Opened 12 years ago

Closed 10 years ago

Last modified 7 years ago

#48 closed patch (fixed)

Make SIP/SIMPLE work with Microsoft Live Communication Server

Reported by: MarkDoliner Owned by: shulman
Milestone: Plugin Suggested Component: SIMPLE
Version: 2.0 Keywords: MS LCS SIMPLE
Cc: nicholas, aochsner, elreydetodo, joseph.trohak, pajp, whitelynx, candrews, else, viscount1baby, emacsian, gburt, Rondom, gabr10, craftyguy

Description (last modified by MarkDoliner)

Our SIP/SIMPLE PRPL is currently unable to authenticate with Microsoft's SIP/SIMPLE server.

Apparently Miranda has a plugin that works with MS LCS:
http://addons.miranda-im.org/details.php?action=viewfile&id=3046
http://forums.miranda-im.org/showthread.php?p=76995

List of people who may be able to help test:
Peter Fales <psfales@_@…>
Charles Green <charleswgreenjr@_@…>
Christophe Guede <guedec@_@…>
Jason Haar <jhaar@_@…>
Ahmed El-Mahmoudy <aelmahmoudy@_@…>
Hans Persson <pinkunicorn@_@…>
unknown <pp_mad@_@…>
unknown <gerdb42@_@…>

Attachments (10)

sipe.c_username_different_from_lcs_servername.patch (2.9 KB) - added by shulman 11 years ago.
This patch allows for a username to have a different suffix from the lcs servername
sipe.zip (37.3 KB) - added by develTelecom 11 years ago.
SIPE with algorithm to make signature (at moment not work)
pidgin-sip-trace.txt (7.3 KB) - added by djflux 10 years ago.
Cleansed SIP message trace
ntlm-signing.patch (35.0 KB) - added by gburt 10 years ago.
unfinished patch to add NTLM-based message signing
sipe-invite-msg.txt (6.1 KB) - added by gburt 10 years ago.
stdout showing sending INVITE, it being accepted, but then MESSAGE fails
siplcs-pidgin TLS.txt (5.4 KB) - added by craftyguy 10 years ago.
sipe.c.diff (1.5 KB) - added by DanielBeichl 10 years ago.
sipe.c patch against d4c935fc33f554f7f038dac3f1f9bc604bfa4287
sip_company_debug_2.out (10.5 KB) - added by smitherz 10 years ago.
I am trying to use the latest code from git. Specifically http://repo.or.cz/w/siplcs.git?a=commit;h=4facf8f2bc89ad04c65d0c3be3d3b8adacbacf68 I am running Pidgin 2.5.2 on openSuse 11.0 I am attaching an output from "pidgin -d" cleaned of company info. I am connecting over a vpn using TLS and port 5061 with username and server name different. I am unable to connect and pidgin seems to just hang attempting the connect. I am successful in getting Miranda to connect over a vpn with similar connect info. Scott
sipe_sigsegv.txt (1.4 KB) - added by craftyguy 10 years ago.
I'm getting a segfault when connecting using the latest commit. I'm able to connect over TLS (fetching contact status still doesnt work), segfault happens as soon as I hit 'send' on a message to a contact.
libsipe.dll (1.3 MB) - added by alexl4079 10 years ago.

Download all attachments as: .zip

Change History (264)

comment:1 Changed 12 years ago by MarkDoliner

  • Description modified (diff)

comment:2 Changed 12 years ago by MarkDoliner

  • Description modified (diff)

comment:3 Changed 12 years ago by MarkDoliner

Notes from sf bug #1561475:

The SIMPLE Plugin constructs the actual username submitted to the server as <username>@<servername>. But for our MS-LCS my account name looks something like "myname@…" while the actual server is "ourlcs.ourcompany.com". So in 2.0beta3.1 I can either have "myname@…" being sent to the server (which will be rejected) or I end up with "myname@…" which will result in a failing connection.

How about sending only <username> to the server (requiring to enter the full name of course) and using <servername> only as the name of the target to send to?

Someone suggested the following, which didn't help the original poster:

Set "Screen name" to <username>, "Server" to "ourcompany.com", and "Proxy" to "ourlcs.ourcompany.com" and check the "Use proxy" checkbox, and this should work.

comment:4 Changed 12 years ago by MarkDoliner

There is some other information in sf bug #1384616.

comment:5 Changed 12 years ago by pier11

I need TLS support to turn on to be able to communicate to Reuters Messaging (SIP). Miranda's plugin mentioned above provide options TCP/TLS/UPD. Can pidgin do so??

comment:6 Changed 12 years ago by TxDot

I opened Track #269 as a carry over from Source Forge not knowing if this track was exactly the same. Apparently it is as my new track as been closed as a duplicate. Anyway there were 7 responses to my original request for Office Communicator support.

comment:7 Changed 11 years ago by sez

Hi, is there any updates for this ticket? Just wanted to chime in and also say that I would really love for this to be implemented ASAP. We switched over to LCS as well, and I hate the Office Communicator client. So please, any chance that someone can work on this?

comment:8 Changed 11 years ago by seanegan

  • Owner set to seanegan
  • Status changed from new to assigned

Accepting this ticket until my student, Garrett, who's currently finishing school, makes a Trac account.

comment:9 Changed 11 years ago by seanegan

  • Owner changed from seanegan to shulman
  • Status changed from assigned to new

comment:10 Changed 11 years ago by shulman

Having recently finished classes I am now preparing to begin work on pidgin SIP compatibility with MS LCS for my SOC project. I'm going to begin looking at the Kerberos authentication first.

comment:11 Changed 11 years ago by miroskriputa

Guys,

http://fixxxer.cc/blog-en/?page_id=19 Anibal Avelar claims he has functional plugin for pidgin with NTLM fix to connect to LCS. (Cannot test it as currently dont have Linux installed) I suggested him to contact you, maybe you can do the same and save Garett some time :-) What would majority of pidgin users appreciate is the win32 port of plugin being able to communicate with M$ LCS server.

Thank you all!

comment:12 Changed 11 years ago by shulman

Wow, Anibal's work looks really interesting. I'll try to build it and give it a test. I'll get in touch with Anibal.

comment:13 follow-up: Changed 11 years ago by fixxxer

Hi.

I have a functional plugin to support LCS.

I had the 1.0 and 1.1 built to gaim2.0-beta{1-6}. But they don't work for pidgin.

But now I have ready the version 1.2 ported to pidgin 2.0 oficial release. I'll release it on this days.

What do this versions do? + NTLM auth + Retrieve the contacts from the server + Lets to remove and to add users + Status Presence (SUBSCRIBE/NOTIFY) + Send messages. I have problems to receive messages yet.

My plugin is totally independient to main branch. It's not a patch.

Please, check it (the version 1.2)

if you wish my plugin could be part of gaim (in the future), but if you wish just to modify the SIP/Simple protocol. Forget it. It has many changes and is 50% incompatible to SIP/Simple estandard. For that I created an independient plugin.

Regards

http://sipe.sf.net

Anibal Avelar

comment:14 in reply to: ↑ 13 Changed 11 years ago by mseelye

Anibal, Thanks for porting over your code to work with Pidgin!
Has anyone started an attempt to compile Anibal's plugin on a Windows system? Like others in this thread, I'd really like to continue using Pidgin against the MS-LCS server from Windows systems.

comment:15 follow-ups: Changed 11 years ago by jjdunne

I have successfully compiled Anibal's plugin for Windows. Unfortunately it does not work for me since the MS-LCS server here requires the TLS protocol.

I compiled it usign Cygwin and MinGW.

I would be happy to send the compiled plugin for someone else to test.

Joe Dunne.

comment:16 in reply to: ↑ 15 ; follow-up: Changed 11 years ago by britga

Joe, if you could please post or send me the windows plugin I'll test it, as I know our LCS allows straight TCP connections.

Best Regards,

Chris B.

comment:17 in reply to: ↑ 15 Changed 11 years ago by klawa

Joe, I would also appriciate if you could post or send me the windows plugin! Our LCS allows both ways.

Best Regards,

klawa

comment:18 in reply to: ↑ 15 Changed 11 years ago by mseelye

I'd be happy to help test too, please send it along or make it available somewhere. (I'm not sure yet if the server we're using allows TCP connections)

Thanks,
-Mark

comment:19 in reply to: ↑ 15 Changed 11 years ago by rogueluke

I would also like to help test this, i tried and failed to compile under cygwin

comment:20 Changed 11 years ago by jjdunne

I am working on undoing some hacks, when I get a chance. As soon as I do, I can send it along...

Sorry - have to do my main job first.

Joe.

comment:21 follow-up: Changed 11 years ago by fixxxer

Hi.

I read that someone has compiled my plugin under cygwin. Sounds great. Please Can you send me it? to upload to the SIPE Project.

http://sipe.sf.net

Also I'm planning to give support to TLS soon.

To clear this:

+ Remember the authentication method for SIPE is NTLM (it does not support Kerberos yet) + The default IP protocol is TCP, but I'm planning to gives support for TLS (with gnutls, pidgin has methods to do this in easy form), may be in the next release 1.3. + The other protocol is UDP. but I thought it had this support, but I can't prove that, I don't use it.

Also, I need to fix others things like:

+ Problems with the status presence. You can see to the other people but they can't see you on line. + Because they don't see you, they can't send messages. But you can send messages to them.

+ A basic problem about the authentication. For now works with a trick. I want it works fine and clean.

Regards.

Fix

comment:22 Changed 11 years ago by MarkDoliner

It would be really really really really really good if we could somehow get the improvements from sipe merged into the libpurple sip prpl.

comment:23 follow-up: Changed 11 years ago by jkirkes

Joe, Count me in for testing the windows port of the LCS plugin also....

Thanks.

comment:24 in reply to: ↑ 23 Changed 11 years ago by miroskriputa

Hi all,

so good to see I made this movement about SIP plugin happenned.:-) Well dont thank me I am just the messenger and would like to be tester too. :-) But I need TLS in windows port working... have a nice day and thanks for keeping pidgin alive in our corporation...:-) miro

Replying to jkirkes:

Joe, Count me in for testing the windows port of the LCS plugin also....

Thanks.

comment:25 in reply to: ↑ 21 Changed 11 years ago by mseelye

I think some of us are still waiting for someone to post binaries compiled with cygwin or Mingw, however nothing has surfaced yet. (Any news on this?) I'm going out of town for the rest of the week, and if I come back and nothing has been posted to test, I'll compile some binaries for everyone else to test.
Fix, thanks again for getting this together for us! If you make any progress with the TLS support please ping us here and let us know.
-Mark

comment:26 follow-up: Changed 11 years ago by shulman

Hello. I noticed the interest in running SIPE on windows in this ticket. I asked Sean about compiling on windows and he pointed me to the following link: http://gaim-extprefs.sourceforge.net/bef.shtml I have been working on the missing signature in the NTLM headers which should allow for more complete functionality in SIPE and have not yet gotten around to using the tool at the above url to try to build SIPE windows binaries. Sorry about that. As soon as I get the NTLM working more completely I will begin working on integrating SIPE with the rest of the pidgin code. Thanks for your patience. -Garett

comment:27 in reply to: ↑ 26 Changed 11 years ago by fixxxer

Perfect.

With the help from Garett the SIPE Project should be totally functional.

I will be honest, I don't have time frecuently and many things needs to be done.

Two things are important (and are pending):

+ TLS Support

+ To finish the Authentication problem.

I'm working in the first. I hope Garett works in the second also the windows porting.

Sipe is walking ...

Regards,

Changed 11 years ago by shulman

This patch allows for a username to have a different suffix from the lcs servername

comment:28 follow-up: Changed 11 years ago by shulman

The setup of the LCS server I have an account on has the domain as part of the username instead of the LCS server. For example... the username (screenname) is user@… instead of user@…. I have attached a patch: http://developer.pidgin.im/attachment/ticket/48/sipe.c_username_different_from_lcs_servername.patch to sipe.c which correctly allows for this. With this patch and setting a proxy user and proxy domain I am able to successfully authentication with NTLM against the LCS server up to a 'Proxy authentication required' message when sipe attempts to subscribe to contacts. I have made a lot of progress digesting both libpurple & Anibal's sipe code. I believe I have a pretty good idea of what needs to be done regarding the NTLM session key & subsequent proxy authentication headers from an email Anibal sent and from this document: http://davenport.sourceforge.net/ntlm.html . I'll keep you informed of my progress towards properly generating the ntlm session key.

I spent a number of hours this week trying to get pidgin-mtn to build inside of cygwin. I have been basing this attempt on this url: http://developer.pidgin.im/wiki/BuildingWinPidgin . Unfortunately I have not yet gotten pidgin-mtn to build successfully. I will keep working on this front as well and keep you informed of my progress here as well.

-Garett

comment:29 in reply to: ↑ 28 Changed 11 years ago by rogueluke

Replying to shulman: I was able to get pidgin to compile fine a while ago but was unable to get the plug in to compile

comment:30 Changed 11 years ago by gene_wood

Joe, I'd also be happy to test on Windows. I have access to a enterprise LCS server.

comment:31 Changed 11 years ago by miroskriputa

Guys, for issues with authentications I checked separate thread on miranda forums: http://forums.miranda-im.org/showthread.php?t=14599 Miranda's two SIP plugins are about two merge as both support MS LCS "standards" partially. What about the collaboration with the authors of these plugins to make certain things happen for both messengers? I think both Pidgin and Miranda deserves this, cause this damn LCS is about to become only real competitor in corporate chat tools against jabber, I can tell you! I want to stick with Pidgin, but it is just too tempting to see that Miranda already supports most of the LCS functionalities although split between two plugins. Think about it! have a nice day... miro

comment:32 Changed 11 years ago by fixxxer

Hi.

Yes, you have reason about Miranda has support for LCS, but remember Miranda uses the RTC API coming from MSN. Then we can't used it. Indeed, SIPE is the unique really free implementation for LCS. I'm using only free tools and I did reverse engineer. I saw that plugins a long time ago, but the RTC API is black box.

Regards

Anibal

comment:33 Changed 11 years ago by miroskriputa

Hi Anibal, that is my point, if you reverse engineered the client why not dive into RTC API too so it is not back box anymore :-) Or am I too optimistic? Miro

comment:34 Changed 11 years ago by MarkDoliner

Hmm, what kind of reverse engineering?

comment:35 Changed 11 years ago by fixxxer

The more simple and easy kind: using a sniffer like wireshark (or similar) to check how work the protocol. ;)

Anibal

comment:36 Changed 11 years ago by MarkDoliner

Ok, great. For the record we can't accept code that was created by information gained from decompiling binaries of copyrighted code (like Microsoft's Live Messenger). But sniffing network traffic is perfectly ok.

comment:37 follow-up: Changed 11 years ago by cuppm

I'm trying to build the plugin in Win32 using Cygwin and the Windows Pidgin Build Environment Fetcher (http://gaim-extprefs.sourceforge.net/bef.shtml).

When running ./configure I get this:

checking for inet_aton... no 
checking for inet_aton in -lresolv... no 
configure: error: inet_aton not found

Is this because I'm not compiling on Linux? Has anybody been able to compile on Windows or know of a work around?

Also found here: https://sourceforge.net/forum/forum.php?thread_id=1785943&forum_id=688534

comment:38 in reply to: ↑ 37 ; follow-up: Changed 11 years ago by datallah

Replying to cuppm: Please don't post unrelated issues to tickets. See the instructions for building on Windows (you dont use configure).

comment:39 in reply to: ↑ 38 Changed 11 years ago by cuppm

Replying to datallah: Sorry. But I was referring to Anibal's SIPE plugin not the building of Pidgin (that built fine).

comment:40 follow-up: Changed 11 years ago by gene_wood

This whole thread is about how to get a binary built of the SIPE plugin for Windows. cuppm, thanks for your attempt and questions.

comment:41 in reply to: ↑ 40 Changed 11 years ago by datallah

Replying to gene_wood:

This whole thread is about how to get a binary built of the SIPE plugin for Windows. cuppm, thanks for your attempt and questions.

No, this ticket is about updating the existing SIMPLE plugin to work with LCS. Getting a third party plugin working on Windows is pretty much unrelated.

comment:42 Changed 11 years ago by MarkDoliner

datallah: But the third party plugin is an alternative SIMPLE implementation, parts of which should be merged or added into our existing SIMPLE plugin. I think it makes sense for people to compile it, test it, find bugs, etc.

comment:43 Changed 11 years ago by miroskriputa

...all round the net I see how people are desperate about the original MS Communicator client which is not capable of automatic chat logging (admins of big corporations weep that users install massively windows live messenger with Plus! extension) ...here we have what seems to be working plugin enhancement to current SIP/SIMPLE plugin in pidgin and all it needs is some help it getting it built for win32.

yes..this post is completely unrelated.. just as those above.

PS: I dont think Pidgin deserved 2.1.0 if the SIP is not working as suggested by this thread

comment:44 Changed 11 years ago by fixxxer

Hi.

I have serious doubts about SIPE could be merged with the SIP/ Simple protocol implemented by Thomas Butter.

I initially tried to do that, but the LCS server has many changes and it break in almost 50% percent with the standard SIP/Simple. SIPE has a totally different authentication method, the comunication server/client protocol changes in syntax and added new tags coming exclusively from MSN. For example the LCS retrieve contacts from the server, uses TLS, TCP and UDP for the communication. Uses NTLS a not standard, indeed we still has problem with that.

I think SIPE should be seen how a new protocol.

