EssentialsX XMPP SASL auth failed (TLS)

[Tachi107]

Type of bug

Compatibility issue

/ess version output

[01:04:15 INFO]: Server version: 1.16.5-R0.1-SNAPSHOT git-Paper-449 (MC: 1.16.5)
[01:04:15 INFO]: EssentialsX version: 2.18.2.0
[01:04:15 INFO]: EssentialsXXMPP version: 2.18.2.0
[01:04:15 INFO]: Vault is not installed. Chat e permissions could not work.
[01:04:15 INFO]: You're using an unsupported server version!

(translated from Italian)

Server startup log

https://paste.gg/p/anonymous/89a17954de344a92a78ff39daa1a5967

EssentialsX config files

https://paste.gg/p/anonymous/ebbb71554bc54c3082038241cc4b1c7f

Error log (if applicable)

https://paste.gg/p/anonymous/529926294bd04dbfb8971038a4f6b005

Bug description

When tying to authenticate to the yourdata.forsale XMPP server I get an authentication error (org.jivesoftware.smack.XMPPException: SASL authentication PLAIN failed: text) even though the password is correct.
Maybe yourdata.forsale only supports TLS/STARTTLS and EssentialsXXMPP doesn't?

Steps to reproduce

1. Insert XMPP server, account, password etc in plugins/EssentialsXMPP/config.yml
2. (re)Start server

Expected behaviour

The XMPP module should be able to login using SASL auth with START TLS

Actual behaviour

The XMPP module uses PLAIN authentication and throws an exception failing login

[mdcfe]

EssentialsX XMPP by default should use TLS where available.

Could you set debug: true in your XMPP config.yml, then try again and post the full error log?

[Tachi107]

Tried, and let's say that it wasn't very useful... It seems that EssentialsXMPP tries to check if it is running in an headless environment, but throws an exception because it can't access an X11 DISPLAY variable :/

Here's the full server log (I removed some things that I think are irrelevant, like some world loading info and dynmap stuff)

feb 20 23:52:29 systemd[1]: Started Minecraft server.
System Info: Java 11 (Java HotSpot(TM) 64-Bit Server VM 11.0.10+8-LTS-jvmci-21.0-b06) Host: Linux 5.9.12 (amd64)
Loading libraries, please wait...
[23:52:39 INFO]: Environment: authHost='https://authserver.mojang.com', accountsHost='https://api.mojang.com', sessionHost='https://sessionserver.mojang.com', servicesHost='https://api.minecraftservices.com', name='PROD'
[23:52:40 INFO]: Reloading ResourceManager: Default, bukkit
[23:52:42 INFO]: Loaded 7 recipes
[23:52:44 INFO]: Starting minecraft server version 1.16.5
[23:52:44 INFO]: This server is running Paper version git-Paper-468 (MC: 1.16.5) (Implementing API version 1.16.5-R0.1-SNAPSHOT)
[23:52:44 INFO]: Console input is disabled due to --noconsole command argument
[23:52:44 INFO]: Debug logging is disabled
[23:52:44 INFO]: Server Ping Player Sample Count: 12
[23:52:44 INFO]: Using 4 threads for Netty based IO
[23:52:44 INFO]: Default game type: SURVIVAL
[23:52:44 INFO]: Generating keypair
[23:52:45 INFO]: Using epoll channel type
[23:52:46 WARN]: Initializing Legacy Material Support. Unless you have legacy plugins and/or data this is a bug!
[23:52:55 WARN]: Legacy plugin dynmap v3.1-beta7-449 does not specify an api-version.
[23:52:56 INFO]: [Essentials] Loading Essentials v2.18.2.0
[23:52:56 INFO]: [EssentialsXMPP] Loading EssentialsXMPP v2.18.2.0
[23:52:56 INFO]: Server permissions file permissions.yml is empty, ignoring it
[23:53:10 INFO]: [Essentials] Enabling Essentials v2.18.2.0
[23:53:10 ERROR]: [Essentials] You are running an unsupported server version!
[23:53:10 INFO]: [Essentials] Attempting to convert old kits in config.yml to new kits.yml
[23:53:10 INFO]: [Essentials] No kits found to migrate.
[23:53:11 INFO]: [Essentials] Loaded 25599 items from items.json.
[23:53:11 INFO]: [Essentials] Using locale it
[23:53:11 INFO]: [Essentials] ServerListPingEvent: Spigot iterator API
[23:53:11 INFO]: [Essentials] Metrics disabled per bStats config.
[23:53:11 INFO]: [Essentials] Using config file enhanced permissions.
[23:53:11 INFO]: [Essentials] Permissions listed in as player-commands will be given to all users.
[23:53:11 INFO]: [EssentialsXMPP] Enabling EssentialsXMPP v2.18.2.0
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.ServiceDiscoveryManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.XHTMLManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.muc.MultiUserChat
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.bytestreams.ibb.InBandBytestreamManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.bytestreams.socks5.Socks5BytestreamManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.filetransfer.FileTransferManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.LastActivityManager
[23:53:11 WARN]: Error! A startup class specified in smack-config.xml could not be loaded: org.jivesoftware.smackx.commands.AdHocCommandManager
[23:53:11 INFO]: [EssentialsXMPP] Connecting to xmpp server yourdata.forsale:5222 as user bitcraft@yourdata.forsale.
[23:53:11 ERROR]: Error occurred while enabling EssentialsXMPP v2.18.2.0 (Is it up to date?)
java.lang.IllegalArgumentException: Can't initialize the configured debugger!
        at org.jivesoftware.smack.Connection.initDebugger(Connection.java:774) ~[?:?]
        at org.jivesoftware.smack.XMPPConnection.initReaderAndWriter(XMPPConnection.java:679) ~[?:?]
        at org.jivesoftware.smack.XMPPConnection.initConnection(XMPPConnection.java:543) ~[?:?]
        at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:527) ~[?:?]
        at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:953) ~[?:?]
        at com.earth2me.essentials.xmpp.XMPPManager.connect(XMPPManager.java:123) ~[?:?]
        at com.earth2me.essentials.xmpp.XMPPManager.reloadConfig(XMPPManager.java:194) ~[?:?]
        at com.earth2me.essentials.xmpp.XMPPManager.<init>(XMPPManager.java:57) ~[?:?]
        at com.earth2me.essentials.xmpp.EssentialsXMPP.onEnable(EssentialsXMPP.java:52) ~[?:?]
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:263) ~[patched_1.16.5.jar:git-Paper-468]
        at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader.java:380) ~[patched_1.16.5.jar:git-Paper-468]
        at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManager.java:483) ~[patched_1.16.5.jar:git-Paper-468]
        at org.bukkit.craftbukkit.v1_16_R3.CraftServer.enablePlugin(CraftServer.java:500) ~[patched_1.16.5.jar:git-Paper-468]
        at org.bukkit.craftbukkit.v1_16_R3.CraftServer.enablePlugins(CraftServer.java:414) ~[patched_1.16.5.jar:git-Paper-468]
        at net.minecraft.server.v1_16_R3.MinecraftServer.loadWorld(MinecraftServer.java:465) ~[patched_1.16.5.jar:git-Paper-468]
        at net.minecraft.server.v1_16_R3.DedicatedServer.init(DedicatedServer.java:239) ~[patched_1.16.5.jar:git-Paper-468]
        at net.minecraft.server.v1_16_R3.MinecraftServer.w(MinecraftServer.java:936) ~[patched_1.16.5.jar:git-Paper-468]
        at net.minecraft.server.v1_16_R3.MinecraftServer.lambda$a$0(MinecraftServer.java:174) ~[patched_1.16.5.jar:git-Paper-468]
        at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.lang.reflect.InvocationTargetException
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
        at org.jivesoftware.smack.Connection.initDebugger(Connection.java:769) ~[?:?]
        ... 18 more
Caused by: java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which requires it.
        at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:208) ~[?:?]
        at java.awt.Window.<init>(Window.java:548) ~[?:?]
        at java.awt.Frame.<init>(Frame.java:423) ~[?:?]
        at javax.swing.JFrame.<init>(JFrame.java:224) ~[?:?]
        at org.jivesoftware.smack.debugger.LiteDebugger.createDebug(LiteDebugger.java:65) ~[?:?]
        at org.jivesoftware.smack.debugger.LiteDebugger.<init>(LiteDebugger.java:58) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:490) ~[?:?]
        at org.jivesoftware.smack.Connection.initDebugger(Connection.java:769) ~[?:?]
        ... 18 more
[23:53:11 INFO]: [EssentialsXMPP] Disabling EssentialsXMPP v2.18.2.0
[23:53:12 INFO]: Running delayed init tasks
[23:53:12 INFO]: Done (27.786s)! For help, type "help"

[mdcfe]

Hmm, apparently the XMPP library's debug mode is... a GUI?

Either way, the message indicates that the connection was established, but the username/password combination you provided to EssentialsX was incorrect.

TLS/STARTTLS and SASL PLAIN authentication are unrelated and both appear to be supported by yourdata.forsale. TLS is the encryption used by the connection (which EssentialsX XMPP uses as long as the server supports it), while PLAIN authentication refers to authentication by username and password, which is what you're doing here.

You should double check that the username/password set on the server matches the username/password in your config. There's no indication that there's a bug in EssentialsX XMPP, and the XMPP module is largely unsupported, so there's not much we can do about this issue.

[Tachi107]

The password is correct, I tried a lot of times with different accounts and XMPP servers.
The XMPP module has been able to connect only to a sketchy russian XMPP server that does not support any kind of TLS encryption.
You're right in saying that TLS and PLAIN auth are somewhat unrelated, but as you can see in the IM Observatory link that you sent PLAIN username/password authentication is accepted only after having established a secure TLS connection to the server, that EssentialsX XMPP does not seem to support properly.

[mdcfe]

Could you try removing the @yourdata.forsale part from xmpp.user?

---

After some testing, I can confirm that EssentialsX XMPP does in fact start a secure TLS connection before attempting to log in.

When running XMPP on my machine with the debugger enabled, the debugger window's log shows the following response to authentication:

<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text xml:lang='en'>Invalid username or password</text></failure>

Unfortunately smack doesn't provide us with the proper "invalid username/password" message unless you use the graphical debugger, so we can't easily log authentication failures ourselves.

After some trial and error, it appears the default XMPP config.yml wrongly includes the server hostname in xmpp.user. I've just tested with a fresh account on blabber.im, and logging in there requires dropping @blabber.im from the username in the config before you can log in successfully.

I'll push a few changes to XMPP in a bit that should make the config a bit clearer and also require server-side TLS by default.

[Tachi107]

Ok, I can confirm that removing the @server.address part solved the issue.
I should probably open another issue for this, but since this turned out to be a documentation issue I'll ask anyway: the Essentials Wiki says that it is possible to forward all chat messages to the XMPP account, and that by doing so users are able to send messages from their XMPP account to the game chat. The only problem is that it does not say how to enable this "Chat Spy", and I couldn't find any info while searching online.
My goal is to bridge the in game chat with a Telegram group, using EssentialsX XMPP -> Matterbridge -> Telegram.
Thanks for the fix!

[mdcfe]

You should be able to run /xmppspy to toggle chat spy for the player that runs the command, assuming that player has already linked their XMPP account in-game.

Going to close this issue as the main issue is resolved. If you have any further questions about how to use XMPP, feel free to ask a question on Discussions.