Bug 20158

Summary: digest-uri omits the serv-name part causing authentication failure when host != serv-name
Product: Telepathy Reporter: Andre Klapper <a9016009>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED NOTOURBUG QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium CC: mcepl
Version: unspecified   
Hardware: Other   
OS: All   
URL: https://bugs.maemo.org/show_bug.cgi?id=4119
Whiteboard:
i915 platform: i915 features:

Description Andre Klapper 2009-02-17 04:18:49 UTC 
Forwarding from https://bugs.maemo.org/show_bug.cgi?id=4119 .

SOFTWARE VERSION:
Maemo 5.2008.43-7, means:

Nokia-N810:~# dpkg -l | grep telepathy
ii  libtelepathy-glib0           0.7.0-0osso2manage
ii  libtelepathy2                0.3.1-0osso2
ii  telepathy-feed               0.32
ii  telepathy-gabble             0.6.2-0osso2
ii  telepathy-haze               0.2.0-1collabora1
ii  telepathy-sofiasip           0.5.4-0osso10
ii  telepathy-stream-engine      0.4.0-0osso6

STEPS TO REPRODUCE THE PROBLEM:
1. Create an XMPP account to a service whose canonical name is not the hostname
of the server and the server software checks the digest-uri.
2. Attempt to connect.

EXPECTED OUTCOME:
Successful authentication.

ACTUAL OUTCOME:
Authentication failure.

According to the server logs the digest-uri sent looks like
"xmpp/server.example.org", whereas it should be
"xmpp/server.example.org/example.org" (see RFC2831 and XEP-0233).

REPRODUCIBILITY:
Always.

OTHER COMMENTS:
The server is ejabberd 2.0.3 on Fedora 10.

Authentication used to work when the server didn't validate the digest-uri
provided by the client, but since 2.0.3 ejabberd now does.
See also https://support.process-one.net/browse/EJAB-569 .

Reproducible also in desktop-side empathy.
Comment 1 Sjoerd Simons 2009-04-01 09:21:14 UTC 
The digest-uri is set to a bogus value by Loudmouth if using SRV. I've tested with recent ejabberd and they are happy with both xmpp/example.net and xmpp/server.example.net/example.net.. We can't really do the last form as that relies on the server being configured correctly, which i assume most servers aren't. So the former is correct.

The relevant Loudmouth bug (with patch) is:
  http://loudmouth.lighthouseapp.com/projects/17276-libloudmouth/tickets/44-md5-digest-uri-not-set-correctly-when-using-srv
Comment 2 Will Thompson 2009-06-02 09:10:30 UTC 
*** Bug 20982 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.