Regards,

Anibal

http://sipe.sf.net

comment:45 Changed 11 years ago by georgebombadil

I've been doing some hacking on the SIPE files to get it to work with the Exchange 2003 LCS servers we have at my company. Unfortunately, I haven't been as lucky as some to be able to get presence information on my contacts.

I think one of the biggest issues with both the SIP and SIPE plugins is that neither fully support the XML extensions the SIP/SIMPLE RFC 4662 (http://ietfreport.isoc.org/idref/rfc4662/). Our LCS server relies on the rlmi+xml information for status and presence information, yet this hasn't yet been supported.

I'd like to offer some help getting this implemented, but the lack of comments or other documentation has turned this into a much larger effort than I originally thought it would be.

comment:46 Changed 11 years ago by fixxxer

Yes, I know that extensions. Yes, the effort would be much larger.

I'm thinking in a SVN repository with write access. So whatever could do changes with the original source code. Because many people writes patch but they don't send them. So the SIPE project never walk.

I will put the SVN repository and we can work together.

Right now I'm working in thr TLS support and to fix some bugs. the authentication problem (the Proxy problem) is being worked by shulman.

Shulman you can upload your changes in the new SVN when it is ready?

Thank you.

Anibal.

Regards.

comment:47 Changed 11 years ago by shulman

Hello, everybody. I have been rather backed up with a new job and am currently in HI with very poor connectivity. I will likely not be able to get down to serious business on this again for about 10 days. Sorry about that.

Re: compiling plugin... LCS functionality will be merged into lib purple. I am in the process of confirming if it is best to merge sipe as a separate plugin as Anibal suggests or if it might be possible to merge sipe functionality back into simple. Regardless, this should make compiling for windows much easier.

Re: NTLM auth... I believe that I have the NTLM session security implemented. However, there is a glitch in my code that breaks NTLM authN. As soon as I get this straightened out I can commit this to Anibal's SVN repository.

Anyway... sorry for the lag, my summer has been a bit more hectic than I anticipated. I have every confidence that we will get LCS support in lib purple soon.

Aloha! -Garett

comment:48 follow-up: Changed 11 years ago by miroskriputa

Guys, I suggests to treat modifications to SIP protocol for LCS as separate plugin, with separate Protocol entry. In the end it will anyway become separate just as you did with AIM/ICQ which is also basically the same protocol. My suggestions for new protocol name is LCS Communicator, cause SIPE is not very intuitive and will be always to be explained in brackets.

re: we will have support soon... Lot of us are waiting impatiently to start testing at least the minimum of features like: chat, presence status, TLS support. when do you think we will have the win32 binary for new plugin? new pidgin release? sooner? thanks for any drop of hope in life of misery with M$ communicator client, since our company shutdown the sametime I await news from this thread like no other news :-) People in company that I brought using sametime with Pidgin keep asking me every day: When does Pidgin set us free? Miro

comment:49 Changed 11 years ago by cuppm

Is the SVN setup and publicly accessible?

comment:50 Changed 11 years ago by lschiere

  • Type changed from enhancement to patch

comment:51 follow-up: Changed 11 years ago by lschiere

To make it easier to generate patches, and also to make it easier to sync your tree to the main one, I would highly suggest using a monotone repository.

comment:52 in reply to: ↑ 51 Changed 11 years ago by datallah

Replying to lschiere:

To make it easier to generate patches, and also to make it easier to sync your tree to the main one, I would highly suggest using a monotone repository.

To further clarify this, you should pull the pidgin mtn repository (see instructions here) and create a branch to make your changes in. If you have any specific questions after reading the documentation, someone in #pidgin will be able to help.

comment:53 in reply to: ↑ 48 Changed 11 years ago by georgebombadil

Replying to miroskriputa:

Guys, I suggests to treat modifications to SIP protocol for LCS as separate plugin, with separate Protocol entry. In the end it will anyway become separate just as you did with AIM/ICQ which is also basically the same protocol. My suggestions for new protocol name is LCS Communicator, cause SIPE is not very intuitive and will be always to be explained in brackets.

Apart from LCS, I'm not too familiar with the other SIP/SIMPLE based IM environments out there. If nobody else is using any of the XML extensions, then we're probably looking at two completely different protocols that just happened to be sitting on top of SIP. It would be a lot easier if the extensions were actually an approved part of rfc4662, but since they were only a proposal and left to expire, I'm not sure if anyone else will pick up on it.

If we want to extend the SIP plugin, we could flag the initial negotiation and use the SIPE/LCS functionality for connections using NTLM and the standard SIP functionality for everything else.

comment:54 Changed 11 years ago by seanegan

  • Milestone set to 2.2.0

comment:55 Changed 11 years ago by billatq

Microsoft shipped LCS 2007 a few weeks ago: http://office.microsoft.com/en-us/communicationsserver/default.aspx. It looks like there are binaries online that can be used for testing against.

comment:56 in reply to: ↑ 16 Changed 11 years ago by sdhull

Replying to britga:

Joe, if you could please post or send me the windows plugin I'll test it, as I know our LCS allows straight TCP connections.

Best Regards,

Chris B.

Would someone please post a link to a binary compiled for Windows? Certainly I could help with testing without duplicating effort (compiling for Windows). I would love to assist in the testing of this in order to help it along to completion... :)

Thanks!

-Steve

comment:57 follow-up: Changed 11 years ago by fixxxer

Hi everybody.

I have a git/cogito repository for my plugin SIPE. How I believe the SipLCS should be a most intuitive name for this project. I called it in the git repository:

Check:

http://repo.or.cz/w/siplcs.git?a=shortlog;h=fixer

I parted from 1.2 version how first git version, but I added the patch sent by shulman (indeed had a minor bug but I fixed it). Also, I added the SSL/TLS support, but is so experimental, I can't test it. However I think TLS support should work. I remove the Server field, now you should fill so: ScreenName?: user@…

If you have a different server (common called proxy LCS server), you need to fill the field Proxy in the Advanced Tab and to set the "Use Proxy" checkbox. Also, you found new option "Use TLS", but be carefull if you set it, you also need the correct Port for TLS.

Do you have a patch with some things fixed? Please, you can upload them following this instructions:

http://sipe.sourceforge.net/cogito/

Do you are a really intrepid user? Then you can upload from the git repository and to test it. Else please be patient and you hope for the new release 1.3 comming soon.

Shulman, doo you have another patch? Please, follow the instructions above described and commit them.

SipLcs? is walking ...

Regards.

Anibal Avelar (aka fixxxer).

comment:58 in reply to: ↑ 57 Changed 11 years ago by zup

Replying to fixxxer:
I have just downloaded your code and adopted it slightly to compile in cygwin. It did very well and i tried to connect to my company's LCS, but unfortunately it did not. I have enabled TCP and MTLS support within the LCS and tried both, but none worked. TLS enabled connections did not even send anything to the server - at least according to the debug output window, whereas the TCP connections retried several times, but I always got a 401 in return. I specified ScreenName? and proxy stuff as suggested, though... Needless to say, I could provide a detailed debug-log as well.

My SipLcs? isn't even crawling ;-(

Cheers, Matthias

comment:59 follow-up: Changed 11 years ago by fixxxer

Ok bad news ... althought is very intesting, because I hoped it doesn't work, but if you got the 401 error is a good signal, I hoped a SSL error (handshake SSL or something) :) ... at least marked a known error. Did you set a correct SSL port? Please send me a debug file to my personal email. This is my problem I'm not the LCS administrator, then I can't test on my network the TLS support, I just based my work on the Jabber and MSN TLs support.

Doesn't somebody have another test with TLS?

Thank you.

Anibal Avelar

comment:60 follow-up: Changed 11 years ago by miroskriputa

If I had a win32 binary of the plugin for pidgin 2.1 I would send you the TLS test immediately.

comment:61 in reply to: ↑ 59 Changed 11 years ago by zup

Replying to fixxxer: Well, I got the 401 only when trying simple TCP, no TLS there. TLS made my pidgin just connect and do nothing afterwards. I have uploaded the debug output I have got so far here:

debug-output without TLS

debug-output with TLS

Hope you can get something useful out of it. Cheers, Matthias

comment:62 in reply to: ↑ 60 ; follow-up: Changed 11 years ago by zup

Replying to miroskriputa:
Maybe you want to try the lib I compiled for myself

libsipe.dll

That should work, I suppose. However, if it does not, you may want to have a look at my debug-pidgin:

pidgin-2.1.1-debug.exe

If you prefer to build it yourself (I could have compiled a trojan, you know), you can get my additional protocols dir and the updated Makefile.mingw (which should compile with mingw) here:

protocols.zip

Cheers, Matthias

comment:63 Changed 11 years ago by miroskriputa

thanks for plugin binary,here is the result where can I send the full log of debug window?

18:09:06) proxy: Connection in progress (18:09:06) proxy: Connected to sip.company.com:5061. (18:09:42) sipe: sipe_input_cb_ssl: read error (18:09:42) sipe: Connection not found! (18:09:57) sipe: Connection not found! (18:09:57) sipe: Connection not found!

comment:64 Changed 11 years ago by mikolaj

Hi,

Could it be possible that someone setup a snapshot tarball with the latest sources of SPIE plugin? I want to test in on OpenBSD as I have access (no admin rights) to TLS-only enabled server as a client. Is there (will be) any way in Pidgin and/or SIPE to manage SSL certificates? Does IM in subject has any framework for that?

Regards, Mikolaj

comment:65 Changed 11 years ago by fixxxer

hi.

I made some fixes in the git/cogito repository.

Please check again:

http://repo.or.cz/w/siplcs.git?a=shortlog;h=fixer

I fixed some bugs included the SSL/TLS support (I hope). I fixed a problem with contacts and minor problem with Authentication.

Remember to read the guide to upload the code from git/cogito repository:

http://sipe.sourceforge.net/cogito/

Regards

Anibal

comment:66 in reply to: ↑ 62 Changed 11 years ago by franck

Hi,

I try your last lib libsipe.dll .

My context: no tls, no udp,a LCS proxy.

pidgin can connect to server, some of my buddy are presents in pidgin, not all groups (i got empty ones). the present status of the buddy is quite everytime offline, time to time only one is online.

I don't if it can help someone. But it is a test.

comment:67 Changed 11 years ago by parity

Hi,

Tried the libsipe.dll provided by zup. Results the sae as franck. No TLS, No UDP, LCS Proxy. Some contacts are present in pidgin, but not all. I appear offline to other users. When i sent a message to another user, only some of my text is received.

Will be happy to test any updated dll. Looking forward to getting rid of the Microsoft client :)

comment:68 Changed 11 years ago by gnmjlr

I have build siplcs from 28 of August with pidgin-2.1.1 compiled without dbus under NetBSD 3.1. I have used nss/nspr instead of gnutls.

I appear offline to other users. I can see if other users are online/offline (it appears to be ok) I can't send/receive messages to/from any user. I can add buddies but they can't add to me. I have used NTLM, because SSL didn't work for me (but I am not sure if SSL is available on my company lcs server).

comment:69 Changed 11 years ago by gnmjlr

One adition to my previous comment:

I can send/receive messages only to myself. In these messages the last two characters are always missing

comment:70 Changed 11 years ago by seanmil

I just tested the code at git://repo.or.cz/siplcs.git#fixer and #mob and successfully established a connection. I saw my Buddy List populate with users, however they all showed "Offline".

When watching a packet capture it looks like the initial sign-on works as expected, but then it tries to do a "SUBSCRIBE" operation and I get back "407 Proxy Authentication Required"

When I watch a similar login from Office Communicator it shows that it is using the Authentication mechanism Kerberos instead of NTLM. I was wondering if perhaps our administrators have disabled NTML support on the server (even though it seems to offer it).

Is there any support in SIPLCS for Kerberos or might I be out of luck?

comment:71 follow-ups: Changed 11 years ago by shulman

I am realizing that I may not have much time to work on this so I have posted the code and information I have. Hope this helps. I'll hop back on the task if I get some time. Cheers!

First to generate an NTLM datagram session key (an arc4 implementation is needed. One is available at: http://xyssl.org/code/source/arc4/):

static void generate_datagram_session_key(char *lm_hash, char *lm_response, char *session_key, char *encrypted_session_key) {

/*Input: LM hash (unsigned char *, 21 bytes?)

  • LM Response (unsigned char *, 24 bytes?)
  • Session Key Buffer (8-bytes for weakend?)
  • Encrypted Session Key Buffer (16-byte) *Postcondition: Session Key & Encrypted Session Key are populated correctly * *Datagram Session Security *http://davenport.sourceforge.net/ntlm.html */

char des_source_1[7]; char des_source_2[7]; char des_key_1[8]; char des_key_2[8]; char lan_manager_session_key[16]; char full_session_key[16]; int i;

1. The 16-byte LM hash (calculated previously) is truncated to 8 bytes. 2. This is padded to 14 bytes with the value "0xbdbdbdbdbdbd". Is it the string value or the hex value? Hex is right size. 3. This value is split into two 7-byte halves. memcpy(des_source_1, lm_hash, 7); memcpy(des_source_2, lm_hash+7, 1); for(i=1; i<7; i++) {

des_source_2[i] = (char) 0xbd;

}

4. These values are used to create two DES keys (one from each 7-byte half). setup_des_key(des_source_1, des_key_1); setup_des_key(des_source_2, des_key_2);

5. Each of these keys is used to DES-encrypt the first 8 bytes of the LM response (resulting in two 8-byte ciphertext values). 6. These two ciphertext values are concatenated to form a 16-byte value - the Lan Manager Session Key. des_ecb_encrypt(lm_response, (char*)(lan_manager_session_key), des_key_1); des_ecb_encrypt(lm_response, (char*)(lan_manager_session_key+8), des_key_2);

7. The client selects a random 16-byte key that will be used as the basis for signing and sealing. This is RC4 encrypted using the Lan Manager Session key, and the encrypted value is sent to the server in the Type 3 message (the session key field). gensesskey(full_session_key, NULL); arc4_encrypt(full_session_key, encrypted_session_key, lan_manager_session_key); 8. The 16-byte key from the previous step is weakened to 40 bits - the first 5 bytes are retained, then padded to 8 bytes with 0xe538b0. for(i=0; i<5; i++) {

session_key[i]=full_session_key[i];

} session_key[5]=(char)0xe5; session_key[6]=(char)0x38; session_key[7]=(char)0xb0;

}

Some Excerpts from an earlier email from Anibal regarding computing of signature: The signature is computed using the session key across following fields:

  • The From header URI
  • The To header URI
  • The From header tag
  • The To header tag
  • The "crand" parameter in the Proxy-Authorization or the "srand"

parameter in the Proxy-Authentication-Info header

  • The Expires value in the SIP message Expires header.

The message body of the SIP message is not included in the signature. A proxy-authorization header contains either the gssapi-data parameter or the response (signature) parameter."

comment:72 follow-up: Changed 11 years ago by sezyou

I compiled Pidgin 2.1.1 and the SIPE code from #mob, but I can't even connect to our LCS server. Am on Feisty, and our LCS setup uses TLS. Below is the sipe-related debug output, as far as I can tell:

(01:07:21) sipe: sip->use_ssl->1 (01:07:21) sipe: HosttoConnect?->[server name here] (01:07:21) dns: DNS query for '[server name here]' queued

(01:07:21) dns: Got response for '[server name here]' (01:07:21) dnsquery: IP resolved for [server name here] (01:07:21) proxy: Attempting connection to [server IP] (01:07:21) proxy: Connecting to [server name here]:5061 with no proxy (01:07:21) proxy: Connection in progress

(01:07:21) proxy: Connected to [server name here]:5061. (01:07:21) gnutls: Handshaking

(01:08:03) gnutls: receive failed: A TLS packet with unexpected length was received. (01:08:03) sipe: sipe_input_cb_ssl: read error (01:08:03) sipe: Connection not found!

....and the Connection not found messages go on and on, and the logfile reaches around 300MB before I kill pidgin :D Anyway, it seems to connect to the server but seems to have a problem with TLS? Have I set something wrong, perhaps? I just put in my Communicator username/password, put the server in the Proxy Server field, ticked Use Proxy and Use SSL/TLS, and changed the port to 5061.

Anyway, I hope someone can work on the plugin (I would work on it if I could, but I have no experience with this kind of thing ). Thanks!

comment:73 Changed 11 years ago by seanegan

  • Component changed from libpurple to SIMPLE

comment:74 in reply to: ↑ 72 Changed 11 years ago by dmulligan

My experience seems to be identical to sezyou. I grabbed the latest source, modified the servername to be hard coded and had the run away error. I commented out the remove connection code in the read error block and don't have the run away error anymore but I also don't have SIPE populating my buddy list or anything like that.

Also identical to sezyou is I have to use port 5061 to connect.

BTW what happened to the server name field?

comment:75 in reply to: ↑ 71 Changed 11 years ago by develTelecom

Hi! I'm working to understand the signature. I not understand the field "opaque value". what is it? Do you know the algorithm to create the "Digest Authentication Response"? I'm reading the NTML document http://davenport.sourceforge.net/ntlm.htm but I don't know how the header SIP is trasformed in the header NTML. bye Maurizio

Replying to shulman: ....

comment:76 Changed 11 years ago by dopey

My work doesn't support regular windows messenger clients, only the live communicator client so instead of the ._sip._[protocol].domain SRV record, we use _sipinternaltls._[protocol].domain, so currently SRV lookups aren't working. I'm using the latest out of the git repository to test this out. Also, I'm unaware of the proper procedures for input/feedback/bug reports for this SIPE plugin. This pidgin bug report has been far more active than the sourceforge project itself which is why I'm commenting here. Is this okay, or should we be using the sourceforge project?

comment:77 in reply to: ↑ description Changed 11 years ago by daragh

I am available to test this on a corporate network (we have 2 servernames based on whether the laptop is on Internet or intranet/VPN)

comment:78 in reply to: ↑ 71 Changed 11 years ago by develTelecom

Replying to shulman:

Some Excerpts from an earlier email from Anibal regarding computing of signature: The signature is computed using the session key across following fields:

  • The From header URI
  • The To header URI
  • The From header tag
  • The To header tag
  • The "crand" parameter in the Proxy-Authorization or the "srand"

parameter in the Proxy-Authentication-Info header

  • The Expires value in the SIP message Expires header.

