Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SASL/SCRAM-SHA support using another xmpp lib #1

Closed
vrajroutu opened this issue Nov 8, 2018 · 36 comments
Closed

SASL/SCRAM-SHA support using another xmpp lib #1

vrajroutu opened this issue Nov 8, 2018 · 36 comments

Comments

@vrajroutu
Copy link

vrajroutu commented Nov 8, 2018

2018/11/08 21:51:13 Connecting to dr-openfire.lamar.com:5222 2018/11/08 21:51:13 Start TLS 2018/11/08 21:51:13 Authenticating 2018/11/08 21:51:13 no supported SASL mechanism found

My Openfire config

`

sasl.mechs.00001 | DIGEST-MD5 |   |   |  

sasl.mechs.00002 | SCRAM-SHA-1

`

@SamWhited
Copy link

You need to enable SASL PLAIN auth in Openfire.

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 11, 2018

Hi @kishorerv93. As @SamWhited mentioned, the underlying package i'm using only supports SASL PLAIN.

@SamWhited Thx for helping. I'm suprised someone is actually using this tool tbh 😄. And then another guy (you) is even answering questions. May i ask if this was just coincidence? Was it the XMPP tag?

@SamWhited
Copy link

@opthomas-prime Sure thing; glad I could be of service. I'm not using this project right this moment, but I was setting up an alertmanager instance and wanted a way to get alerts on my phone without paying for an expensive notifications service so I was looking into using our existing chat service (conversations.im) and started watching this.

If you're interested in adding SCRAM support to the library you use, I have an implementation that I built for another (also XMPP related) project here: https://godoc.org/mellium.im/sasl

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 13, 2018

@SamWhited I'm considering switching the lib anyway. So let's see 😄

@alexanderadam
Copy link
Contributor

At least there's already an open issue for it in go-xmpp.

@tmsmr
Copy link
Collaborator

tmsmr commented Jul 29, 2019

I don't think there will be any changes in https://github.com/mattn/go-xmpp tbh. I'll check for other libs tomorrow. IF there are alternatives i'll reopen the issue.

@SamWhited
Copy link

Shameless self promotion: I just did a release of mellium.im/xmpp that I think will make the API more or less stable (though it's still not 1.0 and I'm not making any guarantees, it's waiting on some changes to the encoding/xml package that may still break things). I'm not sure if it would fit your needs or not (right now it's a bit low-level, I'd like to do a higher-level client package at some point), but I'd be curious to get your feedback on the design and API either way if you evaluate it or have the time to take a look.

The only other maintained XMPP library that I'm aware of is gosrc.io/xmpp in case you want to compare. I believe this one is maintained and owned by ProcessOne (the ejabberd folks).

@tmsmr
Copy link
Collaborator

tmsmr commented Jul 29, 2019

Hey @SamWhited! Thanks for your input. I'll check your lib first. Are you availlable on IRC if i have problems/questions?

@SamWhited
Copy link

SamWhited commented Jul 29, 2019

@opthomas-prime I can be; I normally don't leave it on, but I'll try to stay logged in even when I'm away from my computer today so I can get back to you. I'm SamWhited on Freenode, Mozilla, or GeekShed. Also my JID is the same as my email (sam@samwhited.com) if you prefer either of those. Just say hi and don't wait for a subscription; I don't normally add people as friends first.

@tmsmr
Copy link
Collaborator

tmsmr commented Jul 29, 2019

@SamWhited Great. I won't be able to check this today. I'll just ping you here if you are not online on freenode Freenode tomorrow!?

@SamWhited
Copy link

@opthomas-prime if you could drop me an email or message me on any XMPP compatible service instead I'd appreciate it. I'll try to remember to log in on IRC tomorrow too though.

@tmsmr
Copy link
Collaborator

tmsmr commented Jul 29, 2019

@SamWhited We'll find a way :D. No need to stay online for this - we got plenty of time...

@tmsmr
Copy link
Collaborator

tmsmr commented Jul 30, 2019

Hi @SamWhited i started to play around with mellium.im/xmpp.
Unfortunately i got some problems (Mainly caused by lacking knowledge with XMPP i guess...).

https://github.com/opthomas-prime/xmpp-webhook/blob/mellium-xmpp/main.go#L21

  • The server i'm connecting to has no SRV records, so i had to use a custom dialer (NoLookup: true).
  • The server i'm connecting to has only StartTLS enabled (forced) and no dedicated TLS Port, so i had to specify NoTLS: true

I'm not sure if im doing this correctly. This feels kinda wrong. Shouldn't the XMPP lib figure out how to connect to a server? Maybe i was just lucky with our configuration, but github.com/emgee/go-xmpp/src/xmpp 'just worked'.

https://github.com/opthomas-prime/xmpp-webhook/blob/mellium-xmpp/main.go#L74 fails with https://github.com/mellium/xmpp/blob/master/session.go#L360

  • 'tok' is 'version='1.0'
  • The value doesn't seem to be complete garbage - do you have any hints?

@tmsmr tmsmr changed the title SASL mechanism Issue SASL/SCRAM-SHA support using another xmpp lib Jul 30, 2019
@tmsmr tmsmr reopened this Jul 30, 2019
@SamWhited
Copy link

I'm not sure if im doing this correctly. This feels kinda wrong. Shouldn't the XMPP lib figure out how to connect to a server?

