Adium

Opened 12 years ago

Closed 12 years ago

#9748 closed defect (fixed)

Jabber allowing no password produces problems

Reported by: evands Owned by: evands
Milestone: Adium 1.3 Component: Service/XMPP (Jabber)
Version: Severity: normal
Keywords: 1.2.x Cc: James Hsieh, Ken Raeburn
Patch Status:

Description

From #9492:

raeburn said:

20:57:37: Getting accountActionMenuItems for <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu
20:57:37: (Libpurple: jabber) jabber_actions: have pep: YES
20:57:39: Getting accountActionMenuItems for <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu
20:57:39: (Libpurple: jabber) jabber_actions: have pep: YES
20:58:03: (Libpurple: jabber) Sending (ssl): <iq type='get' id='purple6fc3c851'><ping xmlns='urn:xmpp:ping'/></iq>
20:58:03: (Libpurple: cdsa) receive failed (-9806): Connection reset by peer
20:58:03: Connection Disconnected: gc=b4bfe40 (Read Error)
20:58:03: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu accountConnectionReportDisconnect: Read Error
20:58:03: (Libpurple: cdsa) receive failed (-9806): Unknown error: 0
20:58:03: (Libpurple: account) Disconnecting account 0x8c2ab10
20:58:03: (Libpurple: connection) Disconnecting connection 0xb4bfe40
20:58:03: (Libpurple: connection) Deactivating keepalive.
20:58:03: (Libpurple: jabber) XML parser error for JabberStream 0x0: Domain 1, code 5, level 3: Extra content at the end of the document

20:58:03: Disconnected: gc=b4bfe40
20:58:03: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu: Telling the core we disconnected
20:58:03: -[AIAccount(Abstract) serverReportedInvalidPassword]: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu
20:58:03: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu: Disconnected ("Read Error"): Automatically reconnecting immediately
20:58:03: -[AIAccount(Abstract) retrievePasswordThenConnect]: Retrieving <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu's password (promptOption 1)
20:58:03: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu: Updating status for key: Online
20:58:03: (Libpurple: connection) Destroying connection 0xb4bfe40
20:58:08: (Libpurple: util) Writing file accounts.xml to directory /Users/raeburn/Library/Application Support/Adium 2.0/Users/Default/libpurple
20:58:08: (Libpurple: util) Writing file /Users/raeburn/Library/Application Support/Adium 2.0/Users/Default/libpurple/accounts.xml
20:58:08: (Libpurple: util) Writing file blist.xml to directory /Users/raeburn/Library/Application Support/Adium 2.0/Users/Default/libpurple
20:58:08: (Libpurple: util) Writing file /Users/raeburn/Library/Application Support/Adium 2.0/Users/Default/libpurple/blist.xml
20:58:18: <ESPurpleJabberAccount:5a8eea0 11>:raeburn@mit.edu: Updating status for key: Online

which demonstrates that the stupid workaround for stupid old vesions of openfire is in fact stupid (ESPurpleJabberAccount.m:427).

jystickman continues: "This change appears to have broken logins for me.

I am trying to connect to a SunONE IM server (Jabber/XMPP) and AdiumX 1.2.5 no longer brings up a dialog to prompt me for a password. If I don't include a password in my Account Settings, Adium appears to try to log me in with no password, which results in Error: 403: Forbidden

The only way I can log in is to populate the password field. So it seems like it's failing to ask for a password now (instead of trying the alternate mechanisms)."

It looks like 403 isn't properly registering as incorrect-password.

Change History (15)

comment:1 Changed 12 years ago by James Hsieh

I should have provided some additional information in my original note:

MBP 2.6GHz running Leopard 10.5.2
Connecting to Sun Instant Messaging Server 7.2 (I believe).

In 1.2.4, leaving the Password information in the account blank caused a pop-up to come up requesting a password for my account.

In 1.2.5, no pop-up ever appears, and Preferences->Accounts will show Adium in a loop attempting to connect, but receiving Error: 403: Forbidden

If you populate the password field Preferences->Accounts-><Account> then AdiumX logs you in successfully.

I have a confirmation of at least one other user experiencing the same problem.