The message body of the SIP message is not included in the signature. A proxy-authorization header contains either the gssapi-data parameter or the response (signature) parameter."

I have finished the procedure for sip message NTLM signature, but it does not work. I think that the message is not only calculeted on the Anibal's fields. Are you sure that this fields are used in NTLM signature? Can you give me a sample about how append this fields? bye, Maurizio.

Changed 11 years ago by develTelecom

SIPE with algorithm to make signature (at moment not work)

comment:79 Changed 11 years ago by miroskriputa

any chance to see working plugin with pidgin 2.3.2? Merry Xmas to all developers/testers of SIPe plugin! miro

comment:80 Changed 11 years ago by wolf

My employer has rolled out LCS internally, but requires TLS. I've actually managed to get the SIPE plugin to talk to the server using stunnel and minor changes to the plugin source code (v1.2, s/TCP/TLS/), but (of course) I can't actually use the connection since no one can connect back to me with TLS. That said, I'd be more than happy to test any development work on this or similar plugins if TLS support is added.

comment:81 Changed 11 years ago by sscotti

Just wondering if there is a working LCS for Windows to use with Pidgin. I've been a Trillian user and have been pretty happy with that since I used mostly Yahoo and LCS IM. There is a sip plug-in for Trillian that has worked well for me. I tried downloading one of the versions from the forum and it isn't working. I don't know if it is a configuration problem or a problem with the plugin. If there is an updated version I would be happy to work with someone to get it working.

comment:82 Changed 11 years ago by rmann

Hi. I've been a long-time user of Adium on Mac OS X. I just started work at a new company that uses Microsoft Live Communication Server 2005, and have offered my services to the Adium X team to add support for it. Since Adium uses libpurple, the right place to put that support is here. I couldn't find a developer mailing list, but I found this bug that seems to be very closely related, if not exactly what I'm looking for.

Now, I'm a pretty seasoned developer with a wide range of development experience (from small embedded circuit board designs to Mac OS X C++/Cocoa dev to Java J2E dev). But I don't know anything, really about the MS protocols in use. I really hate using MS' Messenger client, but right now, that's all that works. I'd really like to be able to connect to our corporate server with Adium.

I'd like to contribute in any way I can, but I'll need at least some pointers to online resources describing how LCS/Office Communicator work. All I know is, I provide an email address (first.last@…), User ID (windowsdomain\userid), and a password, and the Mac OS X MS Messenger client figures out how to connect to the server, and even runs through an excruciatingly long series of alerts asking if I want to add various internal people to my list. But I very little idea (other than conceptually) what's going on under the hood.

I figure there are two aspects. One is the automatic discovery of the server, the other is the authentication and (perhaps a third) the messaging. Am I right that this thread is a part of all this? Is the Office Comm based on the "regular" MSN Messenger protocols? I see that I have some SIP/SIMPLE UI in Adium, but it does not have the auto discovery, and I don't yet have the server's IP & port to try it.

Anyway, is there anything I can do to contribute? Thanks!

comment:83 Changed 11 years ago by sezyou

Unfortunately, I'm not too familiar with how LCS works either, but I guess you can take a look at the work that was started by Anibal and shulman at http://sipe.sourceforge.net, and also read the history of this bug. LCS uses a proprietary version of SIP and not the MSN protocol or the standard SIP protocol, which is why the built-in SIP/SIMPLE plugin doesn't work. From what I gathered Anibal used mostly packet sniffing to recreate the protocol. Other people have been able to connect and see their contacts, but as far as I know authentication via TLS doesn't work yet.

comment:84 follow-up: Changed 11 years ago by mouring

I'm coming in the tail end of this, but maybe this will be useful to someone. I'm not use to the code so therefor I'm a bit confused as to the flow of the plugins at this moment.

Without TLS it does:
..
(17:20:16) proxy: Connection in progress
(17:20:16) proxy: Connected to XXXX:YYY.
(17:20:16) sip-ntlm: 0:name->lo
(17:20:16) sip-ntlm: 1:name->eth0
..

Then proceeds to send the useful bits in an attempt to register (since we don't support non-TLS connections is fails to get a respond). However enabling TLS causes something to hang and not return to the right state: ..
(17:20:35) certificate/x509/tls_cached: Peer cert matched cached
(17:20:35) certificate: Successfully verified certificate for XXXXXX

Now, if I disconnect it proceedes to disconenct and flush the buffers:
(17:20:47) account: Disconnecting account 0x61b230
(17:20:47) connection: Disconnecting connection 0xb0aa90
(17:20:47) sip-ntlm: 0:name->lo
(17:20:47) sip-ntlm: 1:name->eth0
..

And it continues to send the REGISTER command. This seems rather odd. It almost feels like it is in a wait state and doesn't release it should continue down the code path.

If anyone has a clue as to where extactly in the GIT tree version of the SIPE to look? I'm willing to throw some time at. However over the last 30 minutes I've not found the right path to latch on to to start debugging.

  • Ben

comment:85 Changed 11 years ago by psfales

http://msdn2.microsoft.com/en-us/library/cc246115.aspx is a document that describes Microsoft's Extensions to the SIP protocol including authentication. Is that of any use to folks?

comment:86 Changed 10 years ago by ralfonso

Is development for this plugin dead? I am not able to connect to my company's server. It's disappointing because we used Jabber before LCS came out.

Here is the last bit of debug info that I get from the server:

######
SIP/2.0 301 MS-LB: Redirect to Home Server
Authentication-Info: NTLM rspauth="01000000000000000E1CF80C22769275", srand="B0B7AEE4", snum="1", opaque="AF8D7185", qop="auth", targetname="xxxx.xxxxxx.xxxxx.com", realm="SIP Communications Service"
Via: SIP/2.0/TCP 10.22.147.126:5061;branch=z9hG4bKD969BC47C0E362F8B37F;received=10.214.116.148;ms-received-port=33958;ms-received-cid=1f38bf00
From: "XXXXX, XXXXXXX" <sip:xxxxx@xxxxxx.com>;tag=2533261072;epid=b4fc3e487c
To: <sip:xxxxxxxx@xxxxxx.com>;tag=05C743F297703CD8A5A92333A8F3441C
Call-ID: 0DFDg9756a99E0i0361mEEDBt75D2b5530x8680x
CSeq: 3 REGISTER
Contact: <sip:xxxxxx.xxxx.xxxx.com:5060;transport=TCP>
Expires: 2592000
Content-Length: 0

#######

(15:27:15) sipe: in process response response: 301
(15:27:15) sipe: msg->response(301),msg->method(REGISTER)
(15:27:15) sipe: RE-REGISTER
(15:27:15) sipe: in process register response response: 301
(15:27:51) sipe: sipe_input_cb: read error

comment:87 Changed 10 years ago by brianandrus

FWIW, I believe the way to find the appropriate server for LCS is to do a DNS query for the SRV record. Usually 2 of them depending upon if you are on a local network or coming from the internet.

_sipfederationtls._tcp.domain.com (used for outside connections eg: internet) _sipinternaltls._tcp.domain.com (our internal sip protocol) This lookup will provide you the actual servername to connect to as well as the port.

doing 'dig -t SRV _sipfederationtls._tcp.microsoft.com' gives us a line in there:

;; ANSWER SECTION: _sipfederationtls._tcp.microsoft.com. 3548 IN SRV 0 0 5061 sipfed.microsoft.com.

so the microsoft external OCS server is running on port 5061 at sipfed.microsoft.com Our login would be ad-user@… but would be sent to sipfed.microsoft.com on tcp port 5061.

It seems that we would want to do a query first for the _sipinternaltls and if it does not exist, lookup the _sipfederationtls SRV record.

Anyway, I hope this helps. I would love to have pigin at least connect up for IMs to OCS 2007.

comment:88 Changed 10 years ago by andreshans

Is development for this plugin dead? Like ralfonso said: "It's disappointing because we used Jabber before LCS came out"

comment:89 Changed 10 years ago by moj0rising

This protocol is *very* much needed since a lot of corporate offices use LCS. The MS client is horrible and Linux users such as myself have to use a completely crappy, near useless web client.

I am not a programmer but I am very motivated to help out with testing or any way I can so this capability can finally be added.

Mike

comment:90 Changed 10 years ago by cfunk

Add me to the list of users willing to test/provide data to enable the creation of this functionality. We just moved to MOC and I'm in agony.

--Chris

comment:91 follow-up: Changed 10 years ago by tanner

Third that, been a Trillian user for years and moved over to pidgin fairly recently as Trillian was just too bloated. Pidgin works great, and I'm hoping for a working SIP/LCS plugin. There is one for Trillian, albeit it was a bit buggy.

comment:92 Changed 10 years ago by moj0rising

Hi everyone. Just though I'd note there's also a request to implement this protocol in Kopete.

If you are interested in seeing that happen, please vote for it at http://bugs.kde.org/show_bug.cgi?id=110402 to encourage the developers to add the capability.

If Kopete gets the protocol first, we then finally have one excellent option for LCS connectivity plus the Pidgin developers could probably use that code (in helping them understand how it works, at least) for adding the protocol to Pidgin and vice versa (if Pidgin got the plug-in first).

Mike

comment:93 Changed 10 years ago by Jamie Jackson

I've been watching this bug for a year now, so I figured I'd chime in.

I'm one of those that has to run MS Windows alongside Ubuntu just to have MS Communicator LCS client, because that's my corporation's mandated IM protocol.

What happens next? Does someone (with the requisite skills) need to come along and express an interest in this feature, and then it will be assigned to them?

It happens to the best of us, but it seems clear that fixxxer, then shulman, moved on to other things; however, I wonder what becomes of an abandoned bug.

I laid down 20 votes on the Kopete enhancement, per moj0rising. Hopefully, something will come of that project's feature request...

comment:94 in reply to: ↑ 91 Changed 10 years ago by alexl4079

Replying to tanner:

There is one for Trillian, albeit it was a bit buggy.

that's not very nice, I worked hard on it and if nobody tells me about the bugs I don't know about them.

comment:95 in reply to: ↑ 84 Changed 10 years ago by andor

Replying to mouring: [kut]

And it continues to send the REGISTER command. This seems rather odd. It almost feels like it is in a wait state and doesn't release it should continue down the code path.

If anyone has a clue as to where extactly in the GIT tree version of the SIPE to look? I'm willing to throw some time at. However over the last 30 minutes I've not found the right path to latch on to to start debugging.

  • Ben

Ben,

you can find the code here: http://repo.or.cz/w/siplcs.git?a=shortlog;h=refs/heads/mob I hope you are still interested/willing to develop this plugin. It seems the original author lsot interest unfortunately.

regards, Andor

comment:96 Changed 10 years ago by andor

If any other developpers are willing to write code for this. I can test both the tls/ssl-setup as the non-tsl/ssl setup. My company gives me a choice in the matter.

Latest source does authenticate and I can see my buddies and add new once. it sends messages and receives thema s well, dispite appearing offline to my peers (which supplies them with an nice error about it as well).

hope someone picks up the development. It's a long way there, but certainly not complete.

comment:97 Changed 10 years ago by mx-5driver

Hey folks,

is there any progress with the Pidgin plugin for Windows to support Microsoft Live Communication Server ? I would really regret if that project has been given up or suffering lack of interest by the experts here ?

Although I cannot contribute with developing code etc. (I wish I could...) I'm definitely willing to provide support with testing a Windows plugin for Pidgin in our Enterprise network environment here.

mx-5driver

comment:98 Changed 10 years ago by rekkanoryo

There is currently no work ongoing within Pidgin or libpurple toward LCS support. There is apparently a third-party plugin called SIPe aimed at this goal.

comment:99 Changed 10 years ago by mx-5driver

Hi "rekkanoryo",

first thanks very much for your quick answer to my question. However it was not much of help for me so far.

Well ok, you are telling me "that currently no work is going on with Pidgin / Libpurple towards MS LCS support." But you are also saying that "apparently a third-party plugin called SIPe is aimed at this goal."

Thats indeed interesting news, since I couldn't find anything during my web investigations towards a tird-party pidgin plugin for windows ? Do you have any further info for me on that subject to get me onto the right track with my investigations diggin' out that desired feature for Pidgin ?

I'm a long time user of Gaim / Pidgin on Windows & Linux Platforms and I guess I'm not the only one interested on such a plugin.

Thanks in advance & best regards

mx-5driver

comment:100 Changed 10 years ago by alexl4079

read this ticket, the link is in the comments

comment:101 Changed 10 years ago by parity

Of course you could have been kind enough to provide the link: http://sipe.sourceforge.net

Unfortunately sipe hasnt been updated in over a year, so i fear that the project is pretty close to dead at the moment.

comment:102 Changed 10 years ago by mx-5driver

Thanks both for your quick response. Of course I was reading the URL you're referring to. However I was just wondering whether there is really no activity or if it may have been just not visible here in this ticket-thread.

Its a pity to see that developing a working SIPE protocol plugin for Pidgin is obviously lacking of interest. :( Pidgin is really a great messenger application, but I do not really understand why there seems to be absolutely no interest in adding a plugin for the fastest growing Enterprise messenger protocol.

My company is also retiring Jabber/XMPP later this year, replacing it with a crappy messenger client named "Microsoft Office Communicator" which is unfortunately using a proprietary protocol. It would have been simply brilliant if I could continue using Pidgin as one application for all messenger protocols. :(

Anyway, thanks again for your reply & clarification.

comment:103 Changed 10 years ago by Jamie Jackson

I think that rekkanoryo's comment is misleading: "...There is apparently a third-party plugin called SIPe aimed at this goal."

As far as I know, the "third party" "SIPe" plugin (http://sipe.sourceforge.net/) and this ticket are interchangeable. On 05/14/2007 Anibal Avelar aka "Fixxxer" (the creator of "SIPe") joined this thread, and joined forces with shulman (the current assignee of this thread). The SIPE issue tracker on SourceForge? happened to get very little traffic/discussion, and the conversation has taken place here, where it gets somewhat more attention.

To sum it up:

While the plugin was born on SourceForge?, it lived here, died here, and now its watchers come here to mourn.

comment:104 Changed 10 years ago by mwclark4453

The download link from http://sipe.sourceforge.net/ points to Anibal's website (fixxxer.cc), which is apparently down. I don't know if it's short-term, long-term or permanently down. Just an FYI.

comment:105 Changed 10 years ago by fixxxer

Hi.

Sorry my delayed answer. I have been very busy in my job (I'm development manager in a big company). Also I changed my location, I got married and another things like that.

However the SIPE project is alive(Yes it isn't dead yet). I will take the pending tasks soon. Also I need the connect to the LCS still.

My site fixxxer.cc is down due to I changed my location (how I said above). My server was in my house. But comming soon will be up again.

Regards.

comment:106 Changed 10 years ago by mwclark4453

No problem. Thanks for the update. I'm sure I speak for a bunch who say thanks for your willingness to do community support on this effort.

comment:107 Changed 10 years ago by sscotti

fixxxer,

Glad to hear you are back. I was interested in a SIP plug-in for Adium on the Mac platform. Changed jobs, so probably don't really need it now, but I still have access to the LCS server. I'd be happy to help out with testing. I've got an iMac that does Windows, Xcode installed.

comment:108 Changed 10 years ago by alexl4079

plus, the source / binaries should really be uploaded to sourceforge to make them more easily available.

comment:109 Changed 10 years ago by thutchis

I would also volunteer to test on both a Linux Fedora Core and Windows XP platform. We have to use TLS so non-TLS testing is not something I can help with. Unfortunately our organization has bought into the M$ Office Communicator BS. I ain't smart enuf to write code. I wish.

comment:110 Changed 10 years ago by nicholas

I've managed to get this to authenticate to our LCS server (no TLS required) after I edited sipe.c slightly and used it with Pidgin 2.4.3:

diff --git a/src/sipe.c b/src/sipe.c
index 37d834a..c2da0f7 100644
--- a/src/sipe.c
+++ b/src/sipe.c
@@ -1921,10 +1921,10 @@ static void sipe_login(GaimAccount *account)
        if(!sip->udp)
                sip->txbuf = gaim_circ_buffer_new(0);
 
-       userserver = g_strsplit(username, "@", 2);
+       userserver = g_strsplit(username, "@", 3);
        gaim_connection_set_display_name(gc, userserver[0]);
         sip->username = g_strdup(g_strjoin("@", userserver[0], userserver[1], NULL)); 
-        sip->servername = g_strdup(userserver[1]);
+        sip->servername = g_strdup(userserver[2]);
        sip->password = g_strdup(gaim_connection_get_password(gc));
        g_strfreev(userserver);
 

so that I could tell it where the LCS server was. Setting the proxy may also have worked?

