Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Core
-
Labels:None
-
Environment:Hide
Running the Jive Messenger 1.1 binary release on Windows 2000 server w/ J2SDK 1.4.2_03, with HSQLDB, Server info as follows:
General Information
Server Version: Messenger Server 1.1.0
JVM Version and Vendor: 1.4.2_05 Sun Microsystems Inc.
Appserver (Admin Tool): Jetty/4.2
Server Name: shodan Edit
Chat Server Name: chat.shodan
Multi User Chat Server Name: conference.127.0.0.1Open Server Ports
IP and Port: 169.254.185.252:5222
Domain Name(s): shodan
Security Type: NORMALOpen Server Ports
IP and Port: 169.254.185.252:5223
Domain Name(s): shodan
Security Type: TLS (SSL)DB info as follows:
Database and Version: HSQL Database Engine 1.7.1
JDBC Driver: HSQL Database Engine Driver
JDBC Driver Version: 1.7.1
DB Connection URL: jdbc:hsqldb:..\database\messenger
DB User: SA
Transaction Support: Yes
Transaction Isolation Level TRANSACTION_READ_UNCOMMITTED
Supports multiple connections
open at once: Yes
In read-only mode: NoShowRunning the Jive Messenger 1.1 binary release on Windows 2000 server w/ J2SDK 1.4.2_03, with HSQLDB, Server info as follows: General Information Server Version: Messenger Server 1.1.0 JVM Version and Vendor: 1.4.2_05 Sun Microsystems Inc. Appserver (Admin Tool): Jetty/4.2 Server Name: shodan Edit Chat Server Name: chat.shodan Multi User Chat Server Name: conference.127.0.0.1 Open Server Ports IP and Port: 169.254.185.252:5222 Domain Name(s): shodan Security Type: NORMAL Open Server Ports IP and Port: 169.254.185.252:5223 Domain Name(s): shodan Security Type: TLS (SSL) DB info as follows: Database and Version: HSQL Database Engine 1.7.1 JDBC Driver: HSQL Database Engine Driver JDBC Driver Version: 1.7.1 DB Connection URL: jdbc:hsqldb:..\database\messenger DB User: SA Transaction Support: Yes Transaction Isolation Level TRANSACTION_READ_UNCOMMITTED Supports multiple connections open at once: Yes In read-only mode: No
Description
Summary: Users created with uppercase characters in the "users" part of a JID have their names silently converted to lowercase upon creation. Subsequent attempts to authenticate using a JID containing the original uppercase characters fails.
Example code uses Smack XMPP API. (It's not a Smack issue though.)
import org.jivesoftware.smack.XMPPConnection;
public class XMPPAcctTest {
public static void main(String[] args) throws Exception {
XMPPConnection.DEBUG_ENABLED = true;
XMPPConnection xmppc = new XMPPConnection("localhost");
String name = System.getProperty("user.name")+"-"+System.currentTimeMillis();
//name = name.toLowerCase(); // this is the workaround
name = name.toUpperCase(); // this demonstrates the bug
//this always works, regardless of the case.
xmppc.getAccountManager().createAccount(name, "test");
//this fails if the username contains upper-case characters.
xmppc.login(name, "test", "foo");
}
}
Observed behaviour (">>" means to server, "<<" means to client):
>> <stream:stream to="localhost" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
<< <?xml version='1.0' encoding='utf-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="shodan" id="2af7bea6">
>> <iq id="UobeR-0" to="shodan" type="get"><query xmlns="jabber:iq:register"></query></iq>
<< <iq id="UobeR-0" from="shodan" type="result"><query xmlns="jabber:iq:register"><username></username><password></password><email></email><x xmlns="jabber:x:data" type="form"><title>XMPP Client Registration</title><instructions>Please provide the following information</instructions><field var="FORM_TYPE" type="hidden"><value>jabber:iq:register</value></field><field label="Username" var="username" type="text-single"><required></required></field><field label="Full name" var="name" type="text-single"></field><field label="Email" var="email" type="text-single"></field><field label="Password" var="password" type="text-private"><required></required></field><field label="Show name" var="x-nameVisible" type="boolean"><required></required><value>1</value></field><field label="Show email" var="x-emailVisible" type="boolean"><required></required><value>0</value></field></x></query></iq>
>> <iq id="UobeR-1" to="shodan" type="set"><query xmlns="jabber:iq:register"><username>IAN-1099838498671</username><password>test</password></query></iq>
<< <iq id="UobeR-1" from="shodan" type="result"></iq>
>> <iq id="UobeR-2" type="get"><query xmlns="jabber:iq:auth"><username>IAN-1099838498671</username></query></iq>
<< <iq id="UobeR-2" type="result"><query xmlns="jabber:iq:auth"><username>IAN-1099838498671</username><password></password><digest></digest><resource></resource></query></iq>
>> <iq id="UobeR-3" type="set"><query xmlns="jabber:iq:auth"><username>IAN-1099838498671</username><digest>ec14d17bbdd135c35f6d6052e3d457a41cfd4876</digest><resource>foo</resource></query></iq>
<< <iq id="UobeR-3" type="error"><error code="401"></error></iq>
Expected behaviour:
Either the account creation should fail with a message indicating that JIDs are only allowed to contain lowercase characters, or the account on the server should reflect the caseness of the username chosen by the client.
This is not actually a bug. XMPP specifices that the "node" portion of a JID (username) must undergo the nameprep stringprep profile. Part of that process is performing case folding (lower-casing) on the node. Messenger doesn't perform full nameprep yet, but it does at least convert usernames to lower-case. This probably is a Smack bug if usernames aren't being lower-cased.