headers
Tomas Karasek | 1 Aug 2008 13:29
Picon
Gravatar

SASL authentication over BOSH

Hi,

I'm just working on BOSH support in Gajim and I'm testing with ejabberd 
2.0.1. It listens on 5280 for BOSH connections and on 5222 for XMPP.

SASL atuhentication scenario is shown in XEP 0206: 
http://www.xmpp.org/extensions/xep-0206.html#preconditions-sasl
and ejabberd works well due to it.

But problem occurs when I send empty body after the session init 
response (instead of <auth> element with desired SASL method). <auth> is 
sent later via different HTTP connection and process continues except 
for that the <success> element is not sent from server at the end 
(altough there is a pending request at that time).
I.e. when client send the empty <response>
(Example 8. SASL authentication step 5 in XEP 0206)
server should respond with <success> but it send only empty body tag - 
see dump below. This behavior seems to be caused by the fact I don't 
send <auth> right after init response, because it works well when I do.

The reason I can't send the auth right after the init response is that 
there is a warning dialog in Gajim for case of unsecured connection, 
which has to be confirmed before the authentication takes place.

What I'd like to see between the init response and auth start is the 
requests/responses with empty body tags until client will finally start 
the authentication or server decide to cancel the BOSH session for some 
reason.
Do you think this is against the BOSH spec?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jérôme Sautret | 1 Aug 2008 19:44
Favicon

Release of ejabberd 2.0.2-beta1

Hello,

After several months of fixing bugs in ejabberd 2.0.x, a
new maintenance release is planned for the end of this month.

Until then, we still have time to beta test the ejabberd source code.
For this purpose ejabberd 2.0.2-beta1 is released.

Notice that this beta is only released as source code package, no binary
installers are published now.

The download is:
http://download.process-one.net/ejabberd/ejabberd-2.0.2-beta1.tar.gz

Finally, here are the release notes:

                            ejabberd 2.0.2-beta1
                              1 August 2008

 ejabberd 2.0.2 is the second bug fix release for ejabberd 2.0.x branch.

 ejabberd 2.0.2 includes a new feature, 5 improvements and 30 bugfixes.
 A complete list of changes can be retrieved from:
    http://redir.process-one.net/ejabberd-2.0.2

 Recent changes include:

- Anti-abuse feature: client blacklist support by IP.
- Guide: new section Securing ejabberd; improved usability.
- LDAP filter optimization: ability to filter user in ejabberd and not LDAP.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Joshua Sierles | 3 Aug 2008 11:13
Picon
Gravatar

collection versus leaf nodes

XEP-0060 demands that pubub collection nodes should not accept  
publishing and should not support options like 'persistent-items'.  
However, it seems the default ejabberd /home/domain/user node accepts  
published items, as do any collection nodes created underneath it.

Is this intentional?

Thanks,
Joshua Sierles
Permalink | Reply | 0 comments |
headers
George Hazan | 4 Aug 2008 10:20
X-Face
Picon

Re: Release of ejabberd 2.0.2-beta1

   Hello, Jérôme!
   Fri, 1 Aug 2008 19:44:58 +0200 you wrote:

JS> After several months of fixing bugs in ejabberd 2.0.x, a
JS> new maintenance release is planned for the end of this month.

JS> Until then, we still have time to beta test the ejabberd source code.
JS> For this purpose ejabberd 2.0.2-beta1 is released.

JS> Notice that this beta is only released as source code package, no binary
JS> installers are published now.

JS> The download is:
JS> http://download.process-one.net/ejabberd/ejabberd-2.0.2-beta1.tar.gz

Is there a svn branch for it?

--

-- 
WMBR, George Hazan (ghazan <at> postman.ru) 

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Permalink | Reply | 1 comment |
headers
Badlop | 4 Aug 2008 12:23
Picon

Re: Release of ejabberd 2.0.2-beta1

On Mon, Aug 4, 2008 at 10:20 AM, George Hazan <george.hazan <at> gmail.com> wrote:
> JS> The download is:
> JS> http://download.process-one.net/ejabberd/ejabberd-2.0.2-beta1.tar.gz
>
> Is there a svn branch for it?

Yes. The source package released comes from
ejabberd/tags/ejabberd-2.0.2-beta1

That tag was created from the SVN r1503 of
ejabberd/branches/ejabberd-2.0.x

Any changes between beta1 and the final version will be committed to
that branch 2.0.x.

---
Permalink | Reply | 0 comments |
headers
Anatoly Mitrophanov | 5 Aug 2008 13:59
Picon

feature of working odbc set_password_t function

Hi.

