Date: Mon, 17 Jan 2005 16:44:39 -0200 (BRST) From: "Anderson S.Ferreira" <anderson@cnpm.embrapa.br> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/76365: NEW PORT net/xdb_auth_cpile A user auth/check module for Jabber 1.4.x Message-ID: <20050117184439.202DC153486@mogno.cnpm.embrapa.br> Resent-Message-ID: <200501171850.j0HIo9bc034470@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76365 >Category: ports >Synopsis: NEW PORT net/xdb_auth_cpile A user auth/check module for Jabber 1.4.x >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 17 18:50:09 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Anderson S. Ferreira >Release: FreeBSD 6.0-CURRENT amd64 >Organization: Embrapa Monitoramento por Satélite >Environment: System: FreeBSD mogno.cnpm.embrapa.br 6.0-CURRENT FreeBSD 6.0-CURRENT #18: Mon Jan 17 09:19:13 BRST 2005 anderson@mogno.cnpm.embrapa.br:/usr/src/sys/amd64/compile/MOGNO amd64 >Description: xdb_auth_cpile is a auth/check module written in perl that allows jabberd to make user authentication using IMAP, POP3, Samba, MySQL, PAM, Ldap or Radius. >How-To-Repeat: >Fix: --- xdb_auth_cpile.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # xdb_auth_cpile # xdb_auth_cpile/Makefile # xdb_auth_cpile/distinfo # xdb_auth_cpile/files # xdb_auth_cpile/files/patch-a # xdb_auth_cpile/files/jabber_xdb.xml.sample # xdb_auth_cpile/files/patch-b # xdb_auth_cpile/files/FreeBSD.README # xdb_auth_cpile/files/jabberd_xdb_auth.sh # xdb_auth_cpile/pkg-descr # xdb_auth_cpile/pkg-message # xdb_auth_cpile/pkg-deinstall # xdb_auth_cpile/pkg-install # echo c - xdb_auth_cpile mkdir -p xdb_auth_cpile > /dev/null 2>&1 echo x - xdb_auth_cpile/Makefile sed 's/^X//' >xdb_auth_cpile/Makefile << 'END-of-xdb_auth_cpile/Makefile' X# New ports collection makefile for: xdb_auth_cpile X# Date created: January 11, 2005 X# Whom: Anderson Soares Ferreira <anderson@cnpm.embrapa.br> X# X# $FreeBSD$ X# X XPORTNAME= xdb_auth_cpile XPORTVERSION= 1.8 XCATEGORIES= net XMASTER_SITES= http://www.snoogans.co.uk/jabber/files/ XDISTNAME= xdb_auth_cpile X XMAINTAINER= anderson@cnpm.embrapa.br XCOMMENT= A xdb user authentication/check module for Jabberd 1.4.x X XBUILD_DEPENDS= jabberd:${PORTSDIR}/net/jabber \ X ${SITE_PERL}/Jabber/Connection.pm:${PORTSDIR}/net/p5-Jabber-Connection \ X ${SITE_PERL}/XML/Simple.pm:${PORTSDIR}/textproc/p5-XML-Simple X XNO_BUILD= # none XWRKSRC= ${WRKDIR} XPLIST= ${WRKDIR}/pkg-plist XLIBSDIR= ${PREFIX}/lib/xdb_auth_cpile XPKGMESSAGE= pkg-message X XUSE_PERL5_RUN= yes X XOPTIONS= MYSQL "MySQL authentication support" on \ X LDAP "Ldap authentication support" off \ X IMAP "IMAP authentication support" off \ X POP3 "POP3 authentication support" off \ X PAM "PAM authentication support" off \ X SAMBA "Samba authentication support" off \ X RADIUS "Radius authentication support" off \ X X.include <bsd.port.pre.mk> X X.if defined(WITH_MYSQL) XLIBS+= xdb_auth_cpile.pm.mysql XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/mysql.pm:${PORTSDIR}/databases/p5-DBD-mysql X.endif X X.if defined(WITH_LDAP) XLIBS+= xdb_auth_cpile.pm.ldap XBUILD_DEPENDS+= ${SITE_PERL}/Net/LDAP.pm:${PORTSDIR}/net/p5-perl-ldap X.endif X X.if defined(WITH_IMAP) XLIBS+= xdb_auth_cpile.pm.imap XBUILD_DEPENDS+= ${SITE_PERL}/Net/IMAP/Simple.pm:${PORTSDIR}/mail/p5-Net-IMAP-Simple X.endif X X.if defined(WITH_POP3) XLIBS+= xdb_auth_cpile.pm.pop3 XBUILD_DEPENDS+= ${SITE_PERL}/Net/POP3.pm:${PORTSDIR}/net/p5-Net X.endif X X.if defined(WITH_PAM) XLIBS+= xdb_auth_cpile.pm.pam XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/Authen/PAM.pm:${PORTSDIR}/security/p5-Authen-PAM X.endif X X.if defined(WITH_SAMBA) XLIBS+= xdb_auth_cpile.pm.smb XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/Authen/Smb.pm:${PORTSDIR}/security/p5-Authen-Smb X.endif X X.if defined(WITH_RADIUS) XLIBS+= xdb_auth_cpile.pm.radius XBUILD_DEPENDS+= ${SITE_PERL}/Authen/Radius.pm:${PORTSDIR}/security/p5-Authen-Radius X.endif X Xpre-configure: X @${CP} ${WRKSRC}/xdb_auth_cpile.pl ${WRKSRC}/xdb_auth_cpile.pl.orig X @${SED} "s|%%PREFIX%%|${PREFIX}|g" ${WRKSRC}/xdb_auth_cpile.pl.orig > ${WRKSRC}/xdb_auth_cpile.pl X Xdo-build: X @${DO_NADA} X Xpre-install: X @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL X @${ECHO_CMD} sbin/xdb_auth_cpile.pl > ${PLIST} X @${ECHO_CMD} %%DATADIR%%/FreeBSD.README >> ${PLIST} X @${ECHO_CMD} %%DATADIR%%/xdb_auth_cpile.README >> ${PLIST} X @${ECHO_CMD} lib/xdb_auth_cpile/xdb_auth_cpile.pm >> ${PLIST} X.for i in ${LIBS} X @${ECHO_CMD} lib/xdb_auth_cpile/$i >> ${PLIST} X.endfor X @${ECHO_CMD} etc/rc.d/jabberd_xdb_auth.sh >> ${PLIST} X @${ECHO_CMD} etc/xdb_auth_cpile.xml.sample >> ${PLIST} X @${ECHO_CMD} etc/jabber_xdb.xml.sample >> ${PLIST} X @${ECHO_CMD} "@unexec rmdir ${DATADIR} 2>/dev/null || true" >> ${PLIST} X @${ECHO_CMD} "@unexec rmdir ${LIBSDIR} 2>/dev/null || true" >> ${PLIST} X Xdo-install: X @${MKDIR} ${LIBSDIR} X @${MKDIR} ${DATADIR} X @${INSTALL_SCRIPT} ${WRKDIR}/xdb_auth_cpile.pl ${PREFIX}/sbin/xdb_auth_cpile.pl X @${INSTALL_SCRIPT} ${FILESDIR}/jabberd_xdb_auth.sh ${PREFIX}/etc/rc.d/jabberd_xdb_auth.sh X @${INSTALL_DATA} ${WRKDIR}/xdb_auth_cpile.README ${DATADIR}/xdb_auth_cpile.README X @${INSTALL_DATA} ${FILESDIR}/FreeBSD.README ${DATADIR}/FreeBSD.README X @${INSTALL_DATA} ${WRKDIR}/xdb_auth_cpile.xml ${PREFIX}/etc/xdb_auth_cpile.xml.sample X @${INSTALL_DATA} ${FILESDIR}/jabber_xdb.xml.sample ${PREFIX}/etc/jabber_xdb.xml.sample X.for i in ${LIBS} X @${INSTALL_DATA} ${WRKDIR}/$i ${LIBSDIR}/$i X.endfor X Xpost-install: X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.post.mk> END-of-xdb_auth_cpile/Makefile echo x - xdb_auth_cpile/distinfo sed 's/^X//' >xdb_auth_cpile/distinfo << 'END-of-xdb_auth_cpile/distinfo' XMD5 (xdb_auth_cpile.tar.gz) = 233a15f0c27e2b69d8ab69a6411938d8 XSIZE (xdb_auth_cpile.tar.gz) = 7949 END-of-xdb_auth_cpile/distinfo echo c - xdb_auth_cpile/files mkdir -p xdb_auth_cpile/files > /dev/null 2>&1 echo x - xdb_auth_cpile/files/patch-a sed 's/^X//' >xdb_auth_cpile/files/patch-a << 'END-of-xdb_auth_cpile/files/patch-a' X--- xdb_auth_cpile.pl Tue Jan 11 07:28:55 2005 X+++ xdb_auth_cpile.pl Tue Jan 11 07:31:06 2005 X@@ -61,7 +61,7 @@ X #### X X use strict; X-use lib qw(/usr/local/jabber/xdb_auth_cpile); X+use lib qw(%%PREFIX%%/lib/xdb_auth_cpile); X # There is a memory leak in Jabber::Connection 0.03 X use Jabber::Connection 0.04; X use Jabber::NodeFactory; X@@ -78,7 +78,7 @@ X X # Set up vars X my $file = $ARGV[0]; X-my $configdir = "."; X+my $configdir = "%%PREFIX%%/etc"; X my $config; X X #### END-of-xdb_auth_cpile/files/patch-a echo x - xdb_auth_cpile/files/jabber_xdb.xml.sample sed 's/^X//' >xdb_auth_cpile/files/jabber_xdb.xml.sample << 'END-of-xdb_auth_cpile/files/jabber_xdb.xml.sample' X<jabber> X X <!-- X This is the Jabber server configuration file. The file is X broken into different sections based on the services being X managed by jabberd, the server daemon. Most of the important X sections have comments and are easy to modify. X X At http://jabberd.jabberstudio.org/1.4/ you find further X instructions including an annotated version of this con- X figuration file and an installation guide. X X Note that when you see a tag like "jabberd:cmdline", it's X automatically replaced on startup with the command line flag X passed in to jabberd. This enables you to override para- X meters set in this configuration file if necessary or de- X sired. Also note as you comment things in and out that X jabberd does not like comments within comments, so be care- X ful with your XML. :) X --> X X X <!-- X The following <service/> section is for the session manager, X the most important component within the server. This section X contains the following types of information: X X * the server's hostname X * other basic server information X * the location of the session log file X * email addresses for server administrators X * registration instructions for new users X * a welcome message for new users X * a list of agents with which users can register X * load rules for the modules within the session manager X X --> X X X X <service id="sessions"> X X <!-- X Replace all occurrences of "localhost" in this file by X the hostname of your Jabber server. Be aware changing X the server's name is all but impossible once users start X to use the server. So choose a name that is permanent X (especially no Intranet hostnames or IP addresses). X X Multiple <host/> entries are allowed - each one is for a X separate virtual server. Note that each host entry must X be on one line, the server doesn't like it otherwise! :) X Use lowercase for the hostname. X X --> X X <host><jabberd:cmdline flag="h">localhost</jabberd:cmdline></host> X X <!-- X This is the custom configuration section for the X Jabber session manager, a.k.a. "JSM". X --> X X <jsm xmlns="jabber:config:jsm"> X X <!-- X The <filter/> section below determines settings X for mod_filter, a server-side module built into X JSM that enables users to set delivery rules for X messages they receive (not yet supported by all X clients). The <allow/> subsection specifies which X conditions and actions to enable. High-level X descriptions of each setting can be found below: X X * <default/> - a user cannot delete this one, it's X the default rule for delivering messages X * <max_size/> - the maximum number of rules in a X user's rule set (we don't want to overdo it!) X * conditions... X * <ns/> - matches the query xmlns attrib on an iq packet X * <unavailable/> - matches when user is unavailable X * <from/> - matches the sender of the message X * <resource/> - matches the receiver's resource X * <subject/> - matches the subject of the message X * <body/> - matches the body of the message X * <show/> - matches the show tag on the receiver's presence X * <type/> - matches the type of the message X * <roster/> - matches if the sender is in your roster X * <group/> - matches if the sender is in the specified group X * actions... X * <error/> - replies with an error X * <offline/> - stores the messages offline X * <forward/> - forwards the message to another jid X * <reply/> - sends a reply to the sender of the message X * <continue/> - continues processing of the rules X * <settype/> - changes the type of the message X --> X <filter> X <default/> X <max_size>100</max_size> X <allow> X <conditions> X <ns/> <!-- Matches if the iq's xmlns is the same as the specified namespace --> X <unavailable/> <!-- Flag that matches when the reciever is unavailable (offline) --> X <from/> <!-- Matches if the sender's jid is the specified jid --> X <resource/> <!-- Matches if the sender's resource (anything after the / in a jid) is the specified resource --> X <subject/> <!-- Matches if the message's subject is the specified subject (no regex yet) --> X <body/> <!-- Matches if the message body is the specified body (no regex yet) --> X <show/> <!-- Matches if the receiver's presence has a show tag that is the same as the specified text --> X <type/> <!-- Matches if the type of the message is the same as the specified text ("normal" is okay) --> X <roster/> <!-- Flag that matches when the sender is in the receiver's roster --> X <group/> <!-- Matches when the sender is in the specified group --> X </conditions> X <actions> X <error/> <!-- Sends back an error message to the sender, with the specified text --> X <offline/> <!-- Flag that stores the message offline --> X <forward/> <!-- forwards the message to the specified jid --> X <reply/> <!-- Sends back a reply to the sender with the specified text in the body --> X <continue/> <!-- Flag that continues rule matching, after a rule matches --> X <settype/> <!-- Changes the type of message to the specified type, before delivery to the receiver --> X </actions> X </allow> X </filter> X X <!-- The server vCard --> X X <vCard> X <FN>Jabber Server</FN> X <DESC>A Jabber Server!</DESC> X <URL>http://localhost/</URL>; X </vCard> X X <!-- X Registration instructions and required fields. The X notify attribute will send the server administrator(s) X a message after each valid registration if the notify X attribute is present. X --> X X <register notify="yes"> X <instructions>Choose a username and password to register with this server.</instructions> X <name/> X <email/> X </register> X X <!-- X A welcome note that is sent to every new user who registers X with your server. Comment it out to disable this function. X --> X X <welcome> X <subject>Welcome!</subject> X <body>Welcome to the Jabber server at localhost -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body>; X </welcome> X X <!-- X IDs with admin access - these people will receive admin X messages (any message to="yourhostname" is an admin X message). These addresses must be local ids, they cannot X be remote addresses. X X Note that they can also send announcements to all X users of the server, or to all online users. To use X the announcement feature, you need to send raw xml and be X logged in as one of the admin users. Here is the syntax X for sending an announcement to online users: X X <message to="yourhostname/announce/online"> X <body>announcement here</body> X </message> X X <message to="yourhostname/announce/motd"> X <body>message (of the day) that is sent only once to all users that are logged in and additionally to new ones as they log in</body> X </message> X X Sending to /announce/motd/delete will remove any existing X motd, and to /announce/motd/update will only update the motd X without re-announcing to all logged in users. X X The <reply> will be the message that is automatically X sent in response to any admin messages. X --> X X <!-- X <admin> X <read>support@localhost</read> X <write>admin@localhost</write> X <reply> X <subject>Auto Reply</subject> X <body>This is a special administrative address. Your message was received and forwarded to server administrators.</body> X </reply> X </admin> X --> X X <!-- X This enables the server to automatically update the X user directory when a vcard is edited. The update is X only sent to the first listed jud service below. It is X safe to remove this flag if you do not want any users X automatically added to the directory. X --> X X <vcard2jud/> X X <!-- X The <browse/> section identifies the transports and other X services that are available from this server. Note that each X entity identified here must exist elsewhere or be further X defined in its own <service/> section below. These services X will appear in the user interface of Jabber clients that X connect to your server. X The <browse/> section is also used by mod_disco (see below) X for building the disco#items reply. X --> X X <browse> X X <!-- X This is the default agent for the master Jabber User X Directory, a.k.a. "JUD", which is located at jabber.org. X You can add separate <service/> sections for additional X directories, e.g., one for a company intranet. X --> X X <service type="jud" jid="users.jabber.org" name="Jabber User Directory"> X <ns>jabber:iq:search</ns> X <ns>jabber:iq:register</ns> X </service> X X <!-- X The following services are examples only, you will need to X create/modify them to get them working on your Jabber X server. See the README files for each service and/or the X server howto for further information/instructions. X --> X X <!-- we're commenting these out, of course :) X X <service type="aim" jid="aim.localhost" name="AIM Transport"> X <ns>jabber:iq:gateway</ns> X <ns>jabber:iq:register</ns> X </service> X X <service type="yahoo" jid="yahoo.localhost" name="Yahoo! Transport"> X <ns>jabber:iq:gateway</ns> X <ns>jabber:iq:register</ns> X </service> X X end of <service/> examples --> X X </browse> X X <!-- X "Service Discovery" (disco, JEP-0030) supersedes X "Jabber Browsing" (JEP-0011). X The <disco/> section is used for building the disco#info reply. X --> X <disco> X <identity category='services' type='jabber' name='Jabber 1.4 Server'/> X <feature var='jabber:iq:browse'/> X <feature var='jabber:iq:agents'/> X <feature var='jabber:iq:register'/> X <feature var='jabber:iq:time'/> X <feature var='jabber:iq:last'/> X <feature var='jabber:iq:version'/> X </disco> X X <!-- X Select the hashing algorithm that mod_auth_crypt uses X for storing passwords X Possible values: X crypt ... traditional hashing as implemented in crypt() X SHA1 ... using SHA1 hashes X --> X <mod_auth_crypt> X <hash>SHA1</hash> X </mod_auth_crypt> X X <!-- X Configuration for mod_version. By defining <no_os_version/> X mod_version will not report the version of your OS. X --> X <!-- X <mod_version> X <no_os_version/> X </mod_version> X --> X X X </jsm> X X <!-- X The following section dynamically loads the individual X modules that make up the session manager. Remove or X comment out modules to disable them. Note that the order X of modules is important, since packets are delivered X based on the following order!! X --> X X <load main="jsm"> X <jsm>./jsm/jsm.so</jsm> X <mod_echo>./jsm/jsm.so</mod_echo> X <mod_roster>./jsm/jsm.so</mod_roster> X <mod_time>./jsm/jsm.so</mod_time> X <mod_vcard>./jsm/jsm.so</mod_vcard> X <mod_last>./jsm/jsm.so</mod_last> X <mod_version>./jsm/jsm.so</mod_version> X <mod_announce>./jsm/jsm.so</mod_announce> X <mod_agents>./jsm/jsm.so</mod_agents> X <mod_browse>./jsm/jsm.so</mod_browse> X <mod_disco>./jsm/jsm.so</mod_disco> X <mod_admin>./jsm/jsm.so</mod_admin> X <mod_filter>./jsm/jsm.so</mod_filter> X <mod_offline>./jsm/jsm.so</mod_offline> X <mod_presence>./jsm/jsm.so</mod_presence> X X <!