Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth failure: SASL negotiation is not allowed in this state #189

Open
anoop012345 opened this issue Apr 30, 2024 · 5 comments
Open

auth failure: SASL negotiation is not allowed in this state #189

anoop012345 opened this issue Apr 30, 2024 · 5 comments

Comments

@anoop012345
Copy link

I am using "github.com/xmppo/go-xmpp" package then error I face is auth failure: SASL negotiation is not allowed in this state.

But While I am using "github.com/mattn/go-xmpp" is working . Please help me out why this happening.
@mdosch
Copy link
Collaborator

mdosch commented Apr 30, 2024 via email

@anoop012345
Copy link
Author

anoop012345 commented May 1, 2024
edited

Thanks for the response .
I am using ejabberd 23.1.0 and my go-xmpp vrsion is v0.2.0.

<?xml version='1.0'?><stream:stream to='example.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
<?xml version='1.0'?><stream:stream id='18386229244849438105' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='example.com' xmlns='jabber:client'>
<stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-512-PLUS</mechanism><mechanism>SCRAM-SHA-512</mechanism><mechanism>SCRAM-SHA-256-PLUS</mechanism><mechanism>SCRAM-SHA-256</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>X-OAUTH2</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='SCRAM-SHA-512-PLUS'>cD10bHMtZXhwb3J0ZXIsLG49YWRtaW4scj1jMjk0NGRhMjk2N2RlYmJj</auth>
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text xml:lang='en'>Invalid channel binding</text></failure>
<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>Yz1jRDEwYkhNdFpYaHdiM0owWlhJc0xLRXIwWTFwSDAxeUQyNk9JUTByMnRZOXNCVVVsUk0wZ2VuLzJXL1hVZ2dtLHI9LHA9ODgzdTlNbFVhMDRFUWpxdTZkOEdTTjJSZmR6UXpTaWs0UzFEWEk2cXl1YVlUbE9SdWV4NXZHWE5vVEU1Szc0WXN1SzhVVUY0WjhjMnNMMWdqd3M2aEE9PQ==</response>
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text xml:lang='en'>SASL negotiation is not allowed in this state</text></failure>
err: auth failure: SASL negotiation is not allowed in this state

@mdosch
Copy link
Collaborator

mdosch commented May 1, 2024
edited

Invalid channel binding

So it's an issue with channel binding. That could mean:

  • There is an mitm attack between you and your server
  • There is an bug in go-xmpps implementation
  • There is an bug in ejabberds implementation

As there is a known issue in ejabberd for channel binding in ejabberd < 24.02 I assume the latter. Earlier version use tls-unique with TLSv1.3 although tls-exporter must be used. If the server is not yours and can't be upgraded to ejabberd 24.02 I suggest you to set Mechanism in Options temporarily to a mechanism without channel binding (e.g. SCRAM-SHA-512) until the server is upgraded to a version >= 24.02.

@mdosch
Copy link
Collaborator

mdosch commented May 4, 2024

Did it help?

@mdosch
Copy link
Collaborator

mdosch commented May 20, 2024

@anoop012345 Could you please give some feedback? Would be important to know whether it was a server issue or an issue with this lib.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdosch @anoop012345