Check whether the 'from' and 'to' attributes are valid before bouncing
or resending a stanza from the stream management queue. They might be
invalid in certain corner cases.
Thanks to Evgeniy for spotting this.
Close the connection if a stream management client fails to respond to
an acknowledgement request within 60 seconds. This number of seconds
can be changed with the new "ack_timeout" option, and the mechanism can
be disabled by specifying 'infinity'.
As a side effect of this change, a new acknowledgement is no longer
requested before the response to the previous request is received.
The CSI state is always set to 'active' when a stream management session
is resumed; so there's no need to apply the CSI state of the old c2s
process, first.
If session resumption failed because requesting the #state from the old
c2s process took too long, the new c2s process will usually receive the
response. Let the new process handle that case gracefully.
During stream resumption, the #state is transferred from the old c2s
process to the new one. This is usually very fast, but under certain
conditions, it can take longer than five seconds.
If a message stanza is blocked as per XEP-0016 or XEP-0191 and the
stanza is marked as a private MUC message, don't return an error. This
makes sure users won't be kicked from MUC rooms when blocking other
participants.
Let mod_client_state handle the queueing of stanzas, not just their
classification. This simplifies the ejabberd_c2s code and gives
(custom) CSI modules more flexibility.
When stanzas are bounced from the stream management queue (because the
session timed out or was closed for some other reason), use a different
error message so that this situation can be distinguished from other
cases.
As per XEP-0016 and XEP-0191, return a service-unavailable error when an
incoming last activity query was blocked by a privacy list (just as we
do for other IQ requests).
If the "resend_on_timeout" option is set to 'if_offline' and a pending
stream management session is terminated because a new session is opened
by the same resource (while no other resource is online), resend
unacknowledged messages rather than bouncing error messages.
If a stream management session times out for a user who appears to be
using MAM, drop any unacknowledged messages rather than resending or
bouncing them. This avoids duplicates or bogus error messages.
However, this is only done if the new mod_mam option "assume_mam_usage"
is set to 'if_enabled' or 'on_request'. In the former case, a user is
assumed to be using MAM if archiving is enabled for his account. In the
latter case, MAM usage is assumed only if archiving was explicitly
requested by the client, or if archiving was enabled by means of
mod_mam's "request_activates_archiving" option.
If a message stanza is blocked as per XEP-0016 or XEP-0191, return an
error only if the type of the blocked message is "normal" or "chat".
This makes sure users won't be kicked from MUC rooms when blocking other
participants.
Closes#897.
The stop/1 function now terminates stream management sessions
immediately, just as it does for other sessions. The new
ejabberd_c2s:close/1 function can be used to close the socket without
terminating the stream management session, like stop/1 did before.
When an XEP-0198 session times out, always return an error for
unacknowledged IQ stanzas, and always drop presence stanzas. That is,
the "resend_on_timeout" option no longer applies to those stanzas types,
but only to messages.
In the past, the "resume_timeout" option defined both the default resume
timeout and the maximum resume timeout clients are permitted to request.
Admins might want to allow clients to request a timeout value that's
larger than the default, though. This can now be done by specifying the
"max_resume_timeout" option.
During login, clients might receive a relatively large number of stanzas
in one go. For some users, the default value of the "max_ack_queue"
option turned out to be too small in that situation.
Let send_text/2 and (therefore) send_element/2 return {error, Reason}
instead of error for consistency, and let send_stanza_and_ack_req/2
interpret any non-ok value as an error. (EJAB-1739)
This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection.
Note: digest might not work, but I have no interest in it, being deprecated.
For couple years browsers did limit ability to change cookies from js
for different domains, this made http_poll connections practically not
usuable. I don't think this module is used at all so it's time to put it
to rest.
As per XEP-0016 and XEP-0191, return a service-unavailable error when an
incoming message was blocked by a privacy list. This lets the user
appear offline to the contact.
When an unacknowledged stanza is resent from the Stream Management
queue, add a timestamp so that the receiving client can display the time
at which the stanza was originally sent.
Provide a simpler interface for adding <delay/> and <x/> timestamps to
stanzas. This also makes sure that only one <delay/> tag and one <x/>
tag is added to a given stanza.
Terminate the ejabberd_c2s process immediately once stanza queue
overflow is detected. This makes sure the FSM won't process additional
stanzas before terminating if the recipient is flooded.
Don't offer the CSI stream feature when mod_client_state isn't actually
configured to filter stanzas. This makes sure clients won't send CSI
tags that end up being ignored.
If "resend_on_timeout" is set to "if_offline", resend unacknowledged
stanzas only if no other resource is online when the session times out.
In other words, allow for sending them to offline storage, but nowhere
else.
When Stream Management is enabled and a gen_tcp:send/2 call fails, go
into the 'wait_for_resume' state immediately. This makes sure that
gen_tcp:send/2 won't be called again, which might avoid an Erlang issue
where gen_tcp:send/2 apparently hangs despite 'send_timeout' (and
'send_timeout_close') being set.
Produce a proper error message instead of crashing when the JID encoded
in the 'previd' value of a <resume/> request is different from the
authenticated JID.
On stanza queue overflow, pass a message to self() using the exclamation
mark operator instead of send_all_state_event/2. This allows for
reusing the existing handler for 'kick' events.
On queue overflow, terminate the c2s session instead of just dropping
items from the queue. This makes sure all stanzas are either delivered
or bounced.
When the FSM goes into the 'wait_for_resume' state, let fsm_next_state/2
take care of updating #state.mgmt_state and of writing the log line.
This doesn't change the behavior, but simplifies the code.
The 'previd' value provided by the client during a session resume
request includes the client's JID and ejabberd's session ID. If there
is a session for the requested JID but with a different session ID,
resumption should fail, but that session shouldn't be closed. This
commit makes sure the latter won't happen.
In practice, this will only make a difference in odd corner cases.
If stream management is enabled, don't exit the c2s process when
ejabberd_socket:send/2 fails, but close the socket instead. This gives
the client a chance to resume the session.
Thanks go to Matthias Rieber for reporting the issue, providing detailed
logs, and testing the fix.
Only the child elements of <iq/> stanzas are qualified by the namespaces
in question, not the <iq/> stanzas themselves.
This change just clarifies the code. It doesn't alter the behaviour, as
those <iq/> stanzas are handed over to jlib:iq_to_xml/1, and that
function ignores the 'xmlns' attribute anyway.
Evgeniy Khramtsov