[Bug 1097366] Re: Pidgin client digest-uri checks fail with multiple virtual hosts
a7x
1097366 at bugs.launchpad.net
Tue Feb 5 16:43:28 UTC 2013
** Description changed:
+ [Impact]
+
Bug #1048634 fixes some Pidgin digest-uri check failures, but not all.
There is another bug where Pidgin users won't be able to log in if there
are multiple virtual hosts and the hostnames in the SRV records for the
two XMPP hosts are different.
- For example, suppose ejabberd.cnf contains:
-
- {hosts, ["foo.example", "bar.example"]}.
- {fqdn, "xmpp.foo.example"}.
-
- and DNS lookups return the following:
-
- dig -t SRV _xmpp-client._tcp.foo.example. -> xmpp.foo.example:5222
- dig -t SRV _xmpp-client._tcp.bar.example. -> xmpp.bar.example:5222
- dig -t A xmpp.foo.example. -> 192.0.2.123
- dig -t A xmpp.bar.example. -> 192.0.2.123
-
- then Pidgin clients with *@bar.example Jabber IDs are NOT able to log
- in. The digest-uri sent by these clients – "xmpp/xmpp.bar.example" –
- doesn't pass ejabberd's digest-uri checking logic. Pidgin clients with
- *@foo.example Jabber IDs do work, however.
-
This particular bug has already been fixed upstream:
https://github.com/processone/ejabberd/commit/2bf8125abfeec9e1176ea7ab9793b8947f9c09b6
+ as part of this upstream bug report:
+ https://support.process-one.net/browse/EJAB-1578
+
+ The upstream commit is not yet available in an official upstream
+ release. Presumably the patch will be included in ejabberd 2.1.12 when
+ it is released.
+
+ [Test Case]
+
+ 1. Put these lines in /etc/ejabberd/ejabberd.cfg:
+
+ {hosts, ["example.com", "example.net"]}.
+ {fqdn, "example.com"}.
+
+ 2. Configure DNS with the following example records:
+
+ _xmpp-server._tcp.example.com. 86400 IN SRV 0 0 5269 xmpp.example.com.
+ _xmpp-client._tcp.example.com. 86400 IN SRV 0 0 5222 xmpp.example.com.
+ xmpp.example.com. 86400 IN A 127.0.0.1
+ _xmpp-server._tcp.example.net. 86400 IN SRV 0 0 5269 xmpp.example.net.
+ _xmpp-client._tcp.example.net. 86400 IN SRV 0 0 5222 xmpp.example.net.
+ xmpp.example.net. 86400 IN CNAME xmpp.example.com.
+
+ The above example records assume the ejabberd server and Pidgin
+ client are both running on the same system (notice the 127.0.0.1).
+ Change as appropriate.
+
+ 3. Create two ejabberd users:
+
+ - example at example.com
+ - example at example.net
+
+ 4. Configure Pidgin with both XMPP accounts
+
+ With the patch, both accounts can successfully log in. Without the
+ patch, only the example at example.com account can log in because the
+ example at example.net account will fail ejabberd's digest-uri checking
+ logic.
+
+ [Regression Potential]
+
+ This change extends the syntax of the ejabberd config file. Existing
+ configuration files should remain compatible, but if there was a
+ regression, it might manifest itself as an inability to correctly parse
+ previously-valid configuration files.
+
+ The change also affects the digest-uri checking logic. A regression may
+ result in users being unable to log in or overly permissive checks.
+
+ The patch has been in the upstream repository since 2012-06-27, and I
+ have been running it locally for almost as long without any problems.
+ No subsequent changes to the affected region of code have been made
+ upstream since this patch.
** Description changed:
[Impact]
Bug #1048634 fixes some Pidgin digest-uri check failures, but not all.
There is another bug where Pidgin users won't be able to log in if there
are multiple virtual hosts and the hostnames in the SRV records for the
two XMPP hosts are different.
This particular bug has already been fixed upstream:
https://github.com/processone/ejabberd/commit/2bf8125abfeec9e1176ea7ab9793b8947f9c09b6
as part of this upstream bug report:
https://support.process-one.net/browse/EJAB-1578
The upstream commit is not yet available in an official upstream
release. Presumably the patch will be included in ejabberd 2.1.12 when
it is released.
+ This bug is known to affect precise, quantal, and raring.
+
[Test Case]
1. Put these lines in /etc/ejabberd/ejabberd.cfg:
- {hosts, ["example.com", "example.net"]}.
- {fqdn, "example.com"}.
+ {hosts, ["example.com", "example.net"]}.
+ {fqdn, "example.com"}.
2. Configure DNS with the following example records:
- _xmpp-server._tcp.example.com. 86400 IN SRV 0 0 5269 xmpp.example.com.
