ejabberd分析(四) 用户登录

来源：互联网发布：中学生怎样学编程编辑：程序博客网时间：2024/05/14 01:50

仍然看ejabberd_c2s 这个gen_fsm 模块。

RECV <stream:stream to="localhost" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">SENT <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="kinglong" id="7acd9ea9" xml:lang="en" version="1.0">SENT <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>       <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">          <mechanism>DIGEST-MD5</mechanism>          <mechanism>JIVE-SHAREDSECRET</mechanism>          <mechanism>PLAIN</mechanism>          <mechanism>ANONYMOUS</mechanism>          <mechanism>CRAM-MD5</mechanism>       </mechanisms>      <compression xmlns="http://jabber.org/features/compress">         <method>zlib</method>      </compression>      <auth xmlns="http://jabber.org/features/iq-auth"/>      <register xmlns="http://jabber.org/features/iq-register"/>     </stream:features>RECV <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>RECV <stream:stream to="kinglong" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">SENT <?xml version='1.0' encoding='UTF-8'?>     <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="kinglong" id="7acd9ea9" xml:lang="en" version="1.0">        <stream:features>          <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">           <mechanism>DIGEST-MD5</mechanism>           <mechanism>JIVE-SHAREDSECRET</mechanism>           <mechanism>PLAIN</mechanism>           <mechanism>ANONYMOUS</mechanism>           <mechanism>CRAM-MD5</mechanism>          </mechanisms>          <compression xmlns="http://jabber.org/features/compress">            <method>zlib</method>          </compression>         <auth xmlns="http://jabber.org/features/iq-auth"/>          <register xmlns="http://jabber.org/features/iq-register"/></stream:features>

上面客户端与服务器建立连接的初始几步直接略过。具体参见ejabberd分析(二)，重点看下面的交互：

注：目前的状态为wait_for_feature_request

客户端发送如下的鉴权请求给服务器：

服务器端匹配到

case {xml:get_attr_s("xmlns", Attrs), Name} of{?NS_SASL, "auth"} when not ((SockMod == gen_tcp) and TLSRequired) ->

同时获取客户端选择的加密方式(DIGEST-MD5)。匹配到以下路径：

case cyrsasl:server_start(StateData#state.sasl_state,      Mech,      ClientIn) of         .........        {continue, ServerOut, NewSASLState} ->                   send_element(StateData,                           {xmlelement, "challenge",                           [{"xmlns", ?NS_SASL}],                           [{xmlcdata,                               jlib:encode_base64(ServerOut)}]}),                   fsm_next_state(wait_for_sasl_response,                           StateData#state{                           sasl_state = NewSASLState});

以上代码会向客户端发送challenge并将状态设置为wait_for_sasl_response：

<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09Imtpbmdsb25nIixub25jZT0iQXZ4aFNmYXo3ZlpmMWpqdXh2Qmo4ZTF2SUZQRHNPWDdPUWVXVEFTdiIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>

客户端收到后返回响应：

<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Y2hhcnNldD11dGYtOCx1c2VybmFtZT0iMTU1NTUyMTU1NTQiLHJlYWxtPSJraW5nbG9uZyIsbm9uY2U9IkF2eGhTZmF6N2ZaZjFqanV4dkJqOGUxdklGUERzT1g3T1FlV1RBU3YiLG5jPTAwMDAwMDAxLGNub25jZT0icUlaU05ORjNGVmFRN0UzRklKUXI2UFpYaHZTa0hvOFkrZ2ZBVjJ0VCIsZGlnZXN0LXVyaT0ieG1wcC9raW5nbG9uZyIsbWF4YnVmPTY1NTM2LHJlc3BvbnNlPWYxNGM0NDc4NWYwMzNlMDZkNTE1Y2I3MjI4MzVlZmI2LHFvcD1hdXRoLGF1dGh6aWQ9IjE1NTU1MjE1NTU0Ig==</response>

xmpp的验证机制可参照网上的资料。

这里啰嗦两句：

前面的<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>就是在进行TLS握手。先通过TLS传输密钥给客户端，再使用此密钥按照SASL协议进行用户名、密码等验证。

服务器端在wait_for_sasl_response函数中验证通过后发送鉴权通过的消息给客户端，并将状态设置为wait_for_stream：

<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cnNwYXV0aD0wMjFkMjI4MTRmNjcwNDMxMTUxZDMwMTIwYzg3ODg0Ng==</success>

客户端继续发送如下消息给服务器，再次初始化一个流。

<stream:stream to="kinglong" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">

此时服务器端的状态已经为验证通过，但客户端未绑定资源：

case StateData#state.authenticated of             ......             _ ->                    case StateData#state.resource of                    "" ->                      ......                      StreamFeatures =                        [{xmlelement, "bind",                          [{"xmlns", ?NS_BIND}], []},                         {xmlelement, "session",                          [{"xmlns", ?NS_SESSION}], []}]                        ++ RosterVersioningFeature                        ++ ejabberd_hooks:run_fold(                             c2s_stream_features,                             Server,                             [], [Server]),

服务器发送bind给客户端，并将状态设置为wait_for_bind：

<?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="kinglong" id="7acd9ea9" xml:lang="en" version="1.0"><stream:features><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></stream:features>

客户端接收到后发送bind响应，绑定自己的资源：

<iq id="T2U7N-0" type="set"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>Spark 2.6.3</resource></bind></iq>

服务器端在wait_for_bind 函数中进行资源冲突的检查，完成绑定后返回成功的消息，并将状态设置为wait_for_session，等待客户端建立session：

<iq type="result" id="T2U7N-0" to="kinglong/7acd9ea9"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><jid>12345678910@kinglong/Spark 2.6.3</jid></bind></iq>

客户端发送session请求给服务器端：

服务器端的wait_for_session函数中：

case jlib:iq_query_info(El) of#iq{type = set, xmlns = ?NS_SESSION} ->           ......           Res = jlib:make_result_iq_reply(El),                send_element(StateData, Res),

对消息进行判断，成功后然后返回result消息：

接下来调用

ejabberd_sm:open_session(              SID, U, StateData#state.server, R, Info)

来创建session，并将状态设置为session_established，并在session_established2中处理接下来的客户端消息。