Bug 436124 - Pidgin can't connect to jabber server after update
Pidgin can't connect to jabber server after update
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: pidgin (Show other bugs)
8
i386 Linux
low Severity low
: ---
: ---
Assigned To: Warren Togami
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-05 10:32 EST by Mattias Ellert
Modified: 2008-04-22 23:10 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-22 23:10:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
One line patch that fixes the problem (522 bytes, patch)
2008-03-05 10:32 EST, Mattias Ellert
no flags Details | Diff
Log from fail connection (3.76 KB, text/plain)
2008-03-06 03:03 EST, Mattias Ellert
no flags Details
Log from good connection (with the patch applied) (70.39 KB, text/plain)
2008-03-06 03:04 EST, Mattias Ellert
no flags Details

  None (edit)
Description Mattias Ellert 2008-03-05 10:32:04 EST
Description of problem:

Pidgin can't connect to jabber server after update to pidgin-2.4.0-1.fc8

Version-Release number of selected component (if applicable):

pidgin-2.4.0-1.fc8

How reproducible:

Every time I try I get authentication failed.

Steps to Reproduce:
1. Update to version 2.4.0-1.rh8
2. Start pidgin
3. Get error message

Actual results: Access denied, authentication failure.


Expected results: Access granted.


Additional info:

If I rebuild the RPM with the attached one-line patch it starts to work again.
From the comment in the code just above the changed line, I think the intention
of the coder was to do it the way the patch does it.
Comment 1 Mattias Ellert 2008-03-05 10:32:04 EST
Created attachment 296886 [details]
One line patch that fixes the problem
Comment 2 Stu Tomlinson 2008-03-05 12:04:30 EST
You think incorrectly, as you'd see if you read the comment right above what you
are changing.
What is your JID domain? what do you put in connect server of the advanced tab?
Can you provide a debug log from trying to connect to your XMPP server? (Help ->
Debug Window, or the output from "pidgin -d")
Comment 3 Mattias Ellert 2008-03-06 03:02:31 EST
My jabber ID is ellert@nordu.net and the connect server in the advanced settings
is set to portal.nordu.net.

I attach 2 saves from the debug window for connection attempts. One
(purple-debug-bad.log) is a log taken using the version in the Fedora RPM, the
other (purple-debug-good.log) is taken using the version I compiled with the
patch applied.

This is the part of the code (without the patch applied):

	/* host should be used in preference to domain to
	 * allow SASL authentication to work with FQDN of the server,
	 * but we use domain as fallback for when users enter IP address
	 * in connect server */
	if (purple_ip_address_is_valid(host))
		js->serverFQDN = g_strdup(domain);
	else
		js->serverFQDN = g_strdup(host);

As I read the code it says "If the host is valid, then use the domain, otherwise
(i.e. if the host is NOT valid) use the host". The comment on the other hand
says "Use the host if it is valid, otherwise use the domain". My patch changes
the code (as I read it) to say "If the host is NOT valid, then use the domain,
otherwise (i.e. if the host is valid) use the host", which is the equivalent to
how I interpret the comment.
Comment 4 Mattias Ellert 2008-03-06 03:03:20 EST
Created attachment 297006 [details]
Log from fail connection
Comment 5 Mattias Ellert 2008-03-06 03:04:05 EST
Created attachment 297007 [details]
Log from good connection (with the patch applied)
Comment 6 Stu Tomlinson 2008-03-06 08:54:13 EST
To clarify what the check is for - it says if this is an *IP address*, then use
the domain, otherwise it's a suitable hostname for use in authentication (IP
addresses, generally, are not suitable for this).

That server has a FQDN of portal.nordu.net but is configured to only accept
DIGEST-MD5 authentication with a digest-uri of "xmpp/nordu.net". Pidgin 2.4.0
now uses connect server as FQDN just as it would use the resolved SRV records if
you specified no connect server (SRV records for nordu.net point to
portal.nordu.net too).

It is my interpretation of DIGEST-MD5 RFC2831 section 2.1.2 that the digest-uri
should be the FQDN of the server (and this is what Cyrus SASL uses except when
the workaround to allow specifying an IP address is in place).

If this is an Openfire server and you have any way to communicate with the
administrator, you could suggest setting the property xmpp.fqdn to portal.nordu.net.

See also http://developer.pidgin.im/ticket/5008 and
http://www.igniterealtime.org/community/thread/31708
Comment 7 Mattias Ellert 2008-03-06 10:40:58 EST
The server admin has now implemented the workaround in the
http://developer.pidgin.im/ticket/5008 report. And I can connect without the patch.
Comment 8 Stu Tomlinson 2008-04-22 23:10:52 EDT
It is my opinion, and that of others [1], that Pidgin is doing the right thing here.

[1] http://logs.jabber.org/jdev@conference.jabber.org/2008-03-20.html#13:02:41

Note You need to log in before you can comment on or make changes to this bug.