#1701 mod_auth_dovecot fails if dovecot sasl closes the connection
Reporter
kmq
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-New
Priority-Medium
Type-Defect
kmq
on
What steps will reproduce the problem?
1. configure prosody to use dovecot_sasl over tcp
2. authenticate one xmpp client
3. ... wait a little...
4. authenticate another xmpp client with the same account
The second xmpp authentication attempt should succeed, but instead fails. The serverlog records the error as two lines of "sasl_dovecot: Could not read from socket: closed"
This is because at step 3. the dovecot SASL auth service might close the connection.
If that happens mod_auth_dovecot sends the authentication data, and then tries to read the result, which fails because the connection is closed.
For some reason *sending* the authentication data *does* not fail.
mod_auth_dovecot checks if a new connection is neccessary here: https://hg.prosody.im/prosody-modules/file/tip/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua#l126
if there were a way to detect if the connection was closed at this point, this could be the place to try and reconnect.
What version of the product are you using? On what operating system?
Prosody 0.11.10
Lua 5.2 / Lua 5.4.3
LuaSocket 3.0-rc1
Debian and Archlinux
This python script can be used as a test SASL server for this issue
import socket
handshake = b"""VERSION\t1\t2
MECH\tPLAIN\tplaintext
MECH\tLOGIN\tplaintext
MECH\tEXTERNAL
SPID\t12345
CUID\t7
COOKIE\t2c7c0841db173c8a2af9dd30fffff23f
DONE\n"""
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("127.0.0.1", 6000))
s.listen(5)
c, addr = s.accept()
c_handshake = c.recv(24)
c.send(handshake)
msg = c.recv(1024)
response = b"OK\t523\tuser=test@test.test\thome=/home/test\tuid=1234\n"
c.send(response)
c.close()
kmq
on
This can happen when the main dovecot process reloads, because this causes it to kill it's service processes including the auth process, which in turn causes the connection to the mod_auth_dovecot sasl client to be closed.
mod_auth_dovecot treats this as an "internal-server-error" failure and this is presented to the xmpp client as an authorization error.
Conversations seems to retry the connection after a while silently, but Monal triggers a big fat error notification. I did not check other clients.
What steps will reproduce the problem? 1. configure prosody to use dovecot_sasl over tcp 2. authenticate one xmpp client 3. ... wait a little... 4. authenticate another xmpp client with the same account The second xmpp authentication attempt should succeed, but instead fails. The serverlog records the error as two lines of "sasl_dovecot: Could not read from socket: closed" This is because at step 3. the dovecot SASL auth service might close the connection. If that happens mod_auth_dovecot sends the authentication data, and then tries to read the result, which fails because the connection is closed. For some reason *sending* the authentication data *does* not fail. mod_auth_dovecot checks if a new connection is neccessary here: https://hg.prosody.im/prosody-modules/file/tip/mod_auth_dovecot/auth_dovecot/sasl_dovecot.lib.lua#l126 if there were a way to detect if the connection was closed at this point, this could be the place to try and reconnect. What version of the product are you using? On what operating system? Prosody 0.11.10 Lua 5.2 / Lua 5.4.3 LuaSocket 3.0-rc1 Debian and Archlinux This python script can be used as a test SASL server for this issue import socket handshake = b"""VERSION\t1\t2 MECH\tPLAIN\tplaintext MECH\tLOGIN\tplaintext MECH\tEXTERNAL SPID\t12345 CUID\t7 COOKIE\t2c7c0841db173c8a2af9dd30fffff23f DONE\n""" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("127.0.0.1", 6000)) s.listen(5) c, addr = s.accept() c_handshake = c.recv(24) c.send(handshake) msg = c.recv(1024) response = b"OK\t523\tuser=test@test.test\thome=/home/test\tuid=1234\n" c.send(response) c.close()
This can happen when the main dovecot process reloads, because this causes it to kill it's service processes including the auth process, which in turn causes the connection to the mod_auth_dovecot sasl client to be closed. mod_auth_dovecot treats this as an "internal-server-error" failure and this is presented to the xmpp client as an authorization error. Conversations seems to retry the connection after a while silently, but Monal triggers a big fat error notification. I did not check other clients.