25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-24 17:29:28 +01:00
Commit Graph

104 Commits

Author SHA1 Message Date
Evgeny Khramtsov
9ec69b8d62 Don't treat 'Host' header as a virtual XMPP host
Fixes #2989
2019-08-13 18:30:28 +03:00
Evgeny Khramtsov
1fe1322bc1 Improve some validators 2019-07-15 09:59:07 +03:00
Evgeny Khramtsov
15dcff92e8 Use correct virtual host when consulting trusted_proxies 2019-07-13 12:20:06 +03:00
Evgeny Khramtsov
83c291c064 Respond with 'Bad Request' to unexpected 'Host' header
Where "unexpected" means the host in 'Host' header is not
a registered route. The rationale is to avoid propagation
of uknown "Host" further in the code, which may lead to
nasty errors related to reading configuration values, calling
functions from ejabberd_router.erl, etc.
2019-06-23 13:12:00 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Evgeny Khramtsov
c7d04a82a2 Deprecate some listening options
Those are: captcha, register, web_admin, http_bind and xmlrpc
The option `request_handlers` should be used instead, e.g.:

listen:
  ...
  -
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/register": mod_register_web
      "/": ejabberd_xmlrpc
2019-04-30 11:14:14 +03:00
Evgeny Khramtsov
268750e3b7 Provide a suggestion when unknown request handler is detected 2019-04-30 10:31:03 +03:00
Evgeny Khramtsov
cc892ddc01 Improve request_handlers validator 2019-04-23 16:19:26 +03:00
Evgeny Khramtsov
ed2abe471a Rename listening callback from start/2 to start/3
This will prevent conflicts in callback names in mod_mqtt
Old callback function is still supported.
2019-04-01 16:53:28 +03:00
Paweł Chmielowski
56baa07d48 Reject request http_api request that have malformed Authentication header 2019-01-30 16:34:29 +01:00
Paweł Chmielowski
62ad1e5e4f Allow specifying tag for listener for api_permission purposes
This commit will allow adding tag to http listeners:

listener:
  - port: 4000
  - module: ejabberd_http
  - tag: "magic_listener"

that later can be used to have special api_permission just for it:

api_permissions:
  "magic_access":
    from:
      - tag: "magic_listener"
    who: all
    what: "*"
2019-01-30 12:57:03 +01:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Paweł Chmielowski
6845896d12 Add support for proxy protocol
This add support for version 1 and 2 of protocol specified in
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

To enable it you need add option use_proxy_protocol: true to listener.
2018-12-04 14:22:45 +01:00
Badlop
06e9d34018 Handle some malformed URL requests in ejabberd_http (#2687) 2018-11-16 12:13:17 +01:00
Paweł Chmielowski
432ca80db6 Do no add 127.0.0.1 address to trusted_proxies list by default 2018-10-24 15:16:32 +02:00
Evgeny Khramtsov
39fa1a810d Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES =====
The commit introduces the following incompatibility:
- Option 'ca_path' is deprecated and has no effect anymore:
  option 'ca_file' should be used instead if needed.
==================================================
2018-09-27 20:37:27 +03:00
Evgeny Khramtsov
08f3d066b1 Switch more log message to warning level
The commit is supposed to improve logging at loglevel 3, which
is the recommended level for high loaded ejabberd servers
2018-09-19 23:12:14 +03:00
Evgeny Khramtsov
03de853e4f Refactor ejabberd_listener 2018-09-18 12:53:36 +03:00
Evgeny Khramtsov
de385591d0 Refactor ejabberd listener API 2018-09-17 11:21:02 +03:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Evgeniy Khramtsov
86236431b9 mod_http_upload: Treat file and network errors differently 2018-07-04 08:55:52 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Paweł Chmielowski
97f7d99007 Handle "Expect: 100-continue" request header in ejabberd_http 2018-05-23 14:52:47 +02:00
Evgeniy Khramtsov
d2114be6f3 Correctly calculate remaining bytes on file upload 2018-05-19 18:29:33 +03:00
Paweł Chmielowski
c41bab9ca0 Clean state between requests in ejabberd_http 2018-05-15 14:25:19 +02:00
Evgeniy Khramtsov
063737e4f5 Optimize HTTP requests memory usage
Due to historical reasons, ejabberd loads the whole file/data
into the memory when serving an HTTP request. This is now improved:

1) For GET requests ejabberd uses sendfile(2) if the underlying
   connection is HTTP and falls back to read/write loop with 64kb
   buffer for HTTPS connections. This type of requests are handled
   by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2) POST requests are now limited to 20Mb and are fully downloaded
   into the memory for further processing (by ejabberd_web_admin,
   mod_bosh, etc)
3) PUT requests (e.g. for mod_http_upload) are handled by read/write
   loop with 64kb buffer
2018-05-14 19:39:58 +03:00
Paweł Chmielowski
b1a03cc346 Make trusted_proxied ejabberd_http option accept ip masks 2018-05-04 09:53:07 +02:00
Evgeniy Khramtsov
4ea481d1dd Add validator for 'accept_interval' listening option 2018-04-30 11:52:00 +03:00
Holger Weiss
df651d893e Remove old hex conversion functions
Depend on list_to_integer/2 and integer_to_list/2 being available.
2018-04-03 00:21:33 +02:00
Holger Weiss
a2e1f5c882 Move ejabberd_http:url_encode/1 to 'misc' module 2018-04-03 00:12:43 +02:00
Stu Tomlinson
da81590fef Validate additional listen opts
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):

2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue

This adds the necessary validators so they are correctly recognized.
2018-02-28 16:14:35 +00:00
Evgeniy Khramtsov
6e5439db5c Find and fix typos using 'codespell' 2018-01-27 19:35:38 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
4e49919d16 Revert "Don't set twice"
This reverts commit 6dca89f616.
2017-12-25 08:41:51 +03:00
Evgeniy Khramtsov
6dca89f616 Don't set twice 2017-12-24 12:34:47 +03:00
Evgeniy Khramtsov
1698956f34 Rely on Server Name Indication for incoming Direct-TLS connections
This commit also deprecates `certfile` option for ejabberd_http
listener.
2017-12-24 12:27:51 +03:00
Evgeniy Khramtsov
3a02c4369f Get rid of meaningless log message 2017-11-22 10:12:49 +03:00
Evgeniy Khramtsov
b04c6b7d75 Merge branch 'lets_encrypt_acme_support' of git://github.com/angelhof/ejabberd into angelhof-lets_encrypt_acme_support
Conflicts:
	rebar.config
	src/ejabberd_pkix.erl
2017-11-15 10:01:30 +03:00
Konstantinos Kallas
ce99db0595 Explain what is needed for the acme configuration and other small changes
1. Add a request handler in ejabberd_http and explain how to configure the http listener so that the challenges can be solved.
2. Make acme configuration optional by providing defaults in ejabberd_acme.
3. Save the CA that the account has been created in so that it creates a new account when connecting to a new CA.
4. Small spec change in acme configuration.
2017-11-14 14:12:33 +02:00
Evgeniy Khramtsov
e5e64c99f3 Don't crash when Host header is missing 2017-10-11 18:53:53 +03:00
Evgeniy Khramtsov
e93762a720 Deprecate misc:encode_base64/1 and misc:decode_base64/1 2017-05-23 10:43:26 +03:00
Evgeniy Khramtsov
a71065fcda Ciphers should be a binary string 2017-05-17 15:42:18 +03:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
d3c8fb7705 Check presence of some files during option validation 2017-05-12 09:34:57 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00