shigeoka · October 7, 2003, 10:49pm

Hi,

1.0.7 has been released which should fix this problem. Please try it out and verify.

-iain

peter · October 7, 2003, 11:48pm

I just installed the new version and it works now, but there is another minor problem.

The problem is that the username is converted to lower case when a user is created and the case information is lost in the process.

Here is a packet from JiveMessenger:

RECV:

Here is a similar packet from jabber.org server:

RECV: <iq from=’‘CAPCAPCAP@jabber.org/Exodus’’ id=’‘jcl_17’’ type=’‘result’’><query xmlns=’‘jabber:iq:roster’’/>

Notice the case of the “from” attribute is preserved in the second packet.

I am not sure which is the correct behavior (as I didn’'t read the protocol), but personally I prefer the second one.

Iain_Shigeoka · October 8, 2003, 3:03am

Hi,

For better or worse, they both are the correct behavior according to the protocol specification. Servers have the option of preserving an address or converting it to a ‘‘stringprep’’ version (for most latin languages this means essentially lowercase, for asian languages it can be a bit more complex). Clients can’‘t and shouldn’'t rely on the addresses to maintain their case (just as domain names are not case sensitive).

Messenger plays it safe and always sends the stringprep’‘d version. I can understand the desire to preserve case and will add it to the wish list. I think some client developers may find it better that the addresses are stringprep’‘d so that they can do a simple binary comparison of addresses to check for equality without having to worry about stringprep’‘ing (it can be an intensive operation). As a client developer though, you need to be prepared for stringprep’'d addresses since messages pass from server to server, and there is no way to guarantee the addresses will maintain their case in transit.

-iain