Fixed
Details
Assignee
Guus der KinderenGuus der KinderenReporter
Guus der KinderenGuus der KinderenFix versions
Priority
Critical
Details
Details
Assignee
Guus der Kinderen
Guus der KinderenReporter
Guus der Kinderen
Guus der KinderenFix versions
Priority
CriticalCreated September 25, 2023 at 3:29 PM
Updated October 25, 2023 at 6:17 PM
Resolved October 25, 2023 at 6:17 PM
This issue affects a version of Openfire that is as of yet unreleased. It should not affect anyone running a proper release of Openfire. It is introduced by https://igniterealtime.atlassian.net/browse/OF-2559.
When performing Server Dialback authentication, Openfire seems to neglect defining the dialback namespace that it uses.
See these logs, taken from the perspective of an ejabberd instance, that appears to be missing
xmlns:db='jabber:server:dialback'on line 23:<--: <stream:stream xmlns:db="jabber:server:dialback" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" from="conference.openfire.example" to="ejabberd.example" version="1.0"> -->: <?xml version='1.0'?><stream:stream id='5630279679576815420' version='1.0' xml:lang='de' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> -->: <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features> <--: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> -->: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <--: <stream:stream xmlns:db="jabber:server:dialback" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" from="conference.openfire.example" to="ejabberd.example" version="1.0"> -->: <?xml version='1.0'?><stream:stream id='9216896791510707007' version='1.0' xml:lang='de' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> -->: <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>EXTERNAL</mechanism></mechanisms><dialback xmlns='urn:xmpp:features:dialback'><errors/></dialback></stream:features> <--: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="EXTERNAL">Y29uZmVyZW5jZS5tYXJyZWNhLnNwb2lsZWRkdWNrLmN5b3U=</auth> -->: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text xml:lang='en'>Certificate host name mismatch</text></failure> <--: <db:result from="conference.openfire.example" to="ejabberd.example">9cd66bdd211f55b350cb3afccaa7b6bd9e3391dd</db:result> -->: <?xml version='1.0'?><stream:stream version='1.0' xml:lang='de' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> <--: <stream:stream xmlns:db="jabber:server:dialback" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" from="conference.openfire.example" to="ejabberd.example" id="28l2rzp1zt" version="1.0"> <--: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/><dialback xmlns="urn:xmpp:features:dialback"><errors/></dialback><limits xmlns="urn:xmpp:stream-limits:0"><max-bytes>1048576</max-bytes><idle-seconds>360</idle-seconds></limits></stream:features> -->: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <--: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/> -->: <?xml version='1.0'?><stream:stream version='1.0' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> <--: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" xmlns:db="jabber:server:dialback" from="openfire.example" to="ejabberd.example" id="55fdnuzcqa" xml:lang="en-US" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mechanisms><limits xmlns="urn:xmpp:stream-limits:0"><max-bytes>1048576</max-bytes><idle-seconds>360</idle-seconds></limits></stream:features> -->: <auth mechanism='EXTERNAL' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bWVzc2FnaW5nLm9uZQ==</auth> <--: <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> -->: <?xml version='1.0'?><stream:stream version='1.0' xml:lang='en-US' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> -->: <db:verify id='9216896791510707007' to='conference.openfire.example' from='ejabberd.example'>9cd66bdd211f55b350cb3afccaa7b6bd9e3391dd</db:verify> <--: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:server" from="openfire.example" to="ejabberd.example" id="55fdnuzcqa" xml:lang="en-US" version="1.0"><stream:features><limits xmlns="urn:xmpp:stream-limits:0"><max-bytes>1048576</max-bytes><idle-seconds>360</idle-seconds></limits></stream:features> <--: <db:verify from="conference.openfire.example" to="ejabberd.example" type="valid" id="9216896791510707007"/> -->: <?xml version='1.0'?><stream:stream version='1.0' xml:lang='en-US' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' to='conference.openfire.example' from='ejabberd.example' xmlns='jabber:server'> -->: <stream:error><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-streams'>unbound prefix</text></stream:error> -->: </stream:stream> -->: <db:result type='error' to='conference.openfire.example' from='ejabberd.example'><error type='cancel'><remote-server-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Stream closed by local host: unbound prefix (not-well-formed)</text></error></db:result> -->: </stream:stream>