However, I can't 'chat' with anyone, as our LCS server seems to require an INVITE to be sent first. sipe_invite() is currently never used.

comment:111 Changed 10 years ago by aochsner

So I need TLS. On windows. Built the latest and got this: (16:13:45) sipe: sip->use_ssl->1 (16:13:45) sipe: HosttoConnect?-><HIDING MY SERVER NAME> (16:13:45) dnsquery: Performing DNS lookup for <HIDING MY SERVER NAME> (16:13:45) GLib-GObject: invalid cast from GtkEventBox' to GtkButton?' (16:13:45) Gtk: gtk_button_get_relief: assertion `GTK_IS_BUTTON (button)' failed (16:13:45) dnsquery: IP resolved for <HIDING MY SERVER NAME> (16:13:45) proxy: Attempting connection to <HIDING MY SERVER IP> (16:13:45) proxy: Connecting to <HIDING MY SERVER NAME>:443 with no proxy (16:13:45) proxy: Connection in progress (16:13:45) proxy: Connected to <HIDING MY SERVER NAME>:443. (16:14:20) sipe: sipe_input_cb_ssl: read error

errno: 10054 An existing connection was forcibly closed by the remote host. WSAECONNRESET

I don't really know what to make of this because I don't really know what all of this means. A little googling around and it seems there could be something with keep-alives and NTLM authentication... It doesn't seem to be getting to the NTLM authentication bits anyways.

Well hope this is helpful... I'm done for now and only hope that this can get working soon as I'd love just 1 IM client.

comment:112 Changed 10 years ago by aochsner

Try this again w/ better formatting

(16:13:45) sipe: sip->use_ssl->1 
(16:13:45) sipe: HosttoConnect?-><HIDING MY SERVER NAME> 
(16:13:45) dnsquery: Performing DNS lookup for <HIDING MY SERVER NAME> 
(16:13:45) GLib-GObject: invalid cast from GtkEventBox' to GtkButton?' 
(16:13:45) Gtk: gtk_button_get_relief: assertion `GTK_IS_BUTTON (button)' failed
(16:13:45) dnsquery: IP resolved for <HIDING MY SERVER NAME> 
(16:13:45) proxy: Attempting connection to <HIDING MY SERVER IP> 
(16:13:45) proxy: Connecting to <HIDING MY SERVER NAME>:443 with no proxy 
(16:13:45) proxy: Connection in progress 
(16:13:45) proxy: Connected to <HIDING MY SERVER NAME>:443. 
(16:14:20) sipe: sipe_input_cb_ssl: read error 

comment:113 Changed 10 years ago by dereitz

I too would like to volunteer for testing this plugin using TLS in either Linux or XP. Let me know if there is anything I can do to help.

comment:114 follow-up: Changed 10 years ago by joseph.trohak

I'm also volunteering to help test. my company is in the middle of switching from jabber to ocs. I've access to both from my ubuntu 7.10 workstation.. also have an XP image I can use. Anything i can do to help.

comment:115 in reply to: ↑ 114 Changed 10 years ago by daragh

Replying to joseph.trohak:

Me too. We are currently Exchange/Communicator? 2005.

comment:116 Changed 10 years ago by wolf

I am also available to test; my employer uses LCS with enforced TLS. I believe the server software version to be Exchange 2003.

Incidently, will development work appear as attachments here, or via some revision control system on your website (e.g. git, cvs, etc)?

comment:117 Changed 10 years ago by whitelynx

I'd also like to offer my services with debugging and testing this plugin. I'm not entirely sure, but it seems as if my company requires TLS. I'm going to try checking out the latest git version and testing it.

comment:118 Changed 10 years ago by else

+1. I'd like this feature too.

comment:119 Changed 10 years ago by mx-5driver

Hello,

My understanding is that current development mainly concentrates on the Linux-Version of the SIPe Plugin for Pidgin. Now my question is whether there is any realistic hope that a testable Windows Beta might be released in the near future ?

Herewith I'd offer my help for testing on Windows platform as soon as a testable Windows Alpha or Beta is available

comment:120 Changed 10 years ago by sunirbmag

I need TLS very much, and I am also willing to test it. Let me know if I can help.

comment:121 Changed 10 years ago by emacsian

comment:122 Changed 10 years ago by djflux

Would a patch to the SIMPLE protocol code be preferred here? Since OCS2007 requires SSL/TLS I would think adding SSL functionality to the SIMPLE code would be in order.

I have patched the simple.c code with the SSL code from the SIPE mob branch to use SSL and I can successfully receive the 201 SIP Unauthorized from our OCS server, however the NTLM gssapi-data header that is added doesn't seem to be working. The NTLM gssapi-data is added to the REGISTER message but I keep getting the 201 Unauthorized message back from the server.

I have also modified the code from the SIPE mob branch and I can successfully register to our OCS 2007 server, but when I try to SUBSCRIBE with the sipe_get_buddies code I get a 407 and the NTLM gssapi-data returned to the server doesn't seem to be working with the SUBSCRIBE. I receive the following from the OCS server:

ms-diagnostics: 1000;reason="Final handshake failed";source="ourocs2007server.domain.local";HRESULT="C3E93EC3(SIP_E_AUTH_UNAUTHORIZED)"

I'm also working on getting Kerberos authentication working. I have code that will retrieve a KRB_AP_REQ token and Base64 encode it according to the MS SIPAE document. The problem with getting Kerberos working is that the current sipmsg_find_header code only returns the first WWW-Authenticate header which in our OCS implementation is NTLM. My Kerberos code will never get called because only the NTLM header is returned.

I can submit patches, but without guidance from the main developers they may be wrong or going in the wrong direction with regard to the vision of the project. My patches are for the 2.5.1 branch that is included with Fedora 9. I can modify them to work for the current monotone "HEAD" branch (never used Monotone so I'm not sure that those are the correct terms).

Here are the things that I believe should be decided:

  • Since OCS2007 requires TLS should that code be implemented in simple.c?
  • Since OCS2007 (maybe previous OCS versions) supply multiple WWW-Authenticate SIP headers, should and option be available on the advanced account options page that allows the user to select the authentication protocol?
  • Related to the above question, should an additional method be placed in sipmsg.c (sipmsg_find_auth_header?) that is only used to find authentication headers and either default to a particular authentication method, or use the one specified by the account options?
  • Should all of these patches/changes just be put into their own plugin (SIPE)?

Core Pidgin developer comments are encouraged.

Thanks for the great IM client.

Regards, Flux.

comment:123 Changed 10 years ago by emacsian

Hello,

My opinion is that SIMPLE and LCS are different protocols and I guess it is best not to integrate LCS into the SIMPLE protocol. Probably it is good to improve on SIPE. I guess the project is dead and there has been no activity.

I've tried adding the signing support to SIPE based on the MS specs, but I haven't had much progress. I'm being trying against LCS 2005 and no TLS

comment:124 Changed 10 years ago by gburt

I've been working on making pidgin-sipe work with OCS 2007. So far, I can connect/login to the server with SSL/TLS, and the Communicator client can see that I'm online. I can't send or receive IMs to/from Communicator (though communicating with another account using pidgin-sipe works). My patch is quite messy and a complete WIP, but I saw there was recent activity on this bug and thought it'd be best to get this out there asap:

http://banshee-project.org/~gburt/tmp/pidgin-sipe-1.patch

This should apply to a fresh cg pidgin-sipe checkout.

I'm currently stuck/working on getting pidgin-sipe to respond appropriately to the INVITE request that Communicator sends it when you initiate a IM chat from it to the pidgin-sipe client. At the moment, Communicator is not accepting the 200 OK response to the INVITE I'm sending back; it's giving some "can't challenge auth in response" error.

Looking at the docs emacsian linked to (thanks!), in section "3.1.6.2 Sending a SIP Message" of http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-SIP%5D.pdf it mentions needing to calculate a signature for every SIP message, but we're not doing this at all, AFAICT. It doesn't seem to be required for the REGISTER/SUBSCRIBE/NOTIFY SIP messages, but maybe it's required for INVITE? It looks like when I have two Communicator clients talk to each other, the 200 OK response does include the calculated "response" parameter in the Proxy-Authorization header.

On the flip side, trying to send a message from Pidgin to Communicator, I'm getting an "Invalid Message" error at the moment. I'll post updates here if I make any more progress.

comment:125 Changed 10 years ago by gburt

OK, yeah, actually getting the SIPE_E_AUTH_CANNOT_CHALLENGE / "Discarding unauthenticated response" / "Exit - Cannot challenge a response" errors for the 200 OK's we sent in response to NOTIFY requests too - so we do in fact need to be signing all messages after we've authenticated. It didn't really matter that our 200 OK's for NOTIFY didn't go through, things still mostly worked, but to start a conversation, the 200 OK response has to make it through so the initiator can then send an ACK and then it's MESSAGE. I'm starting to look into how to implement the NTLM signing.

comment:126 Changed 10 years ago by gburt

Looks like libgssglue might be of use.

comment:127 Changed 10 years ago by djflux

I've got Kerberos sort of working now however something is not quite right so either my code is jacked or MS SIP implementation is expecting something and I'm not sending it correctly.

I can retrieve a KRB_AP_REQ from my Active Directory KDC and Base64 encode it and send it to the server and I eventually get an OK, but something is still messed up somewhere.

Basically I'm getting 2 reponses for the same SIP CSeq - one 401 and then later on a 200.

I'll attach a cleansed debug output to the ticket so people can look at it. I'm going to run a trace on a test OCS2007 server using the SIPE code and then compare it to a Communicator trace and see what's happening on the server side.

Changed 10 years ago by djflux

Cleansed SIP message trace

comment:128 follow-up: Changed 10 years ago by gburt

What version of LCS/OCS was the SipLcs?/pidgin-sipe plugin ever functional for? Anibal saidt "I have a functional plugin to support LCS" many moons ago. I've only been testing against OCS 2007, and (as I've described above) it's not functional on that yet. People were able to IM back and forth with official clients (eg Communicator or its predecessors) with older versions of OCS/LCS?

comment:129 in reply to: ↑ 128 Changed 10 years ago by seanmil

Replying to gburt:

What version of LCS/OCS was the SipLcs?/pidgin-sipe plugin ever functional for?

I and other coworkers tested a number of times against LCS 2005 using NTML authentication but no SSL. We succeeded in getting connected and seeing all of our contacts showing as offline, but unable to communicate with anyone using Office Communicator (we never tried Pidgin to Pidgin via LCS).

comment:130 Changed 10 years ago by gburt

Thanks, Sean.

djflux, can you post your kerberos patch? I'm thinking that forgetting about NTLM auth/signing and focusing on Kerberos auth/signing is better - seems that Kerberos support for GSS_GetMIC/VerifyMIC is easier to come by. If you're interested in working together on this, I'd love to coordinate our efforts better. Please get in touch via gabriel dot burt at gmail

comment:131 Changed 10 years ago by djflux

I'll post a patch tomorrow to the current git mob branch. Check that out and apply my patch.

It is VERY preliminary and has very little/no error checking which can cause pidgin to core dump.

Once again, there is either a problem with my code or the OCS server SIP stack (most likely my code). Check the attached trace.

I'll do a trace tonight from the server side and post that as well.

I'll hit you up on your gmail account too.

comment:132 Changed 10 years ago by gburt

Great! I went ahead and committed a cleaned up version of my patch to the mob branch. It fixes some issues with the SSL connection, registering, and sending presence info. With OCS 2007 I can now login w/ TLS/SSL and other clients see me as online.

Looking forward to your patch! I'll test it as soon as you post it, and check my server log files etc to see if I can figure out why it's taking so many tries before the auth works. Are you using krb5 for the Kerberos? If so, it seems like we can use the gssapi it provides to sign the messages, which is the last major hurdle AFAICT.

comment:133 Changed 10 years ago by djflux

Yes, I'm using krb5. I am now logging in successfully with Kerberos and can see other clients. I cannot IM others and they cannot IM me. The debug log shows the SIPE sends a 501 Not Implemented in response to an INVITE request, and I believe there is a 501 in response to an ACK when I initiate an IM from PIdgin. Have to check my logs on that one.

I do see presence notifications in the debug log though, although they don't change the status icon in Pidgin because they are all basic-status open.

(22:03:35) sipe: process_incoming_notify: body(<?xml version="1.0" encoding="UTF-8"?>
<presence xmlns="urn:ietf:params:xml:ns:pidf" xmlns:ep="urn:ietf:params:xml:ns:pidf:status:rpid-status" xmlns:ci="urn:ietf:params:xml:ns:pidf
:cipid" entity="sip:administrator@flux.local" >
<tuple id="0" >
<status>
<basic>open</basic>
<ep:activities>
<ep:activity>busy</ep:activity>
</ep:activities>
</status>
</tuple>
</presence>
)

OCS uses Enhanced Presence so the <ep:activity> tag shows busy or away.

I added a sipmsg_find_auth_header since there are 2 WWW-Authenticate headers and the Kerberos header is never found and NTLM is always used. I've added a bool checkbox to indicate we want to use Kerberos. Not sure if this is the "correct" or "preferred" way of doing things, but ItWorksForMe?(tm).

Although I've taken many computer sci/programming classes and have contributed code to other open source projects, I am very much a novice C coded so take my code with a grain of salt. As I said ItWorksForMe?(tm) but it's probably not too pretty.

Did you checkout the mob branch lately with my gaim_ -> purple_ conversions before you fixed you SSL things? If not, I'll check your commit out and convert the gaim references, check back in, then add my Kerberos stuff.

comment:134 Changed 10 years ago by gburt

djflux,

The 501's to the INVITE and ACK are just us not handling them yet. My patch includes most of the code to handle them, but once I had it responding w/ 200 OK I was still getting errors - which I'm pretty sure are caused by us not signing the responses (and so we're not authenticated and it rejects the messages).

Don't worry about your code for now; I think it's more important to get this working, and then it can be cleaned up if necessary.

Looking at the git log - http://repo.or.cz/w/siplcs.git?a=log;h=4ea3a0129f2b7c52973d2cccb4f1bcc205297574 - I don't see your commit. Did you remember to 'cg push'?

comment:135 Changed 10 years ago by fixxxer

Good. The project is walking on.

I tested the latest changes. Looks good. The support for TLS/SSL is fine and works. I don't sure about Kerberos (I got a segmentation faults with the kerberos code), but the TLS/SSL changes, and others cosmetics changes looks good so far.

I will test the another changes and I will move the good changes to the stable branch in the GIT repository (fixer).

May be this weekend I will release the next stable version 1.3 in the SF repository.

Regards.

Fixxxer

comment:136 Changed 10 years ago by djflux

The Kerberos code should be considered very much ALPHA code.

With the changes pushed last night the code will pull the Kerberos realm and the OCS/SIP server from the account dialog settings. You must have the Use Proxy box checked and specify your OCS server in the proxy section of the account advanced page for it to even sort of work.

Once that's setup if you run Pidgin in debug mode you can see the Kerberos AP REQ token Base64 encoded and sent to the OCS server. The REGISTER works, but not much else yet.

Again, consider Kerberos alpha until further notice.

comment:137 follow-up: Changed 10 years ago by fixxxer

Some news.

I checked and tested the new changes. I have this comments:

+ The TLS support was finished and it is working now. I had't been finished because in my company I didn't have a LCS with TLS support. But now I have, and I tested it. Now we can connect with TCP,/UDP or TLS.

+ The retrieve contacs support disappeared because the LCS 2007 changed the protocol (again). Before (LCS 2003 and 2005) the protocol used a SUSBCRIBE request to retrieve the contacts. The LCS 2007 uses a BENOTIFY. I'm working on it.

+ The old problem about the mutual authentication remains. Remember my plugin works only if you are using a Proxy Server. (I mean if the server backs the "407 Proxy Authenticated message"). If you are not using a proxy my plugin will connect, but after every transaction with the server will be rejected. If you server are using a proxy depend of the LCS administrator. Is very common to use a proxy but sometimes could change.

+ I don't have Windows support, my plugin is ONLY for Linux. I only compile my plugin for Linux. I don't use Windows. I know some people have compiled for Windows but I don't have it. May if they sedn me the module I will up in the SF project.

+ I will up every version in the SF site. I have in my own server the first releases, but I think is better to have the modules in the SF Server. My server is unstable sometimes ;)

I will release the new version 1.3 when I can finish the retrieve contacts support again (and with backward compatibility, very dificult to do with this MFS). I think in 3 or 4 days.

Regards.

Fixxxer

comment:138 in reply to: ↑ 137 Changed 10 years ago by gburt

Replying to fixxxer:

+ I will up every version in the SF site. I have in my own server the first releases, but I think is better to have the modules in the SF Server. My server is unstable sometimes ;)

I will release the new version 1.3 when I can finish the retrieve contacts support again (and with backward compatibility, very dificult to do with this MFS). I think in 3 or 4 days.

Hey Fixxxer,

Are you actually able to send and receive IMs to/from other clients? I'm unable to with OCS 2007.

From what I can tell, we need to be signing all messages we send to the server after we authenticate. Do you agree? (See my comment #127 for the pointer to the Microsoft docs where they make it clear this is needed).

I've been looking into the GSS-API with the goal of getting the get_mic method working to be able to sign the messages. It's a pretty complicated API that I'm trying to wrap my head around, without much luck so far in getting anything to work. DJFlux got the Kerberos authentication working with the krb5 API, but I'm trying to figure out how that relates to/interoperates with (if at all) the GSS API. If anybody has advice or help, it'd be quite appreciated.

Thanks,

Gabriel

comment:139 Changed 10 years ago by gburt

I pushed some fixes to the Kerberos auth code so it works w/o any code changes for me - just have to set auth user/domain/realm in the account prefs, and check the Use Kerberos box. So we're now in the same position with Kerberos as we were with NTLM - we can authenticate and send messages by reauthenticating for each one, but we can't respond to messages because you can't reauthenticate when you respond, you have to use existing auth and sign the message.

I've made some progress with the GSS-API to the point where I can get a valid-looking MIC (signature) from the gss_get_mic function, and I have a lot of the code written to collect the various header we need to concatenate and feed to the get_mic function.

It seems that the server (OCS 2007) isn't signing its messages either (eg the 200 OK REGISTER response), so I'm trying to figure out why not.

comment:140 follow-ups: Changed 10 years ago by kiraly

Hi all, finally after a lot of tests, debug and reverse enginering I was able to sign my sip messages. I've implemented successfully even the presence protocol. In others words I'm able to register to OCS2007 (using NTLM) and change my presence status. The authentication regards only the first transaction (REGISTER). All others messages are signed using a session key. Unfortunately I've no time to enhance the sipe plugin, however I'm happy to share my kwnoledge. Essentially these are the steps needed:

1) authentication: I've followed the indications of Eric Glass. No difference with sipe implementation. 2.1) signing algorithm : Used "NTLM1 Session Security" as described in the Eric Glass document 2.2) signing Sip pattern : FOllowed the MS document [MS-SIP] chap. 3.1.6.2 2.3) Magic SeqNo? : Use always 100 as Sequence No. Don't ask me why. 3) Presence status: Followed the [MS-PRES] document

regards, Franco.

comment:141 in reply to: ↑ 140 Changed 10 years ago by fixxxer

The authentication regards only

the first transaction (REGISTER). All others messages are signed using a session key.

Perfect it was the last step to have full support.

Unfortunately I've no time to enhance the sipe plugin, however I'm happy to share my kwnoledge.

Please, send me the code, I can do the merge with the Git server. I appreciate so much if you send the code. The Sipe users and me need this changes,

Essentially these are the steps needed:

1) authentication: I've followed the indications of Eric Glass. No difference with sipe implementation. 2.1) signing algorithm : Used "NTLM1 Session Security" as described in the Eric Glass document 2.2) signing Sip pattern : FOllowed the MS document [MS-SIP] chap. 3.1.6.2 2.3) Magic SeqNo? : Use always 100 as Sequence No. Don't ask me why. 3) Presence status: Followed the [MS-PRES] document

Ok, thank you, but I appreciate so much if you send the code. I remains your name with all rights inside the code. Your changes are free, don't you?

Regards.

comment:142 in reply to: ↑ 140 Changed 10 years ago by gburt

Replying to kiraly:

finally after a lot of tests, debug and reverse enginering I was able to sign my sip messages. I've implemented successfully even the presence protocol.

Franco,

Can you please attach your patch to this bug? Doesn't matter if it's not cleaned up or perfect, would be helpful just to have it public/available. Thanks!

Gabriel

comment:143 follow-up: Changed 10 years ago by kiraly

Sorry for the late in the answeer. I'm working on proprietary stack, not sipe or pidgin related. Unfortunately I can't share it completely. What can I do is to extract the "NTLM" parts and help you to adapt to sipe project. I've to continue here or in private by email?

Franco.

comment:144 in reply to: ↑ 143 ; follow-up: Changed 10 years ago by gburt

Replying to kiraly:

Sorry for the late in the answeer. I'm working on proprietary stack, not sipe or pidgin related. Unfortunately I can't share it completely. What can I do is to extract the "NTLM" parts and help you to adapt to sipe project. I've to continue here or in private by email?

Here would be fine. Feel free to attach any files to this bug you want.

Gabriel

comment:145 in reply to: ↑ 144 Changed 10 years ago by fixxxer

Hi.

I'm working on proprietary stack, not sipe or pidgin related. Unfortunately I can't share it completely.

I knew it :P

You are the three people with this restriction to share the code so far. The problem with this project is the lack time. We have the talent and the skills, but we don't have time to complete the protocol because is just a free time project.

I've to continue here or in private by email?

How you wish. Our plugin is completely free, then if you attach a file or send an email, the code will be free and whatever can see it.

Thank you, I hope you can help us at least with some details.

Very interested problem is the propietary world. They take code from open sources projects but they don't share the new code added. However I understand your problem. I work too in a propietary company ;)

Regards.

Fixxxer

comment:146 Changed 10 years ago by kiraly

I prefere to continue here. I like also to clarify my position. My company use a proprietary SIP stack, derived from a commercial one (not pidgin or open source related). Most of my code was inspired by Eric Glass document and microsoft document [MS-SIP] [MS-PRES] [MS-NLMP] [MS-SIPRE].

My big problem is the time. I would like to improve directly sipe code but I've no time to write and test code. I'll do my best.

Franco.

Changed 10 years ago by gburt

unfinished patch to add NTLM-based message signing

comment:147 Changed 10 years ago by gburt

I just attached a patch with my work toward getting NTLM signing working (inspired/directed by Franco's hints). The signature_make command in it can take the message/key from Eric's document and produce the right ciphertext, but it doesn't yet generate the same signature for incoming messages undoubtedly because I'm not giving it the right inputs.

Franco, what do you use for the RC4 key for signing messages? Is it the value we put into the gssapi-data attribute? Have you gotten verification of the rspauth attribute the server sets working? How are crand/srand used by the RC4 signing? Thanks for your help!

Gabriel

comment:148 Changed 10 years ago by kiraly

Trivial question: is it possible to download latest sources (including your path)? Clicking on the link I see only the diff files. Before signing however weneed to improve the NTLM authentication. Respect the sipe original files:

tmsg->flags = 0x55828040; become tmsg->flags = 0x40808255;

Moreover the session key has to be generated correctly:

gensesskey(sesskey, NULL); memcpy(tmp, sesskey, 0x10);

become

RC4PrepareKey((BYTE*)masterkey,0x10,&rc4_key); gensesskey(sesskey, NULL); memcpy(tmp, sesskey, 0x10); RC4Encipher((BYTE*)tmp,0x10,&rc4_key);

where masterkey is a key previously calcolated:

gaim_cipher_context_append(context, (guchar*)nt_pw, 2*lennt); gaim_cipher_context_digest(context, 21, (guchar*)nt_hpw, NULL); gaim_cipher_context_destroy(context); memset(nt_hpw+16, 0, 5); new code context2 is a md4 context gaim_cipher_context_append(context2, (guchar*)nt_hpw, 0x10); gaim_cipher_context_digest(context2, 0x10, (guchar*)masterkey, NULL); gaim_cipher_context_destroy(context2); end new

The RC4 functions are very intuitive, you'll easy convert to your scenario.

comment:149 Changed 10 years ago by kiraly

better to reply these lines: gaim_cipher_context_append(context, (guchar*)nt_pw, 2*lennt);
gaim_cipher_context_digest(context, 21, (guchar*)nt_hpw, NULL);
gaim_cipher_context_destroy(context); memset(nt_hpw+16, 0, 5);
new code context2 is a md4 context
gaim_cipher_context_append(context2, (guchar*)nt_hpw, 0x10);
gaim_cipher_context_digest(context2, 0x10, (guchar*)masterkey, NULL);
gaim_cipher_context_destroy(context2);
end new

comment:150 Changed 10 years ago by gburt

I've pushed my changes to the mob branch - you can get it/run it with:

$ cg clone git+ssh://mob@repo.or.cz/srv/git/siplcs.git#mob $ cd siplcs $ ./autogen.sh && make && make test

I rewrote a lot of the NTLM authentication following the MS-SIPE document (using the functions it defines).

When we get the 200 OK from the server to our REGISTER request, the server has signed the message (putting the signature in rspauth=""). I'm trying to test my signing code by verifying the signature the server sends, using the server_signing_key generated in the NTLM authentication code. I can produce the example signature from Eric Glass's document with this code, but I'm unable to produce the same value that's in rspauth="" at the moment.

Franco, could you take a look at src/sip-ntlm.c function purple_ntlm_signature_gen? I test the method in src/tests.c near the bottom. Any advice would be appreciated, I'm running out of ideas of how to test this. Unfortunately the MS-SIPE document gives an example of a SIPE message, its signature-input string, and the generated signature, but doesn't give the key the signature was encrypted with (AFAICT).

Thanks!

Gabriel

comment:151 Changed 10 years ago by gburt

following the MS-NLMP document, rather

comment:152 Changed 10 years ago by gburt

Shoot, it's "make tests" too, not "make test"

comment:153 Changed 10 years ago by gburt

I got the NTLM signing working! I just pushed my changes and test code. Right now it's still proof-of-concept - it successfully generates/verifies the signature of a msg sent from OCS 2007 in make tests, but I still need to modify the message sending code to sign outgoing messages and verify all incoming msgs - look for it soon!

comment:154 Changed 10 years ago by thutchis

To all you great people working on the solution. THANKS!!! so much, I can't wait to get rid of the ridiculous M$ chat client and go back to Pidgin. I wish I had the knowledge and skills to accomplish what you are doing. Great work. ---Tom

comment:155 follow-ups: Changed 10 years ago by gburt

I just pushed my latest changes - receiving IMs in Pidgin from OCS is working! Incoming messages' signatures are being checked, and outgoing messages are being signed. There is plenty of work left to make everything work smoothly, but the biggest hurdles are now behind us!

comment:156 Changed 10 years ago by sscotti

Does this plug-in only work with Pidgin? Will it work with Adium? If not, is there already one for Adium or is there one under development?

comment:157 in reply to: ↑ 155 ; follow-up: Changed 10 years ago by seanmil

Replying to gburt:

I just pushed my latest changes - receiving IMs in Pidgin from OCS is working! Incoming messages' signatures are being checked, and outgoing messages are being signed. There is plenty of work left to make everything work smoothly, but the biggest hurdles are now behind us!

I just pulled the mob branch and gave it a quick test. I am connecting to LCS 2005 using NTLM auth.

  • If I don't use TLS it seems to ignore the proxy server and tries to do a DNS service lookup (which fails in my environment)
  • If I use TLS then it connects and I can see all of my contacts, but they appear in an offline state, even the ones which should be online. At some point shortly after pulling the contact list the server disconnects me. Pidgin reconnects and this repeats a few times, then I got a segfault and Pidgin crashes.

This behavior is approximately equivalent to what I was experiencing earlier, before the recent work.

Thanks for all of the work, sorry I couldn't report better news :/.

comment:158 in reply to: ↑ 157 Changed 10 years ago by alexl4079

Replying to seanmil:

I just pulled the mob branch and gave it a quick test. I am connecting to LCS 2005 using NTLM auth.

  • If I don't use TLS it seems to ignore the proxy server and tries to do a DNS service lookup (which fails in my environment)
  • If I use TLS then it connects and I can see all of my contacts, but they appear in an offline state, even the ones which should be online. At some point shortly after pulling the contact list the server disconnects me. Pidgin reconnects and this repeats a few times, then I got a segfault and Pidgin crashes.

This behavior is approximately equivalent to what I was experiencing earlier, before the recent work.

Thanks for all of the work, sorry I couldn't report better news :/.

they're probably coding for ocs 2007.

comment:159 Changed 10 years ago by fixxxer

Good work Gabriel!!!!

Works perfect with NTLM and TLS with pidgin 2.5.2. I can connect to the LCS 2007.

I commit some little cosmetic changes (I got them in my system - a Ubuntu hardy box).

The old problem with the authentication has gone. Now sipe are using signing support (instead the 407 trick). I had a code very similar to your code in my machine, but the help comming from Kiraly was amazing. I needed too how the message was formed and other things. I was begining in the Sofia's stack the new development, but seeing the project is walking I remains with Sip/Simple?.

However the project need very work yet.

For example I found a bug:

+ I can connect the first time (removing the .purple directory) after I create the account and I connect fine. + The second time I tried to connect, Pidgin "always" crashes. I think is a problem with the certificates and the TLS support (crashed on the 598 sipe.c line). I'm searching the problem.

I think the second step will be:

+ To test sipe on anothers LCS(2003,2005,2007) versions (with/without TLS). To follow bugs will be hard now. May be if pidgin to adopt a new protocol calling sipe :P + Full presence support (following the [MS-PRES]) + Full support to send/receive messages.

That's it.

I will release the sipe version 1.3 (and sync with the master branch) when I got to fix the bug described above.

Regards.

Fixxxer

comment:160 follow-up: Changed 10 years ago by kiraly

Happy to see my contribute has been appreciated. Sorry again for my slow answeers, as I said it's a busy period. About sipe, what's the current point? The signing has been completely solved? I've to start giving some trick about presence?

comment:161 in reply to: ↑ 160 Changed 10 years ago by gburt

Replying to kiraly:

Happy to see my contribute has been appreciated. Sorry again for my slow answeers, as I said it's a busy period. About sipe, what's the current point? The signing has been completely solved? I've to start giving some trick about presence?

Yes, signing is completely working - any tricks about presence are more than welcome.

Gabriel

comment:162 in reply to: ↑ 155 Changed 10 years ago by djflux

Replying to gburt:

I just pushed my latest changes - receiving IMs in Pidgin from OCS is working! Incoming messages' signatures are being checked, and outgoing messages are being signed. There is plenty of work left to make everything work smoothly, but the biggest hurdles are now behind us!

Great job Gabriel.

A few notes from my end:

  • Logging in works fine and other's in my organization can see me.
  • Trying to send or receive messages results in a segfault in sipe_add_lcs_contacts

I'm wondering if my contact list on the server has some things that the code doesn't like.

Let me know if you have questions or experience the same issues.

Thanks, Flux.

comment:163 follow-up: Changed 10 years ago by fixxxer

I pushed another patch to fix the bug when Pidgin retrieve the contacts from the server. May be it fixed the problems describe by other users. I fixed it because I had that problem. Now I can connect to the server n-times without error.

Now I will work in either in the "presence" or in the send/receive messages. Gabriel, are you planning to work in them? I said to avoid duplicate effort.

Regards.

Fixxxer

comment:164 in reply to: ↑ 163 Changed 10 years ago by gburt

Replying to fixxxer:

Now I will work in either in the "presence" or in the send/receive messages. Gabriel, are you planning to work in them? I said to avoid duplicate effort.

I'm working on send/receive now - can you tackle presence?

Gabriel

comment:165 follow-up: Changed 10 years ago by macthinker

Hello,

First of all: Thank you for your effort! I'm trying this new changes on a LCS 2005 with TLS+NTLM but I receive "Wrong Password" on pidgin message and "401 Unauthorized" on SIP messages. Are your changes specific to LCS 2007?

Regards, Mac

comment:166 Changed 10 years ago by kiraly

ok, let's start with presence. First of all OCS2007 use a different protocoll from LCS2005. I've implemented only OCS2007. My goal was only to publish my presence status, so I've implemented only that part of standard.

First point to define is the epid-UUID relation. I verified some strange behaviour using only epid header. Exactly I was not able to publish the presence status of a new user (just created). Using both epid-UUID the presence status works fine in all scenario. There are some relationship to be respected. Look at [MS-SIPRE] chapter 3.2 SIP.INSTANCE Mechanism, and chapter 4.2 SIP.INSTANCE Mechanism Example.

Based on my tests the epid should be always the same for a client (and UUID consequently). A good technique could be to relate epid to mac address. Last suggestion is to use UUID only for REGISTER and SERVICE transactions. In call transactions I use only epid header. Once completed the UUID I'll continue with presence.

comment:167 Changed 10 years ago by wolf

Hi, I downloaded a tar of the mob branch last night and have been able to successfully build and use sipe to connect to my TLS-enabled LCS 2005 system here. Authentication seems to work, although it looks like any attempts by me to add contacts or send or receive messages causes the socket to get aborted (tho Pidgin still thinks my status is Available..). I can provide my debugging output if it's of any use to further development efforts.

Great work so far! Looking forward to testing more builds! :)

comment:168 in reply to: ↑ 165 Changed 10 years ago by wolf

Replying to macthinker:

Hello,

First of all: Thank you for your effort! I'm trying this new changes on a LCS 2005 with TLS+NTLM but I receive "Wrong Password" on pidgin message and "401 Unauthorized" on SIP messages. Are your changes specific to LCS 2007?

Regards, Mac

Hi Mac,

My employer's LCS system here is also LCS 2005, and TLS use is enforced. In my settings, I made sure to:

1) enable TLS 2) change port to 5061 [note: toggling TLS doesn't change the port number used; leaving it at 5060 means Pidgin tries (in vain) to do TLS against 5060/tcp instead of 5061/tcp] 3) enable proxy and manually define the name of the LCS system [note: without this, debugging shows it obtains the SRV record but still tries to connect to "company.com" (where my address is my.name@company.com)] 4) put my MS Windows domain name in the Auth Domain field 5) put my MS Windows domain username in the Auth User field

Regards, wolf

comment:169 follow-up: Changed 10 years ago by gburt

I am testing and developing against OCS 2007.

I just pushed some more changes, getting closer to 2-way IM. If I try to send a message from Pidgin to Communicator, Communicator accepts the INVITE request I send it w/ 200 OK, but then seems to have issues w/ the subsequent ACK and MESSAGEs, I think due to routing, though that's just a preliminary guess. Anyway, getting extremely close. Communicator even pops up a little notification saying the Pidgin user is inviting you to chat.]

Any luck on the presence stuff, Fixxxer?

Franco, any pointers on what routing/gruu stuff we need to have to making sending IMs work?

