Ubuntu

Pidgin client digest-uri checks fail with multiple virtual hosts

Reported by Richard Hansen on 2013-01-08
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ejabberd (Ubuntu)
Status tracked in Trusty
Precise
Medium
Brian Murray
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Mathieu Trudel-Lapierre

Bug Description

[Impact]

Bug #1048634 fixes some Pidgin digest-uri check failures, but not all. There is another bug where Pidgin users won't be able to log in if there are multiple virtual hosts and the hostnames in the SRV records for the two XMPP hosts are different.

This particular bug has already been fixed upstream:
https://github.com/processone/ejabberd/commit/2bf8125abfeec9e1176ea7ab9793b8947f9c09b6
as part of this upstream bug report:
https://support.process-one.net/browse/EJAB-1578

The upstream commit is available in ejabberd 2.1.12 and later.

This bug is known to affect precise, quantal, raring, and saucy.

[Test Case]

The fix to this bug involves changes to the ejabberd configuration file, so a single test case can't be used to both demonstrate the broken behavior of an unpatched ejabberd and the proper behavior of a patched ejabberd. Thus, this section describes two cases:

  * A test case to verify the broken behavior of an unpatched version
    of ejabberd.
  * A test case to verify the proper behavior of a patched version of
    ejabberd.

These test cases make the following assumptions:

  * The instance of ejabberd will provide service to both
    example.com and example.net.
  * The ejabberd server and Pidgin client are both running on the same
    system.
  * You have the ability to configure DNS records for the
    example.com. and example.net. zones (perhaps by running a DNS
    resolver, the Pidgin client, and the ejabberd server on the same
    system and configuring /etc/resolv.conf on that system to use
    127.0.0.1).

The test cases can be trivially modified to suit different circumstances.

These are the settings common to both test cases:

  1. Set the 'hosts' setting in /etc/ejabberd/ejabberd.cfg:

       {hosts, ["example.com", "example.net"]}.

  2. Add the following records to DNS:

       _xmpp-server._tcp.example.com. 86400 IN SRV 0 0 5269 xmpp.example.com.
       _xmpp-client._tcp.example.com. 86400 IN SRV 0 0 5222 xmpp.example.com.
       xmpp.example.com. 86400 IN A 127.0.0.1
       _xmpp-server._tcp.example.net. 86400 IN SRV 0 0 5269 xmpp.example.net.
       _xmpp-client._tcp.example.net. 86400 IN SRV 0 0 5222 xmpp.example.net.
       xmpp.example.net. 86400 IN CNAME xmpp.example.com.

     Notice the 127.0.0.1 in the above records. The use of this IP
     address means that the Pidgin client must be running on the same
     system as the ejabberd server (as mentioned in the assumptions
     above). Feel free to change the IP address to something more
     convenient if desired.

  3. Create two ejabberd users:

       - <email address hidden>
       - <email address hidden>

  4. Configure Pidgin with both XMPP accounts

Case 1: Without the patch applied:

  1. Set the 'fqdn' setting in /etc/ejabberd/ejabberd.cfg:

       {fqdn, "xmpp.example.com"}.

  2. Start Pidgin and enable both accounts.

  Expected results: Only the <email address hidden> account can log in;
  the <email address hidden> account fails ejabberd's digest-uri checking
  logic.

Case 2: With the patch applied:

  1. Set the 'fqdn' setting in /etc/ejabberd/ejabberd.cfg:

       {fqdn, ["xmpp.example.com", "xmpp.example.net"]}.

     Note: This extended list-based syntax is not supported unless
     the patch is applied. If this syntax is used on an unpatched
     ejabberd server, no Pidgin users will be able to log in.

  2. Start Pidgin and enable both accounts.

  Expected results: Both accounts can successfully log in.

[Regression Potential]

This change extends the syntax of the ejabberd config file. Existing configuration files should remain compatible, but if there was a regression, it might manifest itself as an inability to correctly parse previously-valid configuration files.

The change also affects the digest-uri checking logic. A regression may result in users being unable to log in or overly permissive checks.

The patch has been in the upstream repository since 2012-06-27, and I have been running it locally for almost as long without any problems. No subsequent changes to the affected region of code have been made upstream since this patch.

Richard Hansen (a7x) wrote :

Upstream bug report (launchpad doesn't recognize it, so I can't use "Also affects project"):
https://support.process-one.net/browse/EJAB-1578

Richard Hansen (a7x) wrote :

Attached is a debdiff that includes the upstream patch. I've been running with the upstream patch for months now without any problems.

tags: added: patch
Richard Hansen (a7x) wrote :

The attachment "debdiff for precise" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Sebastien Bacher (seb128) wrote :

Thank you for your work, is that issue fixed in raring (it needs to be fixed in the current serie before being backported)?

