Wildfire 2.4.3 doesn’‘t send a complete set of challenges and responses for SASL auth. I think there’'s a bad assumption that there is only one set of challenge/response, and there can be several. The bug is in src/java/org/jivesoftware/wildfire/net/SASLAuthentication.java.
Here is an example of a bad XML dialog.
XMPP sent: ");
// We only support SASL for c2s
if (session instanceof ClientSession) {
((ClientSession) session).setAuthToken(new AuthToken(username));
Changed subject to include “With PATCH”
Message was edited by: andrewdied
Any comments on this? How do I get someone to take a look? It’'ll be more pronounced when the development moves to the java 1.5 libraries, too.
This isn’‘t an answer but I would be very interested to know if your patch fixes the problems with Net::XMPP and Python client authentication. At the moment Net::XMPP is only useable with Wildfire if you hack the Perl code to always do old style authentication. The SASL authentication fails after the client sends a response. Could the bug you’'ve patched cause this behavior?
Perhaps. I’‘ve heard gajim’‘s (python) sasl implementation isn’‘t very good, but I can login to wildfire with it. I haven’‘t tried perl sasl auth at all. Since the wildfire sasl isn’'t correct, I could definately see it breaking the perl sasl, though.
Hey Andrew,
Just to update this thread. I got your email with the patch and will try to apply it for 2.5.0 version. Will get back to you when the bug fix was applied.
Thanks,
– Gato
Hey Andrew,
The following issue JM-567 was created for this problem. The fix that you sent me was fine and it was included for the next release.
Thanks,
– Gato
This patch was applied to 2.5.0, and works.
I installed 2.5.0 last week to see if the patch Andrew submitted fixed the Perl Net::XMPP problem. It didn’‘t. I haven’'t had time to investigate what the actual problem is since hacking Net::XMPP to always do old style auth work for us right now.
Hey Ward,
Unfortunatelly, the patch included in JM-567 is not related to the DIGEST-MD5 seen with Net::XMPP. I’'m still not sure if Java implementation of the DIGEST-MD5 SASL mechanism is incorrect or if Net::XMPP is sending an incorrect SASL authentication packet. Anyway, there is not much we can do from Wildfire side so using another SASL mechanism or just using the old non-sasl authentication method is the way to go for now.
Regards,
– Gato