0

Me and my collage group have set up an ejabberd server in a docker container for a chat application and Im attempting to call the ejabberd api from a C# RestSharp call. the C# code is:

        public async Task<bool> LoginAsync(LoginDTO user)
        {
            var request = new RestRequest(Method.POST);
            request.Resource = "check_password";
            XmppLoginDto loginDto = new() { Host = "localhost", Password = user.Password, User= user.Username };
            
            var response = await _restClient.RequestAsync<int>(Method.POST, "check_password", loginDto);

            if (!response.IsSuccessful)
            {
                throw new Exception($"Error logging in for user with username={user.Username}. Message was {response.Content}");
            }
            return response.IsSuccessful;
        }

Rest Sharp works on my own simple API with the exact same format for the Rest Request. Ive also tried using Postman to call the ejabberd api and it works without a problem. Ive also tried messing with the SSL/TLS settings in the ejabberd config file, but whatever I tried it wasnt working. I tried sending calls with certain TLS version disabled in postman and all of them work. I truly have 0 idea how this could be fixed.

Here is the YAML config file that we are using:

###              ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
###       https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### *******           !!! WARNING !!!               *******
### *******     YAML IS INDENTATION SENSITIVE       *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
###

hosts:
  - localhost

loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100

certfiles:
  - /home/ejabberd/conf/server.pem

ca_file: "/home/ejabberd/conf/cacert.pem"

## When using let's encrypt to generate certificates
##certfiles:
##  - /etc/letsencrypt/live/localhost/fullchain.pem
##  - /etc/letsencrypt/live/localhost/privkey.pem
##
##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"

listen:
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    protocol_options: 
      - SSL_OP_ALL
      - SSL_OP_IGNORE_UNEXPECTED_EOF
      - no_sslv2
    request_handlers:
      /websocket: ejabberd_http_ws
      /api: mod_http_api
      /oauth: ejabberd_oauth  
  -
    port: 5222
    ip: "::"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls_required: true
  -
    port: 5269
    ip: "::"
    module: ejabberd_s2s_in
    max_stanza_size: 524288
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    tls: true
    request_handlers:
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth
  -
    port: 5180
    ip: "::"
    module: ejabberd_http
    request_handlers:
      /: ejabberd_web_admin
      ## Handle ejabberd commands using XML-RPC
      /: ejabberd_xmlrpc
      "/api": mod_http_api 
  -
    port: 1883
    ip: "::"
    module: mod_mqtt
    backlog: 1000
  -
    port: 4560
    module: ejabberd_http
    request_handlers:
      ## Handle ejabberd commands using XML-RPC
      /: ejabberd_xmlrpc
  
  ## OAUTH HTTP PORTS END

  ##
  ## https://docs.ejabberd.im/admin/configuration/#stun-and-turn
  ## ejabberd_stun: Handles STUN Binding requests
  ##
  ##-
  ##  port: 3478
  ##  ip: "0.0.0.0"
  ##  transport: udp
  ##  module: ejabberd_stun
  ##  use_turn: true
  ##  turn_ip: "{{ IP }}"
  ##  auth_type: user
  ##  auth_realm: "example.com"
  ##-
  ##  port: 3478
  ##  ip: "0.0.0.0"
  ##  module: ejabberd_stun
  ##  use_turn: true
  ##  turn_ip: "{{ IP }}"
  ##  auth_type: user
  ##  auth_realm: "example.com"
  ##- 
  ##  port: 5349
  ##  ip: "0.0.0.0"
  ##  module: ejabberd_stun
  ##  certfile: "/home/ejabberd/conf/server.pem"
  ##  tls: true
  ##  use_turn: true
  ##  turn_ip: "{{ IP }}"
  ##  auth_type: user
  ##  auth_realm: "example.com"
  ##
  ## https://docs.ejabberd.im/admin/configuration/#sip
  ## To handle SIP (VOIP) requests:
  ##
  ##-
  ##  port: 5060
  ##  ip: "0.0.0.0"
  ##  transport: udp
  ##  module: ejabberd_sip
  ##-
  ##  port: 5060
  ##  ip: "0.0.0.0"
  ##  module: ejabberd_sip
  ##-
  ##  port: 5061
  ##  ip: "0.0.0.0"
  ##  module: ejabberd_sip
  ##  tls: true


  ## TOP LEVEL OPTS CUSTOM MADE FOR OUR PROJECT!!!! VERY IMPORTANT 
s2s_use_starttls: optional
default_db: sql
auth_method: sql
sql_type: mssql
sql_server: "hildur.ucn.dk"
sql_database: "dmai0920_1086316"
sql_username: "dmai0920_1086316"
sql_password: "Password1!"
auth_password_format: scram
auth_scram_hash: sha512
commands_admin_access:
  - allow:
    - user: "admin@localhost"  # your user name.
commands:
  - add_commands: [user, admin, open]

oauth_access:
  - allow: all

oauth_expire: 86400
  ## END OF OUR VERY IMPORTANT TOP LEVEL OPTS
  ## more important information : please ctrl f configure: and change allow from all to admin once we have properly created an admin user :)
  


acl:
  local:
    user_regexp: ""
  loopback:
    ip:
      - 127.0.0.0/8
      - ::1/128
      - ::FFFF:127.0.0.1/128
  admin:
    user:
      - "admin@localhost"
  common:
    server: "localhost"

access_rules:
  local:
    allow: local
  c2s:
    deny: blocked
    allow: all
  announce:
    allow: admin
  configure:
    allow: all
  muc_create:
    allow: local
  pubsub_createnode:
    allow: local
  trusted_network:
    allow: loopback

api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
      - mod_http_api
    who: all
    what: 
      - "*"
      - register
  "admin access":
    who:
      oauth:
        scope: "ejabberd:admin"
        access:
          allow:
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    from: 
      - mod_http_api
    who: all
    what:
      - "*"
      - "!start"
      - "!stop"
  "common commands":
    from:
    - mod_http_api
    who: 
      oauth:
        scope: "ejabberd:admin"
        access:
          allow:
            - acl: common
    what:
      - "status"
      - "get_roster"
      - "!stop"
  "login commands":
    from: 
    - mod_http_api
    who: all
    what:
      - "status"
      - "check_account"
      - "check_password"
      - "check_password_hash"

shaper:
  normal: 1000
  fast: 50000

shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    5000: admin
    100: all
  c2s_shaper:
    none: admin
    normal: all
  s2s_shaper: fast

max_fsm_queue: 10000

acme:
   contact: "mailto:example-admin@example.com"
   ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"

modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_blocking: {}
  mod_bosh: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco: {}
  mod_fail2ban: {}
  mod_http_api: {}
  mod_http_upload:
    put_url: https://@HOST@:5443/upload
  mod_last: {}
  mod_mam:
    db_type: sql
    assume_mam_usage: true
    default: always
  mod_mqtt: {}
  mod_muc:
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    access_mam:
      - allow
    default_room_options:
      allow_subscription: true  # enable MucSub
      mam: false
  mod_muc_admin: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
  mod_proxy65:
    access: local
    max_connections: 5
  mod_pubsub:
    access_createnode: pubsub_createnode
    plugins:
      - flat
      - pep
    force_node_config:
      ## Avoid buggy clients to make their bookmarks public
      storage:bookmarks:
        access_model: whitelist
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    ## Only accept registration requests from the "trusted"
    ## network (see access_rules section above).
    ## Think twice before enabling registration from any
    ## address. See the Jabber SPAM Manifesto for details:
    ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
    ip_access: trusted_network
  mod_roster:
    versioning: true
  mod_sip: {}
  mod_s2s_dialback: {}
  mod_shared_roster: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_vcard: {}
  mod_vcard_xupdate: {}
  mod_version:
    show_os: false

### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
Mark R.
  • 1
  • TLS is performed before a request is sent and you will never get a response if the TLS fails.TLS uses TCP to establish a common encryption key between a client and server. What happens is the server sends a certificate block wit the names of allowable certificates and the client looks up the certificate in the stores to see if it can locate one of the certificates. Following has to happen 1) TLS 1.2 or 1.3 must be used since other versions are now disabled. 2) The certificate contains an encryption mode and both client and server need to support mode 3) Common certificate is needed. – jdweng Apr 26 '22 at 10:29
  • So we would need to generate certificates and then put import them into our c# for it to use? – Mark R. Apr 26 '22 at 11:08
  • If you have a sniffer you can check a few things 1) The version of TLS be used 2) Part of TLS is a certificate block that is sent from server to client with names of certificate. Normally there is a generic certificate that is installed in most machines that will be used.3) The encryption mode that is used in the certificate. Net 4.7.2 and above defaults to using operating system to do the TLS encryption. Earlier version of Net did not support all encryption modes. So now window is used which automatically gets updated. If you are using a phone you may need to update OS or Kernel. – jdweng Apr 26 '22 at 13:14

0 Answers0