Porting the latest gossip to FreeBSD

I have been trying to update our gossip port from 0.26 to 0.31.
Loudmouth 1.4.1 is successfully installed, and gossip 0.31 builds fine
except for one small patch (attached).  The problem is, gossip 0.31
refuses to authenticate with jabber.org.  I always get an authentication
failed (error 4).  If I downgrade to gossip 0.28, everything works.

If I then upgrade to 0.29, I am no longer able to login again.  I am
using gnome-keyring, and I can see in my keyring that the password is
successfully stored.  Debug from 0.31 shows:

Jabber: Untrusted certificate
Jabber: Connection open!
Jabber: Attempting to use JabberID:'FreeBSDMarcus@...'
Jabber: Disconnecting for account:'Test'
Session: Protocol disconnecting for account:'Test'
Sound: Protocol disconnecting for account:'Test'
Session: Protocol disconnected (after 0.00 seconds)
AppSession: Disconnected account:'Test'
DBUS: Failed to complete 'state' request. The name
org.freedesktop.NetworkManager was not provided by any .service files
JabberUtils: Error:4->'Authentication failed.'
Session: Error:4->'Authentication failed.'
AppSession: Error for account:'Test'

The NetworkManager error doesn't appear to be fatal, and I get this with
0.28 as well.  Nothing else is different settings-wise between 0.28 and
0.31.  I'm using the resource Home, and I am using encryption.  I've
tried both ports 5222 and 5223.  The server is jabber.org.

Both gossip 0.28 and pidgin can connect with this account and password.
Creating a new account in gossip 0.31 also does not work.  Any clue as
to what the problem may be?  Is there any additional troubleshooting I
can do?  A sniffer isn't helpful as this is all encrypted.

Joe

--
PGP Key : http://www.marcuscom.com/pgp.asc

[patch-libloudermouth_lm-bs-listener.c]

---

--- libloudermouth/lm-bs-listener.c.orig 2008-08-03 14:38:37.000000000 -0400
+++ libloudermouth/lm-bs-listener.c 2008-08-03 14:38:50.000000000 -0400
@@ -27,6 +27,7 @@
 #include <glib.h>
 
 #ifndef G_OS_WIN32
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/tcp.h>
 #endif /* G_OS_WIN32 */

---

_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev

Joe Marcus Clarke wrote:

Hi :)

> I have been trying to update our gossip port from 0.26 to 0.31.
> Loudmouth 1.4.1 is successfully installed, and gossip 0.31 builds fine
> except for one small patch (attached).  The problem is, gossip 0.31
> refuses to authenticate with jabber.org.  I always get an authentication
> failed (error 4).  If I downgrade to gossip 0.28, everything works.

OK.

First, thanks for the patch!

The network manager issue there shouldn't be a problem. But I wonder if
it is part of the problem?

> Nothing else is different settings-wise between 0.28 and
> 0.31.  I'm using the resource Home, and I am using encryption.  I've
> tried both ports 5222 and 5223.  The server is jabber.org.

Gossip should switch between ports for you. But for old SSL
authentication, you want to use port 5223. Otherwise port 5222 should work.

> Both gossip 0.28 and pidgin can connect with this account and password.
> Creating a new account in gossip 0.31 also does not work.  Any clue as
> to what the problem may be?  Is there any additional troubleshooting I
> can do?  A sniffer isn't helpful as this is all encrypted.

Hmm, interesting. I can connect to my jabber.org account fine here.
If you run Gossip with LM_DEBUG=all, does it give you any more information?

--
Regards,
Martyn
_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev

On Sun, 2008-08-03 at 21:45 +0100, Martyn Russell wrote:

Thanks for your reply.

> > The NetworkManager error doesn't appear to be fatal, and I get this with
> > 0.28 as well.  
>
> The network manager issue there shouldn't be a problem. But I wonder if
> it is part of the problem?

I saw it in the working 0.28.  FreeBSD doesn't have an NM port yet.

>
> > Nothing else is different settings-wise between 0.28 and
> > 0.31.  I'm using the resource Home, and I am using encryption.  I've
> > tried both ports 5222 and 5223.  The server is jabber.org.
>
> Gossip should switch between ports for you. But for old SSL
> authentication, you want to use port 5223. Otherwise port 5222 should work.

It does.  0.26, 0.27, and 0.28 want to use 5223, but 0.29 and 0.31 want
to use 5222.  Neither port authenticates successfully in 0.29 and 0.31.

>
> > Both gossip 0.28 and pidgin can connect with this account and password.
> > Creating a new account in gossip 0.31 also does not work.  Any clue as
> > to what the problem may be?  Is there any additional troubleshooting I
> > can do?  A sniffer isn't helpful as this is all encrypted.
>
> Hmm, interesting. I can connect to my jabber.org account fine here.
> If you run Gossip with LM_DEBUG=all, does it give you any more information?

Well, it's all hashed, so it doesn't really tell me what it's really
sending:

*** Socket library initialising...
*** Connecting to: jabber.org:5223
*** SRV lookup disabled for jabber.org
Going to connect to jabber.org:5223
Trying 208.68.163.220 port 5223...
Connection success (2).
*** Setting up SSL...
*** GNUTLS negotiated compression: DEFLATE
SEND:
-----------------------------------
<?xml version='1.0' encoding='UTF-8'?>
-----------------------------------
*** Sending stream header

SEND:
-----------------------------------
<stream:stream version="1.0" xmlns="jabber:client"
xmlns:stream="http://etherx.jabber.org/streams" to="jabber.org"
id="4360577850">
-----------------------------------

RECV [168]:
-----------------------------------
'<?xml version='1.0'?><stream:stream xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' id='2193159157'
from='jabber.org' version='1.0' xml:lang='en'>'
-----------------------------------
*** Read: 168 chars
LM-PARSER: ATTRIBUTE: xmlns = jabber:client
LM-PARSER: ATTRIBUTE: xmlns:stream = http://etherx.jabber.org/streams
LM-PARSER: ATTRIBUTE: id = 2193159157
LM-PARSER: ATTRIBUTE: from = jabber.org
LM-PARSER: ATTRIBUTE: version = 1.0
LM-PARSER: ATTRIBUTE: xml:lang = en
LM-PARSER: Trying to close node: stream:stream
LM-PARSER: Have a new message
*** New message with type="stream:stream" from: jabber.org
*** XMPP 1.0 stream received: 2193159157

RECV [220]:
-----------------------------------
'<stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features>'
-----------------------------------
*** Read: 220 chars
LM-PARSER: ATTRIBUTE: xmlns = urn:ietf:params:xml:ns:xmpp-sasl
LM-PARSER: Trying to close node: mechanism
LM-PARSER: Trying to close node: mechanism
LM-PARSER: Trying to close node: mechanisms
LM-PARSER: ATTRIBUTE: xmlns = http://jabber.org/features/iq-register
LM-PARSER: Trying to close node: register
LM-PARSER: Trying to close node: stream:features
LM-PARSER: Have a new message
*** New message with type="stream:error" from: unknown
LM-SASL: Stream features received

SEND:
-----------------------------------
<auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
id="134986749423"></auth>

-----------------------------------

RECV [148]:
-----------------------------------
'<challenge
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>bm9uY2U9IjEwNzU0Mzk4MjEiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>'
-----------------------------------
*** Read: 148 chars
LM-PARSER: ATTRIBUTE: xmlns = urn:ietf:params:xml:ns:xmpp-sasl
LM-PARSER: Trying to close node: challenge
LM-PARSER: Have a new message
*** New message with type="challenge" from: unknown

SEND:
-----------------------------------
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
id="264451813363">dXNlcm5hbWU9IkZyZWVCU0RNYXJjdXMiLHJlYWxtPSJqYWJiZXIub3JnIixkaWdlc3QtdXJpPSJ4bXBwL2phYmJlci5vcmciLG5vbmNlPSIxMDc1NDM5ODIxIixuYz0wMDAwMDAwMSxjbm9uY2U9IkNaVWZOSkZqQllSNE5jSzBGOXdHYi9WMDR0ZXhFVW5KaUFFQzYvTUV6d2M9Iixxb3A9YXV0aCxjaGFyc2V0PXV0Zi04LHJlc3BvbnNlPTNlZDk1ZjQ5MGNhYzNmYTUzNGUxMjBkZTgwYWM5YWMw</response>

-----------------------------------

RECV [77]:
-----------------------------------
'<failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>'
-----------------------------------
*** Read: 77 chars
LM-PARSER: ATTRIBUTE: xmlns = urn:ietf:params:xml:ns:xmpp-sasl
LM-PARSER: Trying to close node: not-authorized
LM-PARSER: Trying to close node: failure
LM-PARSER: Have a new message
*** New message with type="failure" from: unknown
LM-SASL: sasl_failure_cb: SASL authentication failed: unknown reason***
SASL authentication failed, closing connection
*** Disconnecting from: jabber.org:5223

SEND:
-----------------------------------
</stream:stream>
-----------------------------------
Freeing up IOChannel and file descriptor

How can I see what username and password is actually being sent?  Where
could I add some debug code to print that?

Joe

--
PGP Key : http://www.marcuscom.com/pgp.asc


_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev

On Sun, 2008-08-03 at 21:45 +0100, Martyn Russell wrote: I found the problem.  It is due to ebook support.  This links gossip to
e-d-s which links to NSS (for SSL support).  There is a symbol conflict
between GnuTLS and NSS on FreeBSD.  If loudmouth is linked with
-Wl,-Bsymbolic, the problem goes away, and gossip can once again
authenticate and have working ebook support.

Joe

--
PGP Key : http://www.marcuscom.com/pgp.asc


_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev

Joe Marcus Clarke wrote:
> On Sun, 2008-08-03 at 21:45 +0100, Martyn Russell wrote:
>
> Thanks for your reply.

:)

>>> The NetworkManager error doesn't appear to be fatal, and I get
>>> this with 0.28 as well.
>> The network manager issue there shouldn't be a problem. But I
>> wonder if it is part of the problem?
>
> I saw it in the working 0.28.  FreeBSD doesn't have an NM port yet.

OK.

I know that in the past jabber.org hasn't worked for me using the
STARTTLS method on port 5222 (the new secure method of authenticating).

There are two set ups which should work:

Option #1:
- Port 5223
- Enable "Force older secure connection method".
- Enable "Ignore certificate warnings".
- Enable "Use Encryption".

Option #2:
- Port 5222
- Disable "Force older secure connection method".
- Enable "Ignore certificate warnings".
- Enable "Use Encryption".

So it looks like you are using the older secure connection method (i.e.
option #1 from above.

This looks like the password is wrong. The connection is made
successfully, the authentication stage just seems to fail.

Does authentication work if you don't use encryption?

> How can I see what username and password is actually being sent?

If you use:

  export GOSSIP_DEBUG=Jabber

You should be able to see this sort of debug when you try to connect:

With option #1:

Jabber: Refreshing connection details
Jabber: Setting connection details for account:'Testing2'
Jabber: - ID:'testing2@...'
Jabber: - Server:'jabber.org'
Jabber: - Port:5223
Jabber: - Using OLD SSL method for connection
Jabber: Connecting...
Jabber: Untrusted certificate
Jabber: Connection open!
Jabber: Attempting to use JabberID:'testing2@...'
Jabber: Connection logged in!

With option #2:

Jabber: Refreshing connection details
Jabber: Setting connection details for account:'Testing2'
Jabber: - ID:'testing2@...'
Jabber: - Server:'jabber.org'
Jabber: - Port:5222
Jabber: - Using STARTTLS method for connection
Jabber: Connecting...
Jabber: Connection open!
Jabber: Attempting to use JabberID:'testing2@...'
Jabber: Untrusted certificate
Jabber: Connection logged in!


> Where could I add some debug code to print that?

You can also use:

  export GOSSIP_DEBUG=all

But there is a lot of debugging there to drown in :)

If you want to print the password, try adding a debug line in this file:

http://svn.gnome.org/viewvc/gossip/trunk/libgossip/gossip-jabber.c?view=markup

In the function _gossip_jabber_set_connection(). Something like:

  gossip_debug (DEBUG_DOMAIN,
                "- Password:'%s'",
                gossip_account_get_password (account));

We don't normally put the password in the log for security reasons.
Hope this helps.

--
Regards,
Martyn
_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev

Joe Marcus Clarke wrote:
> On Sun, 2008-08-03 at 21:45 +0100, Martyn Russell wrote:
>> Joe Marcus Clarke wrote:
> I found the problem.  It is due to ebook support.  This links gossip to
> e-d-s which links to NSS (for SSL support).  There is a symbol conflict
> between GnuTLS and NSS on FreeBSD.  If loudmouth is linked with
> -Wl,-Bsymbolic, the problem goes away, and gossip can once again
> authenticate and have working ebook support.

Oh, I saw your reply too late :)

Great that you found the problem!
Thanks for letting us know.

--
Regards,
Martyn
_______________________________________________
Gossip-dev mailing list
Gossip-dev@...
http://lists.imendio.com/mailman/listinfo/gossip-dev