-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SASL/SCRAM-SHA support using another xmpp lib #1
Comments
You need to enable SASL PLAIN auth in Openfire. |
Hi @kishorerv93. As @SamWhited mentioned, the underlying package i'm using only supports SASL PLAIN. @SamWhited Thx for helping. I'm suprised someone is actually using this tool tbh 😄. And then another guy (you) is even answering questions. May i ask if this was just coincidence? Was it the XMPP tag? |
@opthomas-prime Sure thing; glad I could be of service. I'm not using this project right this moment, but I was setting up an alertmanager instance and wanted a way to get alerts on my phone without paying for an expensive notifications service so I was looking into using our existing chat service (conversations.im) and started watching this. If you're interested in adding SCRAM support to the library you use, I have an implementation that I built for another (also XMPP related) project here: https://godoc.org/mellium.im/sasl |
@SamWhited I'm considering switching the lib anyway. So let's see 😄 |
At least there's already an open issue for it in |
I don't think there will be any changes in https://github.com/mattn/go-xmpp tbh. I'll check for other libs tomorrow. IF there are alternatives i'll reopen the issue. |
Shameless self promotion: I just did a release of The only other maintained XMPP library that I'm aware of is |
Hey @SamWhited! Thanks for your input. I'll check your lib first. Are you availlable on IRC if i have problems/questions? |
@opthomas-prime I can be; I normally don't leave it on, but I'll try to stay logged in even when I'm away from my computer today so I can get back to you. I'm |
@SamWhited Great. I won't be able to check this today. I'll just ping you here if you are not online on freenode Freenode tomorrow!? |
@opthomas-prime if you could drop me an email or message me on any XMPP compatible service instead I'd appreciate it. I'll try to remember to log in on IRC tomorrow too though. |
@SamWhited We'll find a way :D. No need to stay online for this - we got plenty of time... |
Hi @SamWhited i started to play around with mellium.im/xmpp. https://github.com/opthomas-prime/xmpp-webhook/blob/mellium-xmpp/main.go#L21
I'm not sure if im doing this correctly. This feels kinda wrong. Shouldn't the XMPP lib figure out how to connect to a server? Maybe i was just lucky with our configuration, but github.com/emgee/go-xmpp/src/xmpp 'just worked'. https://github.com/opthomas-prime/xmpp-webhook/blob/mellium-xmpp/main.go#L74 fails with https://github.com/mellium/xmpp/blob/master/session.go#L360
|
For the most part it does, but you do have to specify no TLS, otherwise it could be subject to downgrade attacks. I suppose I could change things to make setting NoTLS just allow fallback, but that seems like it could be risky and that people would set it without understanding the consequences. I'll have to think about that one.
I've never seen that before; any chance you can record the stream and send me a copy? This definitely should never be hit so that sounds like a pretty serious bug in either the server or my library (and it's more likely to be my library). |
I forgot to mention, if you do have an XMPP account anywhere a handful of us hang out in |
Do you know Jackal? |
@Neustradamus Jackal is a XMPP server and not a client library, or am I missing something here? |
Yes it is an XMPP server, it is only an information ^^ |
Linked to: |
Thanks for the info @Neustradamus. I am currently trying to switch to Sam's XMPP lib (mellium.im/xmpp/). Unfortunately there are some problems with ejabberd and i am not able (time-wise) to support Sam at the moment with the required informations to fix these things. I will have some spare time in the upcoming weekends and will try to sort things out then... |
@opthomas-prime: Yes for @SamWhited lib, it is a good news. |
@Neustradamus No, i haven't. We are using ejabberd in the company im working at - there are currently no plans to replace it, since it does a pretty good job. But when the current isses/features in this project are resolved/done, i'll test the webhook against some servers (Including Jackal). |
I decided that we have to switch to Prosody at our company. I wasn't able to track down the problem with Sam's XMPP lib and our Ejabberd Version/Environment completely - so i'm trying to be pragmatic 😄... |
@kishorerv93 SASL/SCRAM should work now in https://github.com/opthomas-prime/xmpp-webhook/tree/mellium-xmpp. It would be great if you guys (If you are actually using this tool) could test if the connection/discovery with your Jabber-Server is still working correctly... |
Fixed with #11 |
@opthomas-prime: Thanks for your changes! Now it works for SCRAM-SHA-1 + SCRAM-SHA-1-PLUS + SCRAM-SHA-256 + SCRAM-SHA-256-PLUS and other? |
It now supports: SASL PLAIN, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS |
@Neustradamus to be more specific: it supports exactly the same things that mellium/xmpp supports. |
@SamWhited, mellium/xmpp does not support SCRAM-SHA-256 and SCRAM-SHA-256-PLUS? |
@Neustradamus it supports whatever you want to write using it, but those are also builtin. See the list of |
Hi @Neustradamus, @SamWhited and @alexanderadam. This is indeed a configuration on my side. I totally missed, that SCRAM-SHA-256 and SCRAM-SHA-256-PLUS is supported by https://github.com/mellium/xmpp/ aswell. I'll test and fix that ASAP! |
It's not really a big deal either way, very few people support SCRAM-SHA-256, and those that do also likely support SHA-1, but thanks for looking into it :) |
I want to get the best out of your lib @SamWhited 😄, so thanks for the hint. Is anyone able to test SCRAM-SHA-256 if i add it to the supported methods? |
(Finally/Hopefully) fixed with d4329d0 |
@opthomas-prime: Thanks! |
You are right, my bad. I changed and amended it... (-> 90dd350) |
2018/11/08 21:51:13 Connecting to dr-openfire.lamar.com:5222 2018/11/08 21:51:13 Start TLS 2018/11/08 21:51:13 Authenticating 2018/11/08 21:51:13 no supported SASL mechanism found
My Openfire config
`
sasl.mechs.00001 | DIGEST-MD5 | | |
sasl.mechs.00002 | SCRAM-SHA-1
`
The text was updated successfully, but these errors were encountered: