How can I create an XMPP session from the command line? - xmpp

Background: I'm working on an XMPP app that uses SMACK to talk to an ejabberd server.
For educational purposes, I want to be able to issue the XMPP commands by hand to the server.
I found a list of open servers and chose this one:
https://xmpp.is/account/register/xmpp_is/
I connect to it with the following command:
openssl s_client -starttls xmpp -connect xmpp.is:5222
To figure out what responses to issue I've been reading the RFCs, but also have installed an Windows XMPP app called "Swift" primarily because it has a console feature that shows the traffic between the client and server:
https://swift.im/
While I'm able to get some responses from the server, I've not been able to figure out how to successfully login from the command line.
The swift traffic for a successful login looks like:
<!-- OUT 2018-09-15T16:19:39 -->
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="xmpp.is" version="1.0">
<!-- IN 2018-09-15T16:19:40 -->
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='xmpp.is' id='2a12ed5d-b01d-44e9-a3c4-c083340f6e1a' version='1.0' xmlns='jabber:client'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>
<!-- OUT 2018-09-15T16:19:40 -->
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
<!-- IN 2018-09-15T16:19:40 -->
<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<!-- OUT 2018-09-15T16:19:40 -->
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="xmpp.is" version="1.0">
<!-- IN 2018-09-15T16:19:40 -->
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='xmpp.is' id='3551ba66-c71e-4113-bd52-51d7ce9edf8e' version='1.0' xmlns='jabber:client'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism></mechanisms></stream:features>
<!-- OUT 2018-09-15T16:19:40 -->
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="SCRAM-SHA-1-PLUS">cD10bHMtdW5pcXVlLCxuPXNub28scj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM=</auth>
<!-- IN 2018-09-15T16:19:40 -->
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM1YzgxZDE1MC1iZmFhLTQwNjQtOWJhNi0wYWUwNzA3YzhmMDQscz1NR1ZsTVRoaFpqTXRZakpsTkMwMFlqSmtMV0V6Tm1FdFlURmhaR1JoWWpsa1pEZ3csaT00MDk2</challenge>
<!-- OUT 2018-09-15T16:19:40 -->
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1jRDEwYkhNdGRXNXBjWFZsTEN3em1qc1FHRWtPeUduUjNNST0scj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM1YzgxZDE1MC1iZmFhLTQwNjQtOWJhNi0wYWUwNzA3YzhmMDQscD1VaFNTbmlEblM3S2I3Sm9OYUVraTRIWEJYK2M9</response>
<!-- IN 2018-09-15T16:19:40 -->
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1Fa1ZuUGpmYU4wWTNyK0tsYWF1ViszOTVyMzg9</success>
<!-- OUT 2018-09-15T16:19:40 -->
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="xmpp.is" version="1.0">
<!-- IN 2018-09-15T16:19:40 -->
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='xmpp.is' id='3b390a8b-e137-46b6-988d-b66208277e67' version='1.0' xmlns='jabber:client'><stream:features><csi xmlns='urn:xmpp:csi:0'/><sm xmlns='urn:xmpp:sm:2'><optional/></sm><sm xmlns='urn:xmpp:sm:3'><optional/></sm><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><required/></bind><session xmlns='urn:ietf:params:xml:ns:xmpp-session'><optional/></session><c hash='sha-1' ver='L89AHiFIV5exIjD3VCsiLb//JIg=' node='http://prosody.im' xmlns='http://jabber.org/protocol/caps'/><ver xmlns='urn:xmpp:features:rosterver'/></stream:features>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="session-bind" type="set"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>10ce5033-4f48-4f70-8f88-8c8f2e0525f0</resource></bind></iq>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='session-bind' type='result'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0</jid></bind></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<enable xmlns="urn:xmpp:sm:2"/>
<!-- IN 2018-09-15T16:19:40 -->
<enabled max='300' xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="session-start" type="set"><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></iq>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='session-start' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'/>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="e69a06ef-8f3b-4492-95cf-206b252363bf" type="get"><vCard xmlns="vcard-temp"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="b1e82772-9d2e-474f-8677-672ce3a4a0b6" type="get"><query xmlns="jabber:iq:private"><storage xmlns="storage:bookmarks"/></query></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="e3e1361c-1541-4365-ac39-011247f07b33" type="get"><query ver="1" xmlns="jabber:iq:roster"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="991f5f2a-d923-4fa6-8dc9-e5ab065e983c" to="xmpp.is" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<presence><status></status><x xmlns="vcard-temp:x:update"><photo></photo></x><c hash="sha-1" node="http://swift.im" ver="3ScHZH4hKmksks0e7RG8B4cjaT8=" xmlns="http://jabber.org/protocol/caps"/></presence>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="c6facf37-8e9e-45cc-a86d-6e6b5a315911" to="xmpp.is" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- IN 2018-09-15T16:19:40 -->
<r xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-15T16:19:40 -->
<a h="1" xmlns="urn:xmpp:sm:2"/>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='e69a06ef-8f3b-4492-95cf-206b252363bf' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'><vCard xmlns='vcard-temp'><VERSION>3.0</VERSION><NICKNAME>snoo</NICKNAME><EMAIL><USERID>foo#bar.com</USERID></EMAIL></vCard></iq>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='b1e82772-9d2e-474f-8677-672ce3a4a0b6' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'><query xmlns='jabber:iq:private'><storage xmlns='storage:bookmarks'/></query></iq><iq id='e3e1361c-1541-4365-ac39-011247f07b33' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'/><iq id='991f5f2a-d923-4fa6-8dc9-e5ab065e983c' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='xmpp.is'><query xmlns='http://jabber.org/protocol/disco#info'><identity type='pep' name='Prosody' category='pubsub'/><identity type='im' name='Prosody' category='server'/><feature var='urn:xmpp:blocking'/><feature var='urn:xmpp:ping'/><feature var='msgoffline'/><feature var='jabber:iq:version'/><feature var='vcard-temp'/><feature var='jabber:iq:roster'/><feature var='urn:xmpp:time'/><feature var='jabber:iq:time'/><feature var='jabber:iq:private'/><feature var='http://jabber.org/protocol/commands'/><feature var='jabber:iq:register'/><feature var='http://jabber.org/protocol/pubsub#publish'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/><feature var='jabber:iq:last'/><feature var='urn:xmpp:carbons:2'/><feature var='urn:xmpp:carbons:1'/><x type='result' xmlns='jabber:x:data'><field type='hidden' var='FORM_TYPE'><value>http://jabber.org/network/serverinfo</value></field><field type='list-multi' var='feedback-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='admin-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='abuse-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='support-addresses'><value>https://xmpp.is/contact/</value></field></x></query></iq><presence from='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'><status/><x xmlns='vcard-temp:x:update'><photo/></x><c hash='sha-1' ver='3ScHZH4hKmksks0e7RG8B4cjaT8=' node='http://swift.im' xmlns='http://jabber.org/protocol/caps'/></presence><iq id='c6facf37-8e9e-45cc-a86d-6e6b5a315911' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='xmpp.is'><query xmlns='http://jabber.org/protocol/disco#info'><identity type='pep' name='Prosody' category='pubsub'/><identity type='im' name='Prosody' category='server'/><feature var='urn:xmpp:blocking'/><feature var='urn:xmpp:ping'/><feature var='msgoffline'/><feature var='jabber:iq:version'/><feature var='vcard-temp'/><feature var='jabber:iq:roster'/><feature var='urn:xmpp:time'/><feature var='jabber:iq:time'/><feature var='jabber:iq:private'/><feature var='http://jabber.org/protocol/commands'/><feature var='jabber:iq:register'/><feature var='http://jabber.org/protocol/pubsub#publish'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/><feature var='jabber:iq:last'/><feature var='urn:xmpp:carbons:2'/><feature var='urn:xmpp:carbons:1'/><x type='result' xmlns='jabber:x:data'><field type='hidden' var='FORM_TYPE'><value>http://jabber.org/network/serverinfo</value></field><field type='list-multi' var='feedback-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='admin-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='abuse-addresses'><value>https://xmpp.is/contact/</value></field><field type='list-multi' var='support-addresses'><value>https://xmpp.is/contact/</value></field></x></query></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="97eefcfd-204b-4afd-9ea1-cc10962d892b" to="xmpp.is" type="get"><query node="http://jabber.org/protocol/commands" xmlns="http://jabber.org/protocol/disco#items"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="4ed568f6-7c8c-46fe-9068-4a2a81bdd393" type="get"><blocklist xmlns="urn:xmpp:blocking"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="f673e890-7643-46a0-b5f4-230c5b384c8b" type="set"><enable xmlns="urn:xmpp:carbons:2"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="d0b62e41-afa5-48e8-a0e7-143c9a328c35" to="xmpp.is" type="get"><query xmlns="http://jabber.org/protocol/disco#items"/></iq>
<!-- IN 2018-09-15T16:19:40 -->
<r xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-15T16:19:40 -->
<a h="7" xmlns="urn:xmpp:sm:2"/>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='97eefcfd-204b-4afd-9ea1-cc10962d892b' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='xmpp.is'><query node='http://jabber.org/protocol/commands' xmlns='http://jabber.org/protocol/disco#items'><item jid='xmpp.is' name='Ping' node='ping'/><item jid='xmpp.is' name='Get uptime' node='uptime'/></query></iq>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='4ed568f6-7c8c-46fe-9068-4a2a81bdd393' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'><blocklist xmlns='urn:xmpp:blocking'/></iq><iq id='f673e890-7643-46a0-b5f4-230c5b384c8b' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0'/><iq id='d0b62e41-afa5-48e8-a0e7-143c9a328c35' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='xmpp.is'><query xmlns='http://jabber.org/protocol/disco#items'><item jid='upload.xmpp.is'/><item jid='muc.xmpp.is' name='XMPP.is MUC'/></query></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="a3838d36-3d3b-4d8b-afda-e46b49ce0fdf" to="upload.xmpp.is" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- OUT 2018-09-15T16:19:40 -->
<iq id="76c58b53-545e-40ef-8832-0beb6a74a50e" to="muc.xmpp.is" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- IN 2018-09-15T16:19:40 -->
<r xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-15T16:19:40 -->
<a h="11" xmlns="urn:xmpp:sm:2"/>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='a3838d36-3d3b-4d8b-afda-e46b49ce0fdf' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='upload.xmpp.is'><query xmlns='http://jabber.org/protocol/disco#info'><identity type='file' name='HTTP File Upload' category='store'/><feature var='urn:xmpp:http:upload:0'/><feature var='urn:xmpp:http:upload'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/><x type='result' xmlns='jabber:x:data'><field type='hidden' var='FORM_TYPE'><value>urn:xmpp:http:upload:0</value></field><field type='text-single' var='max-file-size'><value>10000000</value></field></x><x type='result' xmlns='jabber:x:data'><field type='hidden' var='FORM_TYPE'><value>urn:xmpp:http:upload</value></field><field type='text-single' var='max-file-size'><value>10000000</value></field></x></query></iq>
<!-- IN 2018-09-15T16:19:40 -->
<iq id='76c58b53-545e-40ef-8832-0beb6a74a50e' type='result' to='snoo#xmpp.is/10ce5033-4f48-4f70-8f88-8c8f2e0525f0' from='muc.xmpp.is'><query xmlns='http://jabber.org/protocol/disco#info'><identity type='text' name='XMPP.is MUC' category='conference'/><feature var='http://jabber.org/protocol/muc'/><feature var='http://jabber.org/protocol/commands'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/></query></iq>
<!-- IN 2018-09-15T16:19:40 -->
<r xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-15T16:19:40 -->
<a h="13" xmlns="urn:xmpp:sm:2"/>
My first attempt to emulate what swift is doing from the command line:
openssl s_client -starttls xmpp -connect xmpp.is:5222
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = xmpp.is
verify return:1
---
Certificate chain
0 s:/CN=xmpp.is
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHazCCBlOgAwIBAgISA8Vupt6pSMDO3eLJAR+p6kioMA0GCSqGSIb3DQEBCwUA
[DELETED MOST OF THE CERTIFICATE]
XTe7RnD/qWEeN3o0dj8yBJE+dDG74QBST5ihqjZoEA==
-----END CERTIFICATE-----
subject=/CN=xmpp.is
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4238 bytes and written 641 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: C7BAD8006A9058DEB850C31C07AD8DC3F6ABF39740A9477BAC2F191C0AD5A35CA70C1ACE08AF3B5357FBC97F226402F3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1537024886
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="xmpp.is" version="1.0">
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='xmpp.is' id='18367b2a-2df5-4dd9-be5f-607c05d6760f' version='1.0' xmlns='jabber:client'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism></mechanisms></stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
<failure xmlns='urn:ietf:params:xml:ns:xmpp-tls'/></stream:stream>closed
The stream closed after issuing the command:
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
with:
<failure xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
I'm guessing it might be because I've already opened a TLS connection from the command line. So I thought I'd skip the first couple of commands and proceed straight to authentication. Here is the session for my new attempt:
openssl s_client -starttls xmpp -connect xmpp.is:5222
CONNECTED(00000003)
...
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="xmpp.is" version="1.0">
<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xml:lang='en' from='xmpp.is' id='f57f8d05-6550-42ac-b458-775b8cb78319' version='1.0' xmlns='jabber:client'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>SCRAM-SHA-1-PLUS</mechanism></mechanisms></stream:features><auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="SCRAM-SHA-1-PLUS">cD10bHMtdW5pcXVlLCxuPXNub28scj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM=</auth>
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTNhZGY4MTBmMy1hMWU4LTQxZGItOGM0OS01NDAxZWQxYTQ3NjQscz1NR1ZsTVRoaFpqTXRZakpsTkMwMFlqSmtMV0V6Tm1FdFlURmhaR1JoWWpsa1pEZ3csaT00MDk2</challenge><response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1jRDEwYkhNdGRXNXBjWFZsTEN3em1qc1FHRWtPeUduUjNNST0scj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM1YzgxZDE1MC1iZmFhLTQwNjQtOWJhNi0wYWUwNzA3YzhmMDQscD1VaFNTbmlEblM3S2I3Sm9OYUVraTRIWEJYK2M9</response>
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/><text>Invalid channel binding value.</text></failure>
Now that looked a bit better because the server sent me the "challenge", but when I sent the response from the Swift app's session it issued:
Invalid channel binding value
I'm guessing that it is complaining because I used the challenge token from the Swift app's session instead of the info in the current command line session. So I'm wondering when I receive a challenge from the server like this one:
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM1YzgxZDE1MC1iZmFhLTQwNjQtOWJhNi0wYWUwNzA3YzhmMDQscz1NR1ZsTVRoaFpqTXRZakpsTkMwMFlqSmtMV0V6Tm1FdFlURmhaR1JoWWpsa1pEZ3csaT00MDk2</challenge>
How do I formulate a response like this:
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1jRDEwYkhNdGRXNXBjWFZsTEN3em1qc1FHRWtPeUduUjNNST0scj1kYjIxNzM5Mi0yZmJkLTQxMmMtYmM4Ny00Mzg2MWZjMzMxZTM1YzgxZDE1MC1iZmFhLTQwNjQtOWJhNi0wYWUwNzA3YzhmMDQscD1VaFNTbmlEblM3S2I3Sm9OYUVraTRIWEJYK2M9</response>
