[swift-users] swift authentication question

Mugatu Jimbobwe domokun_japan at yahoo.com
Wed Mar 20 10:42:15 CET 2013 

Here's the log.... I see there's no use in obscuring the hostname, because it can be decoded in
base64.   Thanks for your input.  It could possibly be a setting on the server, but here is the logs from Pidgin

logging in via SASL digest-md5


(04:34:49) proxy: Connected to chat.wi-vod.com:5222.
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <?xml version='1.0' ?>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <stream:stream to='chat.wi-vod.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(04:34:49) jabber: Recv (249): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='chat.wi-vod.com' version='1.0' id='41b7z7t1ob8u2d6nvqll9z8hfedutsqxu15t8yvw' xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'>
(04:34:49) jabber: Recv (364): <stream:features xmlns:stream='http://etherx.jabber.org/streams'><address xmlns='http://affinix.com/jabber/address'>98.228.150.44</address><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism></mechanisms><auth xmlns='http://jabber.org/features/iq-auth'/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
(04:34:49) sasl: Mechs found: DIGEST-MD5
(04:34:49) sasl: DIGEST-MD5 client step 1
(04:34:49) sasl: DIGEST-MD5 ask_user_info()
(04:34:49) sasl: DIGEST-MD5 make_client_response()
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(04:34:49) jabber: Recv (204): <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09ImNoYXQud2ktdm9kLmNvbSIsIG5vbmNlPSI0L2FCNzFtYWVoR3Y1Nm11YXFodk5RPT0iLCBxb3A9ImF1dGgiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
(04:34:49) sasl: DIGEST-MD5 client step 2
(04:34:49) sasl: DIGEST-MD5 parse_server_challenge()
(04:34:49) sasl: DIGEST-MD5 ask_user_info()
(04:34:49) sasl: DIGEST-MD5 make_client_response()
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9ImFkbWluIixyZWFsbT0iY2hhdC53aS12b2QuY29tIixub25jZT0iNC9hQjcxbWFlaEd2NTZtdWFxaHZOUT09Iixjbm9uY2U9IjRMZzF3YTc5TWJtcVhRV015bHRpSUJ5a29SK0EwVWM2YTF0NGpod1IwdlE9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxtYXhidWY9NDA5NixkaWdlc3QtdXJpPSJ4bXBwL2NoYXQud2ktdm9kLmNvbSIscmVzcG9uc2U9Y2I5ZmRmOTk2YTNhYjc4ZjM0YTYyODdhYjM5NzYxYmUsY2hhcnNldD11dGYtOA==</response>
(04:34:49) jabber: Recv (116): <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD0yODhlODc4YTVkMmQzNDI2ZDNjNmFlOWEwYTRlNjE4NQ==</success>
(04:34:49) sasl: DIGEST-MD5 client step 3
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <stream:stream to='chat.wi-vod.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(04:34:49) jabber: Recv (249): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' from='chat.wi-vod.com' version='1.0' id='41b7z7t1ob8u2d6nvqll9z8hfedutsqxu15t8yvw' xmlns:ack='http://www.xmpp.org/extensions/xep-0198.html#ns'>
(04:34:49) jabber: Recv (304): <stream:features xmlns:stream='http://etherx.jabber.org/streams'><ack:ack/><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind><unbind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/><ver xmlns='urn:xmpp:features:rosterver'/></stream:features>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com): <iq type='set' id='purple72ae5c5c'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/></iq>
(04:34:49) jabber: Recv (192): <iq xmlns='jabber:client' id='purple72ae5c5c' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156</jid></bind></iq>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='set' id='purple72ae5c5d'><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/></iq>
(04:34:49) jabber: Recv (61): <iq xmlns='jabber:client' id='purple72ae5c5d' type='result'/>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c5e' to='chat.wi-vod.com'><query xmlns='http://jabber.org/protocol/disco#items'/></iq>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c5f' to='chat.wi-vod.com'><query xmlns='http://jabber.org/protocol/disco#info'/></iq>
(04:34:49) jabber: Recv (211): <iq xmlns='jabber:client' id='purple72ae5c5e' from='chat.wi-vod.com' to='admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156' type='result'><query xmlns='http://jabber.org/protocol/disco#items'/></iq>
(04:34:49) jabber: Recv (1276): <iq xmlns='jabber:client' id='purple72ae5c5f' from='chat.wi-vod.com' to='admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156' type='result'><query xmlns='http://jabber.org/protocol/disco#info'><identity name='Jabber IM server' type='im' category='server'/><feature var='jabber:iq:private'/><feature var='presence'/><feature var='jabber:iq:time'/><feature var='jabber:iq:agents'/><feature var='urn:xmpp:ping'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/><feature var='http://jabber.org/protocol/vacation'/><feature var='urn:xmpp:time'/><feature var='urn:xmpp:blocking'/><feature var='vcard-temp'/><feature var='jabber:iq:version'/><feature var='message'/><feature var='msgoffline'/><feature var='jabber:iq:privacy'/><feature var='http://jabber.org/protocol/amp'/><feature var='jabber:iq:roster'/><feature var='iq'/><feature var='jabber:iq:last'/><x
 xmlns='jabber:x:data' type='result'><field type='hidden' var='FORM_TYPE'><value>urn:xmpp:dataforms:softwareinfo</value></field><field var='software'><value>jabberd</value></field><field var='software_version'><value>2.2.17</value></field><field var='os'><value>Linux</value></field><field var='os_version'><value>x86_64</value></field></x></query></iq>
(04:34:49) dnssrv: querying SRV record for chat.wi-vod.com: _stun._udp.chat.wi-vod.com
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c60'><vCard xmlns='vcard-temp'/></iq>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c61'><query xmlns='jabber:iq:roster'/></iq>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c62'><blocklist xmlns='urn:xmpp:blocking'/></iq>
(04:34:49) jabber: Sending (admin at chat.wi-vod.com/c9c83c190abc2c37a87ee544fe4ad89c98c5a156): <iq type='get' id='purple72ae5c63' to='proxy.eu.jabber.org'><query xmlns='http://jabber.org/protocol/bytestreams'/></iq>
(04:34:49) dnssrv: Couldn't look up SRV record. DNS name does not exist. (9003).
(04:34:49) jabber: got 0 SRV responses for STUN.
(04:34:49) jabber: Recv (1460): <iq xmlns='jabber:client' id='purple72ae5c60' type='result'><vCard xmlns='vcard-temp'><PHOTO><TYPE>image/png</TYPE>


