During stream resumption, the #state is transferred from the old c2s
process to the new one. This is usually very fast, but under certain
conditions, it can take longer than five seconds.
If a message stanza is blocked as per XEP-0016 or XEP-0191 and the
stanza is marked as a private MUC message, don't return an error. This
makes sure users won't be kicked from MUC rooms when blocking other
participants.
Let mod_client_state handle the queueing of stanzas, not just their
classification. This simplifies the ejabberd_c2s code and gives
(custom) CSI modules more flexibility.
When stanzas are bounced from the stream management queue (because the
session timed out or was closed for some other reason), use a different
error message so that this situation can be distinguished from other
cases.
As per XEP-0016 and XEP-0191, return a service-unavailable error when an
incoming last activity query was blocked by a privacy list (just as we
do for other IQ requests).
If the "resend_on_timeout" option is set to 'if_offline' and a pending
stream management session is terminated because a new session is opened
by the same resource (while no other resource is online), resend
unacknowledged messages rather than bouncing error messages.
If a stream management session times out for a user who appears to be
using MAM, drop any unacknowledged messages rather than resending or
bouncing them. This avoids duplicates or bogus error messages.
However, this is only done if the new mod_mam option "assume_mam_usage"
is set to 'if_enabled' or 'on_request'. In the former case, a user is
assumed to be using MAM if archiving is enabled for his account. In the
latter case, MAM usage is assumed only if archiving was explicitly
requested by the client, or if archiving was enabled by means of
mod_mam's "request_activates_archiving" option.
If a message stanza is blocked as per XEP-0016 or XEP-0191, return an
error only if the type of the blocked message is "normal" or "chat".
This makes sure users won't be kicked from MUC rooms when blocking other
participants.
Closes#897.
The stop/1 function now terminates stream management sessions
immediately, just as it does for other sessions. The new
ejabberd_c2s:close/1 function can be used to close the socket without
terminating the stream management session, like stop/1 did before.
When an XEP-0198 session times out, always return an error for
unacknowledged IQ stanzas, and always drop presence stanzas. That is,
the "resend_on_timeout" option no longer applies to those stanzas types,
but only to messages.
In the past, the "resume_timeout" option defined both the default resume
timeout and the maximum resume timeout clients are permitted to request.
Admins might want to allow clients to request a timeout value that's
larger than the default, though. This can now be done by specifying the
"max_resume_timeout" option.
During login, clients might receive a relatively large number of stanzas
in one go. For some users, the default value of the "max_ack_queue"
option turned out to be too small in that situation.
Let send_text/2 and (therefore) send_element/2 return {error, Reason}
instead of error for consistency, and let send_stanza_and_ack_req/2
interpret any non-ok value as an error. (EJAB-1739)
This allows the authentication modules to perform SASL proxy authentication. It puts the onus on them to authorize the authcid to masquerade as the authzid. Doesn't currently implement such functionality in existing auth modules, since they cannot currently codify a relationship between the two identities. Does not permit the authzid to use a domain differently from the one of the connection.
Note: digest might not work, but I have no interest in it, being deprecated.
For couple years browsers did limit ability to change cookies from js
for different domains, this made http_poll connections practically not
usuable. I don't think this module is used at all so it's time to put it
to rest.
As per XEP-0016 and XEP-0191, return a service-unavailable error when an
incoming message was blocked by a privacy list. This lets the user
appear offline to the contact.
When an unacknowledged stanza is resent from the Stream Management
queue, add a timestamp so that the receiving client can display the time
at which the stanza was originally sent.
Provide a simpler interface for adding <delay/> and <x/> timestamps to
stanzas. This also makes sure that only one <delay/> tag and one <x/>
tag is added to a given stanza.
Terminate the ejabberd_c2s process immediately once stanza queue
overflow is detected. This makes sure the FSM won't process additional
stanzas before terminating if the recipient is flooded.
Don't offer the CSI stream feature when mod_client_state isn't actually
configured to filter stanzas. This makes sure clients won't send CSI
tags that end up being ignored.
If "resend_on_timeout" is set to "if_offline", resend unacknowledged
stanzas only if no other resource is online when the session times out.
In other words, allow for sending them to offline storage, but nowhere
else.
When Stream Management is enabled and a gen_tcp:send/2 call fails, go
into the 'wait_for_resume' state immediately. This makes sure that
gen_tcp:send/2 won't be called again, which might avoid an Erlang issue
where gen_tcp:send/2 apparently hangs despite 'send_timeout' (and
'send_timeout_close') being set.
Produce a proper error message instead of crashing when the JID encoded
in the 'previd' value of a <resume/> request is different from the
authenticated JID.
On stanza queue overflow, pass a message to self() using the exclamation
mark operator instead of send_all_state_event/2. This allows for
reusing the existing handler for 'kick' events.
On queue overflow, terminate the c2s session instead of just dropping
items from the queue. This makes sure all stanzas are either delivered
or bounced.