I'm guessing that I probably need to use the challenge token the server sent as the input into a signing process...
But, also if someone knows a simpler way to initiate a command line session with a different public XMPP server then I'd be happy to use that. Thanks...
UPDATE:
I've done the following:
Installed my own eJabberd server on my development machine
Changed the settings in the Swift client to
Secure Connection: Never
Allow Sending Password over Insecure Connection: true
The Swift logs for connecting to the server with these new settings:
<!-- OUT 2018-09-22T11:35:47 -->
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="desktop-2neut2i" version="1.0">
<!-- IN 2018-09-22T11:35:47 -->
<?xml version='1.0'?><stream:stream id='5884973410867271599' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='desktop-2neut2i' xmlns='jabber:client'>
<!-- IN 2018-09-22T11:35:47 -->
<stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>X-OAUTH2</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><register xmlns='http://jabber.org/features/iq-register'/></stream:features>
<!-- OUT 2018-09-22T11:35:47 -->
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="SCRAM-SHA-1">biwsbj1iaWxibyxyPTE3NDNjNzJiLWE2MTMtNGNhMC1hZmE2LTU4M2RkMDFiMmFiNg==</auth>
<!-- IN 2018-09-22T11:35:47 -->
<challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>cj0xNzQzYzcyYi1hNjEzLTRjYTAtYWZhNi01ODNkZDAxYjJhYjY5UnlVQmYxd0FzUU9vQ0hMdWhDMWlBPT0scz1WeXBnZ1hpL1k3bmxBUkk5TzA5R1dnPT0saT00MDk2</challenge>
<!-- OUT 2018-09-22T11:35:47 -->
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">Yz1iaXdzLHI9MTc0M2M3MmItYTYxMy00Y2EwLWFmYTYtNTgzZGQwMWIyYWI2OVJ5VUJmMXdBc1FPb0NITHVoQzFpQT09LHA9YStFSU81a1gyeXd3L0pGYUFzR3I1aVpCMktrPQ==</response>
<!-- IN 2018-09-22T11:35:47 -->
<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dj1hMHJsY1ZVUHhabEdoTU5QOW9EbGoyZEJkcEk9</success>
<!-- OUT 2018-09-22T11:35:47 -->
<?xml version="1.0"?><stream:stream xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" to="desktop-2neut2i" version="1.0">
<!-- IN 2018-09-22T11:35:47 -->
<?xml version='1.0'?><stream:stream id='8501231819433449809' version='1.0' xml:lang='en' xmlns:stream='http://etherx.jabber.org/streams' from='desktop-2neut2i' xmlns='jabber:client'>
<!-- IN 2018-09-22T11:35:47 -->
<stream:features><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/><session xmlns='urn:ietf:params:xml:ns:xmpp-session'><optional/></session><c ver='sg7ZnA5zzsPpRyrmVVRdsh4nhRU=' node='http://www.process-one.net/en/ejabberd/' hash='sha-1' xmlns='http://jabber.org/protocol/caps'/><sm xmlns='urn:xmpp:sm:2'/><sm xmlns='urn:xmpp:sm:3'/><csi xmlns='urn:xmpp:csi:0'/></stream:features>
<!-- OUT 2018-09-22T11:35:47 -->
<iq id="session-bind" type="set"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>125157816940461441277</resource></bind></iq>
<!-- IN 2018-09-22T11:35:48 -->
<iq type='result' id='session-bind'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>bilbo#desktop-2neut2i/125157816940461441277</jid></bind></iq>
<!-- OUT 2018-09-22T11:35:48 -->
<enable xmlns="urn:xmpp:sm:2"/>
<!-- IN 2018-09-22T11:35:48 -->
<enabled xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="session-start" type="set"><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></iq>
<!-- IN 2018-09-22T11:35:48 -->
<iq xml:lang='en' to='bilbo#desktop-2neut2i/125157816940461441277' from='bilbo#desktop-2neut2i' type='result' id='session-start'/>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="eb7ec3d0-1aa5-448d-8dd9-8fa603905cb2" type="get"><vCard xmlns="vcard-temp"/></iq>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="d2bca196-93e8-46f2-b36b-14bb2ebd8670" type="get"><query xmlns="jabber:iq:private"><storage xmlns="storage:bookmarks"/></query></iq>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="6e5a62ef-3e7f-4eb3-9520-a10bb7206602" type="get"><query xmlns="jabber:iq:roster"/></iq>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="257a9caf-53fa-4e34-9bb6-5b2310e20b82" to="desktop-2neut2i" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- OUT 2018-09-22T11:35:48 -->
<presence><status></status><x xmlns="vcard-temp:x:update"><photo></photo></x><c hash="sha-1" node="http://swift.im" ver="3ScHZH4hKmksks0e7RG8B4cjaT8=" xmlns="http://jabber.org/protocol/caps"/></presence>
<!-- OUT 2018-09-22T11:35:48 -->
<iq id="b1e68799-5ea4-47c1-98ea-7205927b3681" to="desktop-2neut2i" type="get"><query xmlns="http://jabber.org/protocol/disco#info"/></iq>
<!-- IN 2018-09-22T11:35:48 -->
<r xmlns='urn:xmpp:sm:2'/>
<!-- OUT 2018-09-22T11:35:48 -->
<a h="1" xmlns="urn:xmpp:sm:2"/>
So tried to login again, this time using:
telnet localhost 5222
I pasted the commands from the Swift session above. But I still arrive at the same dilemma, I do not know how to respond to the challenge issued by the server.
I can do some of the steps in the following post:
XMPP SASL SCRAM-SHA1 Authentication
Such as the base64 decoding and encoding using this tool:
https://www.base64decode.org/
I think I'm probably missing something basic. Now that I have my own server, I was hoping I could disable all the additional security mechanisms and login with a plain username and password. But I have not figured out how to do that. Any ideas on how to complete the login from telnet?