For the most part it does, but you do have to specify no TLS, otherwise it could be subject to downgrade attacks. I suppose I could change things to make setting NoTLS just allow fallback, but that seems like it could be risky and that people would set it without understanding the consequences. I'll have to think about that one.

The value doesn't seem to be complete garbage - do you have any hints?

I've never seen that before; any chance you can record the stream and send me a copy? This definitely should never be hit so that sounds like a pretty serious bug in either the server or my library (and it's more likely to be my library).

@SamWhited
Copy link

I forgot to mention, if you do have an XMPP account anywhere a handful of us hang out in golang@conference.samwhited.com, a Go focused room on my server. You'd be welcome to join us and ask any questions there (or I'm online now so feel free to ping me on IRC).

@Neustradamus
Copy link
Member

Do you know Jackal?

@alexanderadam
Copy link
Contributor

@Neustradamus Jackal is a XMPP server and not a client library, or am I missing something here?

@Neustradamus
Copy link
Member

Neustradamus commented Sep 4, 2019

Yes it is an XMPP server, it is only an information ^^

@Neustradamus
Copy link
Member

Linked to:

@tmsmr
Copy link
Collaborator

tmsmr commented Sep 5, 2019

Thanks for the info @Neustradamus. I am currently trying to switch to Sam's XMPP lib (mellium.im/xmpp/). Unfortunately there are some problems with ejabberd and i am not able (time-wise) to support Sam at the moment with the required informations to fix these things. I will have some spare time in the upcoming weekends and will try to sort things out then...

@Neustradamus
Copy link
Member

@opthomas-prime: Yes for @SamWhited lib, it is a good news.
Have you tested Jackal XMPP server?
It must to be a solution to replace your ejabberd?
Not all features yet but maybe good to contrib?
Contact @ortuman, the main dev for more informations...

@tmsmr
Copy link
Collaborator

tmsmr commented Sep 5, 2019

@Neustradamus No, i haven't. We are using ejabberd in the company im working at - there are currently no plans to replace it, since it does a pretty good job. But when the current isses/features in this project are resolved/done, i'll test the webhook against some servers (Including Jackal).

@tmsmr
Copy link
Collaborator

tmsmr commented Oct 30, 2019

I decided that we have to switch to Prosody at our company. I wasn't able to track down the problem with Sam's XMPP lib and our Ejabberd Version/Environment completely - so i'm trying to be pragmatic 😄...
I'm going to work on the required steps to switch to Sam's lib in the coming days...

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 2, 2019

@kishorerv93 SASL/SCRAM should work now in https://github.com/opthomas-prime/xmpp-webhook/tree/mellium-xmpp. It would be great if you guys (If you are actually using this tool) could test if the connection/discovery with your Jabber-Server is still working correctly...

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 4, 2019

Fixed with #11

@tmsmr tmsmr closed this as completed Nov 4, 2019
@Neustradamus
Copy link
Member

Neustradamus commented Nov 5, 2019

@opthomas-prime: Thanks for your changes!

Now it works for SCRAM-SHA-1 + SCRAM-SHA-1-PLUS + SCRAM-SHA-256 + SCRAM-SHA-256-PLUS and other?

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 6, 2019

It now supports: SASL PLAIN, SCRAM-SHA-1 and SCRAM-SHA-1-PLUS

@alexanderadam
Copy link
Contributor

@Neustradamus to be more specific: it supports exactly the same things that mellium/xmpp supports.
So this means if you are missing something, it should be handled in the dedicated issue tracker of the library.

@Neustradamus
Copy link
Member

@SamWhited, mellium/xmpp does not support SCRAM-SHA-256 and SCRAM-SHA-256-PLUS?

@SamWhited
Copy link

@Neustradamus it supports whatever you want to write using it, but those are also builtin. See the list of Mechanism's.

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 7, 2019

Hi @Neustradamus, @SamWhited and @alexanderadam. This is indeed a configuration on my side. I totally missed, that SCRAM-SHA-256 and SCRAM-SHA-256-PLUS is supported by https://github.com/mellium/xmpp/ aswell. I'll test and fix that ASAP!

@SamWhited
Copy link

It's not really a big deal either way, very few people support SCRAM-SHA-256, and those that do also likely support SHA-1, but thanks for looking into it :)

@tmsmr
Copy link
Collaborator

tmsmr commented Nov 7, 2019

I want to get the best out of your lib @SamWhited 😄, so thanks for the hint. Is anyone able to test SCRAM-SHA-256 if i add it to the supported methods?

@tmsmr tmsmr reopened this Nov 7, 2019
@tmsmr
Copy link
Collaborator

tmsmr commented Jan 5, 2020

(Finally/Hopefully) fixed with d4329d0

@tmsmr tmsmr closed this as completed Jan 5, 2020
@Neustradamus
Copy link
Member

@opthomas-prime: Thanks!
Are you sure about the order?
It must be 256-PLUS>256>1-PLUS>1>PLAIN, no?

@tmsmr
Copy link
Collaborator

tmsmr commented Jan 5, 2020

You are right, my bad. I changed and amended it... (-> 90dd350)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

5 participants