25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Commit Graph

534 Commits

Author SHA1 Message Date
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
4ea481d1dd Add validator for 'accept_interval' listening option 2018-04-30 11:52:00 +03:00
Stu Tomlinson
da81590fef Validate additional listen opts
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):

2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue

This adds the necessary validators so they are correctly recognized.
2018-02-28 16:14:35 +00:00
Evgeniy Khramtsov
d625e24029 Introduce 'negotiation_timeout'
The option can be used to specify a period (in seconds) for a stream
negotiation to complete. If the timer fires, the stream is considered
as failed and the underlying connection gets closed. This is a global
option (you cannot set it per domain) and the default is 30 seconds.
2018-02-20 11:38:00 +03:00
Evgeniy Khramtsov
672c2f75d3 Introduce option 'validate_stream'
If set to `true`, all incoming XML packets are fully validated
against known schemas. If an error occurs, the packet will be bounced
with the corresponding error reason. The default value is `false`.
The option might be useful to protect client software from sofisticated
bugs related to XML validation as well as for client developers
who want to catch validation errors at early stage of development.

Note that the option might have slight performance impact, so use it
with care on loaded machines.
2018-02-09 18:12:50 +03:00
Evgeniy Khramtsov
5c85106a41 Fix type spec 2018-02-07 22:20:12 +03:00
Evgeniy Khramtsov
4b012a99d2 Introduce option 'captcha' for mod_block_strangers
When the option is set to `true`, the module will generate
CAPTCHA challenges for incoming subscription requests. The option
also implies that option `drop` is set to `true`. Note that
the module won't generate CAPTCHA challenges for messages: they
will still be rejected if `drop` is set to `true`.

Fixes #2246
2018-01-26 15:02:06 +03:00
Evgeniy Khramtsov
ba2b650464 Introduce new gen_mod callback: mod_options/1
The callback is supposed to provide known options and their default
values, as long as the documentation. Passing default values into
get_mod functions is now deprecated: all defaults should be provided
by the Mod:mod_options/1 callback.
2018-01-23 10:54:52 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
2d43c07c62 Get rid of ejabberd receiver
ejabberd receivers were meant to serve connections from frontends
to backends. However, this approach was not popular and frontend
related code was removed in previous releases. Now, ejabberd receiver's
code was also removed, making the code shorter and cleaner. Also, in
stress tests ejabberd now handles load more robustly, without
c2s processes overload (even with disabled shapers).

ejabberd_socket.erl is renamed to xmpp_socket.erl: it's supposed to
be finally moved into stand-alone xmpp library.
2017-12-26 18:55:57 +03:00
Holger Weiss
b54e1e49ba Don't let privacy list prevent local roster update 2017-12-23 22:45:01 +01:00
Evgeniy Khramtsov
08ce16f7ca Change loglevel of TLS failures 2017-12-19 15:33:30 +03:00
Evgeniy Khramtsov
614bd9dd72 Better process subtag decoding errors 2017-12-09 22:39:43 +03:00
Evgeniy Khramtsov
e4a4839880 Use ejabberd_cluster:send() in SM/C2S 2017-12-06 14:15:20 +03:00
Evgeniy Khramtsov
fbd6ea8a48 Move 'certfile' based options in a single place 2017-11-23 11:04:47 +03:00
Evgeniy Khramtsov
2531f37e5c Let validator know about c2s_dhfile 2017-11-16 00:40:36 +03:00
Evgeniy Khramtsov
c72e0a6ca6 Log warnings for c2s/s2s certfile option 2017-11-03 08:32:34 +03:00
Evgeniy Khramtsov
35b7203e01 Introduce 'certfiles' global option
The option is supposed to replace existing options 'c2s_certfile',
's2s_certfile' and 'domain_certfile'. The option accepts a list
of file paths (optionally with wildcards "*") containing either
PEM certificates or PEM private keys. At startup, ejabberd sorts
the certificates, finds matching private keys and rebuilds full
certificates chains which can be used by fast_tls. Example:

certfiles:
  - "/etc/letsencrypt/live/example.org/*.pem"
  - "/etc/letsencrypt/live/example.com/*.pem"
2017-11-01 00:20:27 +03:00
Evgeniy Khramtsov
d7250111ce Reuse some translation strings 2017-09-24 14:32:37 +03:00
Holger Weiss
64150cc7c5 Let 'domain_certfile' take higher precedence
If a 'domain_certfile' is specified, use that instead of the
's2s_certfile' (or 'c2s_certfile').
2017-08-13 20:31:03 +02:00
Holger Weiss
e1aaa1c99d ejabberd_c2s: Fix priority of 'certfile' option
Use the 'certfile' listener option rather than a 'domain_certfile' for
ejabberd_c2s listeners that have "tls: true" configured.  A
'domain_certfile' should only be preferred for STARTTLS connections.

