https://bugs.kde.org/show_bug.cgi?id=496581
Bug ID: 496581
Summary: Amarok does not get proper version from Ampache 5.6.4
and uses wrong password hash algorithm
Classification: Applications
Product: amarok
Version: 3.1.1
Platform: Debian testing
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: Services/Ampache
Assignee: amarok-bugs-d...@kde.org
Reporter: i...@abbott.org
Target Milestone: kf5
SUMMARY
Amarok is failing to parse the correct version number from the Ampache URL
base+`/server/xml.server.php?action=ping` when using Ampache 5.6.4 and so is
using the wrong hash algorithm for the authentication handshake, leading to
authentication failure.
The document returned from the Ampache server is as follows:
```
<?xml version="1.0" encoding="UTF-8"?>
<root>
<server><![CDATA[5.6.4-release]]></server>
<version><![CDATA[5.6.4]]></version>
<compatible><![CDATA[350001]]></compatible>
</root>
```
The Amarok debug log output contains the following (sensitive information
masked):
```
amarok: BEGIN: void AmpacheAccountLogin::authenticate(const QUrl&, const
QByteArray&, const NetworkAccessManagerProxy::Error&)
amarok: Version reply: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<root>\n
<server><![CDATA[5.6.4-release]]></server>\n
<version><![CDATA[5.6.4]]></version>\n
<compatible><![CDATA[350001]]></compatible>\n</root>\n"
amarok: BEGIN: int AmpacheAccountLogin::getVersion(const QDomDocument&) const
amarok: getVersion returned: "5.6.4"
amarok: END__: int AmpacheAccountLogin::getVersion(const QDomDocument&) const
[Took: 0s]
amarok: Version Older than 35001 Generated MD5 Auth 0
amarok: Authenticating with string:
"https://xxx.xxx/server/xml.server.php?action=handshake&user=xxx×tamp=xxxxxxxxxx&auth=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
amarok: END__: void AmpacheAccountLogin::authenticate(const QUrl&, const
QByteArray&, const NetworkAccessManagerProxy::Error&) [Took: 0s]
amarok: BEGIN: void AmpacheAccountLogin::authenticationComplete(const QUrl&,
const QByteArray&, const NetworkAccessManagerProxy::Error&)
amarok: generalVerify error: "handshakeaccountReceived Invalid Handshake -
Incorrect username or password"
amarok: END__: void AmpacheAccountLogin::authenticationComplete(const QUrl&,
con
```
The handshake failed because it used the wrong hash algorithm.
Amarok converted the version string "5.6.4" to integer value 0 and so reports
"Version Older than 35001 Generated MD5 Auth 0". I think it ought to have used
the "compatible" version number from this element of the XML:
`<compatible><![CDATA[350001]]></compatible>` and got the version number
350001.
SOFTWARE/OS VERSIONS
Linux: Debian trixie/sid
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.15
ADDITIONAL INFORMATION
`AmpacheAccountLogin::getVersion` should probably check for a non-empty
`compatible` element before falling back to the `version` element.
--
You are receiving this mail because:
You are watching all bug changes.
