25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-10 16:58:46 +01:00
Commit Graph

7731 