________________________________
 From: Remko Tronçon <remko at el-tramo.be>
To: Mugatu Jimbobwe <domokun_japan at yahoo.com> 
Cc: "swift-users at swift.im" <swift-users at swift.im> 
Sent: Wednesday, March 20, 2013 4:09 AM
Subject: Re: [swift-users] swift authentication question
 
Hi Mugatu,

On 20 March 2013 09:50, Mugatu Jimbobwe <domokun_japan at yahoo.com> wrote:
> Thanks for your help and input.   This is what i'm seeing in the log in
> Swift:

Something looks very wrong in the challenge you're getting from the server:

> Base64.decode64('cmVhbG09ImNoYXQud2ktdm91kLmNvbSIsIG5vbmNlPSJmdEFCY2Y1VExzS3JaZjdkaVR4YVpnPT0iLCBxb3A9ImF1dGgiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M=')

=> "realm=\"chat.wi-vou\220\271\215\275\264\210\260\201\271\275\271\215\224\364\211\231\321\005\t\215\230\325Q1\315-\311i\230\335\221\245Q\341\205i\234\364\364\210\260\201\305\275\300\364\211\205\325\321\240\210\260\201\215\241\205\311\315\225\320\365\325\321\230\264\340\260\201\205\261\235\275\311\245\321\241\264\365\265\220\324\265\315\225\315\314"

It seems the start is correct, but then the digest looks corrupted.
Your server seems to be sending incorrect data.
Could be that the SASL authentication is broken for some reason, and
that your other clients use the non-SASL authentication mechanisms,
which do work? (you could verify this by looking at their XML logs)?

cheers,
Remko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </lists/pipermail/swift-users/attachments/20130320/3eccbf0e/attachment-0001.htm>

More information about the swift-users mailing list