Illegal JID

We are using a mix if Spark 1.1.3 and 1.1.4 with Wildfire 2.6.2. To make it easier on our account admin we left account creation open for a few days. Some users are hacking around trying to test security or more likely just messing with us.

Some accounts they have created are too long to delete, they show in the logs as an illegal JID and I get messages like this: Node cannot be larger than 1023 bytes. Size is 4032 bytes. I can see them, but when I delete them I get a java exception error or kicked from the admin console.

Is there a way I can delete these guys? Right now I am lookign to export my users with the plugin, clean the list and reimport them on to a fresh server. The open account creation will be closed soon and it wont be an issue then, but I prefer to have a way out of this for the future. Thanks!!

Hey Rich,

All these problems are important to be fixed. Can you post the exceptions that you have in your log files? We should be able to fix them so you can easily delete these users from the admin console. Meanwhile, you can try deleting them from the database (once the server has been stopped).

The tables where you will have to delete some data are:

jiveUser

jiveUserProp

jiveRoster (if the user created a roster)

jiveRosterGroups

jivePrivacyList (if user created privacy lists)

jiveOffline (to delete offline messages)

jivePrivate

You can find the complete database schema guide here[/url]

Regards,

– Gato

BTW, if you don’'t mind leaving some dangling data in the DB then you can just delete the user from jiveUser and that would be it.

– Gato

Thanks for the reply. I’‘ll start looking into DbVisualizer or iSQL-Viewer to mess around in there. Here is an error from the logs… it doesn’'t look like the error log gets populated when I simply try to delete the account. I cropped a few kilobytes from the userid to make it more readable.

-error-

java.lang.IllegalArgumentException: Illegal JID: wfi-whooooooaaaaaaaaaaaaaaooooooooooooooooooooaaaaaaaaaaaaaaaaaaaoooooooooooooo ooooooooaaaaaaaaaaaaaaaaaaaaaaaaaaaaaoooooooooooooooooooooooooaaaaaaooooooaaaaaa aaaaaaaaooooooooooooooooooooaaaaaaaaaaaaaaaaaaaooooooooooooooooooooooaaaaaaaaaaa aaaaaaaaaaaaaaaaaaoooooooooooooooooooooooooaaaaaaooooooaaaaaaaaaaaaaaooooooooooo oooooooooaaaaaaaaaaaaaaaaaaaooooooooooooooooooooooaaaaaaaaaaaaaaaaaaaaaaaaaaaaao ooooooooooooooooooooooooaaaaaaooooooaaaaaaaaaaaaaaooooooooooooooooooooaaaaaaaaaa aaaaaaaaaooooooooooooooooooooooaaaaaaaaaaaaaaaaaaaaaaaaaaaaaoooooooooooooooooooo oooooaaaaaaooooooaaaaaaaaaaaaaaooooooooooooooooooooaaaaaaaaaaaaaaaaaaaoooooooooo ooooooooooooaaaaaaaaaaaaaaaaaaaaaaaaaaaaaoooooooooooooooooooooooooaaaaaaooooooaa aaaaaaaaaaaaooooooooooooooooooooaaaaaaaaaaaaaaaaaaaooooooooooooooooooooooaaaaaaa aaaaaaaaaaaaaaaaaaaaaaoooooooooooooooooooooooooaaaaaaooooooaaaaaaaaaaaaaaooooooo oooooooooooooaaaaaaaaaaaaaaaaaaaooooooooooooooooooooooaaaaaaaaaaaaaaaaaaaaaaaaaaaaaoooooooooooooooaaaaaa_yea@wildfire.mycom pany.com

at org.xmpp.packet.JID.init(JID.java:401)

at org.xmpp.packet.JID.(Roster.java:84)

at org.jivesoftware.wildfire.roster.RosterManager.getRoster(RosterManager.java:91)

at org.jivesoftware.wildfire.user.User.getRoster(User.java:280)

at org.jivesoftware.wildfire.plugin.ImportExportPlugin.exportUsers(ImportExportPlu gin.java:143)

at org.jivesoftware.wildfire.plugin.ImportExportPlugin.exportUsersToFile(ImportExp ortPlugin.java:75)

at org.jivesoftware.wildfire.plugin.userImportExport.export_002dfile_jsp._jspServi ce(export_002dfile_jsp.java:50)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)

at org.jivesoftware.wildfire.container.PluginServlet.handleJSP(PluginServlet.java: 227)

at org.jivesoftware.wildfire.container.PluginServlet.service(PluginServlet.java:91 )

at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:830)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:43)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)

at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler. java:471)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)

at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)

at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.ja va:633)

at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)

at org.mortbay.http.HttpServer.service(HttpServer.java:909)

at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)

at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)

at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)

at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)

at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)

at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

Caused by: java.lang.IllegalArgumentException: Node cannot be larger than 1023 bytes. Size is 55856 bytes.

at org.xmpp.packet.JID.init(JID.java:353)

… 40 more

It was pretty straight forward to get in there and clean it up. I think part of my problem with even generating error messages was that when the ID is long enough your web browswer will do some cropping before Wildfire even gets a chance to fail.

On a somewhat related note I would love to see a more robust security log in Wildfire. It is all but impossible to audit user logins verus account creations and failed password attempts. Thanks for the help!

Hi Rich,

you’'re right, there are browsers which does support only about 1000 characters as an URI while RFC2616 does not limit the length. So it would explain why this fails.

@ Gato: And it would be once again a good coding style to use the users id and not the users name within the URL to edit/delete a user. This would also solve the encoding problem with Tomcat.

LG