Again, behavior was correct in 1.2.4. Behavior broken in 1.2.5. Considered serious since it requires you to store your password within AdiumX or go through some amount of work to work around...

comment:2 Changed 12 years ago by Evan Schoenberg

Per #9750 some other broken server gives Error 503: Service Unavailable in the same situation. I hate broken servers.

comment:3 Changed 12 years ago by Evan Schoenberg

Resolution: fixed
Status: newclosed

(In [23244]) Properly handle various failures of our handling of the password-not-specified case for Jabber. Some servers have broken responses. Also, there are times that a read error and no password don't equal a connection failure; keep track of whether this occurs as we're conecting or not to know whether it is the case that should be treated as a password failure. Fixes #9748

comment:4 Changed 12 years ago by Evan Schoenberg

(In [23245]) Merged [23244]: Properly handle various failures of our handling of the password-not-specified case for Jabber. Some servers have broken responses. Also, there are times that a read error and no password don't equal a connection failure; keep track of whether this occurs as we're conecting or not to know whether it is the case that should be treated as a password failure. Fixes #9748

comment:5 Changed 12 years ago by Robert

Keywords: 1.2.x added

comment:6 Changed 12 years ago by Ryan Tokarek

The server I'm running is ejabberd-2.0.0. Whether the password field is empty or filled with an incorrect password, Adium reports and error 503. I'm happy to file bugs against ejabberd if this is their bug instead. I'm poking through its source to see what its error reporting is. Since it's all ssl'ed I can't do a simple tcpdump to see the response.

This is what gets logged in the ejabberd logs regardless of empty or incorrect (non-zero-length) password. The Adium displayed error is the same regardless of empty or non-empty, but still incorrect password. --Ryan

=INFO REPORT==== 2008-05-01 12:09:32 ===
I(<0.277.0>:ejabberd_listener:112) : (#Port<0.7969>) Accepted connection {{192,168,33,19},50947} -> {{192,168,32,111},5222}

=INFO REPORT==== 2008-05-01 12:09:32 ===
I(<0.7256.0>:ejabberd_c2s:561) : ({socket_state,tls,{tlssock,#Port<0.7969>,#Port<0.7971>},<0.7255.0>}) Failed authentication for user@example.com

comment:7 Changed 12 years ago by Evan Schoenberg

Yeah, that's an ejabberd bug then. A blank password and an incorrect password should be treated the same, and both should send an authentication error 401. Error 406, 'insufficient information provided', would also be a reasonable way to handle a blank password, though 401 would be preferable in my opinion. Either way, 503 service unavailable is clearly wrong.

You'll get better (and easier) XMPP information from the Adium Debug Log (use the CurrentAdiumDebug or a subversion build) than from tcpdump.

Please note in this ticket the ejabberd bug link for reference :)

comment:8 Changed 12 years ago by Ryan Tokarek

Here is the relevant section of debug output from CurrentAdiumDebug with my username and no password. (the behavior is the same if the password is non-zero but still incorrect).

It looks like the jabber server does return a <failure ...><not authorized/></failure>, but Adium immediately after, tries to do a non-sasl auth (which I suppose is a sensible fall-back). From XEP-0078 ( http://www.xmpp.org/extensions/xep-0078.html ):

"If the server does not support non-SASL authentication (e.g., because it supports only SASL authentication as defined in RFC 3920), it MUST return a <service-unavailable/> error. If the client previously attempted SASL authentication but that attempt failed, the server MUST return a <policy-violation/> stream error (see RFC 3920 regarding stream error syntax)."

It is in response to the non-sasl auth attempt that the server says 503, service unavailable (and ends the connection). I think ejabberd is supposed to report a "policy-violation" instead. The "service unavailable" error would be appropriate if Adium first tried non-SASL auth instead.

In my reading of the RFCs (and my understanding could very well be incomplete), Adium is inappropriately trying a different auth type in the same stream, and ejabberd is responding with the wrong error to that attempt.

