Holger Weiss
86e17c379c
Verify host name before offering SASL EXTERNAL
...
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:
1. Verify the certificate without checking the host name. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
identity against the certificate host name(s). On failure, abort the
connection unconditionally.
ejabberd now does this instead:
1. Verify the certificate and compare the certificate host name(s)
against the 'from' attribute of the stream header. On failure,
behave according to 's2s_use_starttls'. On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
identity (if any) and consider the peer authenticated.
The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
Holger Weiss
4bc8b6bc9f
Fix extraction of host names from certificates
2014-04-22 22:12:04 +02:00
badlop
37d4109e8a
Merge pull request #161 from weiss/fix-carbons
...
Let mod_carboncopy take care of messages sent to bare/unavailable JIDs
2014-04-22 13:52:11 +02:00
Holger Weiss
d350cc6361
Accept "extauth_cache: false"
...
Don't log a "configuration problem" message if "extauth_cache: false" is
explicitly specified, as that's a valid configuration setting as per the
documentation.
2014-04-16 14:15:14 +02:00
Paweł Chmielowski
7af7b7d3f0
Fix compilation on pre-R17
2014-04-15 17:05:25 +02:00
Paweł Chmielowski
d97b4fd9ca
Fix loading translation files on R17
2014-04-15 17:05:22 +02:00
Alexey Shchepin
f93758a3cd
Merge pull request #160 from runcom/protocol_options
...
Add option to specify openssl options
2014-04-15 19:01:21 +04:00
badlop
285c4c17cf
Merge pull request #146 from jamielinux/master
...
Update FSF address
2014-04-11 13:35:46 +02:00
Evgeniy Khramtsov
a21edc2f3a
Pretty print accepted transport address
2014-04-11 12:30:58 +02:00
Holger Weiss
b3b12effbc
Carbons: Handle unavailable resource like bare JID
...
As the session manager handles messages sent to unavailable resources
just like messages sent to bare JIDs, mod_carboncopy must do that, too.
That is, forward them only to those carbon-copy-enabled resources that
don't have a top priority, in order to avoid duplicates.
2014-04-08 23:32:30 +02:00
Antonio Murdaca
fbf71f86f3
Add option to specify openssl options
2014-04-08 18:46:52 +02:00
Holger Weiss
9d5426315f
Carbons: Also forward messages sent to bare JIDs
...
Don't ignore messages sent to bare JIDs, but forward them to all
carbon-copy-enabled resources that don't have the highest priority.
2014-04-07 22:10:08 +02:00
badlop
766ab1eb46
Merge pull request #158 from weiss/fix-lang-type
...
Fix a type error
2014-04-07 13:28:41 +02:00
badlop
76fb7d284a
Merge pull request #157 from weiss/fix-mod-update
...
Fix badarg issue on module update web site
2014-04-07 13:27:31 +02:00
Holger Weiss
37f409d254
Fix a type error
2014-04-06 00:39:51 +02:00
Holger Weiss
e02a4913d2
Fix badarg issue on module update web site
2014-04-05 23:23:44 +02:00
HAMANO Tsukasa
1250ee5d77
mod_register_web: check same acl as mod_register.
2014-04-04 04:07:29 +09:00
Badlop
8b9c49440a
Fix user_resources command, and ejabberd_xmlrpc parsing auth details in call
2014-03-31 16:51:47 +02:00
Badlop
a5a065290b
Small change in ejabberd_ctl output format to support bash completion
2014-03-26 16:43:53 +01:00
Badlop
ac0e199d36
Provide meaningful text to user when admin kicks session (EJAB-1455)
2014-03-26 16:01:37 +01:00
Evgeniy Khramtsov
2150b10901
Fix service_info options processing
2014-03-25 09:52:57 +04:00
Evgeniy Khramtsov
5c36c44689
Remove annyoing warnings
2014-03-25 09:42:12 +04:00
Badlop
d5f90965d7
Fix ACLs syntax change (thanks to jokker23)(issue #140 )
2014-03-24 19:40:55 +01:00
badlop
2b527f5e9a
Merge pull request #149 from iulianlaz/carboncopy-fix-msg-back-to-original-sender
...
