Hi Mathias,

On 28 September 2015 at 17:14, Mathias Friman <math...@workplays.se> wrote:
> Hi,
> I'm using Prosody for a Jitsi-Meet installation that is fairly detailed
> here: https://github.com/jitsi/jicofo/issues/22#issuecomment-143686744
> When enabling mod_auth_ldap module I can login using a XMPP client like
> Jitsi, Empathy or Pidgin. However, when I try Jitsi-Meet, I get the
> following error in prosody.log:
> Sep 28 10:03:46
> boshed479f56-6a3b-420c-b330-00c1b4ea4bc6 debug Received[c2s_unauthed]: <auth
> mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
> Sep 28 10:03:46 sasl debug Username or password violates SASLprep.
> Sep 28 10:03:46 videokonf.domain.com:saslauth debug sasl reply: <failure
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid
> username or password.</text></failure>
> I've narrowed it down to accounts with a password containing non-english
> characters like swedish åäö or ÅÄÖ which is part of our alphabet. When
> trying a user with a not-so-complex password, the login works fine. However,
> I cannot rely on our users to choose a password not containing the letters
> åäö or ÅÄÖ since they are a part of our alphabet. I have no idea as of now
> if other characters are met with the same error message.
> I have two problems:
> 1. Why in name of [random deity] does a login failure like this only get
> reported in debug mode? :) I've spent like three days on this before I
> noticed the error message. :/

There is possibly an argument to bump the log level of this to "warn"
(which we use for unexpected/incorrect behaviour from clients).
However given that this is before authentication succeeds, it also
opens up the possibility of abuse by random strangers (flooding the
log by sending invalid data), so it's not a simple choice.

Also I'll note that spending three days debugging something without
enabling debug logs is almost always going to be a mistake :)

> 2. I need this fixed in some way because these letters might be used by a
> number of our users. So how can I do this? It seems to be this file:
> https://github.com/bjc/prosody/blob/master/util/sasl/plain.lua that reports
> the error. How to fix it however, I have no idea.

If you've confirmed that the affected username can log in with normal
Jitsi, Empathy and Pidgin, and only Jitsi-Meet has this problem, I
rather suspect it is an issue with Jitsi-Meet or its configuration.
Many people use Prosody daily with such characters in their usernames.
If Jitsi-Meet is taking the username from a text input on a web page,
it could quite possibly be an encoding issue, as everything needs to
be in UTF-8. You would need to take this up with the Jitsi-Meet

If you find that other clients are also not working, please feel free
to file a bug report ( https://prosody.im/issues/ ) along with debug
logs from the client and the server, and we'll do our best to figure
out the problem. Obviously this should only be done with accounts
created for testing purposes :)


P.S. Just in case, because you were looking through the source code
for a fix - I really don't advise changing anything in Prosody's SASL
code, especially without understanding what the root of this problem
is. It would be quite easy to open up security holes that way.

You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to