Project

General

Profile

Unable to see new mechanism from clients

Daniele Ricci
Added about 4 years ago

Hello,

I'm implementing a new SASL mechanism for Tigase for my own use. However, I still continue to see just PLAIN and EXTERNAL from clients, despite my configuration.

According to documentation, I've implemented these classes:

Server factory for the new mechanism:

https://github.com/kontalk/tigase-extension/blob/master/src/main/java/org/kontalk/xmppserver/auth/KontalkSaslServerFactory.java

Mechanism selector:

https://github.com/kontalk/tigase-extension/blob/master/src/main/java/org/kontalk/xmppserver/auth/KontalkMechanismSelector.java

And of course the mechanism:

https://github.com/kontalk/tigase-extension/blob/master/src/main/java/org/kontalk/xmppserver/auth/SaslKontalkToken.java

Here is my init.properties:

config-type=--gen-config-def
basic-conf/auth-repo-params/sasl-mechs=EXTERNAL,KONTALK-TOKEN
sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/factory=org.kontalk.xmppserver.auth.KontalkSaslServerFactory
sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/mechanism-selector=org.kontalk.xmppserver.auth.KontalkMechanismSelector
sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/legacy-fingerprint=37D0E678CDD19FB9B182B3804C9539B401F8229C
sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/host=beta.kontalk.net
sess-man/plugins-conf/urn\:ietf\:params\:xml\:ns\:xmpp-sasl/callbackhandler-EXTERNAL=org.kontalk.xmppserver.auth.KontalkCertificateCallbackHandler
sess-man/plugins-conf/fingerprint=37D0E678CDD19FB9B182B3804C9539B401F8229C
--sm-plugins=-amp,-message-carbons,-jabber:iq:register,+message,+msgoffline,+presence:urn:xmpp:pubkey:2,+kontalk:jabber:iq:register,+kontalk:jabber:iq:roster,+urn:xmpp:pubkey:2
--admins=admin@prime.kontalk.net
--virt-hosts=prime.kontalk.net
--debug=server,xmpp.impl
--debug-packages=org.kontalk
--user-db=mysql
--user-db-uri=jdbc:mysql://localhost:3306/tigase?user=root&password=ciao&useUnicode=true&characterEncoding=UTF-8&autoCreateUser=true
--vhost-anonymous-enabled=false
--vhost-tls-required=true

I'd like to allow only EXTERNAL and KONTALK-TOKEN.

What am I doing wrong?

Thanks for your help.


Replies (2)

Added by Daniele Ricci about 4 years ago

I'm doing some tests and I've noticed that my SaslServerFactory is completely ignored when running inside Tigase.

If I create a stupid main() program that registers a TigaseSaslProvider with my factory, it works (Sasl.getSaslServerFactories returns my factory too).

https://gist.github.com/daniele-athome/9d77c8dae9bd1d4bf426

If I execute it in Tigase (which does the same exact thing), my factory isn't the ones among Sasl.getSaslServerFactories.

https://gist.github.com/daniele-athome/339153e6d4e37b007a3a (snippet from SaslAuth.java)

What's the difference? Classpath errors? And if there were any, how was the class even loaded correctly?

Added by Daniele Ricci about 4 years ago

I found the problem.

JabberIqAuth was also inserting TigaseSaslProvider at position 1 before SaslAuth was doing it.

Removing JabberIqAuth from the list of loaded plugins solves the problem. You should probably document this somewhere :)

    (1-2/2)