views:

1307

answers:

1

I'm trying to authenticate with an XMPP server using SASL.

/**
     * Send Authentication, SASL
     * @return Bool
     * @param $username String
     * @param $password String
     */
    function authenticate($username, $password) {
     $this->username = $username;
     $this->password = $password;

     var_dump($username, $password, $this->domain);

     $auth = base64_encode($username.'@'.$this->domain."\u0000".$username."\u0000".$password);
     $xml = '<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">'.$auth.'</auth>';
     if ($this->write($xml)) {
      if ($xml = $this->listen(1, true)) {
       if (preg_match("/<success/i", $xml)) {
        $this->authenticated = $this->_sendStream();
       }
      }
     }
     $this->events->trigger('authenticate', $this->authenticated);
     return $this->authenticated;
    }

The XMPP server however responds with:

<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><bad-protocol/></failure>

This is against an Ejabberd server. When I open the XMPP stream, it advertises:

<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/&gt;&lt;/stream:features&gt;

So it seams to me that SASL - PLAIN should work. I have a JavaScript version, that works perfectly on OpenFire server. (I can't test it on Ejabberd at the moment)

sendAuthentication: function() {
     clearTimeout(XMPP.sendAuthentication_timer);
     var auth = Base64.encode(XMPP.username+'@'+XMPP.domain+'\u0000'+XMPP.username+'\u0000'+XMPP.password);
     mySocket.events.receive.observe(XMPP.receivedAuthSuccess, function() {
      mySocket.send('<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">' + auth + '</auth>');
     });
    }

So I can't get why the PHP version is not working.

A: 

Figured out what the problem was. EJabberd will advertise SASL PLAIN and DIGEST-MD5 but will actually only accept DIGEST-MD5.

bucabay