When the FSM goes into the 'wait_for_resume' state, let fsm_next_state/2
take care of updating #state.mgmt_state and of writing the log line.
This doesn't change the behavior, but simplifies the code.
The 'previd' value provided by the client during a session resume
request includes the client's JID and ejabberd's session ID. If there
is a session for the requested JID but with a different session ID,
resumption should fail, but that session shouldn't be closed. This
commit makes sure the latter won't happen.
In practice, this will only make a difference in odd corner cases.
If stream management is enabled, don't exit the c2s process when
ejabberd_socket:send/2 fails, but close the socket instead. This gives
the client a chance to resume the session.
Thanks go to Matthias Rieber for reporting the issue, providing detailed
logs, and testing the fix.
Only the child elements of <iq/> stanzas are qualified by the namespaces
in question, not the <iq/> stanzas themselves.
This change just clarifies the code. It doesn't alter the behaviour, as
those <iq/> stanzas are handed over to jlib:iq_to_xml/1, and that
function ignores the 'xmlns' attribute anyway.
Only stanzas are subject to stream management, so when XEP-0198 support
is enabled, we must distinguish them from non-stanza elements. This
commit adds a send_packet/2 function that can be used in place of
send_stanza/2 or send_element/2 whenever a packet is delivered that
might or might not be a stanza.
If the client says that it handled more stanzas than we sent (due to a
bug in the client's or in our code), increase our outgoing stanza count
accordingly. There's no point in sticking to the old value even if it
was correct, as the client surely won't fix its count during the current
session.
Do not log a warning (but only a debug message) if the client sends an
invalid </a> packet. Some clients do that occasionally, and there's
nothing server admininistrators could do about that.
There are corner cases where certain clients acknowledge more stanzas
than they received. Nothing really bad will happen in those cases, and
server administrators can't do anything about such issues anyway.
Due to timing issues, ejabberd_c2s might receive stream elements from
the client while the session is waiting for stream resumption. Those
elements are now accepted.
Log an informational message when a session goes into the pending state
(waiting for resumption) after the connection was lost. Administrators
may well be interested in this state change when looking into issues.
On connection timeout, drop any messages that were forwarded by some
encapsulating protocol, such as XEP-0280 carbon copies or XEP-0313
archive messages. Bouncing or resending them could easily lead to
unexpected results.
Implement the optional session resumption feature described in XEP-0198.
A client that supports this feature may now resume the previous session
(within a configurable number of seconds) if the connection was lost.
During resumption, ejabberd will retransmit any stanzas that hadn't been
acknowledged by the client.
Implement partial support for XEP-0198: Stream Management. After
successful negotiation of this feature, the server requests an ACK for
each stanza transmitted to the client and responds to ACK requests
issued by the client. On session termination, the server re-routes any
unacknowledged stanzas. The length of the pending queue can be limited
by setting the "max_ack_queue" option to some integer value (default:
500). XEP-0198 support can be disabled entirely by setting the
"stream_management" option to false (default: true).
So far, stream management is implemented only for c2s connections, and
the optional stream resumption feature also described in XEP-0198 is not
(yet) supported.
This addition was originally based on a patch provided by Magnus Henoch
and updated by Grzegorz Grasza. Their code implements an early draft of
XEP-0198 for some previous version of ejabberd. It has since been
rewritten almost entirely.
Use dynamic Rebar configuration
Make iconv dependency optional
Disable transient_supervisors compile option
Add hipe compilation support
Only compile ibrowse and lhttpc when needed
Make it possible to generate an OTP application release
Add --enable-debug compile option
Add --enable-all compiler option
Add --enable-tools configure option
Add --with-erlang configure option.
Add --enable-erlang-version-check configure option.
Add lager support
Improve the test suite
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."
So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.
Fixes problem 3 of EJAB-1158.
For EJAB-1045, the special NS_VCARD block for handling incoming vcard
iqs on behalf of clients has already been restricted to cases where the
user or resource part of the recipient is empty. But then the packets
should not have been routed to the c2s process anyway. This patch
completely removes it.
is_privacy_allow is only used in ejabberd_c2s:handle_info/3 to determine
for a few presence types whether the packet is allowed to be forwarded
to the user's client. This only makes sense if To#jid.user and
To#jid.server match StateData#state.user and StateData#state.server.
Also, add the atom in as parameter to a new argument Dir of
is_privacy_allow and extract from that function
privacy_check_packet(StateData, From, To, Packet, Dir) which runs the
privavcy check without converting allow/deny to true/false.
A new callback is introduced on the p1_fsm behaviour:
print_error/1
If the module implements this function, it will be invoked
in case of process crash with the current state data *before*
printing the error in the log. The function must return the
desired State to print.
It is used in ejabberd_c2s to prune the presence sets that
can be large. Instead, the state is changed to include only
the # of elements on each set.
Change inspired in comming changes to gen_server on OTP, and
b01d15abc3 (diff-0)