ejabberd icon indicating copy to clipboard operation
ejabberd copied to clipboard
verified publisher icon processone

SASL2: Stable resource is used if no user-agent id is set.

Open mdosch opened this issue 2 years ago • 8 comments

Environment

  • ejabberd version: 24.02.17-messaging.one
  • Erlang version: unknown
  • OS: unix/linux 6.1.0
  • Installed from: unknown

@weiss might fill the gaps if necessary.

Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml

unknown

Errors from error.log/crash.log

unknown

Bug description

Clients SHOULD also include a element, informing the server about the connecting client. The 'id' attribute is RECOMMENDED, and if present contains a unique stable identifier for the client installation. The contents of the 'id' attribute MUST be a UUID v4. This allows the server to provide functionality such as deriving stable resource identifiers (see Bind 2.0 (XEP-0386) [5]). https://xmpp.org/extensions/xep-0388.html#initiation

Ejabberd is providing a stable resource although no id attribute is set in the user-agent element.

mdosch avatar Apr 07 '24 11:04 mdosch

I fixed this recently in https://github.com/processone/xmpp/commit/1b1418ab2f79b26c31a6cd6c91d32fb477b56850

prefiks avatar Apr 08 '24 07:04 prefiks

This fixes crash in case of client sending bind2 tag but no user-agent, as we tried to use missing user-agent to generate stable resource.

But in my scenario there is a user-tag but no ID. Still ejabberd gives me a stable resource.

mdosch avatar Apr 08 '24 07:04 mdosch

This change is not yet available in ejabberd, it was added to library that ejabberd uses, but ejabberd uses version of that library from before that change was introduced.

And this change should also be triggered case where there is missing/empty id in user-agent

prefiks avatar Apr 08 '24 08:04 prefiks

@mdosch, messaging.one now has the commit in question, just in case you'd like to test it. If things look fine, this issue could be closed I guess.

weiss avatar Apr 08 '24 09:04 weiss

Seems to still set a stable resource in absence of user-agent id:

<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1-PLUS'><initial-response>cD10bHMtZXhwb3J0ZXIsLG49bWRvc2NoLHI9ODk2OWQ3ZjcyOWQzOTRiZA==</initial-response><user-agent><software>go-sendxmpp</software></user-agent><bind xmlns='urn:xmpp:bind:0'><tag>go-sendxmpp</tag></bind></authenticate>
[…]
<success xmlns='urn:xmpp:sasl:2'><bound xmlns='urn:xmpp:bind:0'/><authorization-identifier>[email protected]/go-sendxmpp.xuIUkF6Ve2</authorization-identifier><additional-data>dj1PdHVqU0dCSWo5WnUwMHJEWEh6NWFsWHljR3c9</additional-data></success>

<authenticate xmlns='urn:xmpp:sasl:2' mechanism='SCRAM-SHA-1-PLUS'><initial-response>cD10bHMtZXhwb3J0ZXIsLG49bWRvc2NoLHI9OGJiYzYxODE1NmM1ZmRlOA==</initial-response><user-agent><software>go-sendxmpp</software></user-agent><bind xmlns='urn:xmpp:bind:0'><tag>go-sendxmpp</tag></bind></authenticate>
[…]
<success xmlns='urn:xmpp:sasl:2'><bound xmlns='urn:xmpp:bind:0'/><authorization-identifier>[email protected]/go-sendxmpp.xuIUkF6Ve2</authorization-identifier><additional-data>dj04NkV2OXlUYk1VckdDdjRmR1RXZGd6UWd4YlU9</additional-data></success>

mdosch avatar Apr 08 '24 10:04 mdosch

Hm, i will see if i can reproduce that then, but from looking at what code does i though we should be skip code that does that without id.

prefiks avatar Apr 08 '24 10:04 prefiks

Looks like i had a typo that didn't properly detect empty id - fixed in https://github.com/processone/xmpp/commit/12a2e3feadc0dfdf6a56a2b17925c1275adc2ef9

prefiks avatar Apr 08 '24 18:04 prefiks

Thanks, I can confirm that it works now as expected.

mdosch avatar Apr 08 '24 18:04 mdosch