You are trying to use SCRAM-SHA-1-PLUS to authenticate and it is a calculated cryptographic exchange. Part of that exchange is the unique session key negotiated when opening the SSL connection. You will not be able to complete the authentication process using SCRAM on the command line you are better using PLAIN or using an existing library to code your own client.

Related

IBM Cloud: App ID is not Authenticating on localhost, but works on CF

I am trying to run IBM App ID on localhost. The App ID Login Widget is coming up. But after login it is not redirecting to my application. It is showing the login page again.
The same codebase is running on CF instance very well.
URL : https://us-south.appid.cloud.ibm.com/oauth/v4/xxxxxxx-62a9-4a02-8710-f421c59571a5/authorization?response_type=code&client_id=xxxxxxx-4c08-4f11-8370-181061306b65&state=001630038048040MsOwH2vS2&redirect_uri=https://localhost:9443/ne/oidcclient/redirect/MyRP&scope=openid+profile&language=en
Server.xml
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>jsp-2.3</feature>
<feature>localConnector-1.0</feature>
<!-- Features for APP ID -->
<feature>servlet-3.1</feature>
<feature>appSecurity-2.0</feature>
<feature>openidConnectClient-1.0</feature>
<feature>ssl-1.0</feature>
</featureManager>
<authFilter>
<requestUrl matchType="notContain" urlPattern="/getToken"/>
</authFilter>
<!-- To access this server from a remote client add a host attribute to the following
element, e.g. host="*" -->
<httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>
<!-- Automatically expand WAR files and EAR files -->
<applicationManager autoExpand="true" startTimeout="15m"/>
<webContainer extractHostHeaderPort="true" trustHostHeaderPort="true"/>
<applicationMonitor dropinsEnabled="false" updateTrigger="mbean"/>
<config updateTrigger="mbean"/>
<applicationMonitor updateTrigger="mbean"/>
<!--
<keyStore id="opTestKeyStore" location="\resources\security/mytruststore.jks" type="JKS"
password="keystorePwd" />
<openidConnectProvider id="OAuthConfigSample" oauthProviderRef="OAuthConfigSample"
signatureAlgorithm="RS256" keyStoreRef="opTestKeyStore" keyAliasName="myOpKeyAlias" />
-->
<keyStore id="defaultKeyStore" password="${keystore_password}"/>
<ssl id="oidcClientSSL" keyStoreRef="defaultKeyStore" trustDefaultCerts="true"/>
<openidConnectClient authFilterid="myAuthFilter"
authorizationEndpointUrl="${APP_ID_OAUTH_SERVER_URL}/authorization"
clientId="${APP_ID_CLIENT_ID}" clientSecret="${APP_ID_CLIENT_SECRET}" id="MyRP"
issuerIdentifier="${APP_ID_OAUTH_SERVER_URL}"
jwkEndpointUrl="${APP_ID_OAUTH_SERVER_URL}/publickeys"
redirectToRPHostAndPort="https://localhost:9443/ne/" signatureAlgorithm="RS256"
tokenEndpointAuthMethod="basic" tokenEndpointUrl="${APP_ID_OAUTH_SERVER_URL}/token"/>
<logging consoleLogLevel="INFO" logDirectory="${application.log.dir}"/>
<!-- <webApplication id="ne" location="ne-1.0.0-BUILD-SNAPSHOT.war" name="ne"/>-->
<webApplication id="ne" location="ne-1.0.0-BUILD-SNAPSHOT.war" name="ne"/>
</server>

