Gaurav Jain | 24 Nov 06:08 2015
Picon

crash when sending unavailable presence with 15.10

* I use ejjaberd-15.10 with 2 users in 1 room.

* user 1 created the room and users 2 is offline

*when user 1 sends unavailable presence to room, server crashes with crash report below.

Can you please help me resolve this issue?


TIA,



***************************************************

2015-11-23 20:50:31.805 [debug] <0.575.0> <at> mod_carboncopy:disable:249 disabling for <<"user1">>

2015-11-23 20:50:31.806 [debug] <0.575.0> <at> mod_shared_roster:unset_presence:1099 unset_presence for <<"user1">> <at> <<"example.com">> / <<"iPhone">> -> <<>> (0 resources)

2015-11-23 20:50:31.806 [debug] <0.575.0> <at> ejabberd_router_multicast:do_route:211 route_multicast

{ $presence_info }

2015-11-23 20:50:31.806 [debug] <0.575.0> <at> ejabberd_router:do_route:324 route 

{ $presence_info }

2015-11-23 20:50:31.806 [debug] <0.575.0> <at> ejabberd_local:do_route:260 local route

{ $presence_info }

2015-11-23 20:50:31.806 [debug] <0.575.0> <at> ejabberd_sm:do_route:411 session manager

{ $presence_info }

2015-11-23 20:50:31.807 [debug] <0.575.0> <at> ejabberd_router:do_route:324 route

{ $presence_info }

2015-11-23 20:50:31.807 [debug] <0.575.0> <at> ejabberd_local:do_route:260 local route

{ $presence_info }

2015-11-23 20:50:31.807 [debug] <0.575.0> <at> ejabberd_sm:do_route:411 session manager

{ $presence_info }

2015-11-23 20:50:31.808 [error] <0.575.0> gen_fsm <0.575.0> in state session_established terminated with reason: no match of right hand value {atomic,ok} in ejabberd_c2s:presence_track/4 line 2085

2015-11-23 20:50:31.808 [error] <0.575.0> CRASH REPORT Process <0.575.0> with 0 neighbours exited with reason: no match of right hand value {atomic,ok} in ejabberd_c2s:presence_track/4 line 2085 in p1_fsm:terminate/8 line 760

2015-11-23 20:50:31.808 [error] <0.349.0> Supervisor ejabberd_c2s_sup had child undefined started with {ejabberd_c2s,start_link,undefined} at <0.575.0> exit with reason no match of right hand value {atomic,ok} in ejabberd_c2s:presence_track/4 line 2085 in context child_terminated

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Jérôme Sautret | 20 Nov 16:21 2015
Picon

[ANN] ejabberd 15.11

This new version of ejabberd improves the cluster management to make
it simpler to use. It fixes issues some may have faced when setting
cluster with ejabberd 15.09 and 15.10.

## Improvements

The commands `join_cluster` and `leave_cluster` do not depend on
external scripts anymore. This makes operation simpler from user
perspective and more portable across systems. The commands are
supported on Microsoft Windows the same way as on Linux and OSX.

### Adding a node to a cluster

Suppose you have already configured ejabberd on one node named
`ejabberd <at> node1`. Let's create an additional node `ejabberd <at> node2` and
connect them together.

1.  Copy the .erlang.cookie file from `node1`'s home to `node2`'s home.

2.  Start `node2` node, and join it to the cluster:

        $ ejabberdctl start
        $ ejabberdctl join_cluster 'ejabberd <at> node1'
        $ ejabberdctl list_cluster
        ejabberd <at> node1
        ejabberd <at> node2

This enables ejabberd's internal replications to be launched across
all nodes so new node can start receiving messages from other nodes
and be registered in the routing tables.

### Removing a node from the cluster

Suppose you have already configured ejabberd cluster with nodes named
`ejabberd <at> node1` and `ejabberd <at> node2` and you want to remove `node1`
from the cluster.
You just needs to shut down `node1`.  There is no specific delay for
the cluster to figure out that the node is gone, the node is
immediately removed from other router entries.
If the node `node1` is started again, it's immediately attached back
to the cluster until it has been explicitly removed permanently from
the cluster.

