Project

General

Profile

see_other_host doesn't work: it expects the 'from' attribute inside 'stream' packet, but it's not the XMPP format

Igor Khomenko
Added over 3 years ago

Hi there,

we are trying to test how the feature with 'see_other_host' works, but face an issue

We use Tigase 7.0.1

Inside ClientConnectionManager.java, xmppStreamOpened method you expect to have the 'from' attribute inside 'stream' packet

final String from     = attribs.get("from");
BareJID      fromJID  = null;

if (from != null) {
    try {
        fromJID = BareJID.bareJIDInstance(from);
    } catch (TigaseStringprepException ex) {
        log.log(Level.CONFIG, "From JID violates RFC6122 (XMPP:Address Format): ", ex);
        return prepareStreamError(serv, "improper-addressing", null);
    }    // end of: try-catch
}      // end of: if (from != null) {

if ((fromJID != null) && (see_other_host_strategy != null) && see_other_host_strategy
                .isEnabled(SeeOtherHostIfc.Phase.OPEN)) {

...

}

but according to the XMPP RFC-3920 the client should not send the 'from' attribute

http://xmpp.org/rfcs/rfc3920.html#streams

section 4.4. Stream Attributes

from -- The 'from' attribute SHOULD be used only in the XML stream header from the receiving entity to the initiating entity,

so, most of the clients follow this specification

The question is how to make the 'see_other_host' work?


Replies (6)

Added by Igor Khomenko over 3 years ago

In this case the only possible solution I guess is to use

c2s/cm-see-other-host/active=LOGIN

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 3 years ago

XMPP clients should follow XMPP specification as you mentioned and currently XMPP protocol is defined by RFC-6120 Extensible Messaging and Presence Protocol (XMPP): Core which as you can read in Abstract section of RFC 6120 obsoletes RFC 3920:

This document obsoletes RFC 3920.

RFC 6120 was published in March 2011 as it states on RFC site so clients after 4 years should implement updated specification.

In section 4.7.1 (see https://tools.ietf.org/html/rfc6120#section-4.7.1) it states:

The 'from' attribute specifies an XMPP identity of the entity sending

the stream element.

For initial stream headers in client-to-server communication, the

'from' attribute is the XMPP identity of the principal controlling

the client, i.e., a JID of the form localpart@domainpart. The

client might not know the XMPP identity, e.g., because the XMPP

identity is assigned at a level other than the XMPP application layer

(as in the Generic Security Service Application Program Interface

[GSS-API]) or is derived by the server from information provided by

the client (as in some deployments of end-user certificates with the

SASL EXTERNAL mechanism). Furthermore, if the client considers the

XMPP identity to be private information then it is advised not to

include a 'from' attribute before the confidentiality and integrity

of the stream are protected via TLS or an equivalent security layer.

However, if the client knows the XMPP identity then it SHOULD include

the 'from' attribute after the confidentiality and integrity of the

stream are protected via TLS or an equivalent security layer.

So there should be no problem with our implementation as we expect clients to send from attribute as described in RFC6120.

As you also found we created additional setting allowing to use see-other-host feature with clients not following this specification

c2s/cm-see-other-host/active=LOGIN

but I would suggest to use following line:

c2s/cm-see-other-host/active=OPEN;LOGIN

which would allow using this feature on stream negotiation by new clients following RFC6120 and also would allow other clients to use this feature at login time.

Added by Igor Khomenko over 3 years ago

Thank you Andrzej,

looks like the popular iOS & Android XMPP libs don't follow RFC 6120 because they don't send the 'from' attribute..

https://github.com/robbiehanson/XMPPFramework

https://www.igniterealtime.org/projects/smack/ (ver 4.0.x)

Added by Wojciech Kapcia TigaseTeam over 3 years ago

Igor Khomenko wrote:

looks like the popular iOS & Android XMPP libs don't follow RFC 6120 because they don't send the 'from' attribute..

Yes, that's true, and quite a lot of clients can't handle see-other-host redirection as well so by the rule of thumb we've enabled this only in stream open when client explicitly sends from attribute. Otherwise, with LOGIN enabled by default as well it would render a lot of clients unable to connect to the server.

Added by Igor Khomenko over 3 years ago

So, your suggestion is to customise clients to send 'from' instead of enable only LOGIN mode?

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 3 years ago

Sending from allows server to send to client see-other-host request without SSL handshake and authentication which will speed up negotiation of connection, reduce network traffic and reduce resource usage on server side, so customizing clients may be good idea.

    (1-6/6)