#285 Prosody should close unauthenticated streams when no auth mechanisms are available
Reporter
MattJ
Owner
Zash
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Milestone-0.10
Type-Enhancement
Usability
Priority-Medium
Difficulty-Easy
MattJ
on
In some instances Prosody will not offer authentication mechanisms:
- A problem loading the authentication module
- The stream is not encrypted, and encryption is not possible (disabled, or BOSH)
The stream should be closed with an error, rather than reaching a dead end (which most clients don't handle well).
Maybe a better approach would be to close the stream if it is unauthenticated or unbound and there are no features to offer. Ie not being specific to SASL mechanisms.
In some instances Prosody will not offer authentication mechanisms: - A problem loading the authentication module - The stream is not encrypted, and encryption is not possible (disabled, or BOSH) The stream should be closed with an error, rather than reaching a dead end (which most clients don't handle well).
A dead end which is supposed to mean that negotiation is completed. http://xmpp.org/rfcs/rfc6120.html#streams-negotiation-features > An empty <features/> element indicates that the stream negotiation is complete and that the initiating entity is cleared to send XML stanzas. In Prosody 0.10 after http://hg.prosody.im/0.10/rev/1f07c72112d2 it at least logs a warning; "No SASL mechanisms to offer".
ChangesMaybe a better approach would be to close the stream if it is unauthenticated or unbound and there are no features to offer. Ie not being specific to SASL mechanisms.
That sounds quite sane actually.
Fixed in 7eb166fa1f26
ChangesThis change broke Dialback with Openfire due to it using sessions without the 'to' stream attribute on verification only streams, which get closed before dialback can proceed after this change. A workaround module is available in http://modules.prosody.im/mod_compat_dialback.html which depends on http://hg.prosody.im/0.10/rev/ccc452767ec6
A better error message would be nice. I'm trying to debug this and it's completely non-obvious what is going wrong and why.