25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-24 17:29:28 +01:00
Commit Graph

2602 Commits

Author SHA1 Message Date
Andreas Köhler
510fd8cf73 Before forwarding last activity requests to a user, check that the user's presence is visible for From
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."

So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.

Fixes problem 3 of EJAB-1158.
2010-11-10 15:40:01 +01:00
Andreas Köhler
080922a3de Remove dead code for NS_VCARD iq packets from ejabberd_c2s
For EJAB-1045, the special NS_VCARD block for handling incoming vcard
iqs on behalf of clients has already been restricted to cases where the
user or resource part of the recipient is empty. But then the packets
should not have been routed to the c2s process anyway. This patch
completely removes it.
2010-11-10 15:40:00 +01:00
Andreas Köhler
cb7d8c8ead Use ejabberd_c2s:privacy_check_packet/5 for all those hook folded runs in the c2s module 2010-11-10 15:39:59 +01:00
Andreas Köhler
c47252aea1 Use c2s state data as user and server in ejabberd_c2s:is_privacy_allow
is_privacy_allow is only used in ejabberd_c2s:handle_info/3 to determine
for a few presence types whether the packet is allowed to be forwarded
to the user's client. This only makes sense if To#jid.user and
To#jid.server match StateData#state.user and StateData#state.server.

Also, add the atom in as parameter to a new argument Dir of
is_privacy_allow and extract from that function
privacy_check_packet(StateData, From, To, Packet, Dir) which runs the
privavcy check without converting allow/deny to true/false.
2010-11-10 15:39:57 +01:00
Andreas Köhler
f96074057c Correct error responses of forbidden offline last activity queries
According to XEP-0012 Last Activity, the server must return iq errors
with forbidden instead of not-allowed.

Fixes problem 1 of EJAB-1158.
2010-11-10 15:39:55 +01:00
Christophe Romain
dfaeb3bc88 populate pubsub#roster_groups_allowed in node configuration options (thanks to Karim Gemayel)(EJAB-1344) 2010-11-10 15:15:03 +01:00
Christophe Romain
c31f59e326 fix bad plugin order issue injected in previous patch (EJAB-1286) 2010-11-09 14:32:40 +01:00
Andreas Köhler
7c2b9eaf97 Correct privacy check direction in mod_last (EJAB-1339)
The change for EJAB-1271 to change the direction of the privacy check
from out to in violates the idea that the check should imitate a
subscription state check of from. Rather correct the order of the From
and To parameters.
2010-11-09 13:57:57 +01:00
Andreas Köhler
79f5251d69 Change max restart strategy of ejabberd_odbc_sup to handle some SQL timeouts. 2010-11-08 18:41:03 +01:00
Christophe Romain
917e8640c2 avoid node_call to break transaction (thanks to Karim Gemayel)(EJAB-1286) 2010-11-08 11:16:51 +01:00
Andreas Köhler
c4bc0e7252 Re-raise exceptions caught in gen_mod:start_module/3 (EJAB-1335)
Modules configured by the administrator normally should not be treated
as optional, so a exception (error, exit, throw) to start them should not
be caught and logged only.