Closes #1911.
2017-08-05 18:59:32 +02:00
Holger Weiss
d6f1d3df5b Support XEP-0357: Push Notifications
Closes #1379.
2017-07-20 20:22:50 +02:00
Badlop
aaef1a14b4 Fix set_presence command to work in recent ejabberd 2017-07-07 10:55:08 +02:00
Evgeniy Khramtsov
5bb7a0b0db Don't let a receiver to crash if a controller is unavailable
Fixes #1796
2017-06-22 16:58:46 +03:00
Evgeniy Khramtsov
a71065fcda Ciphers should be a binary string 2017-05-17 15:42:18 +03:00
Evgeniy Khramtsov
f782955c06 Implement cache for roster 2017-05-17 14:47:35 +03:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
d3c8fb7705 Check presence of some files during option validation 2017-05-12 09:34:57 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
f2dc8c0442 Emit deprecation warning for SM related listening options 2017-05-05 12:31:17 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Holger Weiss
b8a7720986 ejabberd_c2s: Don't close session on stream resume
Don't let ejabberd_c2s close the session and unset presence if a
'c2s_terminated' callback stops hook execution, as is done in
mod_stream_mgmt:c2s_terminated/2 on resumption.

Fixes #1680.
2017-04-19 01:20:28 +02:00
Evgeniy Khramtsov
7c9415356d Function fix_from_to/2 should not crash when 'from' is undefined
Fixes #1678
2017-04-18 01:38:35 +03:00
Evgeniy Khramtsov
5774edfe79 Improve ejabberd_c2s:close() 2017-04-15 08:30:41 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Evgeniy Khramtsov
dd11ed82d7 Report more TLS errors 2017-03-08 08:27:54 +03:00
Evgeniy Khramtsov
d0a185f2d9 Report some TLS errors 2017-03-07 18:46:02 +03:00
Evgeniy Khramtsov
489385d565 Make sure all hooks are called with proper host in ejabberd_c2s 2017-02-28 16:47:31 +03:00
Evgeniy Khramtsov
c1439ddd5b Get rid of jid:to_string/1 and jid:from_string/1 2017-02-26 10:07:12 +03:00
Evgeniy Khramtsov
5b112c86bf Fix a case clause and run c2s_filter_send on send_error/3 2017-02-24 07:57:57 +03:00
Evgeniy Khramtsov
7d68112265 Start/stop virtual hosts when reloading configuration file 2017-02-23 10:12:19 +03:00
Holger Weiss
61cdee97fc ejabberd_c2s: Don't drop 'user_send_packet' result
When handling a <session/> IQ, use the stanza returned by the
'user_send_packet' hook.

