Ejabberd: Crash in xmpp_sasl_scram at login
This problem is probably related with https://github.com/processone/ejabberd/issues/3443 and may be solved by solving the other one. But they show slightly different error messages, so I report independently, and will review once https://github.com/processone/ejabberd/issues/3443 is solved.
How to reproduce:
- Updated ejabberd to current e048bc671222cd0206de6fb27fd31297df240b02
- delete mnesia spool dir
- Get updated xmpp library:
rm -rf deps/xmpp
./rebar get-deps
./rebar compile
make
make install
- keep default configuration:
auth_method: internal
auth_password_format: plain
- start ejabberd
- register an account
- try to login using Gajim 1.1.3 but crashes with
reason: {{case_clause,<<"SCRAM-SHA-1-PLUS">>},
[{xmpp_sasl_scram,mech_new,6,
[{file,"src/xmpp_sasl_scram.erl"},{line,77}]},
{xmpp_sasl,server_start,4,
[{file,"src/xmpp_sasl.erl"},{line,111}]},
{xmpp_stream_in,process_sasl_request,2,
[{file,"src/xmpp_stream_in.erl"},{line,893}]},
Detailed logs:
2020-12-10 11:50:30.937666+01:00 [info] (<0.9475.0>) Accepted connection [::ffff:127.0.0.1]:36534 -> [::ffff:127.0.0.1]:5222
2020-12-10 11:50:31.212969+01:00 [error] * Generic server <0.9475.0> terminating
* Last message in was {'$gen_event',
{xmlstreamelement,
{xmlel,<<"auth">>,
[{<<"xmlns">>,
<<"urn:ietf:params:xml:ns:xmpp-sasl">>},
{<<"mechanism">>,<<"SCRAM-SHA-1-PLUS">>}],
[{xmlcdata,
<<"cD10bHMtdW5pcXVlLCxuPXVzZXIxLHI9YjBkNzQ1MzUzYmEyMGNmNWNmOWMzYTcxOGNiMDhkMzc4YWQ2ZWJjNGJiMTdiMTA0">>}]}}}
* When Server state == #{stream_version => {1,0},
mgmt_queue_type => ram,mgmt_resend => if_offline,
stream_compressed => false,stream_restarted => true,
stream_authenticated => false,tls_enabled => true,
tls_required => false,mgmt_timeout => 300000,
mgmt_stanzas_in => 0,owner => <0.9475.0>,
zlib => false,tls_verify => false,
server => <<"localhost">>,
stream_state => wait_for_sasl_request,user => <<>>,
lserver => <<"localhost">>,
mgmt_ack_timeout => 60000,mgmt_stanzas_req => 0,
mod => ejabberd_c2s,shaper => c2s_shaper,
stream_encrypted => true,access => c2s,
mgmt_state => inactive,stream_header_sent => true,
tls_options =>
[compression_none,
{cafile,
<<"/etc/ejabberd/pem-listener-5222-cafile.pem">>}],
csi_state => active,stream_direction => in,
socket =>
{socket_state,fast_tls,
{tlssock,#Port<0.40>,
#Ref<0.2321572605.801505281.112656>},
262144,#Ref<0.2321572605.801505281.112648>,
{state,1000,1000,825,1607597431203558},
none},
codec_options => [ignore_els],
xmlns => <<"jabber:client">>,resource => <<>>,
pres_a => {0,nil},
stream_timeout => {30000,-576460719195},
socket_monitor =>
#Ref<0.2321572605.801374209.112649>,
mgmt_max_queue => 5000,
csi_queue => {0,#{}},
lang => <<"ca">>,
stream_id => <<"4549054124752384802">>,
mgmt_max_timeout => 300000,
ip => {{0,0,0,0,0,65535,32512,1},36534},
mgmt_stanzas_out => 0}
* Reason for termination ==
** {{case_clause,<<"SCRAM-SHA-1-PLUS">>},
[{xmpp_sasl_scram,mech_new,6,[{file,"src/xmpp_sasl_scram.erl"},{line,77}]},
{xmpp_sasl,server_start,4,[{file,"src/xmpp_sasl.erl"},{line,111}]},
{xmpp_stream_in,process_sasl_request,2,
[{file,"src/xmpp_stream_in.erl"},{line,893}]},
{xmpp_stream_in,handle_info,2,
[{file,"src/xmpp_stream_in.erl"},{line,404}]},
{p1_server,handle_msg,8,[{file,"src/p1_server.erl"},{line,696}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}
2020-12-10 11:50:31.215927+01:00 [error] CRASH REPORT:
crasher:
initial call: xmpp_stream_in:init/1
pid: <0.9475.0>
registered_name: []
exception exit: {{case_clause,<<"SCRAM-SHA-1-PLUS">>},
[{xmpp_sasl_scram,mech_new,6,
[{file,"src/xmpp_sasl_scram.erl"},{line,77}]},
{xmpp_sasl,server_start,4,
[{file,"src/xmpp_sasl.erl"},{line,111}]},
{xmpp_stream_in,process_sasl_request,2,
[{file,"src/xmpp_stream_in.erl"},{line,893}]},