Gabriel

comment:170 Changed 10 years ago by gburt

I got one of our designers here at Novell to whip up an icon for pidgin-sipe. Any objections to this?

http://banshee-project.org/~gburt/tmp/im-ocs.png

Also, what about renaming it in the user-facing strings to "Communication Server" or something? I'm not sure anybody would know to find the functionality they're looking for under "SIPE". It doesn't seem like the Summary and Description fields are even used in Pidgin, at least not in the new/edit Account dialog, but they could be changed to reference OCS/LCS too.

comment:171 Changed 10 years ago by gabr10

I wanted to thank you all for your effort on this plugin, I too am in this situation since in my company they retired jabber and implemented OCS 2007... so I'm stuck with their web-based client, so really, thanks a lot for all the effort on this!!

No objections on the icon ;)

comment:172 in reply to: ↑ 169 Changed 10 years ago by kiraly

Replying to gburt:

I am testing and developing against OCS 2007.

I just pushed some more changes, getting closer to 2-way IM. If I try to send a message from Pidgin to Communicator, Communicator accepts the INVITE request I send it w/ 200 OK, but then seems to have issues w/ the subsequent ACK and MESSAGEs, I think due to routing, though that's just a preliminary guess. Anyway, getting extremely close. Communicator even pops up a little notification saying the Pidgin user is inviting you to chat.]

Any luck on the presence stuff, Fixxxer?

Franco, any pointers on what routing/gruu stuff we need to have to making sending IMs work?

Gabriel

Is Invite message related to SIP call or IM? Could you make a capture with wireshark? I've no experience with IM. I had your scenario using only NTLM authentication whitout signing. In outcoming call from my terminal the invite was authenticated, but ACK rejected because not signed.

Franco.

Changed 10 years ago by gburt

stdout showing sending INVITE, it being accepted, but then MESSAGE fails

comment:173 Changed 10 years ago by gburt

Franco,

I just attached the log showing the INVITE succeeding (and I'm pretty sure the ACK is fine too, but since there's not response, hard to know for sure; the server says it routed it fine) but the MESSAGE not - http://developer.pidgin.im/attachment/ticket/48/sipe-invite-msg.txt

INVITE is used by SIPE/OCS to initiate a chat session (not vanilla SIP, see http://tools.ietf.org/html/draft-ietf-simple-im-session-00).

comment:174 Changed 10 years ago by gburt

2-way IM is finally working! I just pushed my changes (including the new icon). It handles the remote user closing their conversation window, the local user closing their, etc - if either later wants to send an IM to the other, it should seamlessly do the INVITE handshake properly.

Fixxxer, what's your status?

comment:175 Changed 10 years ago by rmann

I'd like to try this out with AdiumX. Although I've checked out Adium's sources and made (very minor) changes before, I'm not sure what else might be required. There is UI for setting SIPE stuff...should it be enough to just include the new library in the build?

TIA

comment:176 Changed 10 years ago by fixxxer

Hi

I still working in the presence problem. I hope to have some results tonight or tomorrow.

I see your changes. Are great.

The icon is cool too. Indeed I wanted to change the name of the project from SIPE (SIP Exchange) to SipLCS or SipOCS (SIP Live Communication Server) For that I named the git repository how siplcs. Because the name Microsoft LCS are very ugly for me. May be a merge SIPLOCS.

How do you see? If are agree, I will change the name in SourceForge?.

Regards.

Fix

comment:177 follow-up: Changed 10 years ago by craftyguy

Hey guys, Just tried the latest commit that supports 2-way sessions, when I initiate a session (send message), pidgin basically locks up at 100%, and I receive the following in the debug log many times per second:

(17:47:45) GLib: g_source_remove: assertion `tag > 0' failed
(17:47:45) GLib: g_source_remove: assertion `tag > 0' failed
(17:47:45) GLib: g_source_remove: assertion `tag > 0' failed
(17:47:45) GLib: g_source_remove: assertion `tag > 0' failed
...

I was having this same problem with yesterday's commit by gburt and the most latest commit (

comment:178 in reply to: ↑ 177 ; follow-up: Changed 10 years ago by gburt

Replying to craftyguy:

Do you have TLS enabled and the 'connect port' set to 5061?

comment:179 Changed 10 years ago by gburt

By the way, anybody running openSUSE 11.0, you can get packages with this latest code here: http://software.opensuse.org/search?baseproject=openSUSE%3A11.0&p=1&q=pidgin-sipe

comment:180 in reply to: ↑ 178 Changed 10 years ago by craftyguy

Replying to gburt:

Yes I do. I'm able to successfully connect to the OCS server, and obtain a list of contacts. One other thing, the contacts are all shown as 'offline', until I receive an IM from one.

comment:181 Changed 10 years ago by gburt

What version of Pidgin do you have? I have 2.4.1. Can you figure out what's causing it with gdb or printf? :)

comment:182 Changed 10 years ago by craftyguy

I'm running 2.5.2 Rebuilding pidgin with debug enabled, and have to brush up on gdb, and hopefully I'll have an answer for you shortly :)

Any suggestions about the contacts all showing as 'offline'? Seems as if the plugin isn't querying contact status' on initial connect?

comment:183 Changed 10 years ago by craftyguy

So instead of locking up at 100% CPU, is seems to be throwing a seg fault now. Here's the backtrace with gdb:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f0b08ca27a0 (LWP 18068)]
sipe_canwrite_cb_ssl (data=0x2188c00, gsc=0x218a810, cond=PURPLE_INPUT_READ) at sipe.c:608
608		max_write = purple_circ_buffer_get_max_read(sip->txbuf);
(gdb) bt
#0  sipe_canwrite_cb_ssl (data=0x2188c00, gsc=0x218a810, cond=PURPLE_INPUT_READ) at sipe.c:608
#1  0x0000000000460389 in pidgin_io_invoke (source=<value optimized out>, 
    condition=<value optimized out>, data=<value optimized out>) at gtkeventloop.c:78
#2  0x00007f0b043b5ad7 in ?? () from /usr/lib/libglib-2.0.so.0
#3  0x00007f0b04378b91 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#4  0x00007f0b04377470 in ?? () from /usr/lib/libglib-2.0.so.0
#5  0x00007f0b04376d22 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#6  0x00007f0b066a75c5 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#7  0x00000000004753af in main (argc=1, argv=0x7fff10e67de8) at gtkmain.c:888

Changed 10 years ago by craftyguy

comment:184 follow-up: Changed 10 years ago by craftyguy

Attached above is backtrace of when pidgin locks at 100% cpu with "GLib: g_source_remove: assertion `tag > 0' failed" message

comment:185 Changed 10 years ago by djflux

There seems to be some issue with bad-data trapping in sipe_add_lcs_contacts and/or purple_utf8_strcasecmp. I think I have some corrupt entries in my LCS server-based contact list and when Pidgin tries to setup my contact list it gets non-standard (read non UTF8) characters in the list it gets back from the server.

I can probably remove the corrupt Group from my contact list, but I wanted to leave it around so that we might be able to trap the problem so that it doesn't cause pidgin to core dump/backtrace.

Here's some debug output:

(08:20:06) sipe: name_group->General
(08:20:06) sipe: name_group->_Infrastructure
(08:20:06) sipe: name_group->JusticeLeague
(08:20:06) sipe: name_group->PMO
(08:20:06) sipe: name_group->DBA
(08:20:06) sipe: name_group->BSM
(08:20:06) sipe: name_group->Analytics
(08:20:06) sipe: name_group->AppDev
(08:20:06) sipe: name_group->SoftwareSupport
(08:20:06) sipe: name_group->ITNerveShack
(08:20:06) sipe: name_group->QA
(08:20:06) sipe: name_group->DataManagement
(08:20:06) sipe: name_group->Officers
(08:20:06) sipe: name_group->OnBase
(08:20:06) purple_utf8_strcasecmp: One or both parameters are invalid UTF8
(08:20:06) purple_utf8_strcasecmp: One or both parameters are invalid UTF8
(08:20:06) purple_utf8_strcasecmp: One or both parameters are invalid UTF8
(08:20:06) sipe: id->ПD
H�D
ȠD
X�D
h�D
x�D
6) 
(08:20:06) sipe: id->General
(08:20:06) sipe: id->2
(08:20:06) sipe: id->_Infrastructure
(08:20:06) sipe: id->3
(08:20:06) sipe: id->JusticeLeague
(08:20:06) sipe: id->4
(08:20:06) sipe: id->PMO
(08:20:06) sipe: id->5
(08:20:06) sipe: id->DBA
(08:20:06) sipe: id->6
(08:20:06) sipe: id->BSM
(08:20:06) sipe: id->7
(08:20:06) sipe: id->Analytics
(08:20:06) sipe: id->8
(08:20:06) sipe: id->AppDev
(08:20:06) sipe: id->9
(08:20:06) sipe: id->SoftwareSupport
(08:20:06) sipe: id->10
(08:20:06) sipe: id->ITNerveShack
(08:20:06) sipe: id->11
(08:20:06) sipe: id->QA
(08:20:06) sipe: id->12
(08:20:06) sipe: id->DataManagement
(08:20:06) sipe: id->13
(08:20:06) sipe: id->Officers
(08:20:06) sipe: id->14
(08:20:06) sipe: id->OnBase

... snip addresses ...(08:20:06) sipe: Found Groups->gr[i].id(2),gr[i].name_group (_Infrastructure)
*** glibc detected *** pidgin: corrupted double-linked list: 0x0a433960 ***
======= Backtrace: =========
/lib/libc.so.6[0xa0039f]
/lib/libc.so.6[0xa01ead]
/lib/libc.so.6[0xa02fc1]
/lib/libc.so.6(__libc_memalign+0xe5)[0xa03f05]
/lib/libc.so.6(posix_memalign+0x8f)[0xa040ef]
/lib/libglib-2.0.so.0[0x5b819cf]
/lib/libglib-2.0.so.0(g_slice_alloc+0x723)[0x5b831b3]
/lib/libglib-2.0.so.0[0x5b563e4]
/usr/lib/libpurple.so.0(purple_dbus_register_pointer+0xc9)[0x2b4919]
/usr/lib/libpurple.so.0(purple_status_new+0x5c)[0x26c79c]
/usr/lib/libpurple.so.0(purple_prpl_get_statuses+0x59)[0x2593e9]
/usr/lib/libpurple.so.0(purple_presence_new_for_buddy+0x5d)[0x26b86d]
/usr/lib/libpurple.so.0(purple_buddy_new+0x81)[0x21c321]
/usr/lib/pidgin/libsipe.so[0x7a8e04]
/usr/lib/pidgin/libsipe.so[0x7a66ae]
/usr/lib/pidgin/libsipe.so[0x7a7656]
/usr/lib/libpurple.so.0[0x26df49]
pidgin[0x80aa5be]
/lib/libglib-2.0.so.0[0x5b9a9ad]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e8)[0x5b64008]
/lib/libglib-2.0.so.0[0x5b676b3]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1d2)[0x5b67bd2]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xe0)[0x6bd5d45]
pidgin(main+0x8a6)[0x80c6986]
/lib/libc.so.6(__libc_start_main+0xe6)[0x9a85d6]
pidgin[0x8069761]

I'll take a look and see if I can trap for the bad characters before we try to add the contact/group.

comment:186 follow-up: Changed 10 years ago by fixxxer

Hi

I follow the MS-SIPRE to build the epid-uuid and epid. I almost have a good function but I have a question to Franco.

Franco, What is the namespace ID? because I have two values: EPID=whatever value in hexa NameSpace? ID= I taked the mac address. then epid-uuid = another_process(sha1(NameSpace?+EPID))

Am I fine, Franco?

But I always a got a error but I have a functions to generate this. Tonight I will finish this I think I am very close.

Regards.

comment:187 Changed 10 years ago by djflux

You can ignore my comment above about UTF8. My problem was that the number of groups in the buddy list was hard-coded at 10 in sipe.c . I had like 14. I'll try to work on making that dynamic.

comment:188 in reply to: ↑ 186 ; follow-up: Changed 10 years ago by DanielBeichl

Replying to fixxxer:

Hi

I follow the MS-SIPRE to build the epid-uuid and epid. I almost have a good function but I have a question to Franco.

Franco, What is the namespace ID? because I have two values: EPID=whatever value in hexa NameSpace? ID= I taked the mac address. then epid-uuid = another_process(sha1(NameSpace?+EPID))

Am I fine, Franco?

But I always a got a error but I have a functions to generate this. Tonight I will finish this I think I am very close.

Regards.

Hello Fixxxer,

i was also working on the MS-SIPRE epid uuid generation, and finally managed to git push my implementation. Feel free to use / rewrite.

regards

Daniel

comment:189 in reply to: ↑ 188 Changed 10 years ago by fixxxer

Hello Fixxxer,

i was also working on the MS-SIPRE epid uuid generation, and finally managed to git push my implementation. Feel free to use / rewrite.

Terrific. Yes, I see is the same implementation taken from the same place. Thank you very much.

I pushed the changes taken your code. Works great, the server doesn't give a error with the changes.

Franco, we are ready to the next step ;)

TODO is to take the MAC ADDRESS indeed a hardcode value.

Regards.

Fixxxer

comment:190 follow-up: Changed 10 years ago by gburt

Hi Daniel,

Saw your change to allow setting the User Agent - have you found that to be necessary in some circumstances? Good job on the uuid stuff, guys. Fixxxer, what's left to do with presence?

Gabriel

comment:191 in reply to: ↑ 190 ; follow-up: Changed 10 years ago by DanielBeichl

Replying to gburt:

Hi Daniel,

Saw your change to allow setting the User Agent - have you found that to be necessary in some circumstances? Good job on the uuid stuff, guys. Fixxxer, what's left to do with presence?

Gabriel

Yes, i was unable to connect successfully until i changed the User-Agent to the one used by OC 2007. Might be a special of our server configuration. If you want to look into it i can provide a dump next week.

regards

Daniel

comment:192 in reply to: ↑ 191 Changed 10 years ago by craftyguy

Replying to DanielBeichl:

Daniel- what is the User-Agent used by OC 2007? Perhaps it should be the default used by this plugin, unless there's a reason to use the 'Purple/1.2.0' the plugin defaults to?

comment:193 Changed 10 years ago by Rondom

Regarding user agent: According to msdn, "OC/2.0.6362.0" represents Office Communicator 2007 version 2.0, build 6362".

Since Commit 830e04423573ca9bf4d1d7aa3a486fdfc1149a70 (Added urn:uuid support in REGISTER/SERVICE) connecting fails with "SIP/2.0 400 Malformed Contact +sip.instance parameter". Does anyone else experience this? I can set up an OCS at home and test if necessary.

comment:194 Changed 10 years ago by djflux

I'm getting a segfault before SIPE even tries to connect since this commit. Deleted ~/.purple and I get the certificate dialog and as soon as I accept the cert I get a segfaults. Here's some output from gdb:

Program received signal SIGSEGV, Segmentation fault.
0x007a1950 in generateUUIDfromEPID@plt () from /usr/lib/pidgin/libsipe.so

If more is needed I can provide it.

comment:195 Changed 10 years ago by fixxxer

Hi.

The last commited are something experimental.

The error: "SIP/2.0 400 Malformed Contact +sip.instance parameter", I guess what is the problem but I need the output from (pidgin -d > output).

With the error segmentation fault is very strange. Please send a gdb output more complete. The last change tries to get the Mac Address from your network interface. But of course only works under Linux.

Regards,

comment:196 follow-up: Changed 10 years ago by gburt

Fixxxer,

In your commit (http://repo.or.cz/w/siplcs.git?a=commitdiff;h=30264e86c5eb890babf00445f5b306c5e1d48551) that makes use of the new epid/uuid code, in the changes to send_publish, why do you use generateUUIDfromEPID(getuuid()) for the value of endpointId=\"%s\"? Shouldn't it be using the epid value instead?

We should probably be caching the epid/uuid values - no need to generate them after the first time we use them. Could probably generate them in the login callback?

Also, when you run the code you committed, does it crash when you try to login? I'm getting the same crash that djflux and Rondom see:

#5  0x00007ff72d6ace24 in _IO_vfprintf_internal (s=0x7fff3d70f4c0, format=0x361238c0 <Address 0x361238c0 out of bounds>, ap=0x7fff3d70f5e0) at printf-parse.h:95
#6  0x00007ff72d6d0ee9 in __IO_vsprintf (string=0x7fff3d70f6e0 "��p=�\177", format=0x361238c0 <Address 0x361238c0 out of bounds>, args=0x7fff3d70f5e0) at iovsprintf.c:43
#7  0x00007ff72d6b7118 in __sprintf (s=0x361238c0 <Address 0x361238c0 out of bounds>, format=0x25 <Address 0x25 out of bounds>) at sprintf.c:34
#8  0x00007ff7244eb189 in generateUUIDfromEPID (epid=0x361238c0 <Address 0x361238c0 out of bounds>) at uuid.c:85
#9  0x00007ff7244e95cd in do_register_exp (sip=0x7ff735f7cac0, expire=900) at sipe.c:1017
#10 0x00007ff7244ea76b in login_cb_ssl (data=0x7ff735f7b1a0, gsc=0x7ff735f7cf80, cond=<value optimized out>) at sipe.c:1049
#11 0x00007ff731225ec7 in purple_certificate_verify_complete () from /usr/lib64/libpurple.so.0

Any interest in chatting in #pidgin-sipe on freenode? I'll idle there in case somebody wants to chat.

comment:197 in reply to: ↑ 196 Changed 10 years ago by DanielBeichl

Replying to gburt:

Fixxxer,

In your commit (http://repo.or.cz/w/siplcs.git?a=commitdiff;h=30264e86c5eb890babf00445f5b306c5e1d48551) that makes use of the new epid/uuid code, in the changes to send_publish, why do you use generateUUIDfromEPID(getuuid()) for the value of endpointId=\"%s\"? Shouldn't it be using the epid value instead?

