[ejabberd] problem with components and in-band registration

Steven Lehrburger lehrburger at gmail.com
Tue May 1 19:13:19 MSK 2012


Hi,

Im working on an application that needs to use an XMPP component bot to
register new accounts on behalf of my users, but it's failing some sort of
IP check.

I figured out the changes I needed to make to ejabberd.cfg, and patched
mod_register.erl, as described here:

http://www.ejabberd.im/node/5020

with a couple of other small changes so that
send_registration_notifications/2 was able to handle a JID as its Source in
addition to an IP. This worked fine with a SleekXMPP test client script
like this one:

https://github.com/lehrblogger/SleekXMPP/blob/develop/examples/register_account_for_other.py


When I try to make a similar registration IQ from my component, I get an
error like this one:

=ERROR REPORT==== 2012-04-30 23:30:22 ===
E(<0.8727.0>:gen_iq_handler:118) : {{case_clause,{allow,true}},
                                    [{mod_register,try_register,5},
                                     {mod_register,
                                      try_register_or_set_password,9},
                                     {gen_iq_handler,process_iq,6},
                                     {gen_iq_handler,handle_info,2},
                                     {gen_server,handle_msg,5},
                                     {proc_lib,init_p_do_apply,3}]}


I'm pretty new to Erlang and ejabberd, so I've not quite been able to get
to the bottom of what's wrong. try_register/5 in mod_register.erl is
calling check_ip_access/2 here:

https://github.com/processone/ejabberd/blob/2.1.x/src/mod_register.erl#L330

which in turn calls ejabberd_sm:get_user_ip here/3:

https://github.com/processone/ejabberd/blob/2.1.x/src/mod_register.erl#L609

which then tries to look up something in mnesia here:

https://github.com/processone/ejabberd/blob/2.1.x/src/ejabberd_sm.erl#L154

which returns [], which matches to return undefined, and that causes
try_register to throw an error.

My best guess is that ejabberd is checking to make sure that requests are
coming from a client IP that it knows has connected, which seems like a
good thing to do for security, and that it *is not* keeping track of those
IPs by default for components. When it tries to verify the component is
from a connected IP, it finds nothing in mnesia, and blocks the
registration.

What's the simplest way to patch ejabberd and fix this, without breaking
anything else or opening any security holes?

Thanks!

Cheers,
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120501/a3a7ed19/attachment.html>


More information about the ejabberd mailing list