Opened 5 years ago

Closed 5 years ago

#15524 closed defect (fixed)

2.10.7 can not connect to ejabberd server

Reported by: jonbach Owned by: deryni
Milestone: 2.10.8 Component: XMPP
Version: 2.10.7 Keywords: ejabberd jabber connect failed authentication
Cc: Luna

Description

After updating to Pidgin 2.10.7, it seems we are unable to connect to our ejabberd server. The error message in the server logs looks exactly like an incorrect password -- it says "Failed authentication for user@…"

Rolling back to Pidgin 2.10.6 immediately solves the issue.

Attachments (4)

purple-debug.log (5.6 KB) - added by Luna 5 years ago.
Debug Log
purple-debug.2.log (65.5 KB) - added by Luna 5 years ago.
Debug log from 2.10.6
libjabber.dll (405.8 KB) - added by datallah 5 years ago.
Test fix
ticket_15524.patch (2.4 KB) - added by datallah 5 years ago.
Source code patch for test fix

Download all attachments as: .zip

Change History (11)

comment:1 Changed 5 years ago by datallah

  • Status changed from new to pending

Please follow the instructions to get a debug log and attach it to this ticket.
Which OS are you using?

comment:2 Changed 5 years ago by Luna

Seeing as this is a week old and appears to be affecting everyone on my server, I offer this debug log with the following redactions:

  • Username is replaced with "<redacted>".
  • Server domain is replaced with "servername.com".

No further redactions in this debug file. File was generated via debug window by clearing, attempting reconnect, reinputting password, failing, and then saving.

Perhaps worth noting as well is the curious fact that users appear able to create a new account on the server, but are subsequently unable to connect to it, getting the "Not Authorized" error.

Tested on Pidgin 2.10.7, Windows 7.

Changed 5 years ago by Luna

Debug Log

comment:3 Changed 5 years ago by datallah

Based on the debug log, looks like a simple case of the password being incorrect.

The only thing that's odd is that it doesn't seem to actually be falling back to using the PLAIN password authentication method before giving up (and it seems like it should because your connection is encrypted).

It'd be useful to see the debug log from 2.10.6 when it actually succeeds to compare.

Changed 5 years ago by Luna

Debug log from 2.10.6

comment:4 Changed 5 years ago by datallah

Aha! That's the difference - in 2.10.6 it's falling back to PLAIN authentication method when DIGEST-MD5 fails, but in 2.10.7, it doesn't try.

comment:5 Changed 5 years ago by datallah

The related libpurple code hasn't changed between 2.10.6 and 2.10.7, but the Cyrus-SASL library used in the win32 builds was upgraded. I don't have a way to easily test this since I don't have access to a server that is behaving like yours, but it looks like there might be a bug in how we were removing authentication mechanisms that wasn't problematic in Cyrus-SASL 2.1.22, but became a problem in 2.1.25.

I've attached a libjabber.dll that contains a potential fix. Please replace the 2.10.7 libjabber.dll with the attached one and see if it resolves the issue (and please attach a new debug log obtained with the updated dll).

Changed 5 years ago by datallah

Test fix

Changed 5 years ago by datallah

Source code patch for test fix

comment:6 Changed 5 years ago by Luna

This indeed appears to fix the issue. Please let me know if you require another debug log or anything else.

comment:7 Changed 5 years ago by Daniel Atallah <datallah@…>

  • Milestone set to 2.10.8
  • Resolution set to fixed
  • Status changed from pending to closed

(In [da201c4757d8]):
jabber: Correctly remove a failed SASL mech when it isn't the first in the list

  • The space wasn't being removed correctly, causing a failure to try the next mech with Cyrus-SASL 2.1.25.
  • Fixes #15524
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!