Ryan

18:19:21: Connecting: gc=0x117e1140 (Authenticating) 7 / 9
18:19:21: (Libpurple: jabber) Recv (ssl)(187): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
18:19:21: (Libpurple: sasl) Mechs found: PLAIN 
18:19:21: (Libpurple: jabber) Sending (ssl): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true' mechanism='PLAIN'>AHRva2FyZWsA</auth>
18:19:21: (Libpurple: jabber) Recv (ssl)(77): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>
18:19:21: (Libpurple: sasl) Mechs found:  
18:19:21: (Libpurple: sasl) No worthy mechs found
18:19:21: (Libpurple: jabber) Sending (ssl): <iq type='get' id='purplec4cb1ccc'><query xmlns='jabber:iq:auth'><username>tokarek</username></query></iq>
18:19:21: ************ tokarek@wolfram.com --step-- 7
18:19:21: (Libpurple: jabber) Recv (ssl)(167): <iq from='wolfram.com' id='purplec4cb1ccc' type='error'><error code='503' type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
18:19:21: Connection Disconnected: gc=117e1140 (503: Service Unavailable)
18:19:21: <ESPurpleJabberAccount:dd4e520 1>:tokarek@wolfram.com accountConnectionReportDisconnect: 503: Service Unavailable
18:19:21: (Libpurple: account) Disconnecting account 0x10b719b0
18:19:21: (Libpurple: connection) Disconnecting connection 0x117e1140
18:19:21: (Libpurple: jabber) XML parser error for JabberStream 0x0: Domain 1, code 5, level 3: Extra content at the end of the document

18:19:21: Disconnected: gc=117e1140
18:19:21: <ESPurpleJabberAccount:dd4e520 1>:tokarek@wolfram.com: Telling the core we disconnected
18:19:21: <ESPurpleJabberAccount:dd4e520 1>:tokarek@wolfram.com: Disconnected ("503: Service Unavailable"): Automatically reconnecting in 5.000000 seconds (0 attempts performed)
18:19:21: (Libpurple: connection) Destroying connection 0x117e1140
18:19:23: <ESPurpleJabberAccount:dd4e520 1>:tokarek@wolfram.com: Updating status for key: Online
18:19:26: (Libpurple: util) Writing file accounts.xml to directory /Volumes/Home/rtokarek/Library/Application Support/Adium 2.0/Users/Default/libpurple
18:19:26: (Libpurple: util) Writing file /Volumes/Home/rtokarek/Library/Application Support/Adium 2.0/Users/Default/libpurple/accounts.xml
18:19:26: (Libpurple: util) Writing file blist.xml to directory /Volumes/Home/rtokarek/Library/Application Support/Adium 2.0/Users/Default/libpurple
18:19:26: (Libpurple: util) Writing file /Volumes/Home/rtokarek/Library/Application Support/Adium 2.0/Users/Default/libpurple/blist.xml

comment:9 Changed 12 years ago by Evan Schoenberg

Resolution: fixed
Status: closedreopened

Dangit... that exists to work around an iChat Server bit of stupidity that it expects a SASL attempt for GSSAPI followed by a jabber:iq:auth attempt.

comment:10 Changed 12 years ago by Jordan

Summary: Jabber allowing no-passwod produces problemsJabber allowing no password produces problems

comment:11 Changed 12 years ago by Evan Schoenberg

Owner: changed from Andreas Monitzer to Evan Schoenberg
Status: reopenednew

comment:12 Changed 12 years ago by Evan Schoenberg

Ryan, please try Adium_1.3svn20080502 and let me know if it fixes your problem.

comment:13 in reply to:  12 Changed 12 years ago by Ryan Tokarek

Replying to evands:

Ryan, please try Adium_1.3svn20080502 and let me know if it fixes your problem.

Yup, that fixed the problem. I now get prompted for a password as expected if I leave the preferences panel entry blank or if I put in an incorrect password. Thanks much! I hope the change can make it into the next release, and that it doesn't break other things for you guys.

Ryan

comment:14 in reply to:  12 Changed 12 years ago by James Hsieh

Replying to evands:

Ryan, please try Adium_1.3svn20080502 and let me know if it fixes your problem.

Confirmed this also fixes my problem. Appreciate the fix.

--James

comment:15 Changed 12 years ago by Jordan

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.