ejabberd日志分析客户端登录流程

最新推荐文章于 2021-09-27 17:37:13 发布

weixin_30421809

最新推荐文章于 2021-09-27 17:37:13 发布

阅读量94

点赞数

文章标签：网络

原文链接：http://www.cnblogs.com/unqiang/p/7805760.html

版权

通过ejabberd的日志，整理了下客户端登录流程。

1. 通过TCP连接5222端口的流程：

(1) 客户端向服务器发送stream流

<stream:stream to="nba.com"
               xml:lang="*" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">

(2) 服务器应答stream

<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
               xmlns:stream='http://etherx.jabber.org/streams' id='4171758611' from='nba.com' version='1.0' xml:lang='en'>

(3) 服务器发送流特性

<stream:features>
    <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>PLAIN</mechanism> </mechanisms> <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='AxFG3uvIZfHAbBjOUb9t3klmoos='/> <register xmlns='http://jabber.org/features/iq-register'/> </stream:features>

(4) 客户端发送tls请求

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

(5) 服务器回应并开始TLS握手

<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

(6) TLS握手完成后，客户端重新初始化stream流

<stream:stream to="nba.com"
               xml:lang="*" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">

(7) 服务器应答

<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
               xmlns:stream='http://etherx.jabber.org/streams' id='703708799' from='nba.com' version='1.0' xml:lang='en'>

(8) 服务器告知客户端支持的SASL验证机制

<stream:features>
    <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>PLAIN</mechanism> </mechanisms> <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='AxFG3uvIZfHAbBjOUb9t3klmoos='/> <register xmlns='http://jabber.org/features/iq-register'/> </stream:features>

(9) 客户端选择简单认证机制并发送用户名密码

<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">AG1iZWQAbWlycm9y</auth>

(10) 服务器告诉客户端校验通过，SASL握手完成

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

(11) 客户端再次初始化stream流

<stream:stream to="nba.com"
               xml:lang="*" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">

(12) 服务器应答

<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
               xmlns:stream='http://etherx.jabber.org/streams' id='2767342509' from='nba.com' version='1.0' xml:lang='en'>

(13) 通知客户端进行资源绑定

<stream:features>
    <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/> <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/> <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='AxFG3uvIZfHAbBjOUb9t3klmoos='/> <register xmlns='http://jabber.org/features/iq-register'/> </stream:features>

(14) 客户端请求资源绑定

<iq type="set" id="0"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> <resource>boston</resource> </bind> </iq>

(15) 服务器应答

<iq id='0' type='result'> <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'> <jid>rondo@nba.com/boston</jid> </bind> </iq>

(16) 客户端请求session绑定

<iq type="set" id="1"> <session xmlns="urn:ietf:params:xml:ns:xmpp-session"/> </iq>

(17) 服务器应答

<iq type='result' id='1'> <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/> </iq>

至此，可认为登陆完成，后续进行能力协商，发送其他请求消息，发送出息消息等。

2. 通过http连接5280端口的流程

http方式的交互是通过BOSH协议完成的，详细可参见

http://xmpp.org/extensions/xep-0124.html

http://xmpp.org/xmpp-protocols/xmpp-extensions/

具体流程为：

(1) 发起bosh会话

<body rid='16488487'
      xmlns='http://jabber.org/protocol/httpbind'
      to='nba.com'
      xml:lang='en'
      wait='60' hold='1' content='text/xml;charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>

(2) 服务器应答

<body xmlns='http://jabber.org/protocol/httpbind'
      sid='90582e464361adb537351e65ecfa66d1336ea486' wait='60' requests='2' inactivity='30' maxpause='120' polling='2' ver='1.8' from='nba.com' secure='true' authid='1145683568' xmlns:xmpp='urn:xmpp:xbosh' xmlns:stream='http://etherx.jabber.org/streams' xmpp:version='1.0'> <stream:features xmlns:stream='http://etherx.jabber.org/streams'> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>PLAIN</mechanism> </mechanisms> <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='AxFG3uvIZfHAbBjOUb9t3klmoos='/> <register xmlns='http://jabber.org/features/iq-register'/> </stream:features> </body>

