phpBB • Free and Open Source Forum Software

RSS Facebook Twitter

Bug tracker

This ticket has been moved to our new tracker. Open Ticket PHPBB3-2480 now.

Jabber auth doesn't work (fix completed in vcs)

After upgrading to phpBB3 Beta4 Jabber won't work anymore.
At first I got the info that in includes/functions_jabber.php line 871 stream_socket_enable_crypto() isn't able to initialize cripto.
This always hapened If I changed the jabbersettings or tried to send a message.

afterwards my friendly webadmin installed openssl and the phpbinding to this.
now I can register new jabberaccount, but when I try sending a message it's not send and an entry to the errorlog is added.
Code: Select all
Jabber-Fehler
» Could not authorise on Jabber server


but a new user is correctly registered. I tested with my own jabberclient.

any suggestions?

Comments / History

Posted by Acyd Burn (Server Manager) on Dec 10th 2006, 15:37

This code is only executed if the php version supports this and the jabber server requesting TLS. Seems like the jabber server itself is configured wrongly...

What do you see in your error log about the jabber backtrace displayed there? If you do not see anything, try enabling DEBUG_EXTRA in config.php and try again.

Posted by Acyd Burn (Server Manager) on Dec 10th 2006, 15:41

Could you also try to change the following both methods in functions_jabber.php to this code and test again?

Code: Select all
/**
   * Check if connected
   * @access private
   */
   function _check_connected($in_tls = false)
   {
      $incoming_array = $this->_listen_incoming();

      if (is_array($incoming_array))
      {
         if ($incoming_array['stream:stream']['@']['from'] == $this->server && $incoming_array['stream:stream']['@']['xmlns'] == 'jabber:client' && $incoming_array['stream:stream']['@']['xmlns:stream'] == 'http://etherx.jabber.org/streams')
         {
            $this->stream_id = $incoming_array['stream:stream']['@']['id'];

            // We only start TLS authentication if not called within TLS authentication itself, which may produce a never ending loop...
            if (!$in_tls)
            {
               if (!empty($incoming_array['stream:stream']['#']['stream:features'][0]['#']['starttls'][0]['@']['xmlns']) && $incoming_array['stream:stream']['#']['stream:features'][0]['#']['starttls'][0]['@']['xmlns'] == 'urn:ietf:params:xml:ns:xmpp-tls')
               {
                  return $this->_starttls();
               }
            }

            return true;
         }
         else
         {
            $this->add_to_log('ERROR: _check_connected() #1');
            return false;
         }
      }
      else
      {
         $this->add_to_log('ERROR: _check_connected() #2');
         return false;
      }
   }

   /**
   * Start TLS/SSL session if supported (PHP5.1)
   * @access private
   */
   function _starttls()
   {
      if (!function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking'))
      {
         $this->add_to_log('WARNING: TLS is not available');
         return true;
      }

      $this->send_packet("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\n");
      sleep(2);
      $incoming_array = $this->_listen_incoming();

      if (!is_array($incoming_array))
      {
         $this->add_to_log('ERROR: _starttls() #1');
         return false;
      }

      if ($incoming_array['proceed']['@']['xmlns'] != 'urn:ietf:params:xml:ns:xmpp-tls')
      {
         $this->add_to_log('ERROR: _starttls() #2');
         return false;
      }

      $meta = stream_get_meta_data($this->connector->active_socket);
      socket_set_blocking($this->connector->active_socket, 1);

      if (!@stream_socket_enable_crypto($this->connector->active_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
      {
         socket_set_blocking($this->connector->active_socket, $meta['blocked']);
         $this->add_to_log('ERROR: _starttls() #3');
         return false;
      }

      socket_set_blocking($this->connector->active_socket, $meta['blocked']);

      $this->send_packet("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
      $this->send_packet("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
      sleep(2);

      if (!$this->_check_connected(true))
      {
         $this->add_to_log('ERROR: _starttls() #4');
         return false;
      }

      return true;
   }

Posted by LightLan on Dec 10th 2006, 16:01

I don't think it's the jabberservers fault. I tried 2 servers, aszlig.net and jabber.org, both the same.

the code you gave me doesn't work either. still the same error.

debug_extra is enabled, but there's no more info than
Code: Select all
Light Lan     <my ip>     10 Dez 2006 16:56     Jabber-Fehler
» Could not authorise on Jabber server

Posted by Acyd Burn (Server Manager) on Dec 10th 2006, 17:41

If DEBUG_EXTRA is enabled, it should give you an extensive message history of what has been executed and the relevant return information - though maybe not if you are using the ACP, only if jabber messages are sent.

