#1701 mod_auth_dovecot fails if dovecot sasl closes the connection

Reporter kmq
Owner Nobody
Stars ★ (1)
  • Type-Defect
  • Priority-Medium
  • Status-New
  1. kmq on

    What steps will reproduce the problem? 1. configure prosody to use dovecot_sasl over tcp 2. authenticate one xmpp client 3. ... wait a little... 4. authenticate another xmpp client with the same account The second xmpp authentication attempt should succeed, but instead fails. The serverlog records the error as two lines of "sasl_dovecot: Could not read from socket: closed" This is because at step 3. the dovecot SASL auth service might close the connection. If that happens mod_auth_dovecot sends the authentication data, and then tries to read the result, which fails because the connection is closed. For some reason *sending* the authentication data *does* not fail. mod_auth_dovecot checks if a new connection is neccessary here: https://hg.prosody.im/prosody-modules/file/tip/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua#l126 if there were a way to detect if the connection was closed at this point, this could be the place to try and reconnect. What version of the product are you using? On what operating system? Prosody 0.11.10 Lua 5.2 / Lua 5.4.3 LuaSocket 3.0-rc1 Debian and Archlinux This python script can be used as a test SASL server for this issue import socket handshake = b"""VERSION\t1\t2 MECH\tPLAIN\tplaintext MECH\tLOGIN\tplaintext MECH\tEXTERNAL SPID\t12345 CUID\t7 COOKIE\t2c7c0841db173c8a2af9dd30fffff23f DONE\n""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("", 6000)) s.listen(5) c, addr = s.accept() c_handshake = c.recv(24) c.send(handshake) msg = c.recv(1024) response = b"OK\t523\tuser=test@test.test\thome=/home/test\tuid=1234\n" c.send(response) c.close()

  2. kmq on

    This can happen when the main dovecot process reloads, because this causes it to kill it's service processes including the auth process, which in turn causes the connection to the mod_auth_dovecot sasl client to be closed. mod_auth_dovecot treats this as an "internal-server-error" failure and this is presented to the xmpp client as an authorization error. Conversations seems to retry the connection after a while silently, but Monal triggers a big fat error notification. I did not check other clients.

New comment

Not published. Used for spam prevention and optional update notifications.