Jabberd 2.2.11 Installation and Fatal Make Problems

[rtwingfield]

Regarding problems I've described at this thread, http://forums.freebsd.org/showthread.php?t=21381, I've deinstalled the non-functioning Jabber v1.6 code, and elected to pursue the installation of v2.2.11 (as I probably should have in the first place).

The only selected make config options were support for MySQL, DEBUG and IPV6. The make build resulted in the following fatal errors and warnings:

checking for mysql_config... /usr/local/bin/mysql_config
checking MySQL libraries... "-L/usr/local/lib/mysql -lmysqlclient -lz -lcrypt -lm"
checking mysql includes... "-I/usr/local/include/mysql  -fno-strict-aliasing -pipe"


In file included from /usr/local/include/mysql/[B][color="SeaGreen"]mysql.h[/color][/B]:134,
                 from [B][color="SeaGreen"]authreg_mysql.c[/color][/B]:25:
/usr/local/include/mysql/[color="SeaGreen"][B]typelib.h[/B][/color]:39: error: expected declaration specifiers or '...' before '[color="SeaGreen"][B]uint[/B][/color]'
/usr/local/include/mysql/typelib.h:41: error: expected declaration specifiers or '...' before 'uint'
/usr/local/include/mysql/typelib.h:42: error: expected declaration specifiers or '...' before 'uint'
[B][color="SeaGreen"]
authreg_mysql.c[/color][/B]: In function '_ar_mysql_get_user_tuple':
[color="Red"]authreg_mysql.c:64: warning: incompatible implicit declaration of built-in function 'snprintf'[/color]
authreg_mysql.c: In function '_ar_mysql_set_password':
authreg_mysql.c:183: warning: incompatible implicit declaration of built-in function 'snprintf'
authreg_mysql.c: In function '_ar_mysql_create_user':
authreg_mysql.c:234: warning: incompatible implicit declaration of built-in function 'snprintf'
authreg_mysql.c: In function '_ar_mysql_delete_user':
authreg_mysql.c:263: warning: incompatible implicit declaration of built-in function 'snprintf'
*** Error code 1
mv -f .deps/storage_mysql_la-storage_mysql.Tpo .deps/storage_mysql_la-storage_mysql.Plo
1 error
*** Error code 1
1 error
*** Error code 2
*** Error code 1

Stop in /usr/ports/net-im/jabberd.
*** Error code 1

Stop in /usr/ports/net-im/jabberd.

I resolved the fatal error as follows:

/usr/local/include/mysql/[B][color="SeaGreen"]typelib.h[/color][/B]
     39 my_ulonglong find_set_from_flags(const TYPELIB *lib, [B][color="Red"]uint[/color][/B] default_name,
     40                               my_ulonglong cur_set, my_ulonglong default_set,
     41                               const char *str, [B][color="Red"]uint[/color][/B] length,
     42                               char **err_pos, [B][color="Red"]uint[/color][/B] *err_len);

The compiler apparently doesn't understand the uint syntax for unsigned integer; therefore, I changed uint to unsigned int as follows, and solved that problem. (I'm using the compiler that installed with FreeBSD v7.2.)

     39 my_ulonglong find_set_from_flags(const TYPELIB *lib, [color="SeaGreen"][B]unsigned int[/B][/color] default_name,
     40                               my_ulonglong cur_set, my_ulonglong default_set,
     41                               const char *str, [color="SeaGreen"][B]unsigned int[/B][/color] length,
     42                               char **err_pos, [color="SeaGreen"][B]unsigned int[/B][/color] *err_len);

Digging deeper regarding the warnings:

/usr/local/include/mysql/[B][color="SeaGreen"]mysql.h[/color][/B]
    133
    134 #include "[B][color="SeaGreen"]typelib.h[/color][/B]"
    135


/usr/ports/net-im/jabberd/work/jabberd-2.2.11/storage/[B]authreg_mysql.c[/B]
     25 #include <[B][color="SeaGreen"]mysql.h[/color][/B]>

     34 #define MYSQL_LU  1024   /* maximum length of username - should correspond to field length */
     35 #define MYSQL_LR   256   /* maximum length of realm - should correspond to field length */
     36 #define MYSQL_LP   256   /* maximum length of password - should correspond to field length */

