Unable to authenticate/register using DIGEST-MD5 over SASL

[antagonismorg]

When attempting to authenticate to guardianproject.antagonism.org via digest-md5 over SASL, authentication fails. The server shows no packets transmitted during the connection. The same account is able to authentication and register using the PLAIN method.

[n8fr8]

We need to integrate this patch into our version of Smack:

http://issues.igniterealtime.org/browse/SMACK-275

[eighthave]

Is this still a problem since I updated the Smack jar to 3.2.0? It seems that they included a fix for this problem into their trunk a while ago, so it'd make sense if it was included in the recent 3.2.0 release.

[eighthave]

I tested on the server that I use (jabber.eds.org) which is running ejabberd and Digest-MD5 is definitely working using the current Gibberbot. I disabled PLAIN entirely using SASLAuthentication.unregisterSASLMechanism("PLAIN") and turned on Smack debug using mConfig.setDebuggerEnabled(true) and confirmed that it is indeed using Digest-MD5. It does not work for me using guardianproject.antagonism.org though, with that server I get:

03-09 00:00:47.511: INFO/System.out(2182): 12:00:47 AM SENT (1140126952): <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"></auth>
03-09 00:00:48.290: INFO/System.out(2182): 12:00:48 AM RCV  (1140126952): <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cmVhbG09Imd1YXJkaWFucHJvamVjdC5hbnRhZ29uaXNtLm9yZyIsIG5vbmNlPSJQZnpmY3R5dmFS
03-09 00:00:48.290: INFO/System.out(2182): 12:00:48 AM RCV  (1140126952): d1h6LzNpSFE0dS9nPT0iLCBxb3A9ImF1dGgiLCBjaGFyc2V0PXV0Zi04LCBhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
03-09 00:00:48.370: INFO/System.out(2182): 12:00:48 AM SENT (1140126952): <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9ImdwdGVzdCIscmVhbG09Imd1YXJkaWFucHJvamVjdC5hbnRhZ29uaXNtLm9yZyIsY25vbmNlPSJhMDNlNTZiOTVkMTFmODYzYjkzMTI3MDI4ODJiNmNjMjJhYWQ2Mzk3MTkyZWNlMDFkZWYwNmFkZTdjMzYwYjY3IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJ4bXBwL2d1YXJkaWFucHJvamVjdC5hbnRhZ29uaXNtLm9yZyIscmVzcG9uc2U9NjZmNWJhZTI2OTUyYWZjYWUxYTMzOWZkN2YwNzA4NmQsY2hhcnNldD11dGYtOCxub25jZT0iUGZ6ZmN0eXZhUndYei8zaUhRNHUvZz09Ig==</response>
03-09 00:00:48.721: INFO/System.out(2182): 12:00:48 AM RCV  (1140126952): <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cnNwYXV0aD1jZDRhYTMwZWI3YThhNjBjNDE2MTg1OTk4YzUyMjYyOQ==</challenge>
03-09 00:00:48.761: INFO/System.out(2182): 12:00:48 AM SENT (1140126952): <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">=</response>
03-09 00:00:49.071: INFO/System.out(2182): 12:00:49 AM RCV  (1140126952): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><incorrect-encoding/></failure>
03-09 00:00:49.091: ERROR/XmppConnection(2182): login failed
03-09 00:00:49.091: ERROR/XmppConnection(2182): SASL authentication DIGEST-MD5 failed: incorrect-encoding: 
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:337)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:230)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.initConnection(XmppConnection.java:481)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.do_login(XmppConnection.java:214)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection.access$6(XmppConnection.java:184)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at info.guardianproject.otr.app.im.plugin.xmpp.XmppConnection$1.run(XmppConnection.java:179)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
03-09 00:00:49.091: ERROR/XmppConnection(2182):     at java.lang.Thread.run(Thread.java:1096)

[eighthave]

Ok, I've gotten Digest-MD5 working successfully on eds.org, limun.org (ejabberd), jabber.org, and chat.facebook.com. Its still not working on guardianproject.antagonism.org (jabberd2) though.

[Kensan]

I've posted a fix and a small writeup for this issue wrt. jabberd2 to the dev mailinglist, see https://lists.mayfirst.org/pipermail/guardian-dev/2011-March/000160.html

[eighthave]

ok, keep us posted on this! I'm not opposed to including the smack fix, but we would then need to make sure that it doesn't break other things.