ejabberd - Comments for "sucessfule login with Null password and NULL name"

Are you sure it's a problem in ejabberd?

mfoss — Tue, 08 Jun 2010 08:02:37 +0000

bbsqbbsq wrote:

I can't see in your log the stanza that you send to provide the auth information "@domain" and null password. If you don't send that info, ejabberd doesn't receive the account info, and doesn't call the extauth script.

bbsqbbsq wrote:

ejabberd server do not accept it, no connection in webadmin, and others will not receive message.

So, ejabberd doesn't accept the client authentication, neither rejects it. ejabberd simply didn't yet evaluate the client authentication, because the client didn't yet provide it. Until then, the client messages are blocked.

bbsqbbsq wrote:

gloox seems accept true authentication from ejabberd server, start to send message to others,

Well, that seems a bug in gloox, or in your client.

bbsqbbsq wrote:

sucessfule login with Null password and NULL name

That is false, according to the logs and the explanation you provided. It seems that this happens: ejabberd does not successfully login that misterious client; it is only the client who thinks it was successfully logged in.

1.yes2.yes3.not provide

bbsqbbsq — Tue, 08 Jun 2010 03:40:28 +0000

1.yes
2.yes
3.not provide password
4.there is no connection displayed in ejabberd WebAdmin.
5.yes
6.no

gloox sent account name like"@domain.com" and null password to ejabberd server,ejabberd server received account info.ejabberd server should sent this info to the extauth script,but the situation is script get nothing.so there is no ture or false authentcation return to ejabberd server or ,and there will also be no ture or false return to gloox.But the strange thing comes, gloox seems accept true authentication from ejabberd server, start to send message to others, but ejabberd server do not accept it, no connection in webadmin, and others will not receive message.

Let's see if I understood this

mfoss — Mon, 07 Jun 2010 16:29:27 +0000

You say that you:

configured ejabberd to use extauth, a drupal php script
connect to ejabberd with a custom client that uses gloox
the client does not provide any authentication
the client connection is displayed in ejabberd WebAdmin. If the client didn't provide any auth information, what do you see in WebAdmin exactly?
The client sends messages
And the destinations receive those messages

Is all this correct?

%{auth_method,

bbsqbbsq — Mon, 07 Jun 2010 13:12:56 +0000

%{auth_method, internal}.
%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
{auth_method, external}.
{extauth_program, "/home/ejabberd_auth.php"}.
{extauth_cache,false}.
%%

I use drupal php script.It is strange,and another strange thing comes.I change my drupal account password.Then I use gloox client with the old password and the same account. This time get the same thing like above said.But it seems fake login,because I do not see this account online.I think it is the script bug.

bbsqbbsq wrote: I setup

mfoss — Mon, 07 Jun 2010 10:46:31 +0000

bbsqbbsq wrote:

I setup ejabberd,and use external auth.I use gloox for client.when I set jid to "@domain.com" and password to "" .it success login to the ejabberd server.

Is this 100% reproducible? How do you configure auth in ejabberd.cfg, and what extauth script do you use?

It seems external script will

bbsqbbsq — Mon, 07 Jun 2010 04:01:26 +0000

It seems external script will not get stdin in this situation.