Ok, another try. Smile Now a new _starttls() function:

Code: Select all
function _starttls()
   {
      if (!function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers'))
      {
         $this->add_to_log('WARNING: TLS is not available');
         return true;
      }

      // Make sure the encryption stream is supported
      $streams = stream_get_wrappers();
      print_r($streams);

      if (!in_array('streams.crypto', $streams))
      {
         $this->add_to_log('WARNING: SSL/crypto stream not supported');
         return true;
      }

      $this->send_packet("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\n");
      sleep(2);
      $incoming_array = $this->_listen_incoming();

      if (!is_array($incoming_array))
      {
         $this->add_to_log('ERROR: _starttls() #1');
         return false;
      }

      if ($incoming_array['proceed']['@']['xmlns'] != 'urn:ietf:params:xml:ns:xmpp-tls')
      {
         $this->add_to_log('ERROR: _starttls() #2');
         return false;
      }

      $meta = stream_get_meta_data($this->connector->active_socket);
      socket_set_blocking($this->connector->active_socket, 1);

      $result = stream_socket_enable_crypto($this->connector->active_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
      if (!$result)
      {
         socket_set_blocking($this->connector->active_socket, $meta['blocked']);
         $this->add_to_log('ERROR: _starttls() #3');
         return false;
      }

      socket_set_blocking($this->connector->active_socket, $meta['blocked']);

      $this->send_packet("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
      $this->send_packet("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
      sleep(2);

      if (!$this->_check_connected(true))
      {
         $this->add_to_log('ERROR: _starttls() #4');
         return false;
      }

      return true;
   }


Please tell me what is printed at the screen (it should print a list of supported streams).

Posted by LightLan on Dec 10th 2006, 18:38

I made two different tries. at first I only modified the _starttls() function and left the _check_connected($in_tls = false) function as you told me the step before.
this put me out the following:
Code: Select all
Array ( [0] => php [1] => file [2] => data [3] => http [4] => ftp [5] => compress.bzip2 [6] => https [7] => ftps [8] => compress.zlib ) [phpBB Debug] PHP Notice: in file /includes/functions_jabber.php on line 452: Undefined index: iq


second try was to go back to the original function_jabber.php and change the starttls there.
Code: Select all
Array ( [0] => php [1] => file [2] => data [3] => http [4] => ftp [5] => compress.bzip2 [6] => https [7] => ftps [8] => compress.zlib ) [phpBB Debug] PHP Notice: in file /includes/functions_jabber.php on line 452: Undefined index: iq


looks like the same output.
and the same error is added to the error log.
but no additional messages are printed...

Posted by LightLan on Dec 10th 2006, 18:39

uhm, editbutton where are you? it says the jabbermessage is correctly sent.(which is definitly not the case cause I got nothing)

Posted by Acyd Burn (Server Manager) on Dec 10th 2006, 20:10

Seems it is related to this "bug":
http://ejabberd.jabber.ru/node/86

I now tested and got the same error as you. Then changed the version attribute from 1.0 to 0.9:
Code: Select all
$this->send_packet("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='0.9'>\n");


within the connect function and this seem to have helped.

I will try to investigate further and maybe switch to jabberclass.

Posted by LightLan on Dec 10th 2006, 20:21

changed this, but nothing changed for me.

but it's nice to see this good development team Smile
always ready for new and unvulnerable bugs Wink

take your time with phpBB3, but release it (almost) bugfree Very Happy

Linked ticket with changeset: r6771

Action performed by Anonymous (I am too lazy to register) on Dec 16th 2006, 12:57

Ticket details

  • Ticket ID: 6140
  • Project: phpBB 3.0.x
  • Status: Fix completed in VCS
  • Severity: Uncategorised/normal
  • Component: Other
  • Project version: 3.0.B4
  • PHP version: Unknown
  • Database: Unknown
  • Assigned to: Acyd Burn
  • Reported by: LightLan (Send PM)
  • Reporter's tickets: List all tickets
  • Reported on: Dec 10th 2006, 09:28

Related SVN changesets

Advertisements

 BlueHost.comWeb Hosting UKHostMonsterReseller Web Hosting UKFastDomain HostingAdvertise on phpBB.com