 

I’m looking through ejabberd-2.0.1/src/odbc/odbc_queries.erl

and found change user password executed by two SQL queries

"delete from users where username=…" and then

"insert into users(username, password) values (……)"

 

Why you using 2 queries for changing user password, but not one UPDATE query?

 

Best regards, Anatoly Mitrophanov.

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Permalink | Reply | 3 comments |
headers
Stephan Maihöfer | 5 Aug 2008 15:50
Picon
Favicon

muc room titles and node-tree-structure

hi,
 
I made a plugin and a patch to ejabberd to make it behave more
like I would expect it to, and to make the move from OpenFire
a lot less of a hassle (from the client side).
 
so here is one plugin that will allow you to create nodes
of type="flat" everywhere in the node tree structure:
   
 
and this patch prevents ejabberd 2.0.1 to mangle with
muc-room-titles as it has a habit to include the number
of room-members in the title:
 
 
maybe its useful to someone, maybe things can get solved
better. however here you have the source to use.
 
greetings,
stephan
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Permalink | Reply | 2 comments |
headers
Badlop | 6 Aug 2008 13:07
Picon

Re: muc room titles and node-tree-structure

On Tue, Aug 5, 2008 at 3:50 PM, Stephan Maihöfer
<sma <at> turtle-entertainment.de> wrote:
> so here is one plugin that will allow you to create nodes
> of type="flat" everywhere in the node tree structure:
>
> http://dev.esl.eu/blog/2008/07/31/flat-nodetree-plugin-for-ejabberd/

> and this patch prevents ejabberd 2.0.1 to mangle with
> muc-room-titles as it has a habit to include the number
> of room-members in the title:
>
> http://dev.esl.eu/blog/2008/08/05/preventing-muc-room-title-mangling-in-ejabberd/
>
> maybe its useful to someone, maybe things can get solved
> better. however here you have the source to use.

Thanks. To not forget those patches exist, they are tracked here:
http://support.process-one.net/browse/EJAB-714
http://support.process-one.net/browse/EJAB-715

---
Permalink | Reply | 1 comment |
headers
Stephan Maihöfer | 6 Aug 2008 16:18
Picon
Favicon

muc kickban with bare JID in presence

hi,

first of all, thanks for opening those tickets for me!

then, here's the next patch ;)

to explain a bit: we are desperately tryint to move from
openfire to ejabberd with ourt servers while not impacting
too much on the own client that we wrote, which is slightly
jabber-based. so i try to mimic the behaviour of openfire
where it seems acceptable for me and try to convince the
"client-people" to change the way they to things where i
think it's not acceptable.

however i think this one is perfectly reasonable:

http://dev.esl.eu/blog/2008/08/06/full-jid-presence-on-muc-kickban/

on kickban in a muc-room the sent presence to update
the room and inform the moderator includes the
bare jid of the user that was kicked, when sent
to the moderator OR to the inhabitants of a non-anonymous
room.

maybe anyone else thinks this is helpful.

greetings,
stephan
Permalink | Reply | 0 comments |
headers
Pablo Platt | 8 Aug 2008 16:34
Picon
Favicon

Extending digest-md5 mechanism

Hello,

I'm writing a module that extends the digest-md5 authentication in ejabberd to support subsequent authentication.
Network problems can cause to undesired disconnection and users expects the client to reconnect automatically
without asking for a password again.
After the user is logged in it is not safe to save the password on the client side.

The digest specs define a subsequent authentication mechanism in which the client remembers the
values used in the initial authentication (not the password), increase the 'nonce- count' by 1 and use it to
authenticate again.

For these to work I need ejabberd to remember the values from the initial authentication and allow
a subsequent authentication.
I'm going to modify cyrsasl_digest.erl to support it but I have wondered if it's better to store the values in
an mnesia table or in memory?
Can I use the modified crysasl_digest module to handle storing and retrieving these values
or is it better to add this functionality to ejabberd_auth_internal.erl?
Is there a temp table that holds session data I can hook to and store these values without changing the db schema?


From the specs (http://www.ietf.org/rfc/rfc2831.txt):

'If the client has previously authenticated to the server, and remembers the values of username, realm, nonce, nonce-count, cnonce,
and qop that it used in that authentication, and the SASL profile for a protocol permits an initial client response,
then it MAY perform "subsequent authentication", as defined in this section.'

' The client uses the values from the previous authentication and sends an initial response
with a string formatted and computed according to the rules for a "digest-response",
as defined above, but with a nonce-count one greater than used in the last "digest-response". '

Best,
Pablo




_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Permalink | Reply | 0 comments |

Gmane