[jadmin] Seems to be a bug in jabber registration

Schuyler Heath sheath at jabber.org
Mon Mar 12 23:04:53 CST 2001 

I patched this bug today, removing the register tag now properly disables registration.

Schuyler

On Tue, Mar 13, 2001 at 11:57:52AM +0800, Gang Liu wrote:
> Hi,
> 	
> 	Those xdb packets are reveived when new user registes. When we del the section <register/> in jabber.xml and comment the mod_register, xdb_file still gets jabber:iq:auth:0k(type get,set) packets.This is the probleam.
> 
> <xdb type='get' to='linux at vista.internal' from='sessions' ns='jabber:iq:auth' id='1'/>
> 
> <xdb type='result' to='sessions' from='linux at vista.internal' ns='jabber:iq:auth' id='1'/>
> 
> <xdb type='set' to='linux at vista.internal' from='sessions' ns='jabber:iq:last' id='4'><query xml
> ns='jabber:iq:last' last='981706617'>Registered</query></xdb>
> 
> <xdb type='result' to
> ='sessions' from='linux at vista.internal' ns='jabber:iq:last' id='4'><query xmlns=
> 'jabber:iq:last' last='981706617'>Registered</query></xdb>
> 
> <xdb type='set'
>  to='linux at vista.internal' from='sessions' ns='jabber:iq:auth' id='5'><password
> xmlns='jabber:iq:auth'>xxxxxxxx</password></xdb>
> 
> <xdb type='result' to
> ='sessions' from='linux at vista.internal' ns='jabber:iq:auth' id='5'><password xml
> ns='jabber:iq:auth'>xxxxxxxx</password></xdb>
> 
> <xdb type='get'
>  to='linux at vista.internal' from='sessions' ns='jabber:iq:auth' id='6'/>
> 
> <xdb type='result' to
> ='sessions' from='linux at vista.internal' ns='jabber:iq:auth' id='6'><password xml
> ns='jabber:iq:auth'>xxxxxxxx</password></xdb>
> 
> <xdb type='set'
>  to='linux at vista.internal' from='sessions' ns='jabber:iq:auth:0k' id='7'><zerok
> xmlns='jabber:iq:auth:0k'><hash>c24b4022300b81127c576cd0cf3857b7b938a575</hash><
> token>3A83A779</token><sequence>500</sequence></zerok></xdb>
> 
> <xdb type='result' to
> ='sessions' from='linux at vista.internal' ns='jabber:iq:auth:0k' id='7'><zerok xml
> ns='jabber:iq:auth:0k'><hash>c24b4022300b81127c576cd0cf3857b7b938a575</hash><tok
> en>3A83A779</token><sequence>500</sequence></zerok></xdb>
> 
> <xdb type='set'
>  to='linux at vista.internal' from='sessions' ns='jabber:iq:register' id='9'><query
>  xmlns='jabber:iq:register'><resource>gang_l_27</resource><x xmlns='jabber:x:del
> ay' stamp='20010209T08:16:57'>registered</x></query></xdb>
> 
> <xdb type='result' to
> ='sessions' from='linux at vista.internal' ns='jabber:iq:register' id='9'><query xm
> lns='jabber:iq:register'><resource>gang_l_27</resource><x xmlns='jabber:x:delay'
>  stamp='20010209T08:16:57'>registered</x></query></xdb>
> 
> 	
> ----- Original Message ----- 
> From: dave_parkes<dave_parkes at uk.ibm.com>
> To: Jadmin<Jadmin at jabber.org>
> Sent: 2001-3-12 18:50:00
> Subject: [jadmin] Seems to be a bug in jabber registration
> 
> >From: Dave Parkes at IBMGB on 12/03/2001 06:50 PM
> >
> >
> >To:   Jadmin at jabber.org
> >cc:
> >Subject:  Seems to be a bug in jabber registration
> >
> >Hi,
> >     I have set up a web site for my users to register from and I have a
> >java servlet that logs on to the jabber server and registers the username
> >and registers it in the jud. This all works fine. I am now trying to
> >prevent my users from registering new jids from the client. I thought I'd
> >add an authority token to the registration xml stream and test for this
> >authority token in mod_register. Only my servlet and the jabber server
> >would know the shared secret (a simple modification I thought). Having made
> >the modification the user now gets an error when they try to register
> >(good) but the username.xml file is still created and the user can log in
> >using the username (bad).  I know mod register isn't storing anything in
> >xdb, but something is and it looks like mod_auth_plain because after
> >mod_auth_plain resetting password is an xdb_file set followed by an
> >xdb_file loading which seems to have worked is this a bug?
> >
> >Debug from jabberd follows...
> >
> >Mon Mar 12 18:01:21 2001  deliver.c:83 (80CECF8)incoming packet <route
> >type='auth' to='newuser333 at jabber2.as.global.ibm.com'
> >from='10 at c2s/8130DD8'><iq type='set' id='JCOM_10'><query
> >xmlns='jabber:iq:register'><username>newuser333</username><password>password</password><resource>Jabber
> >
> >Instant Messenger</resource><name>user
> >333</name><email>333 at 333</email></query></iq></route>
> >Mon Mar 12 18:01:21 2001  util.c:92 config query auth
> >Mon Mar 12 18:01:21 2001  mtq 8145520 entering from pth
> >Mon Mar 12 18:01:21 2001  mtq 8145520 one call 81E97B8
> >Mon Mar 12 18:01:21 2001  authreg.c:84 registration set request
> >Mon Mar 12 18:01:21 2001  users.c:137
> >js_user(newuser333 at jabber2.as.global.ibm.com,8133BB0)
> >Mon Mar 12 18:01:21 2001  users.c:144 js_user not current