-- X Authentication X For standard setups mod_auth_digest is recommended. Additionally X enable mod_auth_plain if you need plaintext authentication. X For maximum security, force SSL connections and use mod_auth_crypt X exclusively. Be aware encrypted password storage can lead to X problems when migrating to other authentication mechanisms X (LDAP...). X Switching from plain/digest to crypt needs manual work for X existing accounts, the reverse is not possible. X http://jabberd.jabberstudio.org/1.4/doc/adminguide#security X X --> X <!-- mod_auth_digest: Password in clear text in storage, X encrypted/hashed on the wire X <mod_auth_digest>./jsm/jsm.so</mod_auth_digest> X --> X X <!-- mod_auth_plain: Password in clear text in storage X and on the wire. Disable this if you do not use clients X that need plaintext auth --> X <mod_auth_plain>./jsm/jsm.so</mod_auth_plain> X X <!-- mod_auth_crypt: Password encrypted/hashed in storage, X clear text on the wire. Disabled as this only makes X sense when used exclusively and with SSL mandatory X <mod_auth_crypt>./jsm/jsm.so</mod_auth_crypt> --> X X <mod_log>./jsm/jsm.so</mod_log> X <mod_register>./jsm/jsm.so</mod_register> X <mod_xml>./jsm/jsm.so</mod_xml> X </load> X X </service> X X <!-- OK, we've finished defining the Jabber Session Manager. --> X X <!-- xdb_auth_cpile module --> X X <xdb id="xdb_auth_cpile"> X <host/> X <ns>jabber:iq:auth</ns> X <accept> X <ip>127.0.0.1</ip> X <port>5999</port> X <secret>set your password here!</secret> X </accept> X </xdb> X X X <!-- X The <xdb/> component handles all data storage, using the filesystem. X Make sure the spool directory defined here exists and has proper X permissions. X --> X X <xdb id="xdb"> X <host/> X <ns/> X <load> X <xdb_file>./xdb_file/xdb_file.so</xdb_file> X </load> X <xdb_file xmlns="jabber:config:xdb_file"> X <spool><jabberd:cmdline flag='s'>/var/spool/jabber</jabberd:cmdline></spool> X </xdb_file> X </xdb> X X <!-- X The following service manages incoming client socket connections. X There are several items you can set here to optimize performance: X X * authtime - default is unlimited, but you can set this to X limit the amount of time allowed for authentication to be X completed, e.g., <authtime>10</authtime> for 10 seconds X X * heartbeat - default is to not send out heartbeat packets X to the clients. This option allows you to specify that X you want heartbeats to happen every x seconds. This is X useful if you have a lot of dial-up or laptop users who X may drop their connection without logging off of jabber. X Otherwise the server won't notice that they are offline until X someone tries to send a packet to them (and the message is X lost). Example: <heartbeat>60</heartbeat> X X * karma - this is an input/output rate limiting system that X the Jabber team came up with to prevent bandwidth hogging. X For details about karma, read the io section at the bottom. X These are the low settings and apply per connection/socket X and can be changed as desired. X To disable rate limiting just delete the <karma/> section. X --> X X <service id="c2s"> X <load> X <pthsock_client>./pthsock/pthsock_client.so</pthsock_client> X </load> X <pthcsock xmlns='jabber:config:pth-csock'> X <authtime/> X <heartbeat/> X <karma> X <init>10</init> X <max>10</max> X <inc>1</inc> X <dec>1</dec> X <penalty>-6</penalty> X <restore>10</restore> X </karma> X X <!-- X Use these to listen on particular addresses and/or ports. X Example: <ip port="5222">127.0.0.1</ip> X Default is to listen on port 5222 on every interface. X Remove the <ip/> section to disable non-ssl client connections. X --> X <ip port="5222"/> X X <!-- X The <ssl/> tag acts pretty much like the <ip/> tag, X except it defines that SSL is to be used on the X ports and IP addresses specified. You must specify X an IP address here, or the connections will fail. X <ssl port='5223'>127.0.0.1</ssl> X <ssl port='5224'>192.168.1.100</ssl> X --> X X </pthcsock> X </service> X X <!-- X This is the default server error logging component, X which copies to a file and to STDERR. X --> X X <log id='elogger'> X <host/> X <logtype/> X <format>%d: [%t] (%h): %s</format> X <file>/var/log/jabber/jabber.error</file> X <stderr/> X </log> X X <!-- X This is the default server record logging component, X which logs general statistical/tracking data. X --> X X <log id='rlogger'> X <host/> X <logtype>record</logtype> X <format>%d %h %s</format> X <file>/var/log/jabber/jabber.record</file> X </log> X X <!-- The following two services are for handling server-to-server traffic. --> X X <!-- External asychronous DNS resolver --> X X <service id="dnsrv"> X <host/> X <load> X <dnsrv>./dnsrv/dnsrv.so</dnsrv> X </load> X <dnsrv xmlns="jabber:config:dnsrv"> X <resend service="_xmpp-server._tcp">s2s</resend> <!-- for supporting XMPP compliant SRV records --> X <resend service="_jabber._tcp">s2s</resend> <!-- for supporting old style SRV records --> X <resend>s2s</resend> X </dnsrv> X </service> X X <!-- X The following 's2s' config handles server connections and X dialback hostname verification. The <legacy/> element is X here to enable communication with old 1.0 servers. The X karma settings are a little higher here to handle the X higher traffic of server-to-server connections (read X the io section below for more details, medium settings). X --> X X <service id="s2s"> X <load> X <dialback>./dialback/dialback.so</dialback> X </load> X <dialback xmlns='jabber:config:dialback'> X <legacy/> X <!-- Use these to listen on particular addresses and/or ports. X <ip port="7000"/> X <ip port="5269">127.0.0.1</ip> X --> X <ip port="5269"/> X <karma> X <init>50</init> X <max>50</max> X <inc>4</inc> X <dec>1</dec> X <penalty>-5</penalty> X <restore>50</restore> X </karma> X </dialback> X </service> X X <!-- X update.jabber.org is long dead but some clients still X request update information. In order to avoid errors X in the logs, just drop packages for update.jabber.org. X --> X <service id="update.jabber.org"> X <host>update.jabber.org</host> X <null/> X </service> X X <!-- X If you identified additional agents in the main <service/> X section (see examples above), you'll need to define each X of them here using a separate <service/> section for each X <agent/> you identified. Note that the <agent/> sections X determine what gets shown to clients that connect to your X server, whereas the following <service/> sections define X these services within the server itself. The following are X examples only, you will need to create/modify them to get X them working on your Jabber server. See the README files X for each agent and/or the server howto for further X information/instructions. X --> X X <!-- we're commenting these out, of course :) X X <service id="aim.localhost"> X <accept> X <ip/> X <port>7009</port> X <secret>jabber-rocks</secret> X </accept> X </service> X X <service id="yahoo.localhost"> X <accept> X <ip/> X <port>9001</port> X <secret>jabber-rocks</secret> X </accept> X </service> X X end of <service/> examples --> X X <!-- X The following <io/> config initializes the top-level X I/O, otherwise known as MIO (Managed Input/Output). X --> X X <io> X X <!-- Set the default karma for *all* sockets --> X <!-- definition of terms: X X * Avg. Throughput - The number of bytes you can X send every second without incuring any penalty. X X * Burst Allowed - The maximum number of bytes you X can send in 2 seconds without incurring any penalty. X X * Max Sustained Rate - If you send data as fast as X you can, you will hit penalty, and will not be X able to send for 10 seconds; the max sustained X rate is the average rate you can dump data when X you are dumping as much data as you can, as fast X as you can. X X * Seconds to Recover from Burst - The amount of time X it will take to reach Avg. Throughput capability X after sending a max burst of data. X X * Penalty Length - The length of your penalty is X determined according to this formula: X abs(penalty) * Heartbeat seconds X E.g., a penalty of -5 and heartbeat of 2 will X cause your penalty length to be 10 seconds. X Note that a penalty CANNOT be less than -100, X otherwise strange things might happen. X X --> X <!