Your message dated Tue, 14 Apr 2020 02:53:20 +0000 with message-id <[email protected]> and subject line Bug#956644: Removed package(s) from unstable has caused the Debian Bug report #782707, regarding python-xmpp: PLAIN Authentication error when JID and password have specific length (base64 trailing newline) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 782707: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782707 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-xmpp Version: 0.4.1-cvs20080505.2 Severity: important Tags: upstream patch Dear Maintainer, TL;DR: python-xmpp adds a trailing newline to the base64 encoded string when doing PLAIN authentication. When the jid+password have a specific length the resulting base64 string is not padded with =. A base64 string without badding and trailing newline breaks authentication in ejabberd in Jessie, but not in Wheezy. We have just upgraded our Jabber server to Jessie. A local bot (using python-xmpp) could not authenticate to the server anymore. All authentication attempts resulted in DEBUG: socket got <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <bad-protocol/> </failure> We have debugged this extensively and have found the root cause for this issue. When building the XML stanza for plain authentication the node adds the full base64.encodestring result, which contains a trailing \n auth.py:144 node=Node('auth',attrs={'xmlns':NS_SASL,'mechanism':'PLAIN'},payload=[base64.encodestring(sasl_data)]) DEBUG: socket sent <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">cHl4bXBwLXRlc3RAbHJ6LmRlAHB5eG1wcC10ZXN0AHNvb2Q4YWhUdTlhZXpR\n</auth> DEBUG: socket got <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <bad-protocol/> </failure> when however the length of password or jid is changed so that the resulting base64 is padded with = the authentication works fine. DEBUG: socket sent <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">cHl4bXBwLXRlc3RAbHJ6LmRlAHB5eG1wcC10ZXN0AHNvb2Q4YWhUdTlhZXo=\n</auth> DEBUG: socket got <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> Our current assumption is that the ejabberd base64 parser just stops parsing when it hits the padding. However, if the string has the right lenght and does not have any padding it hits the newline and bails out. This is a minor bug in ejabberd itself, but according to my understanding the newline isn't legal. The fix is pretty easy. Change line 144 to either node=Node('auth',attrs={'xmlns':NS_SASL,'mechanism':'PLAIN'},payload=[base64.encodestring(sasl_data).replace('\r','').replace('\n','')]) (this has prior art in line 202 of the same file, but looks ugly as hell) or node=Node('auth',attrs={'xmlns':NS_SASL,'mechanism':'PLAIN'},payload=[base64.b64encode(sasl_data)]) b64encode is available since Python 2.4 I have found a fork of python-xmpp on github which uses the first fix, but there is no commit with that fix https://github.com/ArchipelProject/xmpppy/blob/master/auth.py Best Regards, Bernhard
--- End Message ---
--- Begin Message ---Version: 0.4.1-cvs20080505.4+rm Dear submitter, as the package python-xmpp has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/956644 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
