If Password ends with an equal symbol '=', logon account name is sent as localpart only

[kpersonett]

Authentication Failure due to bug exposed when Password ends with an equal symbol. Such as $Password123456=

This results in the logon account being sent without the domain (ie. the local-part only. For instance, user.name@xmppserver.int is sent as user.name)

OS: Windows 7 64 bit

Psi Version: v1.4-dev (2018-11-24)

XML log (you can find it in account's context menu)

N/A

stdout (terminal log)

N/A

In case of app crash please provide back trace (start debug version in gdb).

You can always ask for help in xmpp:psi-dev@conference.jabber.ru?join

[Ri0n]

Works fine on Linux with a snapshot version. Probably Windows only problem.

@Vitozz could you test?

In any case I can't imagine how password may interfere with jid.

@kpersonett, please test with a snapshot version https://sourceforge.net/projects/psiplus/files/Windows/Personal-Builds/KukuRuzo/ (it's stable enough)

[Vitozz]

Just tested in 1.5.1549 and for me bug is not reproducible. I've created new account with password which ends with =. And everything works well. (with keyring support enabled)

[kpersonett]

I don't have Keyring support enabled Just Send Keep-Alives Enable Stream Mgmt Encrypt Always Allow Plaintext over encrypted connection

We determined the described behavior looking at the data on the server using wireshark.

[kpersonett]

FWIW, when I changed that password to end in an Asterisk instead of an equal symbol, it sent the full username with domain. That was the only change. I figured that perhaps some piece of code might be seeing the trailing equal symbol and making an assumption about Base64 encoding or something similar to that... I've not looked at the codebase yet, been too busy with my own projects.

[Ri0n]

@kpersonett, please attach xml log to this report. I guess it's kind of misinterpretation. Tell us what exactly do you have in "XMPP Address" fields in you account settings and if you have custom authentication enabled on the "Misc" tab of the account settings dialog and what you have in username/realm fields if custom auth is enabled.

[kpersonett]

I couldn't find any xml logs ... there are of course account information xml files etc... but attaching that would be a security issue.

Account Setup... Anything NOT noted is left blank/empty

Account Property Page XMPP Address: local.part@domain.com Password: $Adf770406=

Connection Property Page [x] Send "keep-alive" packets (to prevent timeouts) [x] Enable Stream Management if possible Encrypt Connection [Always] Allow plaintext authentication: [Over encrypted connection]

Misc Property Page Resource: [Use host name] [Psi] Default priority: [Depends on status] [5] STUN/TURN Host: <don't use>

That's it. Nothing fancy, all very basic.

When captured at the server via wireshark, the authentication information didn't have the @ symbol or domain name. Didn't try capturing traffic at the client as I didn't have a functional copy of Netmon or wireshark on it

[Ri0n]

right click on your account in roster. xml console is there. But in general auth info always comes the way you describe. So that's fine. I guess since it's visible with wireshark, you use plain text login/password (+base64 encoding)

[Neustradamus]

@kpersonett: Can you enable the XML Console and copy the result?

Note : There is not a log file but only in the XML Console view...

[Neustradamus]

@kpersonett: Any news on it?

[Neustradamus]

@kpersonett: Have you tested with latest Psi+ build? The problem is always here? Thanks in advance.