I setup ejabberd,and use external auth.I use gloox for client.when I set jid to "@domain.com" and password to "" .it success login to the ejabberd server.
log: level: 0, area: 8, This is gloox 1.0, connecting to domain.com:-1...
log: level: 1, area: 32, Notice: gloox does not support SRV records on this platform.
Using A records instead.
log: level: 1, area: 32, Notice: no SRV record found for domain.com,
using default port.
log: level: 0, area: 32, getprotobyname( "tcp" ) failed. WSAGetLastError: 11003.
Falling back to IPPROTO_TCP: 6
log: level: 0, area: 32, Connecting to domain.com
log: level: 0, area: 32, Connected to domain.com
log: level: 0, area: 262144,
<?xml version='1.0' ?>
<stream:stream
to='domain.com'
xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams'
xml:lang='en'
version='1.0'>
log: level: 0, area: 131072,
<stream:stream
xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams'
id='157342795'
from='domain.com'
version='1.0'
xml:lang='en'/>
log: level: 0, area: 131072,
<stream:features xmlns:stream='http://etherx.jabber.org/streams'>
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
log: level: 0, area: 262144,
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
log: level: 0, area: 131072,
<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
log: level: 0, area: 4, starting TLS handshake...
log: level: 0, area: 8, connection encryption active
log: level: 0, area: 262144,
<?xml version='1.0' ?>
<stream:stream
to='domain.com'
xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams'
xml:lang='en' version='1.0'>
log: level: 0, area: 131072,
<stream:stream
xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams'
id='3065004984'
from='domain.com'
version='1.0'
xml:lang='en'/>
log: level: 0, area: 131072,
<stream:features xmlns:stream='http://etherx.jabber.org/streams'>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
log: level: 0, area: 262144,
<message to='michel@domain.com' id='uid:8da341fd:00004823' type='chat' xmlns='jabber:client'>
<body>fssss</body>
<subject>csubject</subject>
<thread>glooxuid:8da341fd:00000029</thread>
</message>
log: level: 0, area: 262144,
<message to='michel@domain.com' id='uid:8da341fd:000018be' type='chat' xmlns='jabber:client'>
<body>zzzzz</body>
<subject>csubject</subject>
<thread>glooxuid:8da341fd:00000029</thread>
</message>
It seems external script will
It seems external script will not get stdin in this situation.
bbsqbbsq wrote: I setup
I setup ejabberd,and use external auth.I use gloox for client.when I set jid to "@domain.com" and password to "" .it success login to the ejabberd server.
Is this 100% reproducible? How do you configure auth in ejabberd.cfg, and what extauth script do you use?
%{auth_method,
%{auth_method, internal}.%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
{auth_method, external}.
{extauth_program, "/home/ejabberd_auth.php"}.
{extauth_cache,false}.
%%
I use drupal php script.It is strange,and another strange thing comes.I change my drupal account password.Then I use gloox client with the old password and the same account. This time get the same thing like above said.But it seems fake login,because I do not see this account online.I think it is the script bug.
Let's see if I understood this
You say that you:
Is all this correct?
1.yes2.yes3.not provide
1.yes
2.yes
3.not provide password
4.there is no connection displayed in ejabberd WebAdmin.
5.yes
6.no
gloox sent account name like"@domain.com" and null password to ejabberd server,ejabberd server received account info.ejabberd server should sent this info to the extauth script,but the situation is script get nothing.so there is no ture or false authentcation return to ejabberd server or ,and there will also be no ture or false return to gloox.But the strange thing comes, gloox seems accept true authentication from ejabberd server, start to send message to others, but ejabberd server do not accept it, no connection in webadmin, and others will not receive message.
Are you sure it's a problem in ejabberd?
gloox sent account name like"@domain.com" and null password to ejabberd server,
ejabberd server received account info.
ejabberd server should sent this info to the extauth script,
but the situation is script get nothing.
I can't see in your log the stanza that you send to provide the auth information "@domain" and null password. If you don't send that info, ejabberd doesn't receive the account info, and doesn't call the extauth script.
ejabberd server do not accept it, no connection in webadmin, and others will not receive message.
So, ejabberd doesn't accept the client authentication, neither rejects it. ejabberd simply didn't yet evaluate the client authentication, because the client didn't yet provide it. Until then, the client messages are blocked.
gloox seems accept true authentication from ejabberd server, start to send message to others,
Well, that seems a bug in gloox, or in your client.
sucessfule login with Null password and NULL name
That is false, according to the logs and the explanation you provided. It seems that this happens: ejabberd does not successfully login that misterious client; it is only the client who thinks it was successfully logged in.