     52 static MYSQL_RES *_ar_mysql_get_user_tuple(authreg_t ar, char [color="SeaGreen"][B]*username[/B][/color], char [B][color="SeaGreen"]*realm[/color][/B]) {
     53     mysqlcontext_t ctx = (mysqlcontext_t) ar->private;
     54     MYSQL *conn = ctx->conn;
     55     char [B][color="SeaGreen"]iuser[/color][/B][MYSQL_LU+1], [color="SeaGreen"][B]irealm[/B][/color][MYSQL_LR+1];
     56     char euser[MYSQL_LU*2+1], erealm[MYSQL_LR*2+1], sql[1024 + MYSQL_LU*2 + MYSQL_LR*2 + 1];  /* query(1024) + euser + erealm + \0(1) */
     57     MYSQL_RES *res;
     58
     59     if(mysql_ping(conn) != 0) {
     60         log_write(ar->c2s->log, LOG_ERR, "mysql: connection to database lost");
     61         return NULL;
     62     }
     63

Regarding the Make build warnings:

[color="Red"]authreg_mysql.c:64: warning: incompatible implicit declaration of built-in function 'snprintf'[/color]

The username and realm are declared as character pointers (line 52), as are the character arrays, iuser[ ] and irealm[ ] (line 55) . . .so why the warning regarding lines 64, 183, 234 and 263? It's happy with identical syntax at for example, line 65. Is the snprintf function not capable of handling the size of the 1024+1 length of the username?

     64     [color="Red"]snprintf(iuser,  MYSQL_LU+1, "%s", username);[/color]
     65     snprintf(irealm, MYSQL_LR+1, "%s", realm);
   
    183     snprintf(iuser,  MYSQL_LU+1, "%s", username);
    234     snprintf(iuser,  MYSQL_LU+1, "%s", username);
    263     snprintf(iuser,  MYSQL_LU+1, "%s", username);

Once again, I'm at a loss for what to do. Although the make build completed normally(?), I'd like to resolve this before I try the make install.

 

[rtwingfield]

Well, with no suggestions or recommendations from the ether, I proceeded with the make install, but not make clean.

See this Related Thread: Where is the MySQL Database Schema Build Script for Jabber v2+ ?

So far, it has been a tedious struggle to install and configure jabber v2+. Given that I want this application to run via SSL, dealing with certificates and private keys has been a real pain. Routing to the server(s) which is inside a private sub-netted LAN also complicates things (we have two server boxes with the same domain, jabber on one, and DNS on the other); never-the-less, I think I have resolved the certification issues (i.e., no complaints in the logs regarding SSL), but the sm, s2s and c2s processes still cannot authenticate to the router. I think this may be an IP addressing issue associated with our NetGear FVX538VPN router's service configuration, or whatever.

If I can just get the sub-processes to talk to the router, then I think the battle will be won.

 

[rtwingfield]

jabberd . . .error from router: Authentication failed ((null))

I've created a jabberd-debug.log file that collects both stdout and stderr. Currently, there are about 4,080 records in the file, all generated from a single debug run. Typical excerpt from the file are as follows:

from the sm.log
--------------------
~
~
Sun Mar 13 22:17:40 2011 [notice] version: jabberd sm 2.2.11
Sun Mar 13 22:17:40 2011 [notice] [archaxis.net] configured
Sun Mar 13 22:17:40 2011 [notice] attempting connection to router at 127.0.0.1, port=5347
Sun Mar 13 22:17:42 2011 [notice] [color="Red"][B]error from router: Authentication failed ((null))[/B][/color]
Sun Mar 13 22:17:42 2011 [notice] connection to router closed

from the c2s.log
--------------------
~
~
Sun Mar 13 22:17:40 2011 [notice] starting up
Sun Mar 13 22:17:40 2011 [info] process id is 45611, written to /var/jabberd/pid/c2s.pid
Sun Mar 13 22:17:40 2011 [notice] modules search path: /usr/local/lib/jabberd
Sun Mar 13 22:17:40 2011 [info] loading 'mysql' authreg module
Sun Mar 13 22:17:40 2011 [notice] initialized auth module 'mysql'
Sun Mar 13 22:17:40 2011 [notice] [archaxis.net] configured; realm=archaxis.net, registration enabled
Sun Mar 13 22:17:40 2011 [notice] attempting connection to router at 127.0.0.1, port=5347
Sun Mar 13 22:17:41 2011 [notice] error from router: Authentication failed ((null))
Sun Mar 13 22:17:41 2011 [notice] connection to router closed