Setting up XMPP Publish-Subscribe nodes: item-forbidden error posting items to the node

I'm trying to set up an XMPP Publish-Subscribe node and to configure it such that when new items are posted to the node, the payload gets automatically delivered to all the subscribers.
For this I am setting the "pubsub#deliver_payloads" configuration option to true, but when posting items to the node, I get an error. Here are the details of what I'm doing:
First I create the node:
<body rid='614709033' xmlns='http://jabber.org/protocol/httpbind' sid='515c16e0'>
<iq to='pubsub.myserver' type='set' xmlns='jabber:client' id='2:sendIQ'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<create node='mynode'/>
</pubsub>
</iq>
</body>
The server replies saying that it's ok:
<body xmlns='http://jabber.org/protocol/httpbind'>
<iq xmlns="jabber:client" type="result" id="2:sendIQ" from="pubsub.myserver" to="user#myserver/515c16e0"/>
</body>
Then I configure the node setting the "pubsub#deliver_payloads" option to "true", in this way:
<body rid='614709036' xmlns='http://jabber.org/protocol/httpbind' sid='515c16e0'>
<iq from='user#myserver' to='pubsub.myserver' type='set' xmlns='jabber:client' id='4:sendIQ'>
<pubsub xmlns='http://jabber.org/protocol/pubsub#owner'>
<configure node='mynode'>
<x xmlns='jabber:x:data' type='submit'>
<field var='pubsub#deliver_payloads'>
<value>true</value>
</field>
</x>
</configure>
</pubsub>
</iq>
</body>
The server replies successfully:
<body xmlns='http://jabber.org/protocol/httpbind'>
<iq xmlns="jabber:client" type="result" id="4:sendIQ" from="pubsub.myserver" to="user#myserver/515c16e0"/>
</body>
But when I try to post some data onto that node, like this:
<body rid='614709038' xmlns='http://jabber.org/protocol/httpbind' sid='515c16e0'>
<iq type='set' to='pubsub.myserver' xmlns='jabber:client' id='5:sendIQ'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<publish node='mynode'>
<item id='test'>
<geoloc xmlns='http://jabber.org/protocol/geoloc' xml:lang='en'>
<lat>0.55</lat>
<lon>1.66</lon>
<timestamp>2014-04-02T15:14:58.783Z</timestamp>
</geoloc>
</item>
</publish>
</pubsub>
</iq>
</body>
The server replies with this error:
<body xmlns='http://jabber.org/protocol/httpbind'>
<iq xmlns="jabber:client" type="error" id="5:sendIQ" from="pubsub.myserver" to="user#myserver/515c16e0">
<pubsub xmlns="http://jabber.org/protocol/pubsub">
<publish node="mynode">
<item id="test">
<geoloc xmlns="http://jabber.org/protocol/geoloc" xml:lang="en">
<lat>0.55</lat>
<lon>1.66</lon>
<timestamp>2014-04-02T15:14:58.783Z</timestamp>
</geoloc>
</item>
</publish>
</pubsub>
<error code="400" type="modify">
<bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
<item-forbidden xmlns="http://jabber.org/protocol/pubsub#errors"/>
</error>
</iq>
</body>
I'm using Openfire 3.9.1 as a server, while on the client side I'm using javascript and the Strophe library.
Can anyone explain me why I get this error?
I tried to use different configurations on the node, and when I omit the "pubsub#deliver_payloads" option I get no errors while posting items to the node...