We should probably be caching the epid/uuid values - no need to generate them after the first time we use them. Could probably generate them in the login callback?

Also, when you run the code you committed, does it crash when you try to login? I'm getting the same crash that djflux and Rondom see:

#5  0x00007ff72d6ace24 in _IO_vfprintf_internal (s=0x7fff3d70f4c0, format=0x361238c0 <Address 0x361238c0 out of bounds>, ap=0x7fff3d70f5e0) at printf-parse.h:95
#6  0x00007ff72d6d0ee9 in __IO_vsprintf (string=0x7fff3d70f6e0 "��p=�\177", format=0x361238c0 <Address 0x361238c0 out of bounds>, args=0x7fff3d70f5e0) at iovsprintf.c:43
#7  0x00007ff72d6b7118 in __sprintf (s=0x361238c0 <Address 0x361238c0 out of bounds>, format=0x25 <Address 0x25 out of bounds>) at sprintf.c:34
#8  0x00007ff7244eb189 in generateUUIDfromEPID (epid=0x361238c0 <Address 0x361238c0 out of bounds>) at uuid.c:85
#9  0x00007ff7244e95cd in do_register_exp (sip=0x7ff735f7cac0, expire=900) at sipe.c:1017
#10 0x00007ff7244ea76b in login_cb_ssl (data=0x7ff735f7b1a0, gsc=0x7ff735f7cf80, cond=<value optimized out>) at sipe.c:1049
#11 0x00007ff731225ec7 in purple_certificate_verify_complete () from /usr/lib64/libpurple.so.0

Any interest in chatting in #pidgin-sipe on freenode? I'll idle there in case somebody wants to chat.

Perhaps i can elaborate on this problem ... In my implementation of the epid -> uuid generation code i have written a function readUUID() which contained a incorrect scanf line which may overwrite stack memory. I have pushed a corrected version. Please test if it fixes this error.

Regarding the user-agent ... I created a dump and the difference is that in case the user agent is "Purple/1.2.0" our server here answers the last NTLM auth message with

SIP/2.0 403 Forbidden 251 ms-user-logon-data: RemoteUser? ... Warning: 310 lcs.microsoft.com "You are currently not using the recommended version of the client" Server: ClientVersionFilter?/3.0.0.0

If i fake the user-agent to "UCCP/2.0.6362.0 OC/2.0.6362.0 (Microsoft Office Communicator)" it accepts the last REGISTER with SIP/2.0 200 OK

regards and sorry for the introduced bug

Daniel

comment:198 follow-up: Changed 10 years ago by gburt

Still getting a crash:

#7  0x00007f4635c41118 in __sprintf (s=0x3e6a8f00 <Address 0x3e6a8f00 out of bounds>, 
    format=0x25 <Address 0x25 out of bounds>) at sprintf.c:34
#8  0x00007f462ca75189 in generateUUIDfromEPID (epid=0x3e6a8f00 <Address 0x3e6a8f00 out of bounds>) at uuid.c:85
#9  0x00007f462ca735cd in do_register_exp (sip=0x7f463e506b10, expire=900) at sipe.c:1016
#10 0x00007f462ca7476b in login_cb_ssl (data=0x7f463e506a10, gsc=0x7f463e506e80, cond=<value optimized out>)
    at sipe.c:1048
#11 0x00007f46397afec7 in purple_certificate_verify_complete () from /usr/lib64/libpurple.so.0

comment:199 in reply to: ↑ 198 Changed 10 years ago by DanielBeichl

Replying to gburt:

Still getting a crash:

I think i spotted a problem in the for loop of get_macaddr() Please try again.

comment:200 follow-up: Changed 10 years ago by gburt

Nope, I still got the same crash, but I just pushed a fix for it.

Did you mean to make nmac 13 bytes instead of 12? And should the default be 12 or 13 bytes long instead of the current 8 (01010101)?

comment:201 in reply to: ↑ 200 Changed 10 years ago by DanielBeichl

Replying to gburt:

Nope, I still got the same crash, but I just pushed a fix for it.

Did you mean to make nmac 13 bytes instead of 12? And should the default be 12 or 13 bytes long instead of the current 8 (01010101)?

i meant to increase nmac from 6 to 13 bytes as mac address is 6 bytes times 2 as we print the hex value in a string and + 1 as the g_sprintf() writes a string and thus adds a zero byte at the end.

If we want to use the macaddress as the epid and represent it as a string we need 13 bytes. As the epid appears to be just a random ascii string the fallback to a 8 byte value seems fine to me.

Am i correct that you removed the static from the functions of uuid.c to fix the crash?

regards

Daniel

comment:202 Changed 10 years ago by fixxxer

Yes, it worked on my machine always without error. But I see the code had a little problem. Sorry.

The use of the MacAddress? how EPID is just a suggest in the documentation. We can use 8 byte, 10 byte, whatever how EPID. Of course the idea is to have an unique value by client then 12 bytes are not bad idea instead 8 (so maybe never would be repeat).

Regards,

comment:203 Changed 10 years ago by r12r

Below is an example where I see "400 Malformed Contact" (servername and username replaced). This is with OCS 2007. Let me know if you need any more output.

(12:41:41) certificate: Successfully verified certificate for ocsservername
Returning mac: '001438EB667D'
have epid == NULL? 0
have epid: '001438EB667D'
have sizeof uuid_t: 16
(12:41:41) stun: using server 
Returning mac: '001438EB667D'
(12:41:41) stun: using server 
(12:41:41) sipe: not adding auth header to msg w/ method REGISTER
(12:41:41) sipe: 

sending - Tue Nov 25 12:41:41 2008

######
REGISTER sip:host SIP/2.0
Via: SIP/2.0/TLS ip.address:37884;branch=z9hG4bK19175851450BAFA8753E
From: <sip:user@host>;tag=1221045040;epid=001438EB667D
To: <sip:user@host>
Max-Forwards: 70
CSeq: 1 REGISTER
User-Agent: UCCP/2.0.6362.0 OC/2.0.6362.0 (Microsoft Office Communicator)
Call-ID: 63F6g75ACaBA3Ei58B2mCF7BtE548b7D53x837Fx
Contact: <sip:ip.address:37884;transport=tls>;methods="INVITE, MESSAGE, INFO, SUBSCRIBE, BYE, CANCEL, NOTIFY, ACK, BENOTIFY";proxy=replace; +sip.instance="<urn:uuid:cf>"
Event: registration
Allow-Events: presence
ms-keep-alive: UAC;hop-hop=yes
Expires: 900
Content-Length: 0


######

(12:41:41) sipe: 

received - Tue Nov 25 12:41:41 2008

######
SIP/2.0 400 Malformed Contact +sip.instance parameter
From: <sip:user@host>;tag=1221045040;epid=001438EB667D
To: <sip:user@host>;tag=7EF377971150468C8423CFBC505B99C0
Call-ID: 63F6g75ACaBA3Ei58B2mCF7BtE548b7D53x837Fx
CSeq: 1 REGISTER
Via: SIP/2.0/TLS ip.address:37884;branch=z9hG4bK19175851450BAFA8753E;ms-received-port=37884;ms-received-cid=8962800
ms-diagnostics: 1018;reason="Parsing failure";source="ocsservername"
Content-Length: 0

#######

(12:41:41) sipe: msg->response(400),msg->method(REGISTER)
(12:41:41) sipe: RE-REGISTER CSeq: 1
(12:41:41) sipe: process_input_message - we have a transaction callback
(12:41:41) sipe: got response to REGISTER; expires = 0
(12:41:41) sipe: process_input_message - removing CSeq 1

comment:204 Changed 10 years ago by Rondom

Hehe, I was just wanting to upload my log...

I can confirm that the output r12r posted is identical.

comment:205 follow-up: Changed 10 years ago by Rondom

I'm not familar enough with SIPE, so I'm not really sure if the last commit was intended to fix the issue, but I just wanted to report that the said commit 4facf8f2bc89ad04c65d0c3be3d3b8adacbacf68 didn't fix the malformed contact issue.

comment:206 Changed 10 years ago by bluescreen10

is there any plan to add support for LCS 2005?

comment:207 Changed 10 years ago by matibut14

I also need support for LCS 2005 and am available to test.

comment:208 in reply to: ↑ 205 ; follow-up: Changed 10 years ago by DanielBeichl

Replying to Rondom:

I'm not familar enough with SIPE, so I'm not really sure if the last commit was intended to fix the issue, but I just wanted to report that the said commit 4facf8f2bc89ad04c65d0c3be3d3b8adacbacf68 didn't fix the malformed contact issue.

Hello Rondom,

you said your log is the same as the one posted by r12r. Could you verify that the "Connect:" header line ends with +sip.instance="<urn:uuid:cf>" (interesting part is that uuid contains only two characters).

Could you give some details about your system (i.e. processor architecture). I tried generating r12rs uuid from his posted logs and it appears to contain only the last two bytes of the uuid. I failed to reproduce this (tried x86 and x64). Do the tests show a problem on your system? (run "make tests" the interesting part follows "Testing MS-SIPRE uuid derivation")

regards

Daniel

comment:209 in reply to: ↑ 184 Changed 10 years ago by DanielBeichl

Replying to craftyguy:

Attached above is backtrace of when pidgin locks at 100% cpu with "GLib: g_source_remove: assertion `tag > 0' failed" message

Hello craftyguy,

could you apply the attached diff to sipe.c against a plain d4c935fc33f554f7f038dac3f1f9bc604bfa4287 and see if it fixes the problem?

regards

Daniel

Changed 10 years ago by DanielBeichl

Changed 10 years ago by smitherz

I am trying to use the latest code from git. Specifically http://repo.or.cz/w/siplcs.git?a=commit;h=4facf8f2bc89ad04c65d0c3be3d3b8adacbacf68 I am running Pidgin 2.5.2 on openSuse 11.0 I am attaching an output from "pidgin -d" cleaned of company info. I am connecting over a vpn using TLS and port 5061 with username and server name different. I am unable to connect and pidgin seems to just hang attempting the connect. I am successful in getting Miranda to connect over a vpn with similar connect info. Scott

comment:210 Changed 10 years ago by fixxxer

Hi smitherz

Are you using vpnc? Because VPNC creates a new device called tun0. Then you need (to hand) to configure in pidgin->Preferences->Public IP With the IP given by vpnc for tun0. May be this is the problem, I use vpnc.

Regards.

comment:211 in reply to: ↑ 208 ; follow-up: Changed 10 years ago by r12r

Replying to DanielBeichl:

Hello Rondom,

you said your log is the same as the one posted by r12r. Could you verify that the "Connect:" header line ends with +sip.instance="<urn:uuid:cf>" (interesting part is that uuid contains only two characters).

Could you give some details about your system (i.e. processor architecture). I tried generating r12rs uuid from his posted logs and it appears to contain only the last two bytes of the uuid. I failed to reproduce this (tried x86 and x64). Do the tests show a problem on your system? (run "make tests" the interesting part follows "Testing MS-SIPRE uuid derivation")

regards

Daniel

Yep, as you thought that test fails; output is below. System is x86_64 Ubuntu.

Testing MS-SIPRE uuid derivation
expected: 4b1682a8-f968-5701-83fc-7c6741dc6697
received: 97
FAILED
Mac: 001438EB667D

comment:212 in reply to: ↑ 211 ; follow-up: Changed 10 years ago by DanielBeichl

Replying to r12r:

Replying to DanielBeichl:

Hello Rondom,

you said your log is the same as the one posted by r12r. Could you verify that the "Connect:" header line ends with +sip.instance="<urn:uuid:cf>" (interesting part is that uuid contains only two characters).

Could you give some details about your system (i.e. processor architecture). I tried generating r12rs uuid from his posted logs and it appears to contain only the last two bytes of the uuid. I failed to reproduce this (tried x86 and x64). Do the tests show a problem on your system? (run "make tests" the interesting part follows "Testing MS-SIPRE uuid derivation")

regards

Daniel

Yep, as you thought that test fails; output is below. System is x86_64 Ubuntu.

Hello Rondom,

please test c7a2b0fe483f5e70eef6afb0c77c88a13ad10967.

regards

Daniel

comment:213 Changed 10 years ago by smitherz

Hi fixxxer,

Yes, I am using vpnc to connect to the company. I just tried setting my public IP to the one assigned to tun0, but still have basically the same sip conversation flow in debug. I have IPv6 disabled entirely on my system. I disabled all other protocols I am using and then just check-mark enabled the LCS protocol connection I have defined. I get that same debug flow and the "connection" icon just rotates like it is trying. When I uncheck the protocol I get one last burp on the debug output of what looks like another REGISTER attempt. But by then the connection is done from the servers perspective.

I can probably run a wireshark capture if that would be helpful.

smitherz

comment:214 in reply to: ↑ 212 Changed 10 years ago by r12r

Replying to DanielBeichl:

Replying to r12r:

Replying to DanielBeichl:

Hello Rondom,

you said your log is the same as the one posted by r12r. Could you verify that the "Connect:" header line ends with +sip.instance="<urn:uuid:cf>" (interesting part is that uuid contains only two characters).

Could you give some details about your system (i.e. processor architecture). I tried generating r12rs uuid from his posted logs and it appears to contain only the last two bytes of the uuid. I failed to reproduce this (tried x86 and x64). Do the tests show a problem on your system? (run "make tests" the interesting part follows "Testing MS-SIPRE uuid derivation")

regards

Daniel

Yep, as you thought that test fails; output is below. System is x86_64 Ubuntu.

Hello Rondom,

please test c7a2b0fe483f5e70eef6afb0c77c88a13ad10967.

regards

Daniel

Yep, that fixes it for me.

comment:215 follow-up: Changed 10 years ago by msalerno

Has anyone gotten this to build against mignw32? I have been building the plugin on my linux server, and the latest release works great on OCS 2007, but I would like to build a windows DLL to distribute for testing. I have been hacking away at the code to get it to compile in cygwin/mingw with some friends at work, but we have not had much luck.

Any help would be appreciated.

Thanks

comment:216 Changed 10 years ago by kiraly

here we are! Reading the latest messages I didn't understand if +sip.instance header works fine? Does the "400 Malformed Contact +sip.instance parameter" always happen?

comment:217 follow-up: Changed 10 years ago by gburt

Hey Fixxxer,

Your commit Fixed when 'activity' got back a garbage value - were you actually seeing a crash or bad behavior before your patch? Because if activity was not NULL, but also wasn't 'away' or 'busy', then status_id should have been set to 'available' in the subsequent if (!status_id) clause. I also don't see the reason to initialize activity to 'available'.

comment:218 follow-up: Changed 10 years ago by fixxxer

Kiraly,

It seems just happened under x86_64 systems but was fixed (I think). Always works fine.

But there are a little trick:

If you has never used the Microsoft Office Communicator 2007 (aka the official Windows Client for OCS 2007) they never could see you online (only you to them). But if you login in the that official client at least one time, all works fine. It was my case but after I connected with this Windows client (inclusive I saved the Options settings) I can everything. My contacs can see me online, and they can write messages like me.

Regards.

comment:219 in reply to: ↑ 217 ; follow-up: Changed 10 years ago by fixxxer

Replying to gburt:

Hey Fixxxer,

Your commit Fixed when 'activity' got back a garbage value - were you actually seeing a crash or bad behavior before your patch?

Yes, I was. But indeed the problem was your debug output: purple_debug_info("sipe", "process_incoming_notify: activity(%s)\n", activity);

Because you don't initialize the value then 'activity' got a NULL value when I connected. In my server this is always: the first time the server sends the NOTIFY without 'activity' XML part (just report open or closed), but after it sends another NOTIFY where includes the 'activity' part.

Also, the below part was because I sometimes I got another value different to 'busy','away','avalaible', then pidgin doesn't put a correct status to the almost all contacts (inclusive doesn't put the 'avalaible'), may be OCS has another status I got a number 286 (I think I don't remember fine).


Now, I'm working in the last problem I found: after some minutes (may be hours) pidgin lost the SSL connection and crash. I always get it.

Regards.

comment:220 in reply to: ↑ 219 ; follow-ups: Changed 10 years ago by gburt

Replying to fixxxer:

Yes, I was. But indeed the problem was your debug output: purple_debug_info("sipe", "process_incoming_notify: activity(%s)\n", activity);

Did this cause a crash? For me it prints out as "(null)".

Because you don't initialize the value then 'activity' got a NULL value when I connected.

The activity variable is meant to represent the explicit (if any) activity string sent in the NOTIFY, and if there isn't one, then we assume the status_id should be 'available'. My code already did this, AFAICT.

Also, the below part was because I sometimes I got another value different to 'busy','away','avalaible', then pidgin doesn't put a correct status to the almost all contacts (inclusive doesn't put the 'avalaible')

If you got a value other than 'busy' or 'away' then it should have been assuming a status_id of 'available'. Are you saying that wasn't happening? Or was the only problem the printing out of the NULL/not-initialized activity variable?

Gabriel

comment:221 in reply to: ↑ 218 Changed 10 years ago by craftyguy

Replying to fixxxer:

Fixxxer, I use OCS Client in Windows on a daily basis. When I connect with my account using the SIPE/LCS plugin in pidgin, none of my contacts are shown as 'online' until I send a message to one of them.