#148 Carbon copy sends message back to original sender solved
2014-03-16 20:59:49 +01:00
Badlop
633d47f784
Update copyright dates to 2014 (EJAB-1679)
2014-03-13 12:30:57 +01:00
iulianlaz
9ef1ad0b6e
#148 Carbon copy sends message back to original sender solved
2014-03-06 08:40:38 +00:00
Badlop
e211bf522e
Support XEP-0321: Remote Roster Management (EJAB-1381)
2014-02-26 18:02:37 +01:00
Badlop
46b2d91105
Convert DB details to string when calling odbc:connect/2 (EJAB-1681)
2014-02-26 17:26:46 +01:00
Badlop
c29ba14dbf
Don't provide current password in webinterface (github issue #137 )
2014-02-26 17:19:07 +01:00
Jamie Nguyen
8538997d61
Update FSF address
2014-02-22 10:27:40 +00:00
Holger Weiss
e82a79efd5
Add missing parenthesis
2014-02-21 23:33:13 +01:00
Badlop
63a7011c38
When occupant changes nick, include status 110 in stanzas sent to him
2014-02-14 16:22:14 +01:00
Badlop
4c8b6fe16b
Fixing mod_carboncopy sends carbons of carbons ( fixes #107 )
2014-01-23 17:29:24 +01:00
mrjameshamilton
5ccc6db093
Fixed parameter order in call to restore_room/3
2014-01-23 14:39:52 +00:00
Alexey Shchepin
9422164dda
Clear SASL state after finishing auth
2014-01-21 13:44:29 +02:00
Alexey Shchepin
cbbfd921b4
Fix for the previous commit
2014-01-21 11:54:18 +02:00
Alexey Shchepin
d63be79df9
Use 'to' field only in the first client stream initialization
2014-01-20 16:06:05 +02:00
Badlop
e107e78773
Fix auth verification in ejabberd_xmlrpc (thanks to Vicis)
2014-01-02 16:10:19 +01:00
Evgeniy Khramtsov
d03de1bb43
Fix some type specs and errors
2013-12-10 21:44:46 +10:00
Evgeniy Khramtsov
33764bb931
Add ejabberd_xmlrpc
2013-12-10 21:25:12 +10:00
Badlop
5a1300bc70
Add access rule to mod_roster (EJAB-72)
2013-12-04 14:57:44 +01:00
Christophe Romain
9c17163b55
bind values for get_parentnodes_tree
2013-12-03 10:51:01 +01:00
Christophe Romain
e11c835bd3
fix use of virtual nodetree
2013-12-03 10:34:59 +01:00
Alexey Shchepin
1dd94ac0d0
Support for OpenSSL ciphers list in ejabberd_c2s, ejabberd_s2s_in and ejabberd_s2s_out
2013-11-28 19:39:11 +02:00
Badlop
a6b0e18bde
add Pubsub data migration from mnesia to odbc (EJAB-1126)
...
By calling:
ejd2odbc:export_pubsub("localhost","/tmp/aa.txt").
it will generate SQL files like these:
/tmp/pubsub_item.txt
/tmp/pubsub_node.txt
/tmp/pubsub_state.txt
Conflicts:
src/ejabberd_admin.erl
src/ejd2odbc.erl
2013-11-14 19:29:16 +01:00
Evgeniy Khramtsov
89a17ba84a
Correctly convert ACLs into YAML representation
2013-11-07 02:43:43 +10:00
Evgeniy Khramtsov
a87b475361
Do not use functions from crypto module wherever possible
2013-11-05 20:07:38 +10:00
Evgeniy Khramtsov
b7c7d2747b
Fix some type errors
2013-11-05 19:49:30 +10:00
Evgeniy Khramtsov
c0240e7249
Do not try to start STUN application during config checks
2013-11-02 10:30:19 +10:00
Evgeniy Khramtsov
6dd31299cf
Avoid case clause crash when loading permanent rooms
2013-10-23 12:23:00 +10:00