-- Example of Low Karma Limits X Avg. Throughput: 1k-2k/s X Burst Allowed To: 5.5k/s X Max Sustained Rate: 485b/s X Seconds to Recover from Burst: 20 X Penalty Length: 12 seconds X <karma> X <heartbeat>2</heartbeat> X <init>10</init> X <max>10</max> X <inc>1</inc> X <dec>1</dec> X <penalty>-6</penalty> X <restore>10</restore> X </karma> X --> X X <!-- Example of Medium Karma Limits X Avg. Throughput: 5k-10k/s X Burst Allowed: 125.5k/s X Max Sustained Rate: 12.6k/s X Seconds to Recover From Burst: 25 X Penalty Length: 10 seconds X <karma> X <heartbeat>2</heartbeat> X <init>50</init> X <max>50</max> X <inc>4</inc> X <dec>1</dec> X <penalty>-5</penalty> X <restore>50</restore> X </karma> X --> X X <!-- Example of High Karma Limits X Avg. Throughput: 5k-10k/s X Burst Allowed: 206k/s X Max Sustained Rate: 34.3k/s X Seconds to Recover from Burst: 21 X Penalty Length: 6 seconds X <karma> X <heartbeat>2</heartbeat> X <init>64</init> X <max>64</max> X <inc>6</inc> X <dec>1</dec> X <penalty>-3</penalty> X <restore>64</restore> X </karma> X --> X X <!-- X Set rate limits to monitor the number of connection X attempts from a single IP, any more than [points] X within [time] will engage the limit. This setting X applies to all incoming connections to any service, X unless otherwise overridden by that service. X --> X X <rate points="5" time="25"/> X X <!-- X The following section initializes SSL for top-level I/O. X This works only when the server is compiled with openssl! X Use IPs here or connections will fail. X --> X <!-- X <ssl> X <key ip='192.168.1.1'>/path/to/cert_and_key.pem</key> X <key ip='192.168.1.100'>/path/to/other/cert_and_key.pem</key> X </ssl> X --> X X <!-- X The following section is used to allow or deny X communications from specified IP networks or X addressses. If there is no <allow/> section, X then *all* IPs will be allowed to connect. If X you allow one block, then only that block may X connect. Note that <allow/> is checked before X <deny/>, so if a specific address is allowed X but the network for that address is denied, X then that address will still be denied. X --> X <!-- X <allow><ip>127.0.0.0</ip><mask>255.255.255.0</mask></allow> X <allow><ip>12.34.56.78</ip></allow> X <deny><ip>22.11.44.0</ip><mask>255.255.255.0</mask></deny> X --> X X </io> X X <!-- X This specifies the file to store the pid of the process in. X --> X <pidfile>/var/run/jabber/jabber.pid</pidfile> X X X</jabber> END-of-xdb_auth_cpile/files/jabber_xdb.xml.sample echo x - xdb_auth_cpile/files/patch-b sed 's/^X//' >xdb_auth_cpile/files/patch-b << 'END-of-xdb_auth_cpile/files/patch-b' X--- xdb_auth_cpile.xml Wed Oct 16 09:08:45 2002 X+++ xdb_auth_cpile.xml Tue Jan 11 08:38:13 2005 X@@ -1,7 +1,7 @@ X <config> X <script> X- <logfile>./xdb_auth.log</logfile> X- <pidfile>./xdb_auth.pid</pidfile> X+ <logfile>/var/log/jabber/xdb_auth.log</logfile> X+ <pidfile>/var/run/jabber/xdb_auth.pid</pidfile> X <!-- debug can be "1" or "0" (on/off) --> X <debug>0</debug> X </script> X@@ -10,6 +10,6 @@ X <id>xdb_auth_cpile</id> X <ip>127.0.0.1</ip> X <port>5999</port> X- <secret>testing</secret> X+ <secret>set your password here !</secret> X </connection> X </config> END-of-xdb_auth_cpile/files/patch-b echo x - xdb_auth_cpile/files/FreeBSD.README sed 's/^X//' >xdb_auth_cpile/files/FreeBSD.README << 'END-of-xdb_auth_cpile/files/FreeBSD.README' XJabberd and xdb_auth_cpile configuration steps X============================================== X X1. Create the configuration files: X X * Copy ${PREFIX}/etc/jabber_xdb.xml.sample to X ${PREFIX}/etc/jabber_xdb.xml X X * Copy ${PREFIX}/etc/xdb_auth_cpile.xml.sample to X ${PREFIX}/etc/xdb_auth_cpile.xml X X * Edit ${PREFIX}/etc/xdb_auth_cpile.xml and set the connection X password: X X <xdb id="xdb_auth_cpile"> X <host/> X <ns>jabber:iq:auth</ns> X <accept> X <ip>127.0.0.1</ip> X <port>5999</port> X <secret>my secret</secret> X </accept> X </xdb> X X * Edit the jabberd configuration file ${PREFIX}/etc/jabber_xdb.xml , X and set the same password defined in xdb_auth_cpile.xml file: X X <xdb id="xdb_auth_cpile"> X <host/> X <ns>jabber:iq:auth</ns> X <accept> X <ip>127.0.0.1</ip> X <port>5999</port> X <secret>my secret</secret> X </accept> X </xdb> X X NOTE: This document covers jabberd and xdb_auth_cpile