To permanently remove `node1` from the cluster,  just call
leave_cluster command from anywhere in your cluster (either node1 or
node2):

    $ ejabberdctl leave_cluster 'ejabberd <at> node1'

The removed node must be running while calling leave_cluster to make
it permanently removed. It's then immediately stopped.

## Feedback

As usual, the release is tagged in the Git source code repository on Github:
https://github.com/processone/ejabberd.git

The source package and binary installers are available at
https://www.process-one.net/en/ejabberd/downloads/

If you suspect that you've found a bug, please search or fill a bug report on
https://github.com/processone/ejabberd/issues
willal | 19 Nov 11:18 2015
Picon

Re: ejabberd Digest, Vol 148, Issue 11

 
 
HI: dear
 
1 I`m added mod_proxy65   for  file transfer  at common module, it used shaper(fast 50000), please see  "##liwei add1";
2 Added virtual host(pre.hooca.com.cn)  to  <host_config> ,please see "##liwei add2";
I hope that : using shaper(fast 50000))  to transfer file.
 
now i found that:   
the  rate  of  transfer file is slow(seems to used shaper(normal 1000),)  by using virtual host(pre.hooca.com.cn)  ;
the other virtual host is ok.
so the virtual host(pre.hooca.com.cn)  is not success, can you help me?
 
 
 
 
the detailed info for that:

hosts:
  - "public.hooca.com.cn"
  - "pre.hooca.com.cn"
  - "id.hooca.com.cn"
 
auth_method: internal
 
host_config:
  "public.hooca.com.cn":
    auth_method: anonymous
    allow_multiple_connections: false
    anonymous_protocol: both
 
odbc_pool_size: 20
odbc_keepalive_interval: 30
 
shaper:
  normal: 1000
  fast: 500000
 
max_fsm_queue: 1000
 
acl:
  admin:
    user:
      - "admin": "pre.hooca.com.cn"
  local:
    user_regexp: ""
  loopback:
    ip:
      - "127.0.0.0/8"
 
access:
  ## Maximum number of simultaneous sessions allowed for a single user:
  max_user_sessions:
    all: 10
  ## Maximum number of offline messages that users can have:
  max_user_offline_messages:
    admin: 5000
    all: 100
  ## This rule allows access only for local users:
  local:
    local: allow
  ## Only non-blocked users can use c2s connections:
  c2s:
    blocked: deny
    all: allow
  ## For C2S connections, all users except admins use the "normal" shaper
  c2s_shaper:
    admin: none
    all: normal
  ## All S2S connections use the "fast" shaper
  s2s_shaper:
    all: fast
  proxy65_shaper:
    admin: none
    all: fastnew
  ## Only admins can send announcement messages:
  announce:
    admin: allow
  ## Only admins can use the configuration interface:
  configure:
    admin: allow
  ## Admins of this server are also admins of the MUC service:
  muc_admin:
    admin: allow
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create:
    local: allow
  ## All users are allowed to use the MUC service:
  muc:
    all: allow
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode:
    local: allow
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register:
    all: allow
  ## Only allow to register from localhost
  trusted_network:
    all: allow
 
registration_timeout: infinity
language: "en"
 
modules:
  mod_adhoc: {}
  mod_announce:
    access: announce
  mod_blocking: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_disco: {}
  mod_irc: {}
  mod_http_bind: {}
  mod_last: {}
  mod_muc:
    access: muc
    access_create: muc_create
    access_persistent: muc_create
    access_admin: muc_admin
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
##liwei add1
  mod_proxy65:
    name: "SOCKS5 Bytestreams"
    ip: "192.168.5.107"
    port: 7777
    access: all
    shaper: proxy65_shaper
  mod_pubsub:
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: true
    last_item_cache: false
    plugins:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
  mod_register:
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hi.
        Welcome to this XMPP server.
    ip_access: trusted_network
    access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_stats: {}
  mod_time: {}
  mod_vcard: {}
  mod_version: {}
 
##liwei add2
host_config:
  "pre.hooca.com.cn":
    auth_method: odbc
    odbc_type: mysql
    odbc_server: "localhost"
    odbc_database: "pre_add"
    odbc_username: "root"
    odbc_password: "12345"
    modules:
      mod_last:
        db_type: odbc
      mod_offline:
        db_type: odbc
        access_max_user_messages: max_user_offline_messages
      mod_privacy:
        db_type: odbc
      mod_private:
        db_type: odbc
      mod_pubsub:
        db_type: odbc
        access_createnode: pubsub_createnode
        ignore_pep_from_offline: true
        last_item_cache: false
        plugins:
          - "flat"
          - "hometree"
          - "pep" # pep requires mod_caps
      mod_roster:
        db_type: odbc
      mod_vcard:
        db_type: odbc
allow_contrib_modules: true
 
 
2015-11-19 willal
 
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gerhard Schmidt | 19 Nov 07:58 2015
Picon

dynamicaly set loglevel on running ejabberd

Hi,

I'm upgraded my ejabber server from 2.x to 15.07.

on my old server i could change loglevel without restarting th ejabberd
with 

ejabberdctl debug

Erlang/OTP 18 [erts-7.1] [source] [64-bit] [smp:8:8] [async-threads:10]
[kernel-poll:true]

Eshell V7.1  (abort with ^G)
(ejabberd <at> delphi.ze.tum.de)1> ejabberd_loglevel:set(3).

But since the update to 15.07 i get the following errormessage.

** exception error: undefined function ejabberd_loglevel:set/1

I found a mail that states that i have to load the ejabberd_loglevel
module. How do I do this.

Regards
   Estartu 
Mark Brown | 17 Nov 12:24 2015
Picon

STUN/TURN server - receiving error messages

I'm attempting to configure the ejabberd TURN server over TCP (TURNS).
For testing, I'm using the 'stun' client on Linux.

However, when I carry out a test, I get an error message:
Bad length string 15
problem parsing ServerName

The log is as follows:

$ stun xmpp.lowsnr.net -v
STUN client version 0.96
Opened port 22719 with fd 3
Opened port 22720 with fd 4
Encoding stun message:
Encoding ChangeRequest: 0

About to send msg of len 28 to 183.181.58.166:3478
Encoding stun message:
Encoding ChangeRequest: 4

About to send msg of len 28 to 183.181.58.166:3478
Encoding stun message:
Encoding ChangeRequest: 2

About to send msg of len 28 to 183.181.58.166:3478
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=1
Encoding stun message:
Encoding ChangeRequest: 4

About to send msg of len 28 to 183.181.58.166:3478
Encoding stun message:
Encoding ChangeRequest: 2

About to send msg of len 28 to 183.181.58.166:3478
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=2
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=3
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=2
Received stun message: 76 bytes
Bad length string 15
problem parsing ServerName
Received message of type 273  id=3
test I = 1
test II = 1
test III = 1
test I(2) = 0
is nat  = 0
mapped IP same = 1
hairpin = 0
preserver port = 0
Primary: Open	
Return value is 0x000010

_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Hoshpak | 16 Nov 18:48 2015
Picon

Re: Stun authentication with ejabberd and ldap

Am 15.11.2015 um 23:42 schrieb Holger Weiß:
> * Hoshpak <mailinglist <at> pozimski.eu> [2015-11-14 12:49]:
>> Does anyone here have experience with STUN authentication using a LDAP
>> server? Is there any way to make this work without requiring clear text
>> passwords to be stored on the server?
> 
> There's currently two ways to support STUN authentication: Either with
> "auth_method: internal" and "auth_password_format: plain", or with
> "auth_method: external" and the "extauth_cache" feature.  So you *could*
> use an external script for LDAP authentication¹ and have ejabberd cache
> the passwords, they will then be used for STUN authentication.  A nicer
> solution would be to teach the built-in LDAP code (and other
> authentication backends) to optionally cache plain text passwords, but
> the current code doesn't support this.

Thanks for the explanation. Since I want to avoid having clear text
passwords on the server at any time, I'm going to disable STUN/TURN for
now and gain some experience without it. At least jitsi seems to do fine
without it, it probably uses some other NAT traversal mechanism or
another server instead.

It would be nice if someone could add a few words about the
authentication mechanism support for STUN/TURN to the ejabberd
documentation some time.

It seems that there might be another way to deal with the issue as
described in XEP-0215 which seems to gain support in prosody as
mod_extdisco and mod_turncredentials but not available in the free
version of ejabberd (yet). If it becomes available in some future
version, I'd certainly like to try it.

Helmut
Dominik George | 16 Nov 12:48 2015
Picon
Gravatar

Re: Stun authentication with ejabberd and ldap

Hi,

> There's currently two ways to support STUN authentication: Either with
> "auth_method: internal" and "auth_password_format: plain", or with
> "auth_method: external" and the "extauth_cache" feature.  So you *could*
> use an external script for LDAP authentication¹ and have ejabberd cache
> the passwords, they will then be used for STUN authentication.  A nicer
> solution would be to teach the built-in LDAP code (and other
> authentication backends) to optionally cache plain text passwords, but
> the current code doesn't support this.

THinking of it…

This could be a solution for having hashed passwords in LDAP and still having 
working STUN authentication.

What if ejabberd stored the cleartext password the client sends on XMPP 
authentication in memory (in a more or less secure manner), and mod_stun used 
this cache as source for plaintext passwords?

This way, the first XMPP login could use secure SSHA passwords in LDAP, and 
all modules needing auth afterwards would have a plaintext copy, provided jsut 
by the fact the client sent it once and it was validated.

Cheers,
Nik

--

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Mobil: +49-151-61623918

Teckids e.V. · FrOSCon e.V. · OpenRheinRuhr e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Contributor

LPIC-3 Linux Enterprise Professional (Security)
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Hoshpak | 14 Nov 12:49 2015
Picon

Stun authentication with ejabberd and ldap

Hi everyone,

currently I am using ejabberd 14.07 (from the Debian repository) on
Debian jessie and configured it to use LDAP as the authentication
method. This generally works great, except for stun/turn which I tried
to configure to offer NAT traversal for connected clients. The relevant
part of my configuration currently looks as follows:

  -
    port: 3478
    transport: udp
    use_turn: true
    turn_ip: "$IP"
    auth_realm: "$REALM"
    module: ejabberd_stun
  -
    port: 3478
    transport: tcp
    use_turn: true
    turn_ip: "$IP"
    auth_realm: "$REALM"
    module: ejabberd_stun
  -
    port: 5349
    module: ejabberd_stun
    transport: tcp
    use_turn: true
    turn_ip: "$IP"
    auth_realm: "$REALM"
    certfile: "/etc/ejabberd/ejabberd.pem"

The "auth_realm" is set to the same as the main and only vhost
configured which uses the LDAP authentication. If someone tries to
access the STUN service, I get the following error message in my log file:

2015-11-10 18:24:43.805 [info] <0.440.0> failed long-term STUN
authentication for $USER <at> $DOMAIN from $IP:$PORT.

The only hit I got for this error message is the following post in the
ejabberd forums:

https://www.ejabberd.im/node/24717

If I understand the post right, the issue with STUN authentication is
that it requires building a hashed version of the password and sending
it to the server. The server would then have to hash the password itself
to compare it with the received hash. That of course would require the
clear text password to be saved somewhere on the server which is not the
case since my LDAP back end stores the passwords hashed and salted.

Does anyone here have experience with STUN authentication using a LDAP
server? Is there any way to make this work without requiring clear text
passwords to be stored on the server?

Greetings
Helmut
Quintus | 13 Nov 14:13 2015
Picon
Gravatar

ejabberd 15.10: mod_http_upload not found

Hi everyone,

I updated from ejabberd 15.09 to ejabberd 15.10 because I saw that the
module supporting XEP-0363 (mod_http_upload) is now bundled with
ejabberd itself[1]. Previously it was only available via the community
repository[2].

So I chcked out the latest version of ejabberd from Git, removed my
previous installation except for the etc and lib directories and
recompiled and reinstalled the new version on my Debian Jessie system. I
then started ejabberd and remove the mod_http_upload community module by
executing

$ ejabberdctl module_uninstall mod_http_upload
ok

which correctly removed ~/.ejabberd-modules/mod_http_upload. Since this
was my only contribution module in use, I then commented out the
`allow_contrib_modules` option in my ejabberd.yml file and restarted
ejabberd. However, if I now want to start ejabberd it logs this:

--------------------
2015-11-13 12:28:58.081 [error]
<0.606.0> <at> gen_mod:stop_module_keep_config:136
{{badmatch,{error,not_found}},[{mod_http_upload,stop,1,[{file,"src/mod_http_upload.erl"},{line,144}]},{gen_mod,stop_module_keep_config,2,[{file,"src/gen_mod.erl"},{line,135}]},{gen_mod,stop_module,2,[{file,"src/gen_mod.erl"},{line,127}]},{ext_mod,'-uninstall/1-lc$^0/1-0-',2,[{file,"src/ext_mod.erl"},{line,186}]},{ext_mod,uninstall,1,[{file,"src/ext_mod.erl"},{line,186}]},{ejabberd_commands,execute_command2,2,[{file,"src/ejabberd_commands.erl"},{line,378}]},{ejabberd_ctl,call_command,3,[{file,"src/ejabberd_ctl.erl"},{line,292}]},{ejabberd_ctl,try_call_command,3,[{file,"src/ejabberd_ctl.erl"},{line,268}]}]}
--------------------

Neither it announces the service in the service discovery anymore, at
least according to my XMPP client (Gajim). The module is there:

--------------------
$ find lib -iname '*http_upload*'
lib/ejabberd/ebin/mod_http_upload_quota.beam
lib/ejabberd/ebin/mod_http_upload.beam
--------------------

Here’s the relevant part of my ejabberd.yml:

--------------------
# ...
listen:
  # ...
  - 
    port: 5444
    module: ejabberd_http
    request_handlers:
      "": mod_http_upload
    # Enable HTTPS
    tls: true
    tls_compression: false
    protocol_options:
      - "no_sslv2"
      - "no_sslv3"
      # - "no_tlsv1"
    dhfile: "/usr/local/etc/ejabberd/dh2048.pem"
    certfile: "/tmp/phtest/ph.all.pem"
    ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
# ...
access:
  # ...
  soft_upload_quota:
    all: 80
  hard_upload_quota:
    all: 100
# ...
modules:
  # ...
  mod_http_upload:
    host: "upload. <at> HOST <at> "
    docroot: "/home/ejabberd/uploads"
    access: local
    # Maximum file size 8 MiB
    max_size: 8388608
    secret_length: 40
    file_mode: "0644"
    dir_mode: "0755"
    put_url: "https://upload.mydomain.local:5444"
  mod_http_upload_quota:
    max_days: 14
    access_hard_quota: hard_upload_quota
    access_soft_quota: soft_upload_quota
--------------------

Probably I overlooked something obvious, but I’m fairly new to ejabberd
still, so please bear with me :-). Any hints are appreciated.

Greetings
Marvin

[1]: http://lists.jabber.ru/pipermail/ejabberd/2015-October/008848.html
[2]: https://github.com/processone/ejabberd-contrib/tree/master/mod_http_upload
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Gaurav Jain | 6 Nov 05:58 2015
Picon

how to send multicast message to MUC and private message together

I use mod_multicast and I use 'to' attribute.

I try to send message to non-muc user (abc <at> example.com) and a muc user (mucuser <at> example.com)

If I set message type to **chat** then I get an error

    it is not allowed to send private messages to conference.

If I set it to **groupchat**, then I get `service-unavailable` for non-muc (private) user.

How can I send multicast message to muc and non-muc (private) user in the same message?
_______________________________________________
ejabberd mailing list
ejabberd <at> jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd
Sedovic, Dave | 2 Nov 18:04 2015

ejabberdctl reload_config doesn't work?

We are running on ejabberd 15.07. I have made a change to the ejabberd.yml config file, and I run the
"ejabberdctl reload_config" command, but do not see the config change taking effect.

My first change was to increase the max_inactivity value for mod_http_bind. Based on what I see in the log
file, this didn't seem to be taking effect. So I tried increasing the log_level, which is easy to check. But
after doing the reload_config, the log_level stays the same. 

Is there something I'm missing?

Thanks,

Dave

Gmane