Thanks to Evgeniy for spotting this.
2017-02-20 13:07:34 +01:00
Holger Weiss
7c159e3881 Let ejabberd_c2s handle <session/> IQ
This fixes the counting of incoming stanzas for stream management.
2017-02-19 22:43:10 +01:00
Evgeniy Khramtsov
940ca9311d Fix some dialyzer warnings 2017-02-18 09:36:27 +03:00
Evgeniy Khramtsov
8b2d308498 Change routing API
Now 'From' and 'To' arguments must be omitted in functions
and structures related to routing.
The commit deprecates the following functions:
     ejabberd_router:route/3 in favor of ejabberd_router:route/1
     ejabberd_router:route_error/4 in favor of ejabberd_router:route_error/2
     ejabberd_local:route_iq/4 in favor of ejabberd_local:route_iq/2
     ejabberd_local:route_iq/5 in favor of ejabberd_local:route_iq/3
The format of {route, From, To, Packet} is changed in favor of {route, Packet}
2017-02-16 11:10:24 +03:00
Evgeniy Khramtsov
6fd89f5fe0 Attach IP metadata to every stanza received from stream 2017-02-14 17:09:25 +03:00
Evgeniy Khramtsov
9d144bd495 Do not drop default TLS options
Fixes #1484
2017-01-26 10:58:26 +03:00
Evgeniy Khramtsov
48d8498dbb Avoid using maps:get/2 to keep compatibility with OTP 17.5 2017-01-23 16:30:16 +03:00
Evgeniy Khramtsov
435e5e6263 Make test suite working again 2017-01-23 13:51:05 +03:00
Evgeniy Khramtsov
17fe272dc5 Update copyright headers in new files 2017-01-20 19:56:19 +03:00
Alexey Shchepin
b080b8f54d Use user_receive_packet hook in mod_block_strangers 2017-01-16 18:40:30 +03:00
Alexey Shchepin
fedfe5427c Add mod_block_strangers 2017-01-16 18:14:14 +03:00
Evgeniy Khramtsov
31491ebe16 Fix some corner cases while re-reading RFC6120 2017-01-13 11:35:47 +03:00
Evgeniy Khramtsov
5cfe57ece5 Add 'supervisor' listening option
If set to 'true' (this is the default), new processes spawned by
ejabberd_listener will be attached to the corresponding supervisor.
No such processes will be attached to a supervisor otherwise.
Setting this to 'false' will improve performance of high loaded
systems where new C2S/S2S processes are spawned very rapidly.
2017-01-11 10:56:04 +03:00
Evgeniy Khramtsov
1e55e018e5 Adopt remaining code to support new hooks 2017-01-09 17:02:17 +03:00
Evgeniy Khramtsov
cf87c5664f Reflect cyrsasl API changes in remaining code 2016-12-31 13:48:55 +03:00
Evgeniy Khramtsov
e7fe4dc474 More refactoring on session management 2016-12-30 00:00:36 +03:00
Evgeniy Khramtsov
309bdfbe28 Add xmpp_stream_out behaviour and rewrite s2s/SM code 2016-12-28 09:47:11 +03:00
Evgeniy Khramtsov
7f653cfe76 Rewrite ejabberd_service to use new XMPP stream API 2016-12-11 18:24:51 +03:00
Evgeniy Khramtsov
5cc8e807df Initial version of new XMPP stream behaviour (for review) 2016-12-11 15:03:37 +03:00
Holger Weiss
3325e69ae6 Let mod_carboncopy mark copied messages
Carbon copies are now marked with a 'carbon_copy' flag.  This makes it
easier to identify them.
2016-11-22 22:21:34 +01:00
Evgeniy Khramtsov
78a44e0176 Merge branch 'master' into xml-ng
Conflicts:
	src/adhoc.erl
	src/cyrsasl_oauth.erl
	src/ejabberd_c2s.erl
	src/ejabberd_config.erl
	src/ejabberd_service.erl
	src/gen_mod.erl
	src/mod_admin_extra.erl
	src/mod_announce.erl
	src/mod_carboncopy.erl
	src/mod_client_state.erl
	src/mod_configure.erl
	src/mod_echo.erl
	src/mod_mam.erl
	src/mod_muc.erl
	src/mod_muc_room.erl
	src/mod_offline.erl
	src/mod_pubsub.erl
	src/mod_stats.erl
	src/node_flat_sql.erl
	src/randoms.erl
2016-11-12 13:27:15 +03:00
Evgeniy Khramtsov
f6236d456d Add more tests for privacy lists and blocking command 2016-10-22 13:01:45 +03:00
Holger Weiss
e54ba3db5b XEP-0198: Cope with invalid 'from'/'to' attributes
Check whether the 'from' and 'to' attributes are valid before bouncing
or resending a stanza from the stream management queue.  They might be
invalid in certain corner cases.

Thanks to Evgeniy for spotting this.
2016-10-06 23:20:45 +02:00
Evgeniy Khramtsov
3112a7187f Test anonymous auth 2016-09-25 09:57:56 +03:00
Evgeniy Khramtsov
fa31e3ef23 Deprecate jlib:integer_to_binary/1 and jlib:binary_to_integer/1 2016-09-24 23:34:28 +03:00
Evgeniy Khramtsov
58969fb854 Improve namespace handling 2016-09-24 14:17:21 +03:00
Evgeniy Khramtsov
53209b9ab1 Add tests for s2s code 2016-09-23 12:30:33 +03:00
Evgeniy Khramtsov
ceda073766 Add tests for external component 2016-09-21 10:45:11 +03:00
Evgeniy Khramtsov
a4ec064455 Add more tests for C2S 2016-09-20 14:04:07 +03:00
Christophe Romain
c39501a48d Merge branch 'push-requirements' of https://github.com/weiss/ejabberd into weiss-push-requirements 2016-09-13 14:29:14 +02:00
Evgeniy Khramtsov
e987b88848 Make common tests working again 2016-09-13 12:30:05 +03:00
Holger Weiss
d222fed228 XEP-0198: Cancel timer when waiting for resumption
If an ACK timer is active while going into the 'wait_for_resume' state,
cancel that timer.
2016-09-09 00:21:36 +02:00
Evgeniy Khramtsov
c29a48695d Rename #error{} record to #stanza_error{} 2016-09-08 17:08:48 +03:00
Holger Weiss
621f0e2b7c New stream management option: ack_timeout
Close the connection if a stream management client fails to respond to
an acknowledgement request within 60 seconds.  This number of seconds
can be changed with the new "ack_timeout" option, and the mechanism can
be disabled by specifying 'infinity'.

