[ejabberd] SASL authentication over BOSH

Tomas Karasek tom.to.the.k at gmail.com
Fri Aug 1 15:29:45 MSD 2008 

Hi,

I'm just working on BOSH support in Gajim and I'm testing with ejabberd 
2.0.1. It listens on 5280 for BOSH connections and on 5222 for XMPP.

SASL atuhentication scenario is shown in XEP 0206: 
http://www.xmpp.org/extensions/xep-0206.html#preconditions-sasl
and ejabberd works well due to it.

But problem occurs when I send empty body after the session init 
response (instead of <auth> element with desired SASL method). <auth> is 
sent later via different HTTP connection and process continues except 
for that the <success> element is not sent from server at the end 
(altough there is a pending request at that time).
I.e. when client send the empty <response>
(Example 8. SASL authentication step 5 in XEP 0206)
server should respond with <success> but it send only empty body tag - 
see dump below. This behavior seems to be caused by the fact I don't 
send <auth> right after init response, because it works well when I do.

The reason I can't send the auth right after the init response is that 
there is a warning dialog in Gajim for case of unsecured connection, 
which has to be confirmed before the authentication takes place.

What I'd like to see between the init response and auth start is the 
requests/responses with empty body tags until client will finally start 
the authentication or server decide to cancel the BOSH session for some 
reason.
Do you think this is against the BOSH spec?


Follows dump of the communication between client and ejabberd:5280
Could ejabberd.log or sasl.log help to see what going on?

Regards,

Tomas Karasek



Dump:
--------src port: 48258, dst port: 5280 -------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 315
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" 
newkey="487654a0c89fbe0e782a3e0444e9b70986bcfdd3" hold="2" ver="1.6" 
ack="1" route="myserver.org:5222" wait="30" content="text/xml; 
charset=utf-8" to="myserver.org" xml:lang="en" rid="1058250915174452" 
xmpp:version="1.0" xmlns:xmpp="urn:xmpp:xbosh" />
-------------------------------------------------------

--------src port: 5280, dst port: 48258 -------------------------------
HTTP/1.1 200 OK
Content-Length: 603
Content-Type: text/xml; charset=utf-8

<body xmlns='http://jabber.org/protocol/httpbind' 
sid='33c1262b62c20c8ee1a8081bf0ba950b654048cc' wait='30' requests='2' 
inactivity='30' maxpause='120' polling='2' ver='1.6' from='myserver.org' 
secure='true' authid='579654227' xmlns:xmpp='urn:xmpp:xbosh' 
xmlns:stream='http://etherx.jabber.org/streams' xmpp:version='1.0'>
<stream:features xmlns:stream='http://etherx.jabber.org/streams'>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
</body>
-------------------------------------------------------


--------src port: 48260, dst port: 5280  -------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 169
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" rid="1058250915174453" 
key="4bf4b1fb2c9a24af24284cebb3605b74b5e906e7" 
sid="33c1262b62c20c8ee1a8081bf0ba950b654048cc" />
-------------------------------------------------------

** some delay until user confirms a warning dialog ***

--------src port: 48262, dst port: 5280  -------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 269
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" ack="1058250915174452" 
rid="1058250915174454" key="268933c18181628bd6f9c01d55f8f3a275626647" 
sid="33c1262b62c20c8ee1a8081bf0ba950b654048cc">
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5" />
</body>
-------------------------------------------------------


-------- src port: 5280, dst port: 48260 -------------------------------
HTTP/1.1 200 OK
Content-Length: 205
Content-Type: text/xml; charset=utf-8

<body xmlns='http://jabber.org/protocol/httpbind'>
<challenge 
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bm9uY2U9IjQwNjYyNjE2MzMiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
</body>
-------------------------------------------------------


-------- src port: 48263, dst port: 5280 ------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 579
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" ack="1058250915174453" 
rid="1058250915174455" key="4e602214243e4aacd5ed051305b47f0d43e71913" 
sid="33c1262b62c20c8ee1a8081bf0ba950b654048cc">
<response 
xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0icHJpbXVzIixyZWFsbT0ic3Rhci5zZWN1cml0eW5ldC5jeiIsbm9uY2U9IjQwNjYyNjE2MzMiLG5jPTAwMDAwMDAxLGNub25jZT0iZGY1MDM2ODliYWI0ZGU3MWMzYjlhZTI4ZTVlMmM3NjI1MWNmYzgxMjFiNjEyZGRjYyIsZGlnZXN0LXVyaT0ieG1wcC9zdGFyLnNlY3VyaXR5bmV0LmN6IixyZXNwb25zZT1iOGM4Y2VkZmJmNTg2MmI1MWZjNzM2ZTgxNmI1MjIwOSxxb3A9YXV0aA==</response>
</body>
-------------------------------------------------------


-------- src port: 5280, dst port: 48262 ------------------------------
HTTP/1.1 200 OK
Content-Length: 177
Content-Type: text/xml; charset=utf-8

<body xmlns='http://jabber.org/protocol/httpbind'>
<challenge 
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD0yNzliZjRjNDZmOTQ2MTc2NzEyZGU0MjUwZTYxNzdlZA==</challenge>
</body>
-------------------------------------------------------


-------- src port: 48264, dst port: 5280 ------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 250
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" ack="1058250915174454" 
rid="1058250915174456" key="d27367f9635719a52d1377ecac4532394066dfaf" 
sid="33c1262b62c20c8ee1a8081bf0ba950b654048cc">
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
</body>
  -------------------------------------------------------


* Following response should containt the <success> element imho
-------- src port: 5280, dst port: 48263 ------------------------------
HTTP/1.1 200 OK
Content-Length: 51
Content-Type: text/xml; charset=utf-8

<body xmlns='http://jabber.org/protocol/httpbind'/>
-------------------------------------------------------


*** ... wait timoeut - 30 seconds ****


-------- src port: 5280, dst port: 48264 ------------------------------
HTTP/1.1 200 OK
Content-Length: 51
Content-Type: text/xml; charset=utf-8

<body xmlns='http://jabber.org/protocol/httpbind'/>
-------------------------------------------------------


-------- src port: 48265, dst port: 5280 ------------------------------
POST http://myserver.org:5280/http-bind/ HTTP/1.1
Host: myserver.org:5280
Content-Type: text/xml; charset=utf-8
Content-Length: 169
Connection: Keep-Alive

<body xmlns="http://jabber.org/protocol/httpbind" rid="1058250915174457" 
key="a990dd5dfd7757d5793c4e8208461e6c8938c74e" 
sid="33c1262b62c20c8ee1a8081bf0ba950b654048cc" />


*** ... wait timoeut - 30 seconds ****


------ src port: 5280, dst port: 48265 ------------------------------
HTTP/1.1 200 OK
Content-Length: 68
Content-Type: text/xml; charset=utf-8

<body type='terminate' xmlns='http://jabber.org/protocol/httpbind'/>
-------------------------------------------------------



-- 
Tomas Karasek

More information about the ejabberd mailing list