[jadmin] Seems to be a bug in jabber registration

dave_parkes at uk.ibm.com dave_parkes at uk.ibm.com
Mon Mar 12 12:50:15 CST 2001


From: Dave Parkes at IBMGB on 12/03/2001 06:50 PM


To:   Jadmin at jabber.org
cc:
Subject:  Seems to be a bug in jabber registration

Hi,
     I have set up a web site for my users to register from and I have a
java servlet that logs on to the jabber server and registers the username
and registers it in the jud. This all works fine. I am now trying to
prevent my users from registering new jids from the client. I thought I'd
add an authority token to the registration xml stream and test for this
authority token in mod_register. Only my servlet and the jabber server
would know the shared secret (a simple modification I thought). Having made
the modification the user now gets an error when they try to register
(good) but the username.xml file is still created and the user can log in
using the username (bad).  I know mod register isn't storing anything in
xdb, but something is and it looks like mod_auth_plain because after
mod_auth_plain resetting password is an xdb_file set followed by an
xdb_file loading which seems to have worked is this a bug?

Debug from jabberd follows...

Mon Mar 12 18:01:21 2001  deliver.c:83 (80CECF8)incoming packet <route
type='auth' to='newuser333 at jabber2.as.global.ibm.com'
from='10 at c2s/8130DD8'><iq type='set' id='JCOM_10'><query
xmlns='jabber:iq:register'><username>newuser333</username><password>password</password><resource>Jabber

Instant Messenger</resource><name>user
333</name><email>333 at 333</email></query></iq></route>
Mon Mar 12 18:01:21 2001  util.c:92 config query auth
Mon Mar 12 18:01:21 2001  mtq 8145520 entering from pth
Mon Mar 12 18:01:21 2001  mtq 8145520 one call 81E97B8
Mon Mar 12 18:01:21 2001  authreg.c:84 registration set request
Mon Mar 12 18:01:21 2001  users.c:137
js_user(newuser333 at jabber2.as.global.ibm.com,8133BB0)
Mon Mar 12 18:01:21 2001  users.c:144 js_user not current
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 2:jabber2.as.global.ibm.com
 <xdb type='get' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
ns='jabber:iq:auth' id='1'/>
Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'xdb'
Mon Mar 12 18:01:21 2001  xdb_file.c:161 handling xdb request <xdb
type='get' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
ns='jabber:iq:auth' id='1'/>Mon Mar 12 18:01:21 2001  xdb_file.c:98 loading
 ./spool/jabber2.as.global.ibm.com/newuser333.xml
Mon Mar 12 18:01:21 2001  log.c:105 <log type='warn'
from='jabber2.as.global.ibm.com'>xdb_file failed to open file
./spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
directory</log>
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 3:jabber2.as.global.ibm.com
 <log type='warn' from='jabber2.as.global.ibm.com'>xdb_file failed to open
file ./spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
directory</log>
Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'logger'
20010312T18:01:21: [warn] (jabber2.as.global.ibm.com): xdb_file failed to
open file ./spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
 directory
Mon Mar 12 18:01:21 2001  xdb_file.c:118 caching
./spool/jabber2.as.global.ibm.com/newuser333.xml
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 1:sessions <xdb
type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
ns='jabber:iq:auth' id='1'/>Mon Mar 12 18:01:21 2001  deliver.c:649
delivering to instance 'sessions'
Mon Mar 12 18:01:21 2001  xdb.c:41 xdb_results checking xdb packet <xdb
type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
ns='jabber:iq:auth' id='1'/>
Mon Mar 12 18:01:21 2001  modules.c:124 mapi_call 6
Mon Mar 12 18:01:21 2001  modules.c:147 MAPI 80D55B8
Mon Mar 12 18:01:21 2001  mod_auth_plain resetting password
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 2:jabber2.as.global.ibm.com
 <xdb type='set' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
ns='jabber:iq:auth' id='2'><password
xmlns='jabber:iq:auth'>password</password></xdb>
Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'xdb'
Mon Mar 12 18:01:21 2001  xdb_file.c:161 handling xdb request <xdb
type='set' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
ns='jabber:iq:auth' id='2'><password
xmlns='jabber:iq:auth'>password</password></xdb>
Mon Mar 12 18:01:21 2001  xdb_file.c:98 loading
./spool/jabber2.as.global.ibm.com/newuser333.xml
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 1:sessions <xdb
type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
ns='jabber:iq:auth' id='2'><password
xmlns='jabber:iq:auth'>password</password></xdb>
Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'sessions'
Mon Mar 12 18:01:21 2001  xdb.c:41 xdb_results checking xdb packet <xdb
type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
ns='jabber:iq:auth' id='2'><password
xmlns='jabber:iq:auth'>password</password></xdb>
Mon Mar 12 18:01:21 2001  xdb_file.c:251 decaching
./spool/jabber2.as.global.ibm.com/newuser333.xml
Mon Mar 12 18:01:21 2001  modules.c:147 MAPI 80D56A8
Mon Mar 12 18:01:21 2001  util.c:92 config query register
Mon Mar 12 18:01:21 2001  mod_register checking
Mon Mar 12 18:01:21 2001  mod_register.c:58 processing valid registration
for newuser333 at jabber2.as.global.ibm.com
Mon Mar 12 18:01:21 2001  mod_register.c:61 rejecting because no authority
tag for newuser333 at jabber2.as.global.ibm.com
Mon Mar 12 18:01:21 2001  util.c:92 config query noregistration
Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 4:c2s <route
from='newuser333 at jabber2.as.global.ibm.com' to='10 at c2s/8130DD8'
type='auth'><iq type='error' id='JCOM_10'><query
xmlns='jabber:iq:register'><username>newuser333</username><password
xmlns='jabber:iq:auth'>password</password><resource>Jabber Instant
Messenger</resource><name>user
333</name><email>333 at 333</email></query><error
code='403'>Forbidden</error></iq></route>

Regards

        Dave






More information about the JAdmin mailing list