Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-477

SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.1.0
    • Component/s: None
    • Labels:
      None

      Description

      SMACK use for digest-uri whatever receives from OPENFIRE:

      PacketReader.java
      else if (parser.getAttributeName.equals("from")) { 
        // Use the server name that the server says that it is. 
        connection.config.setServiceName(parser.getAttributeValue(i)); }

      Here is how Openfire calculates the "from" tag:

      StanzaHandler.java
      private String geStreamHeader() {
        StringBuilder sb = new StringBuilder(200);
        sb.append("<?xml version='1.0' encoding='");
        sb.append(CHARSET);
        sb.append("'?>");
        if (connection.isFlashClient()) { sb.append("<flash:stream xmlns:flash=\"http://www.jabber.com/streams/flash\" "); }
        else { sb.append("<stream:stream "); }
        sb.append("xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"");
        sb.append(getNamespace());
        sb.append("\" from=\"");
        sb.append(serverName);
        sb.append("\" id=\"");
        sb.append(session.getStreamID());
        sb.append("\" xml:lang=\"");
        sb.append(connection.getLanguage());
        sb.append("\" version=\"");
        sb.append(Session.MAJOR_VERSION).append(".").append(Session.MINOR_VERSION);
        sb.append("\">");
        return sb.toString();
      }
      

      Looking at:
      sb.append("\" from=\"");
      sb.append(serverName); - serverName represents session.getServerName() - which may be different than xmpp.fqdn

      On the other hand, Openfire creates the SASL Server like this:

      SASLAuthentication.java
      SaslServer ss = Sasl.createSaslServer(mechanism, "xmpp",
      JiveGlobals.getProperty("xmpp.fqdn", session.getServerName()), props,
      new XMPPCallbackHandler());
      

      The value: JiveGlobals.getProperty("xmpp.fqdn", session.getServerName()) is used for creating the digest-uri at server level, but it does not match with the value sent to the client (smack) for creating the client digest-uri. There is no reason to use JiveGlobals.getProperty("xmpp.fqdn", session.getServerName()) , we can use only session.getServerName(), even if it does not have the exact form of RFC-2831 - but server's digest-uri must be the same with what is sent to the client in the "form" tag

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                guus Guus der Kinderen
                Reporter:
                mirceac Mircea Carasel
              • Votes:
                2 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: