Open
Description
Environment
- ejabberd version: 24.10
- Erlang version:
Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 14.2.5.3 - OS: OpenBSD 7.6
- Installed from: source
Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
hosts:
- kcry.pt
- korins.ky
...
listen:
...
-
port: 8448
ip: "0.0.0.0"
module: ejabberd_http
tls: true
request_handlers:
"/_matrix": mod_matrix_gw
-
port: 8448
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/_matrix": mod_matrix_gw
s2s_use_starttls: optional
s2s_access: s2s # to allow Matrix federation
...
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
s2s:
- allow # to allow Matrix federation
...
modules:
...
mod_matrix_gw:
key_name: "REDACTED"
key: "REDACTED"
...Errors from error.log/crash.log
2024-11-16 18:25:30.169607+01:00 [warning] <0.1051.0>@mod_matrix_gw_s2s:check_auth/5:162 Failed authentication: #{<<"destination">> => <<"kcry.pt">>,
<<"method">> => <<"GET">>,
<<"origin">> => <<"matrix.org">>,
<<"signatures">> =>
#{<<"matrix.org">> =>
#{<<"ed25519:a_RXGa">> =>
<<"7oCcYGQHfeMv9mr9MmyCyVUnkozbUGbwrs/zPVsoqWA2ZadlLzQ4It5ZCBYQ/b1LdCHBcXLsGZRNKGYlbEosDQ">>}},
<<"uri">> =>
<<"/_matrix/federation/v1/query/profile?user_id=%40test%3Akorins.ky&field=displayname">>}
Bug description
When I try to start a new conversation with some suer on my server via https://app.cinny.in/ it says that such user doesn't exist and logs contains "failed authentication". It always pass for the first virtual host, but always fails on the least.
So, as soon as I reorder host list, I was able to discover an account via cinny.