- _xmpp-client._tcp.example.com. 86400 IN SRV 0 0 5222 xmpp.example.com.
- xmpp.example.com. 86400 IN A 127.0.0.1
- _xmpp-server._tcp.example.net. 86400 IN SRV 0 0 5269 xmpp.example.net.
- _xmpp-client._tcp.example.net. 86400 IN SRV 0 0 5222 xmpp.example.net.
- xmpp.example.net. 86400 IN CNAME xmpp.example.com.
+ _xmpp-server._tcp.example.com. 86400 IN SRV 0 0 5269 xmpp.example.com.
+ _xmpp-client._tcp.example.com. 86400 IN SRV 0 0 5222 xmpp.example.com.
+ xmpp.example.com. 86400 IN A 127.0.0.1
+ _xmpp-server._tcp.example.net. 86400 IN SRV 0 0 5269 xmpp.example.net.
+ _xmpp-client._tcp.example.net. 86400 IN SRV 0 0 5222 xmpp.example.net.
+ xmpp.example.net. 86400 IN CNAME xmpp.example.com.
- The above example records assume the ejabberd server and Pidgin
+ The above example records assume the ejabberd server and Pidgin
client are both running on the same system (notice the 127.0.0.1).
Change as appropriate.
3. Create two ejabberd users:
- - example at example.com
- - example at example.net
+ - example at example.com
+ - example at example.net
4. Configure Pidgin with both XMPP accounts
With the patch, both accounts can successfully log in. Without the
patch, only the example at example.com account can log in because the
example at example.net account will fail ejabberd's digest-uri checking
logic.
[Regression Potential]
This change extends the syntax of the ejabberd config file. Existing
configuration files should remain compatible, but if there was a
regression, it might manifest itself as an inability to correctly parse
previously-valid configuration files.
The change also affects the digest-uri checking logic. A regression may
result in users being unable to log in or overly permissive checks.
The patch has been in the upstream repository since 2012-06-27, and I
have been running it locally for almost as long without any problems.
No subsequent changes to the affected region of code have been made
upstream since this patch.
** Tags added: precise quantal raring
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1097366
Title:
Pidgin client digest-uri checks fail with multiple virtual hosts
Status in “ejabberd” package in Ubuntu:
New
Bug description:
[Impact]
Bug #1048634 fixes some Pidgin digest-uri check failures, but not all.
There is another bug where Pidgin users won't be able to log in if
there are multiple virtual hosts and the hostnames in the SRV records
for the two XMPP hosts are different.
This particular bug has already been fixed upstream:
https://github.com/processone/ejabberd/commit/2bf8125abfeec9e1176ea7ab9793b8947f9c09b6
as part of this upstream bug report:
https://support.process-one.net/browse/EJAB-1578
The upstream commit is not yet available in an official upstream
release. Presumably the patch will be included in ejabberd 2.1.12
when it is released.
This bug is known to affect precise, quantal, and raring.
[Test Case]
1. Put these lines in /etc/ejabberd/ejabberd.cfg:
{hosts, ["example.com", "example.net"]}.
{fqdn, "example.com"}.
2. Configure DNS with the following example records:
_xmpp-server._tcp.example.com. 86400 IN SRV 0 0 5269 xmpp.example.com.
_xmpp-client._tcp.example.com. 86400 IN SRV 0 0 5222 xmpp.example.com.
xmpp.example.com. 86400 IN A 127.0.0.1
_xmpp-server._tcp.example.net. 86400 IN SRV 0 0 5269 xmpp.example.net.
_xmpp-client._tcp.example.net. 86400 IN SRV 0 0 5222 xmpp.example.net.
xmpp.example.net. 86400 IN CNAME xmpp.example.com.
The above example records assume the ejabberd server and Pidgin
client are both running on the same system (notice the 127.0.0.1).
Change as appropriate.
3. Create two ejabberd users:
- example at example.com
- example at example.net
4. Configure Pidgin with both XMPP accounts
With the patch, both accounts can successfully log in. Without the
patch, only the example at example.com account can log in because the
example at example.net account will fail ejabberd's digest-uri checking
logic.
[Regression Potential]
This change extends the syntax of the ejabberd config file. Existing
configuration files should remain compatible, but if there was a
regression, it might manifest itself as an inability to correctly
parse previously-valid configuration files.
The change also affects the digest-uri checking logic. A regression
may result in users being unable to log in or overly permissive
checks.
The patch has been in the upstream repository since 2012-06-27, and I
have been running it locally for almost as long without any problems.
No subsequent changes to the affected region of code have been made
upstream since this patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ejabberd/+bug/1097366/+subscriptions
More information about the Ubuntu-sponsors
mailing list