As a side effect of this change, a new acknowledgement is no longer
requested before the response to the previous request is received.
2016-09-07 23:16:54 +02:00
Christophe Romain
af0a493c66 Merge pull request #1253 from Amuhar/xep0356 2016-09-07 14:34:31 +02:00
Holger Weiss
4d19fb518f ejabberd_c2s: Add XEP-0198 resumption hooks
The new 'c2s_session_pending' and 'c2s_session_resumed' hooks are
invoked when a stream management session is pending and resumed,
respectively.
2016-08-15 21:49:58 +02:00
Holger Weiss
e7217e6320 Add functions to get/set some c2s state elements 2016-08-15 20:24:43 +02:00
Evgeniy Khramtsov
522a186a38 Improve some type specs 2016-08-09 10:56:32 +03:00
Holger Weiss
91e26fbf7a Add user's JID to CSI hook arguments
Add the JID of the CSI user to the arguments of the 'csi_filter_stanza'
and 'csi_flush_queue' hooks.
2016-08-05 23:47:18 +02:00
Holger Weiss
c2ef55a075 Cosmetic change: Set CSI state 'active' on resume
The CSI state is always set to 'active' when a stream management session
is resumed; so there's no need to apply the CSI state of the old c2s
process, first.
2016-08-05 20:09:52 +02:00
Evgeniy Khramtsov
4ff8d7918a Change code to reflect recent changes in fxml_gen 2016-08-05 08:41:08 +03:00
Holger Weiss
78fa9e08a5 XEP-0198: Handle timeouts during stream resumption
If session resumption failed because requesting the #state from the old
c2s process took too long, the new c2s process will usually receive the
response.  Let the new process handle that case gracefully.
2016-08-03 02:28:46 +02:00
Holger Weiss
3c1e4f0dfd XEP-0198: Increase timeout for stream resumption
During stream resumption, the #state is transferred from the old c2s
process to the new one.  This is usually very fast, but under certain
conditions, it can take longer than five seconds.
2016-08-03 02:15:15 +02:00
Paweł Chmielowski
fd365b2893 Display data that is send to websocket connection in debug log level
This should help with detecting problems like in #1097
2016-07-28 16:20:28 +02:00
Evgeniy Khramtsov
c409ed2f2c Rewrite S2S and ejabberd_service code to use XML generator 2016-07-27 10:45:08 +03:00
Holger Weiss
4b0d71d402 Don't return error for blocked MUC PMs
If a message stanza is blocked as per XEP-0016 or XEP-0191 and the
stanza is marked as a private MUC message, don't return an error.  This
makes sure users won't be kicked from MUC rooms when blocking other
participants.
2016-07-24 20:55:11 +02:00
Holger Weiss
d4d1941133 XEP-0198: Log debug message when dropping stanza
Log a debug message when an unacknowledged message is neither resent nor
bounced because it's archived.
2016-07-23 01:23:24 +02:00
Evgeniy Khramtsov
9a8e197d7e Initial version based on XML generator 2016-07-18 15:01:32 +03:00
Holger Weiss
749033598d Omit [info] message with number of queued stanzas
Just log a debug message if a stream management session times out and
some stanzas weren't acknowledged.
2016-07-10 22:21:57 +02:00
Paweł Chmielowski
3446aba753 Include correct version in stream:stream when reporting errors
This fixes issue #1174
2016-06-27 16:40:57 +02:00
Holger Weiss
c928956d73 XEP-0198: Apply cosmetic changes 2016-06-21 23:17:17 +02:00
Holger Weiss
7ddeac38b6 XEP-0198: Also count stanzas when socket is closed
Don't forget to count stanzas received from the stream management client
that are processed right after the connection was lost.
2016-06-21 22:54:41 +02:00
Paweł Chmielowski
3a8da27d86 Use {access,shaper}_rules_validator in other places where access rules are used 2016-06-21 13:18:24 +02:00
Holger Weiss
c91c5aa352 Fix handling of queued stanzas on session timeout
Don't fail to resend or bounce unacknowledged stanzas if the stream
management session timed out.

Closes #1160.
2016-06-19 23:32:15 +02:00
Paweł Chmielowski
fffae97940 Use acl:access_matches in c2s 2016-05-26 11:08:53 +02:00