(3) 客户端发送用户名密码

<body rid='16488488'
      xmlns='http://jabber.org/protocol/httpbind' sid='90582e464361adb537351e65ecfa66d1336ea486'> <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'> AGNoZW53ZW5jYW4ja2VkYWNvbS5jb20AMjEyMThjY2E3NwgzNGQyYmExOTIyYzMzZTAxNTExMDU= </auth> </body>

(4) 服务器响应告知校验结果

<body xmlns='http://jabber.org/protocol/httpbind'>
    <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> </body>

(5) 客户端重新初始化stream流

<body rid='16488489'
      xmlns='http://jabber.org/protocol/httpbind' sid='90582e464361adb537351e65ecfa66d1336ea486' to='nba.com' xml:lang='en' xmpp:restart='true' xmlns:xmpp='urn:xmpp:xbosh'/>

(6) 服务器通知完成资源绑定

<body xmlns='http://jabber.org/protocol/httpbind'
      sid='90582e464361adb537351e65ecfa66d1336ea486' wait='60' requests='2' inactivity='30' maxpause='120' polling='2' ver='1.8' from='nba.com' secure='true' authid='3855745118' xmlns:xmpp='urn:xmpp:xbosh' xmlns:stream='http://etherx.jabber.org/streams' xmpp:version='1.0'> <stream:features xmlns:stream='http://etherx.jabber.org/streams'> <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/> <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/> <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.process-one.net/en/ejabberd/' ver='AxFG3uvIZfHAbBjOUb9t3klmoos='/> <register xmlns='http://jabber.org/features/iq-register'/> </stream:features> </body>

(7) 客户端请求资源绑定

<body rid='16488490'
      xmlns='http://jabber.org/protocol/httpbind' sid='90582e464361adb537351e65ecfa66d1336ea486'> <iq type='set' id='_bind_auth_2' xmlns='jabber:client'> <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'> <resource>boston</resource> </bind> </iq> </body>

(8) 服务器应答

<body xmlns='http://jabber.org/protocol/httpbind'>
    <iq xmlns='jabber:client' id='_bind_auth_2' type='result'> <bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'> <jid>rondo@nba.com/boston</jid> </bind> </iq> </body>

(9) 客户端请求session绑定

<body rid='16488491'
      xmlns='http://jabber.org/protocol/httpbind' sid='90582e464361adb537351e65ecfa66d1336ea486'> <iq type='set' id='_session_auth_2' xmlns='jabber:client'> <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/> </iq> </body>

(10) 服务器应答

<body xmlns='http://jabber.org/protocol/httpbind'>
    <iq xmlns='jabber:client' id='_session_auth_2' type='result'> <session xmlns='urn:ietf:params:xml:ns:xmpp-session'/> </iq> </body>


分析：

　SASL 交涉

Client 客户端需要选择一个服务器上有效的认证方式来携带SASL交涉数据, 上面的情况, “DIGEST-MD5“, “PLAIN” 和 “EXTERNAL” 是一些可选项.

“PLAIN” 认证模式是三者之中最简单的了. 它是这样工作的:

Client: 客户端按照自己选择的认证模式发送一个将用户名和密码以base64编码的 stream. 用户名和密码按这种格式组织:

　　　　“\0UserName\0Password”.

例如我想以用户名为“mbed@ceit.org”登录, 密码是“mirror”. 那么, 在进行base64编码之前, 用户名和密码按照上面的格式组织为一个新的字符串,“\0mbed\0mirror”, 再进行base64编码, 得到字符串“AG1iZWQAbWlycm9y”.


然后, 客户端发送下列 stream 到服务器.

 <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>AG1iZWQAbWlycm9y</auth>  

代码如下：


直接base64 编码decode，可看到用户名和密码。

转载于:https://www.cnblogs.com/unqiang/p/7805760.html

weixin_30421809

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ejabberd日志分析客户端登录流程

通过ejabberd的日志，整理了下客户端登录流程。1. 通过TCP连接5222端口的流程：(1) 客户端向服务器发送stream流<stream:stream to="nba.com" xml:lang="*" version="1.0" xmlns:stream="http://e...
复制链接

扫一扫