Fix sasl digest bug when username|password|resource strings had
all characters <= U+00FF and at least one character >= U+0080.
Warnning:
Note that by fixing the bug, we may be broking compatibility with clients
that "implements" it.
See comments on https://support.process-one.net/browse/EJAB-476
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
looking up domain_certfile options is #state.myname and not
#state.server
* If s2s_certfile is not specified, connect should still be part of the
tls options used by ejabberd_s2s_out
* Add #state.server to ejabberd_s2s_in processes and store the to
attribute in :wait_for_stream/2. Then use that server in
:wait_for_feature_request/2 to change the tls options like in
ejabberd_s2s_out.
Fixes EJAB-1086.
If the callback module has a socket type of independent and needs to
create the listener itself, do not pre-bind the port. The same holds if
there are errors in the listener configuration.
It may happen that auth or rdbms client tcp connections bind a local
socket to a port number required by a configered listener. The ejabberd
applications fails to start up and needs to be restarted.
In plain C you would bind(2) the listener port and listen(2) later on.
gen_tcp:listen/2 does not allow to separate these two steps though, so
another way is not to accept connections while start up. OTOH, the
kernel will syn/ack incoming connections and receive data, leaving them
in a buffer for the ejabberd to read from. If this is unwanted, a load
balancer would need to receive data from the ejabberd server before
adding the node to its pool.
This patch binds tcp ports while initializing the ejabberd_listener
process, storing ListenSockets in an ets table. start_listeners/0 will
reuse these ports later on.
The local function get_last/4 has been renamed to get_last_iq/4, since
it converts the result of get_last/2 (typically {ok, TimeStamp, Status})
to an iq packet.
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."
So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.
Fixes problem 3 of EJAB-1158.