Install on FreeBSD?

[idevwebs]

I'm trying to get ejabberd and xmpp-cloud-auth up and running on FreeBSD but the install.sh is not setup for FreeBSD. Any plans for FreeBSD installs?

[MarcelWaldvogel]

I would guess that it only differs in the adduser part. The other parts it does are just POSIX things with typical Unix paths, which should also match *BSD.

I haven't been doing *BSD work in the past decade, so I would be glad if someone (you?) could add the appropriate user/group additions. Otherwise, instead of running install.sh, you could also just add the user and group manually and then run the remaining commands manually.

(On an unrelated notice, if you know your way around *BSD: Would you be willing to write a replacement for the systemd scripts to launch xcauth on demand when the socket is used? Is adding a line in /etc/inetd.conf still state of the art?)

[idevwebs]

@MarcelWaldvogel Thanks for the info. I really would love to help do that. Unfortunately I'm just not experienced enough yet. Above the basics, I'm learning as I go. Sorry that's not helpful now. If I get enough figured out to be able to contribute, I will.

[idevwebs]

@MarcelWaldvogel

I'm still attempting this install but I've got a question:

On this page: https://github.com/jsxc/xmpp-cloud-auth/blob/master/doc/Installation.md

It's written to set:

auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/xcauth.sh"

But in the yml file contents you provide here: https://github.com/jsxc/xmpp-cloud-auth/wiki/ejabberd

It's a different script:

auth_method: external
extauth_program: "/opt/xmpp-cloud-auth/external_cloud.sh"

Which one should I be using?

[idevwebs]

Just wanted to update and ask a for some input. I've managed to get ejabberd running. Got the plugin installed in the nextcloud and the bosh url gave green checkmark. I added the api url and secret key to the xcauth.conf file (which I have where your code is installed and one in /etc/) wasn't sure which... and when I log into NC (after logging out) I don't get logged into chat. I checked logs and not seeing any adds there. Not sure yet, is ejabberd supposed to be executing your code through the .sh file I give path to? Do I need to manually run/start xcauth?

Would very much appreciate some input to troubleshoot this. Here's what I have in console:

State changed to ESTABLISHING  jsxc.min.js:13:1885
New connection  jsxc.min.js:13:1885
CONNECTING: null  jsxc.min.js:13:1885
> <body rid="2395334212" xmlns="http://jabber.org/protocol/httpbind" to="nexcloud.mydomain.com" xml:lang="en" wait="60" hold="1" content="text/xml; charset=utf-8" ver="1.6" xmpp:version="1.0" xmlns:xmpp="urn:xmpp:xbosh">  jsxc.min.js:13:16986
< <body xmpp:version="1.0" authid="152328323182290334824" xmlns="http://jabber.org/protocol/httpbind" sid="55d6d44d2443fc12f04715832894f4ad111e4d77" wait="60" ver="1.11" polling="2" inactivity="30" hold="1" xmpp:restartlogic="true" requests="2" secure="true" maxpause="120" xmlns:xmpp="urn:xmpp:xbosh" xmlns:stream="http://etherx.jabber.org/streams" from="nexcloud.mydomain.com">  jsxc.min.js:13:16923
> <body rid="2395334212" xmlns="http://jabber.org/protocol/httpbind" sid="55d6d44d2443fc12f04715832894f4ad111e4d77">  jsxc.min.js:13:16986
< <body xmlns="http://jabber.org/protocol/httpbind">  jsxc.min.js:13:16923
AUTHFAIL: null  jsxc.min.js:13:1885
Content Security Policy: Ignoring duplicate source 'unsafe-inline'  (unknown)
Content Security Policy: Couldn’t parse invalid host 'unsafe-inline'  (unknown)
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead.  (unknown)
JQMIGRATE: Migrate is installed, version 1.4.0  core.js:7:542
window.controllers/Controllers is deprecated. Do not use it for UA detection.  merged.js:2165
State changed to INITIATING  jsxc.min.js:13:1885
i18next: languageChanged en  jsxc.dep.min.js:75:26017
i18next: initialized Object { debug: true, initImmediate: true, ns: Array[1], defaultNS: Array[1], fallbackLng: Array[1], fallbackNS: false, whitelist: false, nonExplicitWhitelist: false, load: "all", preload: false, 19 more… }  jsxc.dep.min.js:75:26017
Try to relogin  jsxc.min.js:13:1885
I am not able to relogin  jsxc.min.js:13:1885
State changed to SUSPEND  jsxc.min.js:13:1885

Also wanted to add that trying the ejabberd.yml file contents from wiki did not work. I restored yml that came with ejabberd, but changed the enternal auth, hosts, and ip and only then was able to get ejabberd responding to requests and bosh url in NC greenlighted.

Thank you for your help.

One more thing...

This is what I'm using with nginx within the NC server block:

         location /http-bind {
                proxy_pass http://192.168.1.11:5281;
                proxy_set_header Host $host;
                tcp_nodelay on;
        }   

Which worked with this added to the modified default ejabberd.yml:

  - 
    port: 5281
    module: ejabberd_http
    request_handlers:
      "/websocket": ejabberd_http_ws
    ##  "/pub/archive": mod_http_fileserver
    web_admin: true
    http_bind: true
    ## register: true
    captcha: false  

[idevwebs]

@MarcelWaldvogel

Figured I'd keep updating this... hoping to get a reply with any suggestions.

In my quest to make this work, trying things and looking at logs, and back at docs (endless loop :) it seems) I have made some progress and found more info.

First, before I forget, on: https://github.com/jsxc/xmpp-cloud-auth/wiki/ejabberd

In the ejabberd.yml example and diffs, you have "use_auth_cache" and that should be "auth_use_cache" as written in the description "This cache interferes with multiple valid passwords (app passwords, tokens) and thus needs to be deactivated with auth_use_cache: false."

Currently, if I login with an NC admin account, login is quick. Non admin hangs till the "wait" time and then eventually redirects to files. Haven't yet determined why. In either case, upon login I'm still not logged into chat.

Logs:

/var/log/xcauth/xcauth.err

Traceback (most recent call last):
  File "/usr/local/etc/xmpp-cloud-auth/xcauth.py", line 14, in <module>
    perform(args)
  File "/usr/local/etc/xmpp-cloud-auth/xclib/authops.py", line 88, in perform
    success = sc.auth()
  File "/usr/local/etc/xmpp-cloud-auth/xclib/auth.py", line 104, in auth
    if self.auth_with_cache(unreach=False):
  File "/usr/local/etc/xmpp-cloud-auth/xclib/auth.py", line 76, in auth_with_cache
    self.ctx.cache_db.sync()
AttributeError: sync

There is db file: /var/cache/xcauth/user-cache.db.db and seems it's updated based on size and modtime.

/var/log/xcauth/xcauth.log

2017-10-10 10:37:01,797 DEBUG: Receive operation auth
2017-10-10 10:37:01,798 DEBUG: Token is too short: 6 != 23 (maybe not a token?)
2017-10-10 10:38:02,147 DEBUG: Start external auth script 0.9.0+ for ejabberd with endpoint: https://$HOSTHERE/apps/ojsxc/ajax/externalApi.php

/var/log/ejabberd/error.log

2017-10-10 10:38:01.802 [error] <0.497.0>@extauth:loop:126 extauth call '[<<"auth">>,<<"tester">>,<<"$HOSTHERE">>,<<"testpassword">>]' didn't receive response

/var/log/ejabberd/ejabberd.log

2017-10-10 10:37:01.797 [debug] <0.505.0>@ejabberd_bosh:active:406 got request:
** Request: {body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{rid,2301000222}],[{xmlstreamelement,{xmlel,<<"auth">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>},{<<"mechanism">>,<<"PLAIN">>}],[{xmlcdata,<<"23232323yQGNs2323LnNvd2323YmUu2323tAHR2323RlcgBte2323c3R232==">>}]}}],249}
** From: {<0.507.0>,#Ref<0.0.1.2398>}
** State: {state,<<"$MYHOSTVAL$">>,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>,{{[],[]},0,unlimited},{{[],[]},0,unlimited},{maxrate,1000,0.0,1502323232356604},<0.506.0>,<<"1.0">>,#Ref<0.0.1.2395>,#Ref<0.0.1.2393>,60,30,1499400111,<<>>,undefined,unlimited,{1,{1499400111,{body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{wait,60},{ver,<<"1.11">>},{polling,2},{inactivity,30},{hold,1},{'xmpp:restartlogic',true},{requests,2},{secure,true},{maxpause,120},{'xmlns:xmpp',<<"urn:xmpp:xbosh">>},{'xmlns:stream',<<"http://etherx.jabber.org/streams">>},{from,<<"$MYHOSTVAL$">>}],[{xmlstreamstart,<<"stream:stream">>,[{<<"id">>,<<"82323208282323235839">>},{<<"version">>,<<"1.0">>},{<<"xml:lang">>,<<"en">>},{<<"xmlns:stream">>,<<"http://etherx.jabber.org/streams">>},{<<"from">>,<<"$MYHOSTVAL$">>},{<<"xmlns">>,<<"jabber:client">>}]},{xmlstreamelement,{xmlel,<<"stream:features">>,[],[{xmlel,<<"mechanisms">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"PLAIN">>}]},{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"X-OAUTH2">>}]}]}]}}],0},nil,nil}},{0,nil},{{[],[]},0,1000},{{192,168,2,11},54362},2}
2017-10-10 10:37:01.797 [debug] <0.505.0>@shaper:update:143 State: {maxrate,1000,0.0,1502323232356604}, Size=249
M=124.5, I=141.053
2017-10-10 10:38:01.802 [error] <0.497.0>@extauth:loop:126 extauth call '[<<"auth">>,<<"tester">>,<<"$MYHOSTVAL$">>,<<"testpassword">>]' didn't receive response
2017-10-10 10:38:01.802 [debug] <0.505.0>@ejabberd_bosh:do_reply:713 send reply:
** RequestID: 2301000222
** Reply: {body,<<>>,[],[],0}
** To: {<0.507.0>,#Ref<0.0.1.2398>}
** State: {state,<<"$MYHOSTVAL$">>,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>,{{[],[]},0,unlimited},{{[],[]},0,unlimited},{maxrate,1000,882.3723232371029,1507232323237701},<0.506.0>,<<"1.0">>,#Ref<0.0.1.2404>,#Ref<0.0.1.2399>,60,30,2301000222,<<>>,undefined,unlimited,{1,{1499400111,{body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{wait,60},{ver,<<"1.11">>},{polling,2},{inactivity,30},{hold,1},{'xmpp:restartlogic',true},{requests,2},{secure,true},{maxpause,120},{'xmlns:xmpp',<<"urn:xmpp:xbosh">>},{'xmlns:stream',<<"http://etherx.jabber.org/streams">>},{from,<<"$MYHOSTVAL$">>}],[{xmlstreamstart,<<"stream:stream">>,[{<<"id">>,<<"82323208282323235839">>},{<<"version">>,<<"1.0">>},{<<"xml:lang">>,<<"en">>},{<<"xmlns:stream">>,<<"http://etherx.jabber.org/streams">>},{<<"from">>,<<"$MYHOSTVAL$">>},{<<"xmlns">>,<<"jabber:client">>}]},{xmlstreamelement,{xmlel,<<"stream:features">>,[],[{xmlel,<<"mechanisms">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"PLAIN">>}]},{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"X-OAUTH2">>}]}]}]}}],0},nil,nil}},{0,nil},{{[],[]},0,1000},{{192,168,2,11},54362},2}
2017-10-10 10:38:01.802 [info] <0.506.0>@ejabberd_c2s:handle_auth_failure:446 (http_bind|ejabberd_bosh) Failed c2s PLAIN authentication for tester@$MYHOSTVAL$ from 192.168.2.11: Invalid username or password
2017-10-10 10:38:01.816 [info] <0.330.0>@ejabberd_listener:accept:302 (<0.510.0>) Accepted connection 192.168.2.11:58637 -> 192.168.2.11:5281
2017-10-10 10:38:01.816 [debug] <0.510.0>@ejabberd_http:init:142 S: [{[<<"websocket">>],ejabberd_http_ws},{[<<"admin">>],ejabberd_web_admin},{[<<"http-bind">>],mod_bosh}]
2017-10-10 10:38:01.816 [info] <0.510.0>@ejabberd_http:init:149 started: {gen_tcp,#Port<0.10004>}
2017-10-10 10:38:01.816 [debug] <0.510.0>@ejabberd_http:process_header:274 (#Port<0.10004>) http query: 'POST' <<"/http-bind/">>
2017-10-10 10:38:01.816 [debug] <0.510.0>@ejabberd_http:extract_path_query:405 client data: <<"<body rid='2301000222' xmlns='http://jabber.org/protocol/httpbind' sid='f1b77777046b383838ec3cf5ddb6ad646464bc41'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>23232323yQGNs2323LnNvd2323YmUu2323tAHR2323RlcgBte2323c3R232==</auth></body>">>
2017-10-10 10:38:01.816 [debug] <0.510.0>@ejabberd_http:process:361 [<<"http-bind">>] matches [<<"http-bind">>]
2017-10-10 10:38:01.816 [debug] <0.510.0>@mod_bosh:process:70 Incoming data: <<"<body rid='2301000222' xmlns='http://jabber.org/protocol/httpbind' sid='f1b77777046b383838ec3cf5ddb6ad646464bc41'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>23232323yQGNs2323LnNvd2323YmUu2323tAHR2323RlcgBte2323c3R232==</auth></body>">>
2017-10-10 10:38:01.816 [debug] <0.505.0>@ejabberd_bosh:active:406 got request:
** Request: {body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{rid,2301000222}],[{xmlstreamelement,{xmlel,<<"auth">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>},{<<"mechanism">>,<<"PLAIN">>}],[{xmlcdata,<<"23232323yQGNs2323LnNvd2323YmUu2323tAHR2323RlcgBte2323c3R232==">>}]}}],249}
** From: {<0.510.0>,#Ref<0.0.1.2408>}
** State: {state,<<"$MYHOSTVAL$">>,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>,{{[],[]},0,unlimited},{{[{xmlstreamend,<<"stream:stream">>},{xmlstreamelement,{xmlel,<<"stream:error">>,[],[{xmlel,<<"connection-timeout">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-streams">>}],[]}]}}],[{xmlstreamelement,{xmlel,<<"failure">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"not-authorized">>,[],[]},{xmlel,<<"text">>,[{<<"xml:lang">>,<<"en">>}],[{xmlcdata,<<"Invalid username or password">>}]}]}}]},3,unlimited},{maxrate,1000,882.3723232371029,1507232323237701},<0.506.0>,<<"1.0">>,#Ref<0.0.1.2404>,#Ref<0.0.1.2399>,60,30,2301000222,<<>>,undefined,unlimited,{2,{1499400111,{body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{wait,60},{ver,<<"1.11">>},{polling,2},{inactivity,30},{hold,1},{'xmpp:restartlogic',true},{requests,2},{secure,true},{maxpause,120},{'xmlns:xmpp',<<"urn:xmpp:xbosh">>},{'xmlns:stream',<<"http://etherx.jabber.org/streams">>},{from,<<"$MYHOSTVAL$">>}],[{xmlstreamstart,<<"stream:stream">>,[{<<"id">>,<<"82323208282323235839">>},{<<"version">>,<<"1.0">>},{<<"xml:lang">>,<<"en">>},{<<"xmlns:stream">>,<<"http://etherx.jabber.org/streams">>},{<<"from">>,<<"$MYHOSTVAL$">>},{<<"xmlns">>,<<"jabber:client">>}]},{xmlstreamelement,{xmlel,<<"stream:features">>,[],[{xmlel,<<"mechanisms">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"PLAIN">>}]},{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"X-OAUTH2">>}]}]}]}}],0},nil,{2301000222,{body,<<>>,[],[],0},nil,nil}}},{0,nil},{{[],[]},0,1000},{{192,168,2,11},54362},2}
2017-10-10 10:38:01.816 [debug] <0.505.0>@shaper:update:143 State: {maxrate,1000,882.3723232371029,1507232323237701}, Size=249
M=222.79321343868503, I=60019.161
2017-10-10 10:38:01.817 [debug] <0.505.0>@ejabberd_bosh:do_reply:713 send reply:
** RequestID: 2301000222
** Reply: {body,<<>>,[],[],0}
** To: {<0.510.0>,#Ref<0.0.1.2408>}
** State: {state,<<"$MYHOSTVAL$">>,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>,{{[],[]},0,unlimited},{{[{xmlstreamend,<<"stream:stream">>},{xmlstreamelement,{xmlel,<<"stream:error">>,[],[{xmlel,<<"connection-timeout">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-streams">>}],[]}]}}],[{xmlstreamelement,{xmlel,<<"failure">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"not-authorized">>,[],[]},{xmlel,<<"text">>,[{<<"xml:lang">>,<<"en">>}],[{xmlcdata,<<"Invalid username or password">>}]}]}}]},3,unlimited},{maxrate,1000,443.2601870809635,1507657081816901},<0.506.0>,<<"1.0">>,#Ref<0.0.1.2404>,#Ref<0.0.1.2399>,60,30,2301000222,<<>>,undefined,unlimited,{2,{1499400111,{body,<<>>,[{sid,<<"f1b77777046b383838ec3cf5ddb6ad646464bc41">>},{wait,60},{ver,<<"1.11">>},{polling,2},{inactivity,30},{hold,1},{'xmpp:restartlogic',true},{requests,2},{secure,true},{maxpause,120},{'xmlns:xmpp',<<"urn:xmpp:xbosh">>},{'xmlns:stream',<<"http://etherx.jabber.org/streams">>},{from,<<"$MYHOSTVAL$">>}],[{xmlstreamstart,<<"stream:stream">>,[{<<"id">>,<<"82323208282323235839">>},{<<"version">>,<<"1.0">>},{<<"xml:lang">>,<<"en">>},{<<"xmlns:stream">>,<<"http://etherx.jabber.org/streams">>},{<<"from">>,<<"$MYHOSTVAL$">>},{<<"xmlns">>,<<"jabber:client">>}]},{xmlstreamelement,{xmlel,<<"stream:features">>,[],[{xmlel,<<"mechanisms">>,[{<<"xmlns">>,<<"urn:ietf:params:xml:ns:xmpp-sasl">>}],[{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"PLAIN">>}]},{xmlel,<<"mechanism">>,[],[{xmlcdata,<<"X-OAUTH2">>}]}]}]}}],0},nil,{2301000222,{body,<<>>,[],[],0},nil,nil}}},{0,nil},{{[],[]},0,1000},{{192,168,2,11},54362},2}

Also trying to login with pidgin produced this:

/var/log/ejabberd/crash.log

2017-10-10 12:56:44 =CRASH REPORT====
  crasher:
    initial call: ejabberd_http:init/2
    pid: <0.685.0>
    registered_name: []
    exception error: bad argument: [{extauth,call_port,2,[{file,"src/extauth.erl"},{line,101}]},{ejabberd_auth_external,check_password_extauth,4,[{file,"src/ejabberd_auth_external.erl"},{line,88}]},{ejabberd_auth,'-check_password_with_authmodule/6-fun-0-',8,[{file,"src/ejabberd_auth.erl"},{line,222}]},{lists,foldl,3,[{file,"lists.erl"},{line,1263}]},{ejabberd_auth,check_password,6,[{file,"src/ejabberd_auth.erl"},{line,202}]},{ejabberd_web_admin,get_auth_account,5,[{file,"src/ejabberd_web_admin.erl"},{line,275}]},{ejabberd_web_admin,process,2,[{file,"src/ejabberd_web_admin.erl"},{line,229}]},{ejabberd_http,process,5,[{file,"src/ejabberd_http.erl"},{line,371}]}]
    ancestors: [<0.329.0>,ejabberd_listener,ejabberd_sup,<0.62.0>]
    messages: []
    links: [#Port<0.10056>]
    dictionary: []
    trap_exit: false
    status: running
    heap_size: 1598
    stack_size: 27
    reductions: 2504
  neighbours:

I'm not sure yet, but search lead me to an issue with BOSH on ejabberd which may be playing a role here: https://github.com/processone/ejabberd/issues/1701#event-1269312517 Appears a fix is planned for 17.10

[MarcelWaldvogel]

The script's name is now xcauth.py. Feel free to correct it.

[MarcelWaldvogel]

What happens when you try to manually log in? (Maybe the JSXC app is not active)

[idevwebs]

Do you mean by clicking relogin in the sidebar after logging into NC? Same thing as when logging into NC. Other lines in below log are same as sample above.

Console:

JQMIGRATE: Migrate is installed, version 1.4.0  core.js:7:542
State changed to INITIATING  jsxc.min.js:13:1885
Try to relogin  jsxc.min.js:13:1885
I am not able to relogin  jsxc.min.js:13:1885
State changed to SUSPEND  jsxc.min.js:13:1885
Try to relogin  jsxc.min.js:13:1885
I am not able to relogin  jsxc.min.js:13:1885
State changed to ESTABLISHING  jsxc.min.js:13:1885
New connection  jsxc.min.js:13:1885
CONNECTING: null  jsxc.min.js:13:1885
AUTHFAIL: null

Only /var/log/ejabberd/ejabberd.log has been written to this attempt:

2017-10-13 07:55:42.871 [info] <0.10074.0>@ejabberd_c2s:handle_auth_failure:446 (http_bind|ejabberd_bosh) Failed c2s PLAIN authentication for [email protected] from 192.168.2.11: Invalid username or password

[idevwebs]

@MarcelWaldvogel Did you see end of message from couple days ago? Something with bosh in ejabberd. Think that could be it?

[idevwebs]

@MarcelWaldvogel I'm still stuck here... if you get a chance, I would greatly appreciate any input or suggestions to get this running. I've posted all the information I could gather from logs hoping you could spot what may be wrong or preventing this from working. Please let me know.