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 2:jabber2.as.global.ibm.com
> > <xdb type='get' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
> >ns='jabber:iq:auth' id='1'/>
> >Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'xdb'
> >Mon Mar 12 18:01:21 2001  xdb_file.c:161 handling xdb request <xdb
> >type='get' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
> >ns='jabber:iq:auth' id='1'/>Mon Mar 12 18:01:21 2001  xdb_file.c:98 loading
> > ./spool/jabber2.as.global.ibm.com/newuser333.xml
> >Mon Mar 12 18:01:21 2001  log.c:105 <log type='warn'
> >from='jabber2.as.global.ibm.com'>xdb_file failed to open file
> >../spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
> >directory</log>
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 3:jabber2.as.global.ibm.com
> > <log type='warn' from='jabber2.as.global.ibm.com'>xdb_file failed to open
> >file ./spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
> >directory</log>
> >Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'logger'
> >20010312T18:01:21: [warn] (jabber2.as.global.ibm.com): xdb_file failed to
> >open file ./spool/jabber2.as.global.ibm.com/newuser333.xml: No such file or
> > directory
> >Mon Mar 12 18:01:21 2001  xdb_file.c:118 caching
> >../spool/jabber2.as.global.ibm.com/newuser333.xml
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 1:sessions <xdb
> >type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
> >ns='jabber:iq:auth' id='1'/>Mon Mar 12 18:01:21 2001  deliver.c:649
> >delivering to instance 'sessions'
> >Mon Mar 12 18:01:21 2001  xdb.c:41 xdb_results checking xdb packet <xdb
> >type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
> >ns='jabber:iq:auth' id='1'/>
> >Mon Mar 12 18:01:21 2001  modules.c:124 mapi_call 6
> >Mon Mar 12 18:01:21 2001  modules.c:147 MAPI 80D55B8
> >Mon Mar 12 18:01:21 2001  mod_auth_plain resetting password
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 2:jabber2.as.global.ibm.com
> > <xdb type='set' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
> >ns='jabber:iq:auth' id='2'><password
> >xmlns='jabber:iq:auth'>password</password></xdb>
> >Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'xdb'
> >Mon Mar 12 18:01:21 2001  xdb_file.c:161 handling xdb request <xdb
> >type='set' to='newuser333 at jabber2.as.global.ibm.com' from='sessions'
> >ns='jabber:iq:auth' id='2'><password
> >xmlns='jabber:iq:auth'>password</password></xdb>
> >Mon Mar 12 18:01:21 2001  xdb_file.c:98 loading
> >../spool/jabber2.as.global.ibm.com/newuser333.xml
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 1:sessions <xdb
> >type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
> >ns='jabber:iq:auth' id='2'><password
> >xmlns='jabber:iq:auth'>password</password></xdb>
> >Mon Mar 12 18:01:21 2001  deliver.c:649 delivering to instance 'sessions'
> >Mon Mar 12 18:01:21 2001  xdb.c:41 xdb_results checking xdb packet <xdb
> >type='result' to='sessions' from='newuser333 at jabber2.as.global.ibm.com'
> >ns='jabber:iq:auth' id='2'><password
> >xmlns='jabber:iq:auth'>password</password></xdb>
> >Mon Mar 12 18:01:21 2001  xdb_file.c:251 decaching
> >../spool/jabber2.as.global.ibm.com/newuser333.xml
> >Mon Mar 12 18:01:21 2001  modules.c:147 MAPI 80D56A8
> >Mon Mar 12 18:01:21 2001  util.c:92 config query register
> >Mon Mar 12 18:01:21 2001  mod_register checking
> >Mon Mar 12 18:01:21 2001  mod_register.c:58 processing valid registration
> >for newuser333 at jabber2.as.global.ibm.com
> >Mon Mar 12 18:01:21 2001  mod_register.c:61 rejecting because no authority
> >tag for newuser333 at jabber2.as.global.ibm.com
> >Mon Mar 12 18:01:21 2001  util.c:92 config query noregistration
> >Mon Mar 12 18:01:21 2001  deliver.c:460 DELIVER 4:c2s <route
> >from='newuser333 at jabber2.as.global.ibm.com' to='10 at c2s/8130DD8'
> >type='auth'><iq type='error' id='JCOM_10'><query
> >xmlns='jabber:iq:register'><username>newuser333</username><password
> >xmlns='jabber:iq:auth'>password</password><resource>Jabber Instant
> >Messenger</resource><name>user
> >333</name><email>333 at 333</email></query><error
> >code='403'>Forbidden</error></iq></route>
> >
> >Regards
> >
> >        Dave
> >
> >
> >
> >_______________________________________________
> >jadmin mailing list
> >jadmin at jabber.org
> >http://mailman.jabber.org/listinfo/jadmin
> 
> Regards,
> 
> - Lg
> 
> 2001-3-13 11:47:50
> 
> --
>   Gang Liu / Vista Team / ShenZhen City / China
>   Email: gang_l at 21cn.com
>   Phone: +86 13923425035   
>   ICQ: 70670666
> 
> 
> _______________________________________________
> jadmin mailing list
> jadmin at jabber.org
> http://mailman.jabber.org/listinfo/jadmin
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20010312/3cdd0d84/attachment-0005.pgp>

More information about the JAdmin mailing list