XMPP libstrophe client connection with ejabberd

0
votes

I am libstrophe example client program bot.c and trying to connect with ejabberd server.

I am facing authentication failure. Please refer the log below.

xmpp DEBUG Connecting via altdomain.
xmpp DEBUG sock_connect() to 127.0.0.1:5222 returned 3
xmpp DEBUG Attempting to connect to 127.0.0.1
xmpp DEBUG connection successful
conn DEBUG SENT: <?xml version="1.0"?><stream:stream to="prakash.com" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
xmpp DEBUG RECV: <stream:stream id="16900185530209358531" version="1.0" lang="en" from="prakash.com">
xmpp DEBUG RECV: <features xmlns="http://etherx.jabber.org/streams"><c hash="sha-1" xmlns="http://jabber.org/protocol/caps" node="http://www.process-one.net/en/ejabberd/" ver="LSc28EBBWo2uA2P3nRDU+sBlbsc="/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>X-OAUTH2</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms></features>
conn DEBUG SENT: <auth mechanism="SCRAM-SHA-1" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">biwsbj1CVlAscj0zZjMwOTQ5N2IyYTEwZDYzNjUwZTRiNzEwMmY3Zjk1</auth>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG handle SCRAM-SHA-1 (challenge) called for failure
xmpp DEBUG SASL SCRAM-SHA-1 auth failed
conn DEBUG SENT: <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
xmpp DEBUG RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">bm9uY2U9IjcwOTEwMTI1NzE1NzkzNzMyOTkiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
xmpp DEBUG handle digest-md5 (challenge) called for challenge
conn DEBUG SENT: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IkJWUCIscmVhbG09InByYWthc2guY29tIixub25jZT0iNzA5MTAxMjU3MTU3OTM3MzI5OSIsY25vbmNlPSJhMjZkZWQ0M2Y4MmMiLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvcHJha2FzaC5jb20iLHJlc3BvbnNlPWEyYTVlMDIwYTNkZjc1NmY1NTAxZDBkYzMyMDliOGQ5LGNoYXJzZXQ9dXRmLTg=</response>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG handle digest-md5 (rspauth) called for failure
xmpp DEBUG SASL DIGEST-MD5 auth failed
conn DEBUG SENT: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AEJWUABhZG1pbjEyMw==</auth>
xmpp DEBUG RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
xmpp DEBUG SASL PLAIN auth failed
auth ERROR Cannot authenticate without resource
conn DEBUG SENT: </stream:stream>
xmpp DEBUG RECV: </stream:stream>
xmpp DEBUG Closing socket.
DEBUG: disconnected
event DEBUG Stopping event loop.
event DEBUG Event loop completed.

Can someone help me on this how to resolve this authentication problem?

2
xmppejabberdlibstrophe
Please have a look at the Formatting help - edit your question, select all those error messages, press Ctrl-K and it will indent them by 4 spaces for you so they'll be formatted as code. Add a blank line between your error messages and your opening paragraph if that doesn't work straightaway. It shows you a live preview under the edit textbox. Welcome to Stack Overflow :)Jack Deeth
Your error is "auth ERROR Cannot authenticate without resource". set this Resource (that is an arbitrary name for the client program, like "Skype", "AndroidPhone", "DesktopPC", "Spark") and try again. However next time add also some code...MrPk

2 Answers

0
votes

Libstrophe tries supported authentication mechanisms one by one until one succeeds or all fail. The problem is on server side and given logs don't provide enough information to reveal it.

SCRAM-SHA-1 mechanism fails after the 1st stanza. This means that server rejects authentication when only username is sent. I would suggest to check if such a user exists (I'm not sure if it case-sensitive). If this doesn't help look at ejabberd logs.

Take into account that PLAIN mechanism sends base64-encoded login/password and anyone can decode it. Therefore, I would suggest to remove encoded password from libstrophe's logs like this:

conn DEBUG SENT: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">*REDACTED*</auth>

When all authentication mechanisms fail libstrophe tries legacy client authentication. In this case it needs a resource to build <iq> stanza. Logs show the next error message since a resource was not added to jid:

auth ERROR Cannot authenticate without resource

When login/password are correct and there is no problem with jabber server the authentication should succeed on the 1st supported mechanism and legacy authentication shouldn't be called. Therefore, it is safe to ignore the last error message.

0
votes

Edit the below parameters in ejabbered.yml file.

auth_password_format: scram

s2s_protocol_options: - "no_sslv3"

save the file .

Stop and start the ejabbered Server.

Now Register the user in the server side and run the bot example in the libstrophe library.