from the jabberd-debug.log
--------------------
~
~
SM  : Sun Mar 13 22:17:40 2011 [notice] attempting connection to router at 127.0.0.1, port=5347
ROUT: sx (io.c:216) passed 234 read bytes
SM  : sx (io.c:328) 5 ready for writing
S2S : sx (io.c:349) handing app 98 bytes to write
C2S : Sun Mar 13 22:17:41 2011 c2s.c:699 reading from 5
SM  : Sun Mar 13 22:17:42 2011 [notice] error from router: Authentication failed ((null))
ROUT: sx (chain.c:93) calling io read chain
~
~
ROUT: sx (io.c:328) 7 ready for writing
SM  : sx (ssl.c:324) secure channel not established, handshake in progress
C2S : sx (ssl.c:64) OK! depth=0:/C=US/ST=Arkansas/L=Little Rock/
O=Archaxis Network Services/OU=IT/CN=archaxis.net/emailAddress=Ron.Wingfield@archaxis.net
ROUT: sx (io.c:286) encoding 233 bytes for writing: 
<stream:features xmlns:stream='http://etherx.jabber.org/streams'>
<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
SM  : sx (ssl.c:324) secure channel not established, handshake in progress
[B]C2S : sx (ssl.c:64) OK![/B] depth=0:/C=US/ST=Arkansas/L=Little Rock/
O=Archaxis Network Services/OU=IT/CN=archaxis.net/
emailAddress=Ron.Wingfield@archaxis.net
ROUT: sx (chain.c:79) calling io write chain
SM  : sx (ssl.c:479) prepared 98 ssl bytes for write
C2S : sx (ssl.c:324) secure channel not established, handshake in progress
ROUT: sx (io.c:349) handing app 233 bytes to write
SM  : sx (io.c:349) handing app 98 bytes to write
C2S : sx (io.c:234) tag 5 event 1 data 0x0
~
~
SM  : sx (ssl.c:503) loading 81 bytes into ssl read buffer
S2S : Sun Mar 13 22:17:40 2011 main.c:712 loaded pemfile for SSL connections to peers
C2S : sx (ssl.c:338) [B]secure channel established[/B]
ROUT: sx (io.c:349) handing app 1105 bytes to write
SM  : sx (ssl.c:324) secure channel not established, handshake in progress
S2S : sx (sasl_gsasl.c:913) initialising sasl plugin
C2S : sx (ssl.c:343) using cipher AES256-SHA (256 bits)
ROUT: sx (io.c:350) tag 5 event 3 data 0x2863e280
SM  : sx (ssl.c:59) verify error:num=18:self signed certificate:depth=0:/
C=US/ST=Arkansas/L=Little Rock/O=Archaxis Network Services/OU=IT/
CN=archaxis.net/emailAddress=Ron.Wingfield@archaxis.net
S2S : sx (sasl_gsasl.c:941) sasl context initialised
C2S : sx (ssl.c:234) external_id: [B]Got peer certificate[/B]
ROUT: Sun Mar 13 22:17:41 2011 router.c:724 writing to 5
~
~
S2S : Sun Mar 13 22:17:59 2011 [notice] error from router: Authentication failed ((null))
SM  : sx (io.c:431) tag 5 event 0 data 0x0
S2S : sx (io.c:240) decoded read data (80 bytes): 
<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/></failure>
C2S : Sun Mar 13 22:17:57 2011 c2s.c:1325 write action on fd 5
ROUT: Sun Mar 13 22:17:57 2011 router.c:728 233 bytes written
S2S : Sun Mar 13 22:17:59 2011 [notice] connection to router closed
SM  : Sun Mar 13 22:17:57 2011 sm.c:44 want read
S2S : sx (io.c:92) completed nad: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><malformed-request/></failure>
C2S : sx (io.c:328) 5 ready for writing
ROUT: sx (io.c:383) tag 5 event 0 data 0x0
S2S : Sun Mar 13 22:17:59 2011 [notice] shutting down
SM  : Sun Mar 13 22:17:57 2011 sm.c:247 read action on fd 5
S2S : sx (chain.c:119) calling nad read chain
C2S : sx (io.c:286) encoding 71 bytes for writing: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'/>
ROUT: Sun Mar 13 22:17:57 2011 router.c:649 want read
[B]ERROR: s2s died.  Shutting down server.[/B]
JBRD: Got a signal... pass it on.
JBRD: It was a TERM.  Shut it all down!

The message,

error from router: Authentication failed ((null))

also appears in association with the other components, s2s and c2s. I believe the certification process associated with SLS is ok.

Does this have something to do with the MySQL authentication process? The answer is YES. It's important to note that the sm (session manager), s2s (server to server) and c2s (client to server) are internal clients of the router. It's also important to understand that the order in which the router and clients are loaded is critical: the jabberd.cfg file orders the loading as router sm s2s and c2s (shutdown is in reverse order). If you try to load one of the client before the router, then errors or total shutdown may occur. You can observe this even during the loading of a correct configuration in the time-line of the logs; for example, while the router is loading and attempting SSL certification, apparently the loader tries to start the sm client before the router handshaking is through. I've seen several iterations of SSL certification failure messages issued by the sm client until the router is up and running. In other words, you can look at the time that the router came online and then you'll see that the clients are happy at about the same time (this all occurring within hundredths of seconds).


