ports/76365: NEW PORT net/xdb_auth_cpile A user auth/check module for Jabber 1.4.x
Anderson S.Ferreira
anderson at cnpm.embrapa.br
Mon Jan 17 18:50:10 UTC 2005
>Number: 76365
>Category: ports
>Synopsis: NEW PORT net/xdb_auth_cpile A user auth/check module for Jabber 1.4.x
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 17 18:50:09 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Anderson S. Ferreira
>Release: FreeBSD 6.0-CURRENT amd64
>Organization:
Embrapa Monitoramento por Satélite
>Environment:
System: FreeBSD mogno.cnpm.embrapa.br 6.0-CURRENT FreeBSD 6.0-CURRENT #18: Mon Jan 17 09:19:13 BRST 2005 anderson at mogno.cnpm.embrapa.br:/usr/src/sys/amd64/compile/MOGNO amd64
>Description:
xdb_auth_cpile is a auth/check module written in perl that allows jabberd to make user authentication using IMAP, POP3, Samba, MySQL, PAM, Ldap or Radius.
>How-To-Repeat:
>Fix:
--- xdb_auth_cpile.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# xdb_auth_cpile
# xdb_auth_cpile/Makefile
# xdb_auth_cpile/distinfo
# xdb_auth_cpile/files
# xdb_auth_cpile/files/patch-a
# xdb_auth_cpile/files/jabber_xdb.xml.sample
# xdb_auth_cpile/files/patch-b
# xdb_auth_cpile/files/FreeBSD.README
# xdb_auth_cpile/files/jabberd_xdb_auth.sh
# xdb_auth_cpile/pkg-descr
# xdb_auth_cpile/pkg-message
# xdb_auth_cpile/pkg-deinstall
# xdb_auth_cpile/pkg-install
#
echo c - xdb_auth_cpile
mkdir -p xdb_auth_cpile > /dev/null 2>&1
echo x - xdb_auth_cpile/Makefile
sed 's/^X//' >xdb_auth_cpile/Makefile << 'END-of-xdb_auth_cpile/Makefile'
X# New ports collection makefile for: xdb_auth_cpile
X# Date created: January 11, 2005
X# Whom: Anderson Soares Ferreira <anderson at cnpm.embrapa.br>
X#
X# $FreeBSD$
X#
X
XPORTNAME= xdb_auth_cpile
XPORTVERSION= 1.8
XCATEGORIES= net
XMASTER_SITES= http://www.snoogans.co.uk/jabber/files/
XDISTNAME= xdb_auth_cpile
X
XMAINTAINER= anderson at cnpm.embrapa.br
XCOMMENT= A xdb user authentication/check module for Jabberd 1.4.x
X
XBUILD_DEPENDS= jabberd:${PORTSDIR}/net/jabber \
X ${SITE_PERL}/Jabber/Connection.pm:${PORTSDIR}/net/p5-Jabber-Connection \
X ${SITE_PERL}/XML/Simple.pm:${PORTSDIR}/textproc/p5-XML-Simple
X
XNO_BUILD= # none
XWRKSRC= ${WRKDIR}
XPLIST= ${WRKDIR}/pkg-plist
XLIBSDIR= ${PREFIX}/lib/xdb_auth_cpile
XPKGMESSAGE= pkg-message
X
XUSE_PERL5_RUN= yes
X
XOPTIONS= MYSQL "MySQL authentication support" on \
X LDAP "Ldap authentication support" off \
X IMAP "IMAP authentication support" off \
X POP3 "POP3 authentication support" off \
X PAM "PAM authentication support" off \
X SAMBA "Samba authentication support" off \
X RADIUS "Radius authentication support" off \
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_MYSQL)
XLIBS+= xdb_auth_cpile.pm.mysql
XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/mysql.pm:${PORTSDIR}/databases/p5-DBD-mysql
X.endif
X
X.if defined(WITH_LDAP)
XLIBS+= xdb_auth_cpile.pm.ldap
XBUILD_DEPENDS+= ${SITE_PERL}/Net/LDAP.pm:${PORTSDIR}/net/p5-perl-ldap
X.endif
X
X.if defined(WITH_IMAP)
XLIBS+= xdb_auth_cpile.pm.imap
XBUILD_DEPENDS+= ${SITE_PERL}/Net/IMAP/Simple.pm:${PORTSDIR}/mail/p5-Net-IMAP-Simple
X.endif
X
X.if defined(WITH_POP3)
XLIBS+= xdb_auth_cpile.pm.pop3
XBUILD_DEPENDS+= ${SITE_PERL}/Net/POP3.pm:${PORTSDIR}/net/p5-Net
X.endif
X
X.if defined(WITH_PAM)
XLIBS+= xdb_auth_cpile.pm.pam
XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/Authen/PAM.pm:${PORTSDIR}/security/p5-Authen-PAM
X.endif
X
X.if defined(WITH_SAMBA)
XLIBS+= xdb_auth_cpile.pm.smb
XBUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/Authen/Smb.pm:${PORTSDIR}/security/p5-Authen-Smb
X.endif
X
X.if defined(WITH_RADIUS)
XLIBS+= xdb_auth_cpile.pm.radius
XBUILD_DEPENDS+= ${SITE_PERL}/Authen/Radius.pm:${PORTSDIR}/security/p5-Authen-Radius
X.endif
X
Xpre-configure:
X @${CP} ${WRKSRC}/xdb_auth_cpile.pl ${WRKSRC}/xdb_auth_cpile.pl.orig
X @${SED} "s|%%PREFIX%%|${PREFIX}|g" ${WRKSRC}/xdb_auth_cpile.pl.orig > ${WRKSRC}/xdb_auth_cpile.pl
X
Xdo-build:
X @${DO_NADA}
X
Xpre-install:
X @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
X @${ECHO_CMD} sbin/xdb_auth_cpile.pl > ${PLIST}
X @${ECHO_CMD} %%DATADIR%%/FreeBSD.README >> ${PLIST}
X @${ECHO_CMD} %%DATADIR%%/xdb_auth_cpile.README >> ${PLIST}
X @${ECHO_CMD} lib/xdb_auth_cpile/xdb_auth_cpile.pm >> ${PLIST}
X.for i in ${LIBS}
X @${ECHO_CMD} lib/xdb_auth_cpile/$i >> ${PLIST}
X.endfor
X @${ECHO_CMD} etc/rc.d/jabberd_xdb_auth.sh >> ${PLIST}
X @${ECHO_CMD} etc/xdb_auth_cpile.xml.sample >> ${PLIST}
X @${ECHO_CMD} etc/jabber_xdb.xml.sample >> ${PLIST}
X @${ECHO_CMD} "@unexec rmdir ${DATADIR} 2>/dev/null || true" >> ${PLIST}
X @${ECHO_CMD} "@unexec rmdir ${LIBSDIR} 2>/dev/null || true" >> ${PLIST}
X
Xdo-install:
X @${MKDIR} ${LIBSDIR}
X @${MKDIR} ${DATADIR}
X @${INSTALL_SCRIPT} ${WRKDIR}/xdb_auth_cpile.pl ${PREFIX}/sbin/xdb_auth_cpile.pl
X @${INSTALL_SCRIPT} ${FILESDIR}/jabberd_xdb_auth.sh ${PREFIX}/etc/rc.d/jabberd_xdb_auth.sh
X @${INSTALL_DATA} ${WRKDIR}/xdb_auth_cpile.README ${DATADIR}/xdb_auth_cpile.README
X @${INSTALL_DATA} ${FILESDIR}/FreeBSD.README ${DATADIR}/FreeBSD.README
X @${INSTALL_DATA} ${WRKDIR}/xdb_auth_cpile.xml ${PREFIX}/etc/xdb_auth_cpile.xml.sample
X @${INSTALL_DATA} ${FILESDIR}/jabber_xdb.xml.sample ${PREFIX}/etc/jabber_xdb.xml.sample
X.for i in ${LIBS}
X @${INSTALL_DATA} ${WRKDIR}/$i ${LIBSDIR}/$i
X.endfor
X
Xpost-install:
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-xdb_auth_cpile/Makefile
echo x - xdb_auth_cpile/distinfo
sed 's/^X//' >xdb_auth_cpile/distinfo << 'END-of-xdb_auth_cpile/distinfo'
XMD5 (xdb_auth_cpile.tar.gz) = 233a15f0c27e2b69d8ab69a6411938d8
XSIZE (xdb_auth_cpile.tar.gz) = 7949
END-of-xdb_auth_cpile/distinfo
echo c - xdb_auth_cpile/files
mkdir -p xdb_auth_cpile/files > /dev/null 2>&1
echo x - xdb_auth_cpile/files/patch-a
sed 's/^X//' >xdb_auth_cpile/files/patch-a << 'END-of-xdb_auth_cpile/files/patch-a'
X--- xdb_auth_cpile.pl Tue Jan 11 07:28:55 2005
X+++ xdb_auth_cpile.pl Tue Jan 11 07:31:06 2005
X@@ -61,7 +61,7 @@
X ####
X
X use strict;
X-use lib qw(/usr/local/jabber/xdb_auth_cpile);
X+use lib qw(%%PREFIX%%/lib/xdb_auth_cpile);
X # There is a memory leak in Jabber::Connection 0.03
X use Jabber::Connection 0.04;
X use Jabber::NodeFactory;
X@@ -78,7 +78,7 @@
X
X # Set up vars
X my $file = $ARGV[0];
X-my $configdir = ".";
X+my $configdir = "%%PREFIX%%/etc";
X my $config;
X
X ####
END-of-xdb_auth_cpile/files/patch-a
echo x - xdb_auth_cpile/files/jabber_xdb.xml.sample
sed 's/^X//' >xdb_auth_cpile/files/jabber_xdb.xml.sample << 'END-of-xdb_auth_cpile/files/jabber_xdb.xml.sample'
X<jabber>
X
X <!--
X This is the Jabber server configuration file. The file is
X broken into different sections based on the services being
X managed by jabberd, the server daemon. Most of the important
X sections have comments and are easy to modify.
X
X At http://jabberd.jabberstudio.org/1.4/ you find further
X instructions including an annotated version of this con-
X figuration file and an installation guide.
X
X Note that when you see a tag like "jabberd:cmdline", it's
X automatically replaced on startup with the command line flag
X passed in to jabberd. This enables you to override para-
X meters set in this configuration file if necessary or de-
X sired. Also note as you comment things in and out that
X jabberd does not like comments within comments, so be care-
X ful with your XML. :)
X -->
X
X
X <!--
X The following <service/> section is for the session manager,
X the most important component within the server. This section
X contains the following types of information:
X
X * the server's hostname
X * other basic server information
X * the location of the session log file
X * email addresses for server administrators
X * registration instructions for new users
X * a welcome message for new users
X * a list of agents with which users can register
X * load rules for the modules within the session manager
X
X -->
X
X
X
X <service id="sessions">
X
X <!--
X Replace all occurrences of "localhost" in this file by
X the hostname of your Jabber server. Be aware changing
X the server's name is all but impossible once users start
X to use the server. So choose a name that is permanent
X (especially no Intranet hostnames or IP addresses).
X
X Multiple <host/> entries are allowed - each one is for a
X separate virtual server. Note that each host entry must
X be on one line, the server doesn't like it otherwise! :)
X Use lowercase for the hostname.
X
X -->
X
X <host><jabberd:cmdline flag="h">localhost</jabberd:cmdline></host>
X
X <!--
X This is the custom configuration section for the
X Jabber session manager, a.k.a. "JSM".
X -->
X
X <jsm xmlns="jabber:config:jsm">
X
X <!--
X The <filter/> section below determines settings
X for mod_filter, a server-side module built into
X JSM that enables users to set delivery rules for
X messages they receive (not yet supported by all
X clients). The <allow/> subsection specifies which
X conditions and actions to enable. High-level
X descriptions of each setting can be found below:
X
X * <default/> - a user cannot delete this one, it's
X the default rule for delivering messages
X * <max_size/> - the maximum number of rules in a
X user's rule set (we don't want to overdo it!)
X * conditions...
X * <ns/> - matches the query xmlns attrib on an iq packet
X * <unavailable/> - matches when user is unavailable
X * <from/> - matches the sender of the message
X * <resource/> - matches the receiver's resource
X * <subject/> - matches the subject of the message
X * <body/> - matches the body of the message
X * <show/> - matches the show tag on the receiver's presence
X * <type/> - matches the type of the message
X * <roster/> - matches if the sender is in your roster
X * <group/> - matches if the sender is in the specified group
X * actions...
X * <error/> - replies with an error
X * <offline/> - stores the messages offline
X * <forward/> - forwards the message to another jid
X * <reply/> - sends a reply to the sender of the message
X * <continue/> - continues processing of the rules
X * <settype/> - changes the type of the message
X -->
X <filter>
X <default/>
X <max_size>100</max_size>
X <allow>
X <conditions>
X <ns/> <!-- Matches if the iq's xmlns is the same as the specified namespace -->
X <unavailable/> <!-- Flag that matches when the reciever is unavailable (offline) -->
X <from/> <!-- Matches if the sender's jid is the specified jid -->
X <resource/> <!-- Matches if the sender's resource (anything after the / in a jid) is the specified resource -->
X <subject/> <!-- Matches if the message's subject is the specified subject (no regex yet) -->
X <body/> <!-- Matches if the message body is the specified body (no regex yet) -->
X <show/> <!-- Matches if the receiver's presence has a show tag that is the same as the specified text -->
X <type/> <!-- Matches if the type of the message is the same as the specified text ("normal" is okay) -->
X <roster/> <!-- Flag that matches when the sender is in the receiver's roster -->
X <group/> <!-- Matches when the sender is in the specified group -->
X </conditions>
X <actions>
X <error/> <!-- Sends back an error message to the sender, with the specified text -->
X <offline/> <!-- Flag that stores the message offline -->
X <forward/> <!-- forwards the message to the specified jid -->
X <reply/> <!-- Sends back a reply to the sender with the specified text in the body -->
X <continue/> <!-- Flag that continues rule matching, after a rule matches -->
X <settype/> <!-- Changes the type of message to the specified type, before delivery to the receiver -->
X </actions>
X </allow>
X </filter>
X
X <!-- The server vCard -->
X
X <vCard>
X <FN>Jabber Server</FN>
X <DESC>A Jabber Server!</DESC>
X <URL>http://localhost/</URL>
X </vCard>
X
X <!--
X Registration instructions and required fields. The
X notify attribute will send the server administrator(s)
X a message after each valid registration if the notify
X attribute is present.
X -->
X
X <register notify="yes">
X <instructions>Choose a username and password to register with this server.</instructions>
X <name/>
X <email/>
X </register>
X
X <!--
X A welcome note that is sent to every new user who registers
X with your server. Comment it out to disable this function.
X -->
X
X <welcome>
X <subject>Welcome!</subject>
X <body>Welcome to the Jabber server at localhost -- we hope you enjoy this service! For information about how to use Jabber, visit the Jabber User's Guide at http://jabbermanual.jabberstudio.org/</body>
X </welcome>
X
X <!--
X IDs with admin access - these people will receive admin
X messages (any message to="yourhostname" is an admin
X message). These addresses must be local ids, they cannot
X be remote addresses.
X
X Note that they can also send announcements to all
X users of the server, or to all online users. To use
X the announcement feature, you need to send raw xml and be
X logged in as one of the admin users. Here is the syntax
X for sending an announcement to online users:
X
X <message to="yourhostname/announce/online">
X <body>announcement here</body>
X </message>
X
X <message to="yourhostname/announce/motd">
X <body>message (of the day) that is sent only once to all users that are logged in and additionally to new ones as they log in</body>
X </message>
X
X Sending to /announce/motd/delete will remove any existing
X motd, and to /announce/motd/update will only update the motd
X without re-announcing to all logged in users.
X
X The <reply> will be the message that is automatically
X sent in response to any admin messages.
X -->
X
X <!--
X <admin>
X <read>support at localhost</read>
X <write>admin at localhost</write>
X <reply>
X <subject>Auto Reply</subject>
X <body>This is a special administrative address. Your message was received and forwarded to server administrators.</body>
X </reply>
X </admin>
X -->
X
X <!--
X This enables the server to automatically update the
X user directory when a vcard is edited. The update is
X only sent to the first listed jud service below. It is
X safe to remove this flag if you do not want any users
X automatically added to the directory.
X -->
X
X <vcard2jud/>
X
X <!--
X The <browse/> section identifies the transports and other
X services that are available from this server. Note that each
X entity identified here must exist elsewhere or be further
X defined in its own <service/> section below. These services
X will appear in the user interface of Jabber clients that
X connect to your server.
X The <browse/> section is also used by mod_disco (see below)
X for building the disco#items reply.
X -->
X
X <browse>
X
X <!--
X This is the default agent for the master Jabber User
X Directory, a.k.a. "JUD", which is located at jabber.org.
X You can add separate <service/> sections for additional
X directories, e.g., one for a company intranet.
X -->
X
X <service type="jud" jid="users.jabber.org" name="Jabber User Directory">
X <ns>jabber:iq:search</ns>
X <ns>jabber:iq:register</ns>
X </service>
X
X <!--
X The following services are examples only, you will need to
X create/modify them to get them working on your Jabber
X server. See the README files for each service and/or the
X server howto for further information/instructions.
X -->
X
X <!-- we're commenting these out, of course :)
X
X <service type="aim" jid="aim.localhost" name="AIM Transport">
X <ns>jabber:iq:gateway</ns>
X <ns>jabber:iq:register</ns>
X </service>
X
X <service type="yahoo" jid="yahoo.localhost" name="Yahoo! Transport">
X <ns>jabber:iq:gateway</ns>
X <ns>jabber:iq:register</ns>
X </service>
X
X end of <service/> examples -->
X
X </browse>
X
X <!--
X "Service Discovery" (disco, JEP-0030) supersedes
X "Jabber Browsing" (JEP-0011).
X The <disco/> section is used for building the disco#info reply.
X -->
X <disco>
X <identity category='services' type='jabber' name='Jabber 1.4 Server'/>
X <feature var='jabber:iq:browse'/>
X <feature var='jabber:iq:agents'/>
X <feature var='jabber:iq:register'/>
X <feature var='jabber:iq:time'/>
X <feature var='jabber:iq:last'/>
X <feature var='jabber:iq:version'/>
X </disco>
X
X <!--
X Select the hashing algorithm that mod_auth_crypt uses
X for storing passwords
X Possible values:
X crypt ... traditional hashing as implemented in crypt()
X SHA1 ... using SHA1 hashes
X -->
X <mod_auth_crypt>
X <hash>SHA1</hash>
X </mod_auth_crypt>
X
X <!--
X Configuration for mod_version. By defining <no_os_version/>
X mod_version will not report the version of your OS.
X -->
X <!--
X <mod_version>
X <no_os_version/>
X </mod_version>
X -->
X
X
X </jsm>
X
X <!--
X The following section dynamically loads the individual
X modules that make up the session manager. Remove or
X comment out modules to disable them. Note that the order
X of modules is important, since packets are delivered
X based on the following order!!
X -->
X
X <load main="jsm">
X <jsm>./jsm/jsm.so</jsm>
X <mod_echo>./jsm/jsm.so</mod_echo>
X <mod_roster>./jsm/jsm.so</mod_roster>
X <mod_time>./jsm/jsm.so</mod_time>
X <mod_vcard>./jsm/jsm.so</mod_vcard>
X <mod_last>./jsm/jsm.so</mod_last>
X <mod_version>./jsm/jsm.so</mod_version>
X <mod_announce>./jsm/jsm.so</mod_announce>
X <mod_agents>./jsm/jsm.so</mod_agents>
X <mod_browse>./jsm/jsm.so</mod_browse>
X <mod_disco>./jsm/jsm.so</mod_disco>
X <mod_admin>./jsm/jsm.so</mod_admin>
X <mod_filter>./jsm/jsm.so</mod_filter>
X <mod_offline>./jsm/jsm.so</mod_offline>
X <mod_presence>./jsm/jsm.so</mod_presence>
X
X <!--
X Authentication
X For standard setups mod_auth_digest is recommended. Additionally
X enable mod_auth_plain if you need plaintext authentication.
X For maximum security, force SSL connections and use mod_auth_crypt
X exclusively. Be aware encrypted password storage can lead to
X problems when migrating to other authentication mechanisms
X (LDAP...).
X Switching from plain/digest to crypt needs manual work for
X existing accounts, the reverse is not possible.
X http://jabberd.jabberstudio.org/1.4/doc/adminguide#security
X
X -->
X <!-- mod_auth_digest: Password in clear text in storage,
X encrypted/hashed on the wire
X <mod_auth_digest>./jsm/jsm.so</mod_auth_digest>
X -->
X
X <!-- mod_auth_plain: Password in clear text in storage
X and on the wire. Disable this if you do not use clients
X that need plaintext auth -->
X <mod_auth_plain>./jsm/jsm.so</mod_auth_plain>
X
X <!-- mod_auth_crypt: Password encrypted/hashed in storage,
X clear text on the wire. Disabled as this only makes
X sense when used exclusively and with SSL mandatory
X <mod_auth_crypt>./jsm/jsm.so</mod_auth_crypt> -->
X
X <mod_log>./jsm/jsm.so</mod_log>
X <mod_register>./jsm/jsm.so</mod_register>
X <mod_xml>./jsm/jsm.so</mod_xml>
X </load>
X
X </service>
X
X <!-- OK, we've finished defining the Jabber Session Manager. -->
X
X <!-- xdb_auth_cpile module -->
X
X <xdb id="xdb_auth_cpile">
X <host/>
X <ns>jabber:iq:auth</ns>
X <accept>
X <ip>127.0.0.1</ip>
X <port>5999</port>
X <secret>set your password here!</secret>
X </accept>
X </xdb>
X
X
X <!--
X The <xdb/> component handles all data storage, using the filesystem.
X Make sure the spool directory defined here exists and has proper
X permissions.
X -->
X
X <xdb id="xdb">
X <host/>
X <ns/>
X <load>
X <xdb_file>./xdb_file/xdb_file.so</xdb_file>
X </load>
X <xdb_file xmlns="jabber:config:xdb_file">
X <spool><jabberd:cmdline flag='s'>/var/spool/jabber</jabberd:cmdline></spool>
X </xdb_file>
X </xdb>
X
X <!--
X The following service manages incoming client socket connections.
X There are several items you can set here to optimize performance:
X
X * authtime - default is unlimited, but you can set this to
X limit the amount of time allowed for authentication to be
X completed, e.g., <authtime>10</authtime> for 10 seconds
X
X * heartbeat - default is to not send out heartbeat packets
X to the clients. This option allows you to specify that
X you want heartbeats to happen every x seconds. This is
X useful if you have a lot of dial-up or laptop users who
X may drop their connection without logging off of jabber.
X Otherwise the server won't notice that they are offline until
X someone tries to send a packet to them (and the message is
X lost). Example: <heartbeat>60</heartbeat>
X
X * karma - this is an input/output rate limiting system that
X the Jabber team came up with to prevent bandwidth hogging.
X For details about karma, read the io section at the bottom.
X These are the low settings and apply per connection/socket
X and can be changed as desired.
X To disable rate limiting just delete the <karma/> section.
X -->
X
X <service id="c2s">
X <load>
X <pthsock_client>./pthsock/pthsock_client.so</pthsock_client>
X </load>
X <pthcsock xmlns='jabber:config:pth-csock'>
X <authtime/>
X <heartbeat/>
X <karma>
X <init>10</init>
X <max>10</max>
X <inc>1</inc>
X <dec>1</dec>
X <penalty>-6</penalty>
X <restore>10</restore>
X </karma>
X
X <!--
X Use these to listen on particular addresses and/or ports.
X Example: <ip port="5222">127.0.0.1</ip>
X Default is to listen on port 5222 on every interface.
X Remove the <ip/> section to disable non-ssl client connections.
X -->
X <ip port="5222"/>
X
X <!--
X The <ssl/> tag acts pretty much like the <ip/> tag,
X except it defines that SSL is to be used on the
X ports and IP addresses specified. You must specify
X an IP address here, or the connections will fail.
X <ssl port='5223'>127.0.0.1</ssl>
X <ssl port='5224'>192.168.1.100</ssl>
X -->
X
X </pthcsock>
X </service>
X
X <!--
X This is the default server error logging component,
X which copies to a file and to STDERR.
X -->
X
X <log id='elogger'>
X <host/>
X <logtype/>
X <format>%d: [%t] (%h): %s</format>
X <file>/var/log/jabber/jabber.error</file>
X <stderr/>
X </log>
X
X <!--
X This is the default server record logging component,
X which logs general statistical/tracking data.
X -->
X
X <log id='rlogger'>
X <host/>
X <logtype>record</logtype>
X <format>%d %h %s</format>
X <file>/var/log/jabber/jabber.record</file>
X </log>
X
X <!-- The following two services are for handling server-to-server traffic. -->
X
X <!-- External asychronous DNS resolver -->
X
X <service id="dnsrv">
X <host/>
X <load>
X <dnsrv>./dnsrv/dnsrv.so</dnsrv>
X </load>
X <dnsrv xmlns="jabber:config:dnsrv">
X <resend service="_xmpp-server._tcp">s2s</resend> <!-- for supporting XMPP compliant SRV records -->
X <resend service="_jabber._tcp">s2s</resend> <!-- for supporting old style SRV records -->
X <resend>s2s</resend>
X </dnsrv>
X </service>
X
X <!--
X The following 's2s' config handles server connections and
X dialback hostname verification. The <legacy/> element is
X here to enable communication with old 1.0 servers. The
X karma settings are a little higher here to handle the
X higher traffic of server-to-server connections (read
X the io section below for more details, medium settings).
X -->
X
X <service id="s2s">
X <load>
X <dialback>./dialback/dialback.so</dialback>
X </load>
X <dialback xmlns='jabber:config:dialback'>
X <legacy/>
X <!-- Use these to listen on particular addresses and/or ports.
X <ip port="7000"/>
X <ip port="5269">127.0.0.1</ip>
X -->
X <ip port="5269"/>
X <karma>
X <init>50</init>
X <max>50</max>
X <inc>4</inc>
X <dec>1</dec>
X <penalty>-5</penalty>
X <restore>50</restore>
X </karma>
X </dialback>
X </service>
X
X <!--
X update.jabber.org is long dead but some clients still
X request update information. In order to avoid errors
X in the logs, just drop packages for update.jabber.org.
X -->
X <service id="update.jabber.org">
X <host>update.jabber.org</host>
X <null/>
X </service>
X
X <!--
X If you identified additional agents in the main <service/>
X section (see examples above), you'll need to define each
X of them here using a separate <service/> section for each
X <agent/> you identified. Note that the <agent/> sections
X determine what gets shown to clients that connect to your
X server, whereas the following <service/> sections define
X these services within the server itself. The following are
X examples only, you will need to create/modify them to get
X them working on your Jabber server. See the README files
X for each agent and/or the server howto for further
X information/instructions.
X -->
X
X <!-- we're commenting these out, of course :)
X
X <service id="aim.localhost">
X <accept>
X <ip/>
X <port>7009</port>
X <secret>jabber-rocks</secret>
X </accept>
X </service>
X
X <service id="yahoo.localhost">
X <accept>
X <ip/>
X <port>9001</port>
X <secret>jabber-rocks</secret>
X </accept>
X </service>
X
X end of <service/> examples -->
X
X <!--
X The following <io/> config initializes the top-level
X I/O, otherwise known as MIO (Managed Input/Output).
X -->
X
X <io>
X
X <!-- Set the default karma for *all* sockets -->
X <!-- definition of terms:
X
X * Avg. Throughput - The number of bytes you can
X send every second without incuring any penalty.
X
X * Burst Allowed - The maximum number of bytes you
X can send in 2 seconds without incurring any penalty.
X
X * Max Sustained Rate - If you send data as fast as
X you can, you will hit penalty, and will not be
X able to send for 10 seconds; the max sustained
X rate is the average rate you can dump data when
X you are dumping as much data as you can, as fast
X as you can.
X
X * Seconds to Recover from Burst - The amount of time
X it will take to reach Avg. Throughput capability
X after sending a max burst of data.
X
X * Penalty Length - The length of your penalty is
X determined according to this formula:
X abs(penalty) * Heartbeat seconds
X E.g., a penalty of -5 and heartbeat of 2 will
X cause your penalty length to be 10 seconds.
X Note that a penalty CANNOT be less than -100,
X otherwise strange things might happen.
X
X -->
X <!-- Example of Low Karma Limits
X Avg. Throughput: 1k-2k/s
X Burst Allowed To: 5.5k/s
X Max Sustained Rate: 485b/s
X Seconds to Recover from Burst: 20
X Penalty Length: 12 seconds
X <karma>
X <heartbeat>2</heartbeat>
X <init>10</init>
X <max>10</max>
X <inc>1</inc>
X <dec>1</dec>
X <penalty>-6</penalty>
X <restore>10</restore>
X </karma>
X -->
X
X <!-- Example of Medium Karma Limits
X Avg. Throughput: 5k-10k/s
X Burst Allowed: 125.5k/s
X Max Sustained Rate: 12.6k/s
X Seconds to Recover From Burst: 25
X Penalty Length: 10 seconds
X <karma>
X <heartbeat>2</heartbeat>
X <init>50</init>
X <max>50</max>
X <inc>4</inc>
X <dec>1</dec>
X <penalty>-5</penalty>
X <restore>50</restore>
X </karma>
X -->
X
X <!-- Example of High Karma Limits
X Avg. Throughput: 5k-10k/s
X Burst Allowed: 206k/s
X Max Sustained Rate: 34.3k/s
X Seconds to Recover from Burst: 21
X Penalty Length: 6 seconds
X <karma>
X <heartbeat>2</heartbeat>
X <init>64</init>
X <max>64</max>
X <inc>6</inc>
X <dec>1</dec>
X <penalty>-3</penalty>
X <restore>64</restore>
X </karma>
X -->
X
X <!--
X Set rate limits to monitor the number of connection
X attempts from a single IP, any more than [points]
X within [time] will engage the limit. This setting
X applies to all incoming connections to any service,
X unless otherwise overridden by that service.
X -->
X
X <rate points="5" time="25"/>
X
X <!--
X The following section initializes SSL for top-level I/O.
X This works only when the server is compiled with openssl!
X Use IPs here or connections will fail.
X -->
X <!--
X <ssl>
X <key ip='192.168.1.1'>/path/to/cert_and_key.pem</key>
X <key ip='192.168.1.100'>/path/to/other/cert_and_key.pem</key>
X </ssl>
X -->
X
X <!--
X The following section is used to allow or deny
X communications from specified IP networks or
X addressses. If there is no <allow/> section,
X then *all* IPs will be allowed to connect. If
X you allow one block, then only that block may
X connect. Note that <allow/> is checked before
X <deny/>, so if a specific address is allowed
X but the network for that address is denied,
X then that address will still be denied.
X -->
X <!--
X <allow><ip>127.0.0.0</ip><mask>255.255.255.0</mask></allow>
X <allow><ip>12.34.56.78</ip></allow>
X <deny><ip>22.11.44.0</ip><mask>255.255.255.0</mask></deny>
X -->
X
X </io>
X
X <!--
X This specifies the file to store the pid of the process in.
X -->
X <pidfile>/var/run/jabber/jabber.pid</pidfile>
X
X
X</jabber>
END-of-xdb_auth_cpile/files/jabber_xdb.xml.sample
echo x - xdb_auth_cpile/files/patch-b
sed 's/^X//' >xdb_auth_cpile/files/patch-b << 'END-of-xdb_auth_cpile/files/patch-b'
X--- xdb_auth_cpile.xml Wed Oct 16 09:08:45 2002
X+++ xdb_auth_cpile.xml Tue Jan 11 08:38:13 2005
X@@ -1,7 +1,7 @@
X <config>
X <script>
X- <logfile>./xdb_auth.log</logfile>
X- <pidfile>./xdb_auth.pid</pidfile>
X+ <logfile>/var/log/jabber/xdb_auth.log</logfile>
X+ <pidfile>/var/run/jabber/xdb_auth.pid</pidfile>
X <!-- debug can be "1" or "0" (on/off) -->
X <debug>0</debug>
X </script>
X@@ -10,6 +10,6 @@
X <id>xdb_auth_cpile</id>
X <ip>127.0.0.1</ip>
X <port>5999</port>
X- <secret>testing</secret>
X+ <secret>set your password here !</secret>
X </connection>
X </config>
END-of-xdb_auth_cpile/files/patch-b
echo x - xdb_auth_cpile/files/FreeBSD.README
sed 's/^X//' >xdb_auth_cpile/files/FreeBSD.README << 'END-of-xdb_auth_cpile/files/FreeBSD.README'
XJabberd and xdb_auth_cpile configuration steps
X==============================================
X
X1. Create the configuration files:
X
X * Copy ${PREFIX}/etc/jabber_xdb.xml.sample to
X ${PREFIX}/etc/jabber_xdb.xml
X
X * Copy ${PREFIX}/etc/xdb_auth_cpile.xml.sample to
X ${PREFIX}/etc/xdb_auth_cpile.xml
X
X * Edit ${PREFIX}/etc/xdb_auth_cpile.xml and set the connection
X password:
X
X <xdb id="xdb_auth_cpile">
X <host/>
X <ns>jabber:iq:auth</ns>
X <accept>
X <ip>127.0.0.1</ip>
X <port>5999</port>
X <secret>my secret</secret>
X </accept>
X </xdb>
X
X * Edit the jabberd configuration file ${PREFIX}/etc/jabber_xdb.xml ,
X and set the same password defined in xdb_auth_cpile.xml file:
X
X <xdb id="xdb_auth_cpile">
X <host/>
X <ns>jabber:iq:auth</ns>
X <accept>
X <ip>127.0.0.1</ip>
X <port>5999</port>
X <secret>my secret</secret>
X </accept>
X </xdb>
X
X NOTE: This document covers jabberd and xdb_auth_cpile specific topics.
X Additional configuration is needed on jabberd configuration file
X to the server work properly.
X Please refer to Jabberd's documentation for further informations
X about the server configuration.
X
X2. Choose your authentication method
X
X * On ${PREFIX}/lib/xbd_auth_cpile directory, copy the desired
X authentication library file to ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm
X
X * Edit the ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm and set
X required parameters. If necessary !
X
X Example:
X
X To enable authentication through a IMAP server, you must to do:
X
X cp ${PREFIX}/share/xbd_auth_cpile/xdb_auth_cpile.pm.imap \
X ${PREFIX}/share/xbd_auth_cpile/xdb_auth_cpile.pm
X
X Edit ${PREFIX}/lib/xbd_auth_cpile/xdb_auth_cpile.pm and set the variable
X $imap_server as described on file.
X
X3. Disable ${PREFIX}/etc/rc.d/jabberd.sh:
X
X chmod 0444 ${PREFIX}/etc/rc.d/jabberd.sh
X
X4. Start jabberd with xdb_auth_cpile:
X
X ${PREFIX}/etc/rc.d/jabberd_xdb_auth.sh start
END-of-xdb_auth_cpile/files/FreeBSD.README
echo x - xdb_auth_cpile/files/jabberd_xdb_auth.sh
sed 's/^X//' >xdb_auth_cpile/files/jabberd_xdb_auth.sh << 'END-of-xdb_auth_cpile/files/jabberd_xdb_auth.sh'
X#!/bin/sh
X
Xif ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/jabberd_xdb_auth\.sh\$"); then
X echo "$0: Cannot determine the PREFIX" >&2
X exit 1
Xfi
X
X. /etc/rc.subr
X
XUSER="jabber"
XJABBER_PID="/var/run/jabber/jabber.pid"
XXDB_AUTH_PID="/var/run/jabber/xdb_auth.pid"
X
Xtest -x ${PREFIX}/sbin/jabberd || exit 1
Xtest -x ${PREFIX}/sbin/xdb_auth_cpile.pl || exit 1
X
Xexport PATH=/sbin:/bin:/usr/bin:${PREFIX}/bin:${PREFIX}/sbin
Xumask 077
X
X
Xcase ${1:-start} in
Xstart)
X echo
X echo "Starting jabberd "
X pid=$(check_pidfile ${JABBER_PID} ${PREFIX}/sbin/jabberd)
X
X if [ ! -z $pid ] ; then
X echo "jabberd already running? (check ${JABBER_PID})."
X exit 1
X else
X rm -f ${JABBER_PID}
X su -f -m ${USER} -c "jabberd -B -c ${PREFIX}/etc/jabber_xdb.xml"
X fi
X
X echo "Starting xdb_auth_cpile "
X su -f -m ${USER} -c "${PREFIX}/sbin/xdb_auth_cpile.pl >>& /var/log/jabber/xdb_auth.log &" > /dev/null
X ;;
Xstop)
X pid=$(check_pidfile ${JABBER_PID} ${PREFIX}/sbin/jabberd)
X
X if [ -z $pid ] ; then
X echo "jabberd not running? (check ${JABBER_PID})."
X exit 1
X fi
X if [ -f ${XDB_AUTH_PID} ] ; then
X echo "Stopping xdb_auth_cpile "
X kill -SIGKILL `cat ${XDB_AUTH_PID}`
X rm -f ${XDB_AUTH_PID}
X fi
X
X echo "Stopping jabberd "
X killall -SIGKILL -u ${USER} jabberd;
X rm -f ${JABBER_PID}
X ;;
X*)
X echo $0 "{ start | stop }"
X exit 1
X ;;
Xesac
END-of-xdb_auth_cpile/files/jabberd_xdb_auth.sh
echo x - xdb_auth_cpile/pkg-descr
sed 's/^X//' >xdb_auth_cpile/pkg-descr << 'END-of-xdb_auth_cpile/pkg-descr'
Xxdb_auth_cpile is a Perl module for jabberd 1.4.x module written by
XChris Pile (chris at snoogans.co.uk).
XInstalling this package jabberd will be able to make user authentication
Xusing Mysql, POP3, IMAP, Samba, PAM, Ldap or Radius.
X
XWWW: http://www.snoogans.co.uk/jabber/index.htm#xdb_auth_cpile
X
X
XAnderson S. Ferreira <anderson at cnpm.embrapa.br>
END-of-xdb_auth_cpile/pkg-descr
echo x - xdb_auth_cpile/pkg-message
sed 's/^X//' >xdb_auth_cpile/pkg-message << 'END-of-xdb_auth_cpile/pkg-message'
X
XThe xdb_auth_cpile module is installed !
X
XPlease read ${PREFIX}/share/xdb_auth_cpile/FreeBSD.README
Xfor configuration steps.
X
X
END-of-xdb_auth_cpile/pkg-message
echo x - xdb_auth_cpile/pkg-deinstall
sed 's/^X//' >xdb_auth_cpile/pkg-deinstall << 'END-of-xdb_auth_cpile/pkg-deinstall'
X#!/bin/sh
X
Xif [ "$2" != "POST-DEINSTALL" ]; then
X exit 0
Xfi
X
Xecho "If you wish to delete jabber log files, remove '/var/log/jabber' directory."
X
Xrm -rf /var/run/jabber
X
Xexit 0
END-of-xdb_auth_cpile/pkg-deinstall
echo x - xdb_auth_cpile/pkg-install
sed 's/^X//' >xdb_auth_cpile/pkg-install << 'END-of-xdb_auth_cpile/pkg-install'
X#!/bin/sh
X
Xif [ "$2" != "PRE-INSTALL" ]; then
X exit 0
Xfi
X
Xif [ ! -d /var/log/jabber ]; then
X mkdir -m 750 /var/log/jabber
Xfi
X
Xif [ ! -d /var/run/jabber ]; then
X mkdir -m 750 /var/run/jabber
Xfi
X
Xchown jabber:jabber /var/log/jabber /var/run/jabber
X
Xexit 0
END-of-xdb_auth_cpile/pkg-install
exit
--- xdb_auth_cpile.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list