Projects tigase _server server-core Issues #1112
Fallback to diallback if SASL-EXTERNAL fails (#1112)
wojciech.kapcia@tigase.net opened 5 years ago

Contrary to what specification says, almost all ecosystem (ejabberd and prosody: https://issues.prosody.im/1006) fallback to diallback if SASL-EXTERNAL fails, and we should to (optionally) to the same:

  • if sasl-external fails - try dialback
  • add option to enable/disable it (default enable fallback)
  • add PR to adjust XEP with status quo

Followup to discussion in https://projects.tigase.net/issue/servers-294#focus=streamItem-4-24903.0-0

wojciech.kapcia@tigase.net commented 4 years ago
[2020-06-12 02:37:35:100] [FINEST  ] [      pool-31-thread-8 ] SaslExternal.process()           : CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Received failure response: from=null, to=null, DATA=<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><text xml:lang="en">self signed certificate</text></failure>, SIZE=127, XMLNS=urn:ietf:params:xml:ns:xmpp-sasl, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null
[2020-06-12 02:37:35:100] [FINE    ] [      pool-31-thread-8 ] AuthenticatorSelectorManager.authenticationFailed(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Authentication failed for: SASL-EXTERNAL, remaining methodsAvailable: [tigase.server.xmppserver.proc.Dialback@7c8874ef]
[2020-06-12 02:37:35:100] [FINE    ] [      pool-31-thread-8 ] AuthenticatorSelectorManager.authenticationFailed(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Restarting authentication with: DIALBACK
[2020-06-12 02:37:35:104] [FINEST  ] [      pool-31-thread-8 ] S2SConnection.sendAllControlPackets(): Sending on connection: CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false control packet: from=null, to=null, DATA=<db:result xmlns:db="jabber:server:dialback" to="rsocks.net" from="wojtek-local.tigase.eu">679ad1ee703bcc20e50880db8e65c70fa978f39b15828b71e908aae1b0e2eb97</db:result>, SIZE=167, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null
…
[2020-06-12 02:37:37:573] [FINEST  ] [      pool-31-thread-9 ] Dialback.processDialback()       : CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, DIALBACK packet: from=null, to=null, DATA=<result to="wojtek-local.tigase.eu" from="rsocks.net" xmlns="jabber:server:dialback" type="valid"/>, SIZE=99, XMLNS=jabber:server:dialback, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=valid, CID_packet: wojtek-local.tigase.eu@rsocks.net
[2020-06-12 02:37:37:573] [FINE    ] [      pool-31-thread-9 ] AuthenticatorSelectorManager.authenticateConnection(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Authenticating connection
[2020-06-12 02:37:37:573] [FINER   ] [      pool-31-thread-9 ] CIDConnections.connectionAuthenticated(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, connection is authenticated. Direction: BOTH
wojciech.kapcia@tigase.net commented 4 years ago
wojciech.kapcia@tigase.net commented 4 years ago

Changes made and tested.

PR created: https://github.com/xsf/xeps/pull/963

issue 1 of 1
Type
Task
Priority
Normal
Assignee
Version
tigase-server-8.1.0
Spent time
43h
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#1112
Please wait...
Page is in error, reload to recover