Could you also makes the bug compliant to the stable update rules (https://wiki.ubuntu.com/StableReleaseUpdates), mostly it needs a testcase so the fix can be verified and a impact/regression potential description

Richard Hansen (a7x) wrote :

It has not yet been fixed in Raring. Precise, Quantal, and Raring are all at 2.1.10, so the attached upstream patch should apply cleanly to Raring.

I will edit the bug description according to the SRU procedure.

Richard Hansen (a7x) on 2013-02-05
description: updated
description: updated
tags: added: precise quantal raring

I'd like to sponsor this fix to raring (and then we can SRU too), could you attach a sample ejabberd.cnf file, that would make it easier for me to setup the necessary things for testing, and can be reused by people doing the SRU verification too...

Scott Moser (smoser) wrote :

@a7x,
  Thanks for your work on this bug, it looks like Mathieu is interested in getting it uploaded into raring, but needs you to help him out a little bit first.
  I'm marking this 'incomplete' for now, pending your response. Please set it back to 'New' (or Confirmed) in raring after you've given the ejabberd.cnf that was requested.

Changed in ejabberd (Ubuntu Raring):
importance: Undecided → Medium
status: New → Incomplete
Sebastien Bacher (seb128) wrote :

(unsubscribing sponsors as well since sponsoring is blocked on the issue pointed before to be resolved, please subscribe the team back when you get to do that)

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ejabberd (Ubuntu Precise):
status: New → Confirmed
Changed in ejabberd (Ubuntu Quantal):
status: New → Confirmed
Richard Hansen (a7x) on 2013-10-25
description: updated
description: updated
tags: added: saucy
Richard Hansen (a7x) wrote :
description: updated
Richard Hansen (a7x) wrote :
Richard Hansen (a7x) wrote :

A patched version of ejabberd for precise has been uploaded to my PPA (<https://launchpad.net/~a7x/+archive/bug1097366>). To use:

    sudo apt-add-repository ppa:a7x/bug1097366
    sudo apt-get update
    sudo apt-get upgrade

Changed in ejabberd (Ubuntu):
status: Incomplete → Confirmed
Changed in ejabberd (Ubuntu Raring):
status: Incomplete → Confirmed
Richard Hansen (a7x) wrote :

Updated description and attached config files. Changing status back to confirmed and re-subscribing SRU sponsors.

Richard Hansen (a7x) wrote :

My PPA (<https://launchpad.net/~a7x/+archive/bug1097366>) now has patched ejabberd packages for precise, quantal, raring, saucy, and trusty. They should finish building in a few hours.

Changed in ejabberd (Ubuntu Saucy):
status: New → Confirmed
importance: Undecided → Medium
Changed in ejabberd (Ubuntu Quantal):
importance: Undecided → Medium
Changed in ejabberd (Ubuntu Precise):
importance: Undecided → Medium
Changed in ejabberd (Ubuntu Trusty):
status: Confirmed → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ejabberd - 2.1.11-1ubuntu1

---------------
ejabberd (2.1.11-1ubuntu1) trusty; urgency=low

  * Add digest-uri-virtual-hosts.patch from upstream commit f434501
    - Fixes a problem with Pidgin not being able to log in on a server
      with multiple virtual hosts and SRV records (LP: #1097366)
 -- a7x <email address hidden> Tue, 08 Jan 2013 12:52:21 -0500

Changed in ejabberd (Ubuntu Trusty):
status: In Progress → Fix Released
Brian Murray (brian-murray) wrote :

I've uploaded the precise debdiff (with some minor changes), so I am unsubscribing the sponsors team as there is currently no additional work to be done.

Changed in ejabberd (Ubuntu Precise):
status: Confirmed → In Progress
assignee: nobody → Brian Murray (brian-murray)

Hello Richard, or anyone else affected,

Accepted ejabberd into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/ejabberd/2.1.10-2ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ejabberd (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Stéphane Graber (stgraber) wrote :

Hello Richard, or anyone else affected,

Accepted ejabberd into saucy-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/ejabberd/2.1.10-5ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ejabberd (Ubuntu Saucy):
status: Confirmed → Fix Committed
Richard Hansen (a7x) wrote :

Looks good to me, thanks!

tags: added: verification-done
removed: verification-needed
Brian Murray (brian-murray) wrote :

@Richard - did you verify this on precise or on saucy?

Richard Hansen (a7x) wrote :

Sorry, I only tested precise. I will try out saucy when I can and report back.

tags: added: verification-done-precise verification-needed
removed: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ejabberd - 2.1.10-2ubuntu1.3

---------------
ejabberd (2.1.10-2ubuntu1.3) precise-proposed; urgency=low

  * Add digest-uri-virtual-hosts.patch from upstream commit f434501
    - Fixes a problem with Pidgin not being able to log in on a server
      with multiple virtual hosts and SRV records (LP: #1097366)
 -- a7x <email address hidden> Fri, 15 Nov 2013 15:13:02 -0800

Changed in ejabberd (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers