function build_reply within SASL authentication module mod_sasl adds "=" sign to empry response. This reply cannot be decoded back from Base64 and processed with Smack library (or any other XMPP library in fact )and fails with "invalid base" exception.
Proposed fix: remove "=" sign with empty string.
Detailed exception log from Smack XMPP client for a reference:
08-25 17:04:10.929 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' xml:lang='en'>
08-25 17:04:10.958 18037-18533/ D/SMACK: RECV (0): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='example.com' id='150e9ad5-8cb0-4bb3-a6ae-a3d7956fda97' version='1.0' xmlns='jabber:client'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>
08-25 17:04:10.958 18037-18532/ D/SMACK: SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
08-25 17:04:10.987 18037-18533/ D/SMACK: RECV (0): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
08-25 17:04:11.142 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' xml:lang='en'>
08-25 17:04:11.172 18037-18533/ D/SMACK: RECV (0): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='example.com' id='5fdec49e-eb78-40f7-985e-9852999f30d4' version='1.0' xmlns='jabber:client'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms></stream:features>
08-25 17:04:11.173 18037-18530/ D/RoosterConnection: Connected Successfully
08-25 17:04:11.174 18037-18532/ D/SMACK: SENT (0): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>cGFzc3dvcmQx</auth>
08-25 17:04:11.204 18037-18533/ D/SMACK: RECV (0): <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>=</success>
08-25 17:04:11.204 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' id='5fdec49e-eb78-40f7-985e-9852999f30d4' xml:lang='en'>
08-25 17:04:16.176 18037-18530/ D/RoosterConnectionService: Something went wrong while connecting ,make sure the credentials are right and try again
08-25 17:04:16.176 18037-18530/ W/System.err: org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'.
08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:250)
08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnection.java:365)
08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:452)
08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:410)
08-25 17:04:16.176 18037-18530/ W/System.err: at java.lang.Thread.run(Thread.java:818)
08-25 17:04:16.176 18037-18533/ W/art: Long monitor contention event with owner method=void org.jivesoftware.smack.AbstractXMPPConnection.login() from AbstractXMPPConnection.java:400 waiters=0 for 4.972s
08-25 17:04:16.177 18037-18037/ D/RoosterConnectionService: onDestroy()
08-25 17:04:16.178 18037-18037/ D/RoosterConnectionService: stop()
08-25 17:04:16.179 18037-18533/ W/AbstractXMPPConnection: Connection closed with error
java.lang.IllegalArgumentException: bad base-64
at android.util.Base64.decode(Base64.java:161)
at android.util.Base64.decode(Base64.java:136)
at android.util.Base64.decode(Base64.java:118)
at org.jivesoftware.smack.util.stringencoder.android.AndroidBase64Encoder.decode(AndroidBase64Encoder.java:41)
at org.jivesoftware.smack.util.stringencoder.Base64.decode(Base64.java:86)
at org.jivesoftware.smack.sasl.SASLMechanism.challengeReceived(SASLMechanism.java:229)
at org.jivesoftware.smack.SASLAuthentication.challengeReceived(SASLAuthentication.java:328)
at org.jivesoftware.smack.SASLAuthentication.authenticated(SASLAuthentication.java:347)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1049)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPConnection.java:937)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:952)
at java.lang.Thread.run(Thread.java:818)
Thanks for the link, looks like for so SASL Success and zero response, "=" character presence is mandatory.
Ok, then I've no more questions, will raise bug at Smack repository then.
Zash
on
Hm, I don't think SASL PLAIN should be sending any data with success at all, and a quick check of util.sasl.plain suggests that it doesn't. Are you using a custom authentication module?
Zash
on
Changes
owner Zash
tags Status-Invalid
Andrey
on
I'm using Cyrus SASL module, referenced in prosody docs.
Andrey
on
SASL debian package details below:
dpkg -l | grep cyrus
ii lua-cyrussasl:i386 1.0.0-4 i386 Cyrus SASL library for the Lua language
Zash
on
Looks like util.sasl_cyrus does the rigtht thing, so it's probably an issue in lua-cyrussasl.