This patch re-raises a caught exception instead of ignoring the
exception and inserting the module's opts on success. That way
gen_mod:get_module_opt/4 should work while calling Module:start/2.
2010-11-07 00:49:52 +01:00
Evgeniy Khramtsov
1f16e4783c Take care of xml:lang attribute in unauthenticated stanzas as well 2010-11-06 13:58:52 +09:00
Badlop
7f3a5066c6 New ip_access option restricts which IPs can register (thanks to Alexey Shchepin)(EJAB-915) 2010-11-05 19:33:52 +01:00
Badlop
6f3713a67d Disable mod_register_web in default config because by default captcha is disabled 2010-11-05 19:33:50 +01:00
Badlop
abfb4a2841 Recompile the Guide 2010-11-05 18:21:20 +01:00
Badlop
f672fd0824 Added mod_register_web: web page for account registration (EJAB-471) 2010-11-05 18:19:52 +01:00
Evgeniy Khramtsov
60b36beda8 Disable LRU caching algorithm for LDAP shared rosters 2010-11-05 17:01:18 +09:00
Evgeniy Khramtsov
c4289095e0 Do not store long language tag to avoid possible DoS/flood attacks 2010-11-05 05:10:18 +09:00
Evgeniy Khramtsov
31757116fc LDAP shared roster support (thanks to Realloc and Marcin Owsiany) 2010-11-05 02:34:45 +09:00
Christophe Romain
70c1e1d0b1 enforce pubsub cleaner 2010-11-04 16:54:24 +01:00
Jonas Ådahl
2f68733708 Fixes a leak of ejabberd_receiver processes.
When a (non-frontend) socket module without any custom receiver fails to
start, the newly created ejabberd_receiver process needs to be properly
closed.
2010-11-03 17:10:52 +01:00
Badlop
dccaff0544 Correct in the Guide the default mod_irc encoding
The default option value was last changed in  EJAB-302,
but the Guide was not properly updated yet.
2010-11-02 22:47:28 +01:00
Badlop
184ec38510 Implement the mod_irc option default_encoding, it was already documented
Related:
http://www.ejabberd.im/node/4270#comment-56609
http://www.ejabberd.im/node/4270#comment-56780
2010-11-02 22:40:08 +01:00
Badlop
2d59efb515 Fix crash in ejabberd_c2s when blacklist hook returned true (thanks to Jonas Ådahl)
Cause of the crash jlib:ip_to_list/1 only supports IP tuples using the
form {N1,N2,N3,N4} which is not the case when IPv6 is enabled.
2010-11-02 13:51:36 +01:00
Evgeniy Khramtsov
195d22d906 Merge branch '2.1.x' of git+ssh://gitorious.process-one.net/ejabberd/mainline into 2.1.x 2010-11-01 22:23:01 +09:00
Evgeniy Khramtsov
ab80513755 Do not run set_last request inside a transaction 2010-11-01 22:22:41 +09:00
Badlop
8a116411bb Fix errors in EDoc comments 2010-10-28 18:48:27 +02:00
Badlop
bd3889b6ec Include a Required xml element in the captcha field 2010-10-27 00:50:17 +02:00
Andreas Köhler
400fb69f15 Ignore Length argument to tls:recv/[23] (EJAB-1327)
The Length argument cannot be used for gen_tcp:recv/3, because the
compressed size does not equal the desired uncompressed one.
2010-10-26 19:32:15 +02:00
Andreas Köhler
9da45d40c7 Re-use the TLSSock argument in tls:send/2 (EJAB-1327) 2010-10-26 19:30:32 +02:00
Evgeniy Khramtsov
23db206ea1 * Add top-level instructions for x:data incompatible clients
* Remove trailing dot
2010-10-26 03:47:14 +10:00
Badlop
964b7b6b67 Changes in registration form to workaround client problems (EJAB-1262)
Changes included:
* Remove var in fixed field because Gajim and Tkabber display it to user
* Add workaround for Psi's overlap fields
* Add var=url attribute, required by Psi to display the field
* Provide the image URL as a copy-able form field
2010-10-25 19:00:52 +02:00
Badlop
9c5f34794a Workaround for Psi's wrong Type in form submission 2010-10-25 18:58:31 +02:00
Badlop
eca7588abf Recompile the guide.html 2010-10-25 18:57:54 +02:00
Badlop
a15d583d4d Add CAPTCHA example configurations to cfg (EJAB-1262)(EJAB-1326) 2010-10-25 18:57:39 +02:00
Evgeniy Khramtsov
e03c453c78 Provide image url in registration form when captcha is enabled 2010-10-25 23:36:31 +10:00
Alexey Shchepin
aea394861d Added a protocol for a client to send the number of local unread messages
Conflicts:

	src/ejabberd_c2s.erl
2010-10-25 10:09:06 +03:00
Evgeniy Khramtsov
641dc7d695 Add password entropy check (EJAB-1326) 2010-10-24 17:17:30 +10:00
Evgeniy Khramtsov
0a1b0498a6 * Rename option captcha to captcha_protected for consistency.
* Document captcha_protected option
2010-10-24 15:45:42 +10:00
Evgeniy Khramtsov
a6858a6ce4 Merge branch '2.1.x' of git+ssh://gitorious.process-one.net/ejabberd/mainline into 2.1.x 2010-10-24 15:30:37 +10:00
Evgeniy Khramtsov
f4beeb1706 CAPTCHA IBR support (EJAB-1262) 2010-10-24 15:30:16 +10:00
Badlop
2e33904bb8 Don't check whether the contact is a locally registered account or not (EJABS-1550) 2010-10-24 00:48:57 +02:00
Badlop
75298b4c27 Improve example of outoging_s2s_options 2010-10-22 23:14:24 +02:00
Badlop
2d3bbd43d7 Allow add_rosteritem functions to work even when no know mod_roster is enabled 2010-10-21 21:07:07 +02:00
Christophe Romain
011464e6ac improve documentation (thanks to Karim Gemayel) 2010-10-21 11:14:24 +02:00
Badlop
6c0e9ef575 Fix return values of some functions. newgroups argument changed to groups. 2010-10-21 00:23:33 +02:00
Badlop
ca62271a89 Apply Apollo fixes. More fixes. Improve command descriptions. 2010-10-20 16:41:27 +02:00
Evgeniy Khramtsov
c96a1805e8 - get rid of rpc:call to avoid group leader inheritance
- do not log migration errors
- remove stopping node from cluster hashing explicitly
2010-10-20 17:26:01 +10:00
Badlop
babff870a8 Remove custom ON command: send_notification/6 2010-10-19 17:17:55 +02:00
Badlop
5cd3de9cd7 Copy changes from Apollo's mod_xmlrpc to 2.2.x's mod_xmlrpc
Changes:
* link_contacts new arguments: group1::string, group2::string
* New method add_rosteritem_groups/5
* New method del_rosteritem_groups/5
* New method modify_rosteritem_groups/7
* get_roster change argument group::string -> groups::[string]
2010-10-19 16:55:24 +02:00