{xmpp_stream_in,handle_info,2,
[{file,"src/xmpp_stream_in.erl"},{line,404}]},
{p1_server,handle_msg,8,
[{file,"src/p1_server.erl"},{line,696}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,226}]}]}
in function p1_server:terminate/7 (src/p1_server.erl, line 878)
ancestors: [ejabberd_c2s_sup,ejabberd_sup,<0.130.0>]
message_queue_len: 0
messages: []
links: [<0.633.0>]
dictionary: [{'$internal_queue_len',0},
{already_terminated,true},
{rand_seed,{#{bits => 58,jump => #Fun
next => #Fun
uniform => #Fun
uniform_n => #Fun
[213459748744709600|101765894327859163]}}]
trap_exit: false
status: running
heap_size: 6772
stack_size: 28
reductions: 63891
neighbours:
2020-12-10 11:50:31.244557+01:00 [error] SUPERVISOR REPORT:
supervisor: {local,ejabberd_c2s_sup}
errorContext: child_terminated
reason: {{case_clause,<<"SCRAM-SHA-1-PLUS">>},
[{xmpp_sasl_scram,mech_new,6,
[{file,"src/xmpp_sasl_scram.erl"},{line,77}]},
{xmpp_sasl,server_start,4,
[{file,"src/xmpp_sasl.erl"},{line,111}]},
{xmpp_stream_in,process_sasl_request,2,
[{file,"src/xmpp_stream_in.erl"},{line,893}]},
{xmpp_stream_in,handle_info,2,
[{file,"src/xmpp_stream_in.erl"},{line,404}]},
{p1_server,handle_msg,8,[{file,"src/p1_server.erl"},{line,696}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,226}]}]}
offender: [{pid,<0.9475.0>},
{id,undefined},
{mfargs,{ejabberd_c2s,start_link,undefined}},
{restart_type,temporary},
{shutdown,5000},
{child_type,worker}]
badlop
All 8 comments
I think you may be using older xmpp version, could you check if this happen after 'make update'?
prefiks
on 10 Dec 2020
Or maybe not, looks like i made typo PLUS -> PLuS
prefiks
on 10 Dec 2020
Could you please update from master of ejabberd and see if it works? (you will also need to update deps)
prefiks
on 10 Dec 2020
Or maybe not, looks like i made typo PL_U_S -> PL_u_S
Good! Fixing those two lines in master, that crash disappears.
Still, Gajim 1.1.3 cannot login with SCRAM-SHA-1-PLUS. It advances a little, and now ejabberd complains:
2020-12-10 12:41:13.339424+01:00 [info] (<0.674.0>)
Accepted connection [::ffff:127.0.0.1]:37102 -> [::ffff:127.0.0.1]:5222
2020-12-10 12:41:13.673155+01:00 [warning] (tls|<0.674.0>)
Failed c2s SCRAM-SHA-1-PLUS authentication from ::ffff:127.0.0.1:
Invalid channel binding
I installed Gajim 1.2.2 and tried both configurations, and limiting what ejabberd offers. The results:
When auth_password_format: plain:
- Gajim prefers to use SCRAM-SHA-256: and it works
- otherwise fallsback to SCRAM-SHA-1: works
- otherwise fallsback to PLAIN: works
When auth_password_format: scram
- Gajim prefers to use SCRAM-SHA-1: works
- otherwise fallsback to PLAIN: works
I'll try with other clients....
badlop
on 10 Dec 2020
@prefiks
Could you please update from master of ejabberd and see if it works? (you will also need to update deps)
I always update by doing: git pull && ./autogen.sh && make update && ./configure --enable-new-sql-schema --enable-pgsql --enable-sip --enable-stun --enable-user=ejabberd --enable-group=ejabberd --prefix=/usr/local && make which pulls updated lib versions, right?
Will retry...
licaon-kter
on 10 Dec 2020
@badlop Could you update once more and check with gajim?
prefiks
on 10 Dec 2020
Good news! Updated ejabberd to 7da81249f8e33e019b2b18b464091f9efef8a30c and xmpp too.
Gajim 1.1.3 behaves identically regardless of auth_password_format:
- Prefers SCRAM-SHA-1-PLUS: works!
- Otherwise uses SCRAM-SHA-1: works
- Otherwise uses PLAIN: and works of course
So, both versions of Gajim login correctly, at least with those SCRAM methods.
badlop
on 10 Dec 2020
@licaon-kter, @badlop, @prefiks: Good job!
Neustradamus
on 10 Dec 2020
Related issues
ThomasLeister
路
4Comments
SamWhited
路
4Comments
cromain
路
3Comments
ForGuru
路
4Comments
kabirhaxor
路
3Comments