Dan
on
not only clients using smack 4.2 but also Empathy won't be able to login when using prosody 0.10 with Cyrus SASL authentication. Unfortunately this renders using Cyrus authentication unusable for us.
function build_reply within SASL authentication module mod_sasl adds "=" sign to empry response. This reply cannot be decoded back from Base64 and processed with Smack library (or any other XMPP library in fact )and fails with "invalid base" exception. Proposed fix: remove "=" sign with empty string. Detailed exception log from Smack XMPP client for a reference: 08-25 17:04:10.929 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' xml:lang='en'> 08-25 17:04:10.958 18037-18533/ D/SMACK: RECV (0): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='example.com' id='150e9ad5-8cb0-4bb3-a6ae-a3d7956fda97' version='1.0' xmlns='jabber:client'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features> 08-25 17:04:10.958 18037-18532/ D/SMACK: SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls> 08-25 17:04:10.987 18037-18533/ D/SMACK: RECV (0): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> 08-25 17:04:11.142 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' xml:lang='en'> 08-25 17:04:11.172 18037-18533/ D/SMACK: RECV (0): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='example.com' id='5fdec49e-eb78-40f7-985e-9852999f30d4' version='1.0' xmlns='jabber:client'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms></stream:features> 08-25 17:04:11.173 18037-18530/ D/RoosterConnection: Connected Successfully 08-25 17:04:11.174 18037-18532/ D/SMACK: SENT (0): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>cGFzc3dvcmQx</auth> 08-25 17:04:11.204 18037-18533/ D/SMACK: RECV (0): <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>=</success> 08-25 17:04:11.204 18037-18532/ D/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='example.com' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='user@example.com' id='5fdec49e-eb78-40f7-985e-9852999f30d4' xml:lang='en'> 08-25 17:04:16.176 18037-18530/ D/RoosterConnectionService: Something went wrong while connecting ,make sure the credentials are right and try again 08-25 17:04:16.176 18037-18530/ W/System.err: org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: No filter used or filter was 'null'. 08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:250) 08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnection.java:365) 08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:452) 08-25 17:04:16.176 18037-18530/ W/System.err: at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:410) 08-25 17:04:16.176 18037-18530/ W/System.err: at java.lang.Thread.run(Thread.java:818) 08-25 17:04:16.176 18037-18533/ W/art: Long monitor contention event with owner method=void org.jivesoftware.smack.AbstractXMPPConnection.login() from AbstractXMPPConnection.java:400 waiters=0 for 4.972s 08-25 17:04:16.177 18037-18037/ D/RoosterConnectionService: onDestroy() 08-25 17:04:16.178 18037-18037/ D/RoosterConnectionService: stop() 08-25 17:04:16.179 18037-18533/ W/AbstractXMPPConnection: Connection closed with error java.lang.IllegalArgumentException: bad base-64 at android.util.Base64.decode(Base64.java:161) at android.util.Base64.decode(Base64.java:136) at android.util.Base64.decode(Base64.java:118) at org.jivesoftware.smack.util.stringencoder.android.AndroidBase64Encoder.decode(AndroidBase64Encoder.java:41) at org.jivesoftware.smack.util.stringencoder.Base64.decode(Base64.java:86) at org.jivesoftware.smack.sasl.SASLMechanism.challengeReceived(SASLMechanism.java:229) at org.jivesoftware.smack.SASLAuthentication.challengeReceived(SASLAuthentication.java:328) at org.jivesoftware.smack.SASLAuthentication.authenticated(SASLAuthentication.java:347) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1049) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$200(XMPPTCPConnection.java:937) at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:952) at java.lang.Thread.run(Thread.java:818)
This is the specified encoding of a zero length SASL message. See eg http://xmpp.org/rfcs/rfc6120.html#sasl-process-neg-initiate
Thanks for the link, looks like for so SASL Success and zero response, "=" character presence is mandatory. Ok, then I've no more questions, will raise bug at Smack repository then.
Hm, I don't think SASL PLAIN should be sending any data with success at all, and a quick check of util.sasl.plain suggests that it doesn't. Are you using a custom authentication module?
I'm using Cyrus SASL module, referenced in prosody docs.
SASL debian package details below: dpkg -l | grep cyrus ii lua-cyrussasl:i386 1.0.0-4 i386 Cyrus SASL library for the Lua language
Looks like util.sasl_cyrus does the rigtht thing, so it's probably an issue in lua-cyrussasl.
not only clients using smack 4.2 but also Empathy won't be able to login when using prosody 0.10 with Cyrus SASL authentication. Unfortunately this renders using Cyrus authentication unusable for us.