All error conditions are explained in XEP-0060: Publish-Subscribe. You can find the item-forbidden error message at 7.1.3.6 Request Does Not Match Configuration, where it reads:
If the event type is notification + transient and the publisher
provides an item, the service MUST bounce the publication request with
a error and a pubsub-specific error condition of
.

Ok, I see, having only the option "pubsub#deliver_payloads" in the configuration the node is considered a "transient node" (no items allowed).
However, if I change the configuration to make the node "persistent" (i.e. adding the "pubsub#persist_items" and setting it to true), the server should not complain, according to 4.3 Event Types of the XEP-0060, Table 4.
But with this configuration:
<iq from='user#myserver' to='pubsub.myserver' type='set' xmlns='jabber:client' id='5:sendIQ'>
<pubsub xmlns='http://jabber.org/protocol/pubsub#owner'>
<configure node='mynode'>
<x xmlns='jabber:x:data' type='submit'>
<field var='pubsub#persist_items'>
<value>true</value>
</field>
<field var='pubsub#deliver_payloads'>
<value>true</value>
</field>
</x>
</configure>
</pubsub>
</iq>
if I try to post an item to the node I still get the same error:
<iq xmlns="jabber:client" type="error" id="13:sendIQ" from="pubsub.myserver" to="user#myserver/2b35c426">
<pubsub xmlns="http://jabber.org/protocol/pubsub">
<publish node="mynode">
<item id="test">
<geoloc xmlns="http://jabber.org/protocol/geoloc" xml:lang="en">
<lat>0.55</lat>
<lon>1.66</lon>
<timestamp>2014-04-03T08:50:48.682Z</timestamp>
</geoloc>
</item>
</publish>
</pubsub>
<error code="400" type="modify">
<bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
<item-forbidden xmlns="http://jabber.org/protocol/pubsub#errors"/>
</error>
</iq>
I solved the problem by simply chenging the value in the configuration from "true" to "1". Actually while reading the XEP-0060 specifications, both "true" - "false" and "1" - "0" values are used in configuration examples. However, in the form that the Openfire server sends me when I ask to configure the node, only "1" - "0" values are used.
With the following configuration all works fine:
<iq from='user#myserver' to='pubsub.myserver' type='set' xmlns='jabber:client' id='5:sendIQ'>
<pubsub xmlns='http://jabber.org/protocol/pubsub#owner'>
<configure node='mynode'>
<x xmlns='jabber:x:data' type='submit'>
<field var='pubsub#persist_items'>
<value>1</value>
</field>
<field var='pubsub#deliver_payloads'>
<value>1</value>
</field>
</x>
</configure>
</pubsub>
</iq>

No session IQ response from the google talk server using XMPP

I am trying to mimic the XMPP stream to connect to the google talk servers.
I am however facing a problem when sending the session IQ:
The problem: I don't receive a response from the server in any way after sending this:
<iq id="skcevhxmpp_ceschool#gmail.com_6" type="set" to="gmail.com"><session xmlns="urn:ietf:params:xml:ns:xmpp-session" /></iq>
This is the complete flow:
<stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>**
<stream:stream from="gmail.com" id="7FB5653900A7A245" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism></mechanisms></stream:features>
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
<stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
<stream:stream from="gmail.com" id="508024A63664BA3D" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>PLAIN</mechanism></mechanisms></stream:features>
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">{Valid auth token}</auth>
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
<stream:stream to='gmail.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
<stream:stream from="gmail.com" id="A407B98F76E98F73" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<stream:features><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></stream:features>
<iq id="skcevhxmpp_ceschool#gmail.com_5" type="set"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>xmpp</resource></bind></iq>
<iq id="skcevhxmpp_ceschool#gmail.com_5" type="result"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><jid>ceschool#gmail.com/xmppFC762B4C</jid></bind></iq>
<iq id="skcevhxmpp_ceschool#gmail.com_6" type="set" to="gmail.com"><session xmlns="urn:ietf:params:xml:ns:xmpp-session" /></iq>
Extra information:
I use the PLAIN authentication (see:
https://developers.google.com/cloud-print/docs/rawxmpp)
I start using the SslStream after I receive the proceed ... xmpp tls
I use the google talk server to send the xmpp messages to (talk.google.com)
The expected response would be something like:
<iq xmlns="jabber:client" from="gmail.com" type="result" id="skcevhxmpp_ceschool#gmail.com_6" />
Thanks in advance!

try to send the session iq without the to attribute.
<iq id="abcd" type="set">
<session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</iq>

Unable to publish in pubsub xmpp

i sent the following stanza to ejabbers server after creating a node "test1_node1"
<iq id="publish1" to="pubsub.oomaxmpp.com" type="get" from="admin#oomaxmpp.com/1697575709134613774110793">
<pubsub xmlns="http://jabber.org/protocol/pubsub">
<publish node="test_node1"><item id="qwert12345">
<entry xmlns="http://www.w3.org/2005/Atom">
<title>*publish*</title>
<summary>*1234567890*</summary>
<published>2003-12-13T18:30:02Z</published>
<updated>2003-12-13T18:30:02Z</updated>
</entry>
</item>
</publish>
</pubsub>
</iq>
but i get an error result with following stanza,
<iq id="publish1" xml:lang="en" type="error" to="admin#oomaxmpp.com/1697575709134613774110793" from="pubsub.oomaxmpp.com">
<pubsub xmlns="http://jabber.org/protocol/pubsub"><publish node="test_node1">
<item id="qwert12345"><entry xmlns="http://www.w3.org/2005/Atom">
<title>*publish*</title>
<summary>*1234567890*</summary>
<published>2003-12-13T18:30:02Z</published>
<updated>2003-12-13T18:30:02Z</updated>
</entry>
</item>
</publish>
</pubsub>
<error code="501" type="cancel"><feature-not-implemented xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>
i dont understand,if feature was not implemented how nodes were created?
Why cant i publish?

XMPP Openfire server keeps on sending user avatar graphics though not requested

We create an app that uses XMPP protocol. Initially we started development and used some XMPP server for debug. That was Ok, and we managed to prevent redundant avatar loading by storing graphic files locally and checking the file hash while receiving user Presence update.
But now we switched to new Openfilre server and it keeps sending us all available user avatars not only when we request VCard but also using some message immediately after our user logs in:
<message id="ca82demo01#fffchat__jason#fffchat__jBUhd" to="jason#fffhat/FFFChat" from="ca82demo01#fffchat">
<event xmlns="http://jabber.org/protocol/pubsub#event">
<items node="urn:xmpp:avatar:data">
<item id="66d0dee0216e5466fe17403f1da16aa39d4e1698">
<data xmlns="urn:xmpp:avatar:data">... SOME BIG CHUNK OF DATA ...</data>
</item>
</items>
</event>
<delay xmlns="urn:xmpp:delay" stamp="2012-03-16T00:00:32.298Z"/>
<addresses xmlns="http://jabber.org/protocol/address">
<address jid="ca82demo01#fffchat/53bf00a8" type="replyto"/>
</addresses>
</message>
It keeps me wonder what exact outgoing message requests it from Openfire? Or is it just Openfire server configured to always send us all the avatar graphics for entire roster?
How can this be resolved so we won't have this redundant traffic?
Just in case, these are outgoing messages:
<stream:stream to="fffchat.openfire.local" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
<?xml version="1.0"?>
<stream:stream to="fffchat.openfire.local" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9Imphc29uIixyZWFsbT0icHBpY2hhdCIsbm9uY2U9ImVhcGVpTlNFZ3NOZzRXRFlsVC9zd1cyLzVWbzMzQWlsYzRvZWFRRFIiLGNub25jZT0iMDBERUFEQkVF
<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AGphc29uAGFiYzEyMw==</auth>
<?xml version="1.0"?>
<stream:stream to="fffchat.openfire.local" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
<iq id="_xmpp_bind1" type="set"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>PPIChat</resource></bind></iq>
<iq id="_xmpp_session1" type="set"><session xmlns="urn:ietf:params:xml:ns:xmpp-session"/></iq>
<iq id="roster1" type="get"><query xmlns="jabber:iq:roster"/></iq>
<presence><show>chat</show><status>online</status><x xmlns="vcard-temp:x:update"><photo>16286eb46a54fb48d70dc4fbd548bcd16f78cd34</photo></x></presence>
<iq type="get"><query xmlns="jabber:iq:private"><ppidata xmlns="ppi:userdata:favorites"/></query></iq>

It looks like you were trying to use XEP-0084, messed it up, then switched to XEP-0153. You likely explicitly subscribed to changes to one or more peoples' avatars on your test account, rather than implementing XEP-0163 correctly, which can be quite confusing at first. Easiest fix is to just use a different account. If you want to clean it up, send XEP-0060 unsubscribe protocol in response to each publish that you get:
<iq type='set'
from='jason#fffhat/FFFChat'
to='ca82demo01#fffchat'
id='unsub1'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<unsubscribe
node='urn:xmpp:avatar:data'
jid='jason#fffhat'/>
</pubsub>
</iq>