specific topics. X Additional configuration is needed on jabberd configuration file X to the server work properly. X Please refer to Jabberd's documentation for further informations X about the server configuration. X X2. Choose your authentication method X X * On ${PREFIX}/lib/xbd_auth_cpile directory, copy the desired X authentication library file to ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm X X * Edit the ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm and set X required parameters. If necessary ! X X Example: X X To enable authentication through a IMAP server, you must to do: X X cp ${PREFIX}/share/xbd_auth_cpile/xdb_auth_cpile.pm.imap \ X ${PREFIX}/share/xbd_auth_cpile/xdb_auth_cpile.pm X X Edit ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm and set the variable X $imap_server as described on file. X X3. Disable ${PREFIX}/etc/rc.d/jabberd.sh: X X chmod 0444 ${PREFIX}/etc/rc.d/jabberd.sh X X4. Start jabberd with xdb_auth_cpile: X X ${PREFIX}/etc/rc.d/jabberd_xdb_auth.sh start END-of-xdb_auth_cpile/files/FreeBSD.README echo x - xdb_auth_cpile/files/jabberd_xdb_auth.sh sed 's/^X//' >xdb_auth_cpile/files/jabberd_xdb_auth.sh << 'END-of-xdb_auth_cpile/files/jabberd_xdb_auth.sh' X#!/bin/sh X Xif ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/jabberd_xdb_auth\.sh\$"); then X echo "$0: Cannot determine the PREFIX" >&2 X exit 1 Xfi X X. /etc/rc.subr X XUSER="jabber" XJABBER_PID="/var/run/jabber/jabber.pid" XXDB_AUTH_PID="/var/run/jabber/xdb_auth.pid" X Xtest -x ${PREFIX}/sbin/jabberd || exit 1 Xtest -x ${PREFIX}/sbin/xdb_auth_cpile.pl || exit 1 X Xexport PATH=/sbin:/bin:/usr/bin:${PREFIX}/bin:${PREFIX}/sbin Xumask 077 X X Xcase ${1:-start} in Xstart) X echo X echo "Starting jabberd " X pid=$(check_pidfile ${JABBER_PID} ${PREFIX}/sbin/jabberd) X X if [ ! -z $pid ] ; then X echo "jabberd already running? (check ${JABBER_PID})." X exit 1 X else X rm -f ${JABBER_PID} X su -f -m ${USER} -c "jabberd -B -c ${PREFIX}/etc/jabber_xdb.xml" X fi X X echo "Starting xdb_auth_cpile " X su -f -m ${USER} -c "${PREFIX}/sbin/xdb_auth_cpile.pl >>& /var/log/jabber/xdb_auth.log &" > /dev/null X ;; Xstop) X pid=$(check_pidfile ${JABBER_PID} ${PREFIX}/sbin/jabberd) X X if [ -z $pid ] ; then X echo "jabberd not running? (check ${JABBER_PID})." X exit 1 X fi X if [ -f ${XDB_AUTH_PID} ] ; then X echo "Stopping xdb_auth_cpile " X kill -SIGKILL `cat ${XDB_AUTH_PID}` X rm -f ${XDB_AUTH_PID} X fi X X echo "Stopping jabberd " X killall -SIGKILL -u ${USER} jabberd; X rm -f ${JABBER_PID} X ;; X*) X echo $0 "{ start | stop }" X exit 1 X ;; Xesac END-of-xdb_auth_cpile/files/jabberd_xdb_auth.sh echo x - xdb_auth_cpile/pkg-descr sed 's/^X//' >xdb_auth_cpile/pkg-descr << 'END-of-xdb_auth_cpile/pkg-descr' Xxdb_auth_cpile is a Perl module for jabberd 1.4.x module written by XChris Pile (chris@snoogans.co.uk). XInstalling this package jabberd will be able to make user authentication Xusing Mysql, POP3, IMAP, Samba, PAM, Ldap or Radius. X XWWW: http://www.snoogans.co.uk/jabber/index.htm#xdb_auth_cpile X X XAnderson S. Ferreira <anderson@cnpm.embrapa.br> END-of-xdb_auth_cpile/pkg-descr echo x - xdb_auth_cpile/pkg-message sed 's/^X//' >xdb_auth_cpile/pkg-message << 'END-of-xdb_auth_cpile/pkg-message' X XThe xdb_auth_cpile module is installed ! X XPlease read ${PREFIX}/share/xdb_auth_cpile/FreeBSD.README Xfor configuration steps. X X END-of-xdb_auth_cpile/pkg-message echo x - xdb_auth_cpile/pkg-deinstall sed 's/^X//' >xdb_auth_cpile/pkg-deinstall << 'END-of-xdb_auth_cpile/pkg-deinstall' X#!/bin/sh X Xif [ "$2" != "POST-DEINSTALL" ]; then X exit 0 Xfi X Xecho "If you wish to delete jabber log files, remove '/var/log/jabber' directory." X Xrm -rf /var/run/jabber X Xexit 0 END-of-xdb_auth_cpile/pkg-deinstall echo x - xdb_auth_cpile/pkg-install sed 's/^X//' >xdb_auth_cpile/pkg-install << 'END-of-xdb_auth_cpile/pkg-install' X#!/bin/sh X Xif [ "$2" != "PRE-INSTALL" ]; then X exit 0 Xfi X Xif [ ! -d /var/log/jabber ]; then X mkdir -m 750 /var/log/jabber Xfi X Xif [ ! -d /var/run/jabber ]; then X mkdir -m 750 /var/run/jabber Xfi X Xchown jabber:jabber /var/log/jabber /var/run/jabber X Xexit 0 END-of-xdb_auth_cpile/pkg-install exit --- xdb_auth_cpile.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050117184439.202DC153486>