Bug 20158 - digest-uri omits the serv-name part causing authentication failure when host != serv-name
digest-uri omits the serv-name part causing authentication failure when host ...
Status: RESOLVED NOTOURBUG
Product: Telepathy
Classification: Unclassified
Component: gabble
unspecified
Other All
: medium normal
Assigned To: Telepathy bugs list
Telepathy bugs list
https://bugs.maemo.org/show_bug.cgi?i...
:
: 20982 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-17 04:18 UTC by Andre Klapper
Modified: 2009-06-02 09:10 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andre Klapper 2009-02-17 04:18:49 UTC
Forwarding from https://bugs.maemo.org/show_bug.cgi?id=4119 .

SOFTWARE VERSION:
Maemo 5.2008.43-7, means:

Nokia-N810:~# dpkg -l | grep telepathy
ii  libtelepathy-glib0           0.7.0-0osso2manage
ii  libtelepathy2                0.3.1-0osso2
ii  telepathy-feed               0.32
ii  telepathy-gabble             0.6.2-0osso2
ii  telepathy-haze               0.2.0-1collabora1
ii  telepathy-sofiasip           0.5.4-0osso10
ii  telepathy-stream-engine      0.4.0-0osso6

STEPS TO REPRODUCE THE PROBLEM:
1. Create an XMPP account to a service whose canonical name is not the hostname
of the server and the server software checks the digest-uri.
2. Attempt to connect.

EXPECTED OUTCOME:
Successful authentication.

ACTUAL OUTCOME:
Authentication failure.

According to the server logs the digest-uri sent looks like
"xmpp/server.example.org", whereas it should be
"xmpp/server.example.org/example.org" (see RFC2831 and XEP-0233).

REPRODUCIBILITY:
Always.

OTHER COMMENTS:
The server is ejabberd 2.0.3 on Fedora 10.

Authentication used to work when the server didn't validate the digest-uri
provided by the client, but since 2.0.3 ejabberd now does.
See also https://support.process-one.net/browse/EJAB-569 .

Reproducible also in desktop-side empathy.
Comment 1 Sjoerd Simons 2009-04-01 09:21:14 UTC
The digest-uri is set to a bogus value by Loudmouth if using SRV. I've tested with recent ejabberd and they are happy with both xmpp/example.net and xmpp/server.example.net/example.net.. We can't really do the last form as that relies on the server being configured correctly, which i assume most servers aren't. So the former is correct.

The relevant Loudmouth bug (with patch) is:
  http://loudmouth.lighthouseapp.com/projects/17276-libloudmouth/tickets/44-md5-digest-uri-not-set-correctly-when-using-srv
Comment 2 Will Thompson 2009-06-02 09:10:30 UTC
*** Bug 20982 has been marked as a duplicate of this bug. ***