ejabberd - Comments for "net:jabber and "digest-uri seems invalid" / authentication problem"

Fix

grant — Wed, 08 Jul 2009 14:12:25 +0000

The code above is part of the fix. But it still breaks if you are using srv records to point to a different host.
I have fixed it on my system - I still need to double check what I had to change, but I will post the changes needed to get things working smoothly.

Install all the needed modules from cpan. In my case I'm using Net::Jabber::Bot.
Also, install Net::DNS::Resolver if you are using srv records.

----------------------------------
In Net/XMPP/Connection.pm around line 135, underneath "delete($self->{SESSION});" add:

        #HACK - makes sure componentname is defined
        if (!defined($self->{SERVER}->{componentname})) {
                $self->{SERVER}->{componentname} = $self->{SERVER}->{hostname};
        }

A few lines below that, in the Connect statement, under the ssl line, before the "(defined($self->{SERVER}->{componentname}", add:

                    #HACK - allow defining srv to use srv records (you'll usually want to set this to "_xmpp-client._tcp"
                    (defined($self->{SERVER}->{srv}) ?
                     (srv => $self->{SERVER}->{srv}) :
                     ()
                    ),

-----------------------------------

In XML/Stream.pm, around line 2123, change:
"$self->{SIDS}->{$sid}->{sasl}->{client} = $sasl->client_new();"
to

$self->{SIDS}->{$sid}->{sasl}->{client} = $sasl->client_new('xmpp',$self->{SIDS}->{$sid}->{to});

I'm not sure if this is needed on all systems, but I had problems with "Undefined subroutine &Net::DNS::Resolver", this fixes that. At line 284, underneath "import Net::DNS;" add:

use Net::DNS;

----------------------------------------------------------------------------------

When using Net:Jabber::Client Connect, be sure to specify in the connect parameters:

srv=>"_xmpp_client._tcp"

If you want to use srv records to find the correct jabber host.
-------------------------------

I hope someone else finds this helpful. I've spent the better part of two days trying to figure it out! If anyone knows how to get these changes added to the (apparently abandoned) Net::XMPP modules on cpan, please go ahead and do so. Otherwise, at least the next person who searches for this should find this post.

In my case, I was able to

bergenpeak — Tue, 16 Jun 2009 23:11:29 +0000

In my case, I was able to find a google page (translated) which pointed to a perl xmpp client library problem.

http://translate.google.com/translate?hl=en&sl=pl&u=http://forum.pld-lin...
l%26hs%3Driy

I made the code change to the stream.pm module (as suggested) and it fixed my problem. Note that the translation gets confused on the perl curly braces and paranthesis, so you'll need to tweak what's shown in the translation when you patch the stream.pm code.

I think I had seen another post where they had said they had the same issue and retrying on a clean perl build worked-- maybe there's an official update to stream.pm that fixes this issue...

Fix the XMPP client. Temporary workaround.

mfoss — Tue, 16 Jun 2009 16:41:02 +0000

You will prefer to fix your XMPP client library. In any case, you can apply this temporary workaround:

--- cyrsasl_digest.erl
+++ cyrsasl_digest.erl
@@ -65,11 +65,7 @@ mech_step(#state{step = 3, nonce = Nonce} = State, ClientIn) ->
            DigestURI = xml:get_attr_s("digest-uri", KeyVals),
            UserName = xml:get_attr_s("username", KeyVals),
            case is_digesturi_valid(DigestURI, State#state.host) of
-               false ->
-                   ?DEBUG("User login not authorized because digest-uri "
-                          "seems invalid: ~p", [DigestURI]),
-                   {error, "not-authorized", UserName};
-               true ->
+               _ ->
                    AuthzId = xml:get_attr_s("authzid", KeyVals),
                    case (State#state.get_password)(UserName) of
                        {false, _} ->

> # Change ejabberd to not

masterd01 — Tue, 16 Jun 2009 11:41:24 +0000

> # Change ejabberd to not verify digest-uri.

Could you explain, how i do this?
I've the same Problem

If client uses SASL Digest, must provide proper digest-uri

mfoss — Tue, 16 Jun 2009 08:56:16 +0000

ejabberd 2.0.3 and higher implements digest-uri verification, as recommended by XMPP-Core, see EJAB-569.

This means that the XMPP/Jabber server of domain example.com (in this case ejabberd) expects that a client that is authenticating using SASL Digest will provide something like:

digest-uri="xmpp/example.com"

But it seems your client sends this:

digest-uri="/"

You have several solutions:

Improve your XMPP client library to provide a proper digest-uri in the SASL Digest.
Change your client or library to not use SASL Digest.
Change ejabberd to not verify digest-uri.
Use an older version of ejabberd that didn't yet implement this verification.

ejabberd - Comments for "net:jabber and &quot;digest-uri seems invalid&quot; / authentication problem"

Fix

In my case, I was able to

Fix the XMPP client. Temporary workaround.

> # Change ejabberd to not

If client uses SASL Digest, must provide proper digest-uri

ejabberd - Comments for "net:jabber and "digest-uri seems invalid" / authentication problem"