Quick search for all users in a jud
I posted the original patch to the jadmin mailing list.
I made some simple changes to allow users to quickly display a list of all the users in a jud. Depending on your Jabber client, you can either just click on the search button and all the users will be displayed, or if your Jabber client forces you to enter some search criteria (JabberIM), you can just enter a single asterisk (*) in any of the search fields, then just click on the search button to display a list of all the users. Also, it's worth noting that it might not be a good idea to implement these patches on servers with a large number of users in the jud.
If anyone is interested, I created the patch as follows (using jabber-1.4.1 and jud-0.4):
# cd /usr/local/jabber-1.4.1/jud-0.4 # cp -p jud_search.c jud_search.c.orig # vi jud_search.c
made changes
# diff -Nurd jud_search.c.orig jud_search.c > jud_search.patch
Download the patch
Basically just copy/paste this into "/usr/local/jabber-1.4.1/jud-0.4/jud_search.patch", then apply the patch as follows:
# cd /usr/local/jabber-1.4.1/jud-0.4 # patch -p0 < jud_search.patch # make
Done.
Installing Jabber Server on FreeBSD
Note: You need to compile using "gmake" instead of just "make".
Configuring SSL for your Jabber Server
Note: I suggest you obtain Jabber-1.4.x via CVS since it contains a patch to fix a Denial of Service problem with SSL connections.
- Obtain the latest Jabber Server.
- Follow the steps at Jabberd Admin Guide, but use "./configure --enable-ssl" instead of just "./configure". This assumes you have already downloaded and installed OpenSSL
- Follow this guide. Generate your SSL pem file using this simple script (originally posted here).
- Your Jabber Server should now be able to accept SSL connections on port 5223.
Securing jabber in a chroot (FreeBSD)
Assumes jabber is installed in "/usr/local/jabber"
cd /usr/local/jabber mkdir -p usr/libexec mkdir usr/lib mkdir etc cp /usr/libexec/ld-elf.so.1 usr/libexec/ cp /usr/lib/libssl.so.2 usr/lib/ cp /usr/lib/libcrypto.so.2 usr/lib/ cp /usr/local/lib/libpth.so.14 usr/lib/ cp /usr/lib/libc.so.4 usr/lib/ # need this for s2s and dnsrv cp /etc/resolv.conf etc/ echo "jabber:*:1001:1001::0:0:Jabber:/:/sbin/nologin" > etc/passwd pwd_mkdb -d etc etc/passwd cd /usr/local chown -R root.wheel jabber cd /usr/local/jabber chown -R 1001.1001 spool
I created a var dir for all the log files
mkdir -p var/log mkdir var/run cd var chown 1001.1001 run touch var/log/record.log touch var/log/error.log chown 1001.1001 var/log/record.log chown 1001.1001 var/log/error.log
Simple jabberd control script (FreeBSD)
Download the script below, here.
#!/bin/sh
JPIDFILE="/usr/local/jabber/var/run/jabberd.pid"
JLOGFILE="/usr/local/jabber/var/log/jabberd.log"
case "$1" in
start)
# Start jabberd (but check if already running first)
ps -axc | grep jabberd > /dev/null 2>&1
if [ "$?" -eq 0 ]
then
echo "jabberd is already running!"
exit 1
fi
if [ -f $JPIDFILE ]
then
echo "jabberd.pid file exists, removing"
rm -f $JPIDFILE
fi
echo -n "Starting jabberd: "
echo
# non chrooted
#su jabber -c '/usr/local/jabber/jabberd/jabberd -B'
# chrooted
chroot /usr/local/jabber /jabberd/jabberd -H / -U jabber 2>$JLOGFILE &
;;
stop)
# Stop daemons.
echo -n "Stopping jabberd: "
echo
killall -KILL -v jabberd
if [ -f $JPIDFILE ]
then
echo "jabberd.pid file exists, removing"
rm -f $JPIDFILE
fi
;;
restart)
$0 stop
$0 start
;;
reload)
echo "Reloading jabber.xml config"
kill -HUP `/bin/cat $JPIDFILE`
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
Extending Jabber authentication using xdb_auth/check
Note: Due to other commitments, I no longer have the time to develop and support this code. I hope you still find it useful and enjoy using Jabber.
This is an example Perl script that uses the new auth/check method in 1.4.2. It is based on Jer's original script found here. There seems to be a problem with the original script as detailed here
This version uses DJ Adams' Jabber::Connection Perl modules instead of XML::Stream. So far, performance seems better and I haven't experienced any problems. The code is a cross between Jer's original xdb_auth_test.pl and DJ's RSS Newsagent script from his book "Programming Jabber".
For more information on the auth/check method, see the Jabber-1.4.2 change log, under the heading 'XDB "check" and Authentication Modules'.
Note:
- Using this technique requires that the clients authenticate with plain the plain text password (obviously) so it should be used carefully, only on internal servers or when SSL is enabled.
- You need an experimental version of Jabber::Connection
- You will probably need to edit the "use lib qw(/usr/local/jabber/xdb_auth_cpile);" line in xdb_auth_cpile.pl to reflect the location of your xdb_auth_cpile.pm file.
xdb_auth_cpile-1.7.pl
xdb_auth_cpile.pm (User password is "test")
xdb_auth_cpile.README
example "xdb_auth_cpile.xml" config
Authenticating using IMAP, LDAP, MYSQL, PAM, POP3, RADIUS, SMB:
I have also created a tarball which makes it very easy to change the authentication method.
I have included a few examples of how to extend the authentication method. You will need to rename the file you wish to use:
E.g.
rename xdb_auth_cpile.pm.imap to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.ldap to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.mysql to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.pam to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.pop3 to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.radius to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.smb to xdb_auth_cpile.pm
OR
rename xdb_auth_cpile.pm.test to xdb_auth_cpile.pm
Download: xdb_auth_cpile-1.7/1.8.tar.gz
Restricting nicknames in chatrooms
This patch restricts users from changing their nicknames within a conference room. Their nickname is forced to be the same as their actual Jabber username
Download the patch
Checkout the conference module from the CVS on jabberstudio.org then apply the patch as follows.
# cd /usr/local/jabber-1.4.2 # patch < conference.patch # cd conference # make
Done.