Also I do not show up as 'online' to any of my contacts until I send a message to one of them. Your fix of logging in with OCS in windows doesnt seem to fix the problem for me :(

comment:222 in reply to: ↑ 220 ; follow-up: Changed 10 years ago by rekkanoryo

Replying to gburt:

Replying to fixxxer:

Yes, I was. But indeed the problem was your debug output: purple_debug_info("sipe", "process_incoming_notify: activity(%s)\n", activity);

Did this cause a crash? For me it prints out as "(null)".

Passing NULL to a printf-style function can crash in a number of instances when glib's wrappers are in use, and will definitely crash on Windows, since internally we use glib's functions. Glib has a bug that has yet to be fixed where a number of the printf family functions use Glib's internal implementation, which crashes on NULL input. You need to protect against that or you'll get complaints when someone finally gets around to testing this on Windows because it'll crash all the time.

comment:223 in reply to: ↑ 222 Changed 10 years ago by fixxxer

Replying to rekkanoryo:

Replying to gburt:

Replying to fixxxer:

Yes, I was. But indeed the problem was your debug output: purple_debug_info("sipe", "process_incoming_notify: activity(%s)\n", activity);

Did this cause a crash? For me it prints out as "(null)".

Passing NULL to a printf-style function can crash in a number of instances when glib's wrappers are in use, and will definitely crash on Windows, since internally we use glib's functions. Glib has a bug that has yet to be fixed where a number of the printf family functions use Glib's internal implementation, which crashes on NULL input.

This is my answer :P

Yes, I got a NULL value on my Ubuntu Hardy box with libglib2.0 version 2.12.0-2

Regards.

comment:224 in reply to: ↑ 220 ; follow-up: Changed 10 years ago by fixxxer

Replying to gburt:

Also, the below part was because I sometimes I got another value different to 'busy','away','avalaible', then pidgin doesn't put a correct status to the almost all contacts (inclusive doesn't put the 'avalaible')

If you got a value other than 'busy' or 'away' then it should have been assuming a status_id of 'available'. Are you saying that wasn't happening?

Yes, I'm saying that :D
You had this:

                gchar * status_id;
		if (activity) {
			if (strstr(activity, "busy")) {
				status_id = "busy";
			} else if (strstr(activity, "away")) {
				status_id = "away";
		        }
                }

		if (!status_id) {
			status_id = "available";
		}

But my problem is when activity has a true value but status_id has a garbage value like this '97B'. then I have this error on pidgin:

(12:34:07) sipe: process_incoming_notify: basic-status(open)
(12:34:07) sipe: process_incoming_notify: activity(available)
(12:34:07) sipe: process_incoming_notify: status_id(97B)
(12:34:07) g_log: purple_status_is_online: assertion `status != NULL' failed

For that I put the 'else' with status_id hardcoded. I don't know why status_id in not null.

Or may be will be better this:

gchar * status_id = NULL;

I proved it and works fine too. I will change it with this in the next commit.

Regards.

comment:225 in reply to: ↑ 224 ; follow-up: Changed 10 years ago by andreshans

I am testing the last Mob Commint on Fedora 9 version: pidgin-2.5.2-3.fc9.i386 on the company I work for. I´ve logged suscefully, loaded groups and contacts (most of the contacts are in a general group, but that´s not relevant) I see all contacts offline and they seem offline too. But when I try to send a message to somebody that I know is online, I get the list of contacts and half of groups when comes * glibc detected * pidgin: malloc(): memory corruption (fast): 0x08f64a10 * dns[14623]: nobody needs me... =(

comment:226 in reply to: ↑ 225 Changed 10 years ago by fixxxer

Replying to andreshans:

I am testing the last Mob Commint on Fedora 9 version: pidgin-2.5.2-3.fc9.i386 on the company I work for. I´ve logged suscefully, loaded groups and contacts (most of the contacts are in a general group, but that´s not relevant) I see all contacts offline and they seem offline too. But when I try to send a message to somebody that I know is online, I get the list of contacts and half of groups when comes * glibc detected * pidgin: malloc(): memory corruption (fast): 0x08f64a10 *

Uhmm sounds like the problem about the number of groups reported by djflux.

SIPE only support 10 groups right now. You have more than 10, don't you?

You could fix finding this line: Reserved to max 10 groups. TODO be dynamic

gr = g_new0(struct sipe_group, 10);


Replaced for

gr = g_new0(struct sipe_group, 20);

Or whatever number of groups you have. Please, read the messages.

Regards.

Regards

comment:227 Changed 10 years ago by craftyguy

Is anyone working on supporting conversation invitations, etc (having a 3-way conversation for example?)

comment:228 Changed 10 years ago by gburt

Just committed a fairly big patch adding support for adding/removing/renaming groups, moving contacts from group to group, and support for adding/removing contacts. Also I fixed the group parsing so it's no longer hardcoded to only support 10 groups.

comment:229 follow-up: Changed 10 years ago by gburt

Fixxxer, any progress on the presence stuff? The MS-PRES document looks quite complicated.

Craftguy, I don't think anybody is working on 3+ party chat support.

Changed 10 years ago by craftyguy

I'm getting a segfault when connecting using the latest commit. I'm able to connect over TLS (fetching contact status still doesnt work), segfault happens as soon as I hit 'send' on a message to a contact.

comment:230 follow-up: Changed 10 years ago by seanmil

I just committed a couple of fixes to the mob branch.

1) OCS2005 sometimes returns Content-Length in all-caps. This was causing the header to be not found. I changed the code to be case insensitive for headers.

2) Adjusted the order of initialization in send_sip_response which made NOTIFY reply headers look right.

I still can't send and receive messages, but I am a lot closer.

comment:231 in reply to: ↑ 230 Changed 10 years ago by seanmil

Replying to seanmil:

1) OCS2005 sometimes returns Content-Length in all-caps. This was causing the header to be not found. I changed the code to be case insensitive for headers.

To be clear: This seems to fix all of the segfault issues I was seeing previously.

comment:232 follow-up: Changed 10 years ago by matibut14

Using OCS2005:

  • Now I can login
  • Presence is working fine
  • I can send message but can't recieve any

Here is the debug output when I send a message:

body: v=0 o=- 0 0 IN IP4 192.168.x.x s=session c=IN IP4 192.168.x.x t=0 0 m=message 5060 sip sip:xxx@xxx.com

(08:22:25) sipe: incoming message's signature validated (08:22:25) sipe: msg->response(200),msg->method(INVITE) (08:22:25) sipe: process_input_message - we have a transaction callback (08:22:25) sipe: parsing address out of <sip:xxx@xxx.com>;epid=b85a96ace2;tag=511e0a3898 (08:22:25) sipe: got sip:xxx@xxx.com (08:22:25) sipe: process_invite_response: unable to find IM session (08:22:25) sipe: process_input_message - removing CSeq 125

comment:233 in reply to: ↑ 232 Changed 10 years ago by matibut14

Replying to matibut14:

Using OCS2005:

  • Now I can login
  • Presence is working fine
  • I can send message but can't recieve any

Correction here: The buddy at the other end receive the invite. I can see the messages he send me but it is not working in the other way (from me to others)

comment:234 Changed 10 years ago by seanmil

Another OCS2005 server report, similar to matibut14:

  • Status from a Communicator user seems to appear correctly in Pidgin
  • Status changes in Pidgin do not seem to appear to the Communicator user (it is always status of "Away" when I am logged in)
  • Pidgin can send a message to a Communicator user, however Communicator displays "You are being invited to a conversation..." and if I click on it to open the IM window there is no message there. Subsequent messages from Pidgin (in the same IM window) generate on "You are being invited to a conversation" notice for each send. No text makes it to Communicator.
  • Communicator can send messages to the Pidgin IM window without any apparent problems.
  • I can remove and re-add a previously authorized contact from Pidgin

Overall, it seems close to being usable. Great job guys!

comment:235 in reply to: ↑ 229 Changed 10 years ago by fixxxer

Replying to gburt:

Fixxxer, any progress on the presence stuff? The MS-PRES document looks quite complicated.

Yes, I have some changes (little bit). Please be patient, I don't have a lot time to work (my free time is a little bit).
But I have some changes ready about Presence. I hope to commit them tonight. I'm trying to be standard with my changes (to avoid another OCS versions lose compatibility).

Regards,

comment:236 Changed 10 years ago by gburt

I'm seeing the bug where if Communicator initiates a chat, then pidgin can't send messages out (gets 481 Call Leg/Transaction? Does Not Exist response to its INVITE). If pidgin initiates the chat, then it is able to send messages out. I'm working on this problem now.

comment:237 follow-up: Changed 10 years ago by gburt

OK, I think it's fixed - please cg update and test!

comment:238 Changed 10 years ago by gburt

Just committed support for saving buddy aliases to the server (and loading them properly from the server when we log in).

comment:239 in reply to: ↑ 237 ; follow-ups: Changed 10 years ago by matibut14

Replying to gburt:

OK, I think it's fixed - please cg update and test!

Not working.

1- I need to send a message to get my contacts status 2- Pidgin messages don't make it to the MOC clients 3- Messages from MOC clients to Pidgin are fine 4- MOC clients always see me as 'Away' when I'm logged in and 'Available'

comment:240 in reply to: ↑ 239 Changed 10 years ago by gburt

Replying to matibut14:

1- I need to send a message to get my contacts status 2- Pidgin messages don't make it to the MOC clients

MOC == the Mac Communicator client?

3- Messages from MOC clients to Pidgin are fine 4- MOC clients always see me as 'Away' when I'm logged in and 'Available'

Can you attach the stdout from such a session?

comment:241 in reply to: ↑ 239 Changed 10 years ago by djflux

Replying to matibut14:

Here is what I have - Pidgin with current SIPE mob branch, OCS2007, OC client on XP

Not working.

1- I need to send a message to get my contacts status

My contact list is retrieve as soon as I login, even if I delete ~/.purple/blist.xml

2- Pidgin messages don't make it to the MOC clients

Messages from Pidgin to Microsoft Office Communicator (MOC) 2007 clients show up, but the popup dialog states "<USER> is inviting you to a conversation" instead of the initial IM. Other than that, everything works as expected.

3- Messages from MOC clients to Pidgin are fine

Ditto

4- MOC clients always see me as 'Away' when I'm logged in and 'Available'

Presence works fine in both MOC clients and Pidgin.

Again, these results are with current SIPE, Pidgin (F9, 2.5.2-1.fc9), OCS2007, and OC2007 client on XP SP3

comment:242 follow-up: Changed 10 years ago by fixxxer

I pushed a little fix when the message signature is invalid and the connection is TLS/SSL. The connection closes but pidgin crash with a segfault. It was fixed.

I will continue with my Presence changes. May be thisaffects the Send/Receive? messages.

Regards.

Fixxxer

comment:243 in reply to: ↑ 242 Changed 10 years ago by craftyguy

Replying to fixxxer:

Thanks! This appears to have fixed the segfaults I was getting. I'll keep testing all day to be sure (most segfaults were happening when I was at home connected over VPN, which I'm currently not able to test until later this evening)

Excellent work guys!

comment:244 Changed 10 years ago by smitherz

Hi all,

I just got the latest mob code and compiled. This is the first set of code that gets me mostly logged in and online. I am connecting to my company via vpnc and using TLS to connect to OCS2007. Just as my contact lists are being checked for status I get a segv. This is the backtrace...

[Thread debugging using libthread_db enabled]
[New Thread 0xb70f86c0 (LWP 15520)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb70f86c0 (LWP 15520)]
sipe_canwrite_cb_ssl (data=0xb843a2c8, gsc=0xb8402160, cond=PURPLE_INPUT_READ) at sipe.c:524
524		max_write = purple_circ_buffer_get_max_read(sip->txbuf);
(gdb) bt full
#0  sipe_canwrite_cb_ssl (data=0xb843a2c8, gsc=0xb8402160, cond=PURPLE_INPUT_READ)
    at sipe.c:524
	sip = (struct sipe_account_data *) 0x0
	max_write = <value optimized out>
#1  0xb7660c2d in ?? () from /usr/lib/libpurple.so.0
No symbol table info available.
#2  0xb7fe0b41 in ?? () from /usr/bin/pidgin
No symbol table info available.
#3  0xb74e480d in g_io_unix_dispatch () from /usr/lib/libglib-2.0.so.0
No locals.
#4  0xb74ae2d9 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No locals.
#5  0xb74b185b in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
No locals.
#6  0xb74b1d2a in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No locals.
#7  0xb7c0b279 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#8  0xb7ffd2be in main () from /usr/bin/pidgin
No symbol table info available.
(gdb) quit
The program is running.  Exit anyway? (y or n) y

This the version I have. http://repo.or.cz/w/siplcs.git?a=commit;h=b159a7b3112cea5a0191e6b930c13261624522cf

-- Scott

comment:245 Changed 10 years ago by dopey

Can we please stop using this ticket to discuss the development of this fix and move it to a more appropriate venue? Some of us do not have access to an e-mail client that is capable of handling the type of traffic this ticket has been generating (I have only crappy web access to my e-mail when I'm not at home and it has very few options for server side filtering and handling of this type of stuff, for example, my first two pages are FULL of e-mails generated from this ticket).

I asked on the pidgin devel@… and was told I can't "unsubscribe".

So can we please please move the actual day to day development activities to a more appropriate forum (mailing list, something else).

Thanks.

comment:246 Changed 10 years ago by gburt

I agree it's time for a mailing list (Fixxxer, can/should we use SourceForge? for that? Doesn't seem that Pidgin has separate lists for particular protocols.), but keep in mind you can change your Pidgin/Trac? account e-mail address to something more usable (like a gmail address).

comment:247 in reply to: ↑ 215 Changed 10 years ago by galiven

Replying to msalerno:

Has anyone gotten this to build against mignw32? I have been building the plugin on my linux server, and the latest release works great on OCS 2007, but I would like to build a windows DLL to distribute for testing. I have been hacking away at the code to get it to compile in cygwin/mingw with some friends at work, but we have not had much luck.

Any help would be appreciated.

Thanks

As you probably know, the problem is with Kerberos, on a standard Windows/Cygwin?/MinGW environment, there is no krb5.h file to include or libraries to link against. You can get Kerberos for Windows, but even if you modify src/Makefile.mingw to try to include the kerberos headers and library, it fails. From my research, it's starting to look like we would have to use Microsoft's implementation of Kerberos, which would basically mean another version of sipkrb5 for windows that used the Microsoft libraries described here: http://msdn.microsoft.com/en-us/library/aa380496(VS.85).aspx.

I've tried to get the source for MIT Kerberos to compile in the Cygwin/MinGW environment to no avail, they don't provide a mingw Makefile, and configure fails because cygwin doesn't provide resolv.h. As a temporary measure, it could be possible to put #ifdef WIN32 around all the Kerberos stuff to disable Kerberos support on Windows to allow the plugin to compile like before, but this doesn't help the people that need Kerberos to connect to their OCS server (like me).

Regarding the other recent discussions about getting development off this thread, I'm all for moving things to a forum topic on SIPE's already existing sourceforge page, I'd even be willing to set some things up, but when I previously asked fixxer to let me help with sourceforge my request was lost. . . The only problem that I can see with sourceforge is that we would want to set up some sort of git-svn bridge so that the code could be viewed more easily from the sourceforge project.

comment:248 Changed 10 years ago by fixxxer

Ok, good idea to move this thread to SF.net in their mailing list. I will prepare the scenario tonight.

I didn't want to do this because my idea was that Pidgin adopts this orphan ;), then we can use the pidgin mailing list.

Regards.

Regards.

comment:249 Changed 10 years ago by fixxxer

News

The forum in SF.net is ready:

https://sourceforge.net/forum/forum.php?forum_id=688534

Please, all the questions in the forum.

Also I released a beta package in the site: pidgin-sipe-1.3.0.tar.gz

Regards.

comment:250 Changed 10 years ago by seanmil

I just committed a patch that lets me see the correct Pidgin user status in Communicator when using OCS2005 server. At the initial login it defaults to "Away" still, but after a status change it seems to be correct.

Changed 10 years ago by alexl4079

comment:251 Changed 10 years ago by alexl4079

compiled with latest git from Carl S, added following changes but haven't pushed to git yet

1) sip-ntlm.c around line 190 added an ifdef for windows to fd = iconv_open("UTF-16LE", "UTF-8"); put in the dashes 2) for some reason the dll linked against a "deflate" function in libz.dll instead of crc32 so I put in crc32.o for it to link against 3) in sipe.c around line 2430 commented out the note variable here gchar * body = g_strdup_printf(SIPE_SOAP_SET_PRESENCE, name, 200, code /*, note*/);

4) in uuid.c added ifdef to return dummy mac address, mac_addr_sys doesn't seem to work on windows

comment:252 Changed 10 years ago by Arnaud

I need muti-chat with. If I want to add it, do I have to implement it in sipe plug-in or more in pidgin core or in new plug-in?

comment:253 Changed 10 years ago by fixxxer

This bug could be closed in Pidgin.

The plugin SIP-e http://sipe.sf.net is mature and stable.

The latest version 1.3.3 has over 1350 downloads in three weeks.

If you have some report about it, please go to the forums http://sourceforge.net/forum/forum.php?forum_id=688534

Regards.

comment:254 Changed 10 years ago by rekkanoryo

  • Milestone set to Plugin Suggested
  • Resolution set to fixed
  • Status changed from new to closed

I'm marking this as fixed since a plugin to address this compatibility issue exists and is being actively developed.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!