The authorization problem will occur if the jabberd router and it's clients, i.e., the sm, s2s, and c2s do not use the same <pass> and/or <secret> value in their associated *.xml files, that is specified in the router-users.xml. See the following example code and note that the value or "spelling" for common-value must be identical.

I erroneously assumed that the tags, <secret> & <pass> implied different functionality (somewhere else in the system); however, the server router and the associated router-users.xml file simply use the <secret> tag, while the clients use the <pass> tag to convey the same parameter or argument. Also, note that this <secret/passwd> argument has nothing to do with the unix OS userid/passwd or the MySQL database userid/passwd. So be advised, this nuance cost me three or four man-days of debugging time. Once resolved, the jabberd came alive; that is to say that the router and clients load and run (now I have some issues to fine tune to interface with the WAN client, Pidgin).

from the [FILE]router-users.xml[/FILE]
<users>
  <user>
    <name>jabberd</name>
    <secret>[I]common-value[/I]</secret>


from the [FILE]router.xml[/FILE]
<local>    
   <users>/usr/local/etc/jabberd/router-users.xml</users>
   <secret>[I]common-value[/I]</secret>                  <!-- default: secret -->


from the [FILE]sm.xml[/FILE]
  <router>
    <user>jabberd</user>           <!-- default: jabberd -->
    <pass>[I]common-value[/I]</pass>  <!-- default: secret -->
    <!-- This is tagged as <secret> in the router-users.xml file.
         Also, this <secret/pass> word has nothing to do with the unix OS user's passwd
         or the MySQL database user's id & passwd.  -->


from the [FILE]s2s.xml[/FILE]
  <router>
    <user>jabberd</user>           <!-- default: jabberd -->
    <pass>[I]common-value[/I]</pass>  <!-- default: secret -->
    <!-- This is tagged as <secret> in the router-users.xml file. -->


from the [FILE]c2s.xml[/FILE]
  <router>
    <user>jabberd</user>           <!-- default: jabberd -->
    <pass>[I]common-value[/I]</pass>  <!-- default: secret -->
    <!-- This is tagged as <secret> in the router-users.xml file. -->

It is my understanding that the user, jabberd, et al, must exist in the MySQL jabberd2 database table, authreg. The user, jabberd, is also the owner:group user associated with the ./etc/jabberd objects and is not currently a login-enabled account on the server. I'm uncomfortable making jabberd a login user account (I've tried it both ways) -- what should it be? (still waiting to see what the Pidgin client needs.)


*** UPDATE ***
This sums it up for today. I'll edit/add/correct as this journey comes to a conclusion

 

[rtwingfield]

Sort of quoting myself here, I tried to conclude my previous updated post but was prevented because I've exceeded a 10,000 character limit.

Also, I apologize for the length and complexity of this thread, but it is a rather detailed technical challenge. By the way, I've written a small BASH shell script for viewing the jabberd logs (provided that the router and clients are configured to redirect stdout and stderr to individual files) and controlling the start, stop, and debug of the individual router and clients. I'll move it to a public space on my server and make it available and you can use it if you like. It saves me a LOT of time cat'ing, tail'ing, changing directories, etc.

I've started calling it # jabberdctl . . .following the lead of # apachectl. May not be the best choice of name; Googling finds an # ejabberdctl, and I don't want to conflict with a developer's plans for the same . . .any suggestions?

 

[rtwingfield]

The Jabberd router's client, c2s, and pipe-auth.pl script.

The c2s.xml configuration file contains this code:

<!-- Pipe module configuration -->
    <pipe>
      <!-- Program to execute -->
      <exec>/usr/local/bin/pipe-auth.pl</exec>
    </pipe>

This is from the distribution and notice that the <exec> tag is not commented out.

The disturbing thing about this is that it does not exist in /usr/local/bin. I finally found it in the backup (that I saved) of the make work files prior to running make clean.

Toward the bottom of this post:

http://mail.jabber.org/pipermail/jabberd/2006-February/003219.html
. . .there is this comment:

The pipe program starts up when c2s starts (or perhaps when the first
client attempts to authenticate. It continues to run until c2s
terminates or sends it a "FREE" command.

I'm still researching this, but does this authentication script need to be configured and installed to make the c2s functional? Is this where the interaction with the MySQL database is involved? If this is true, then how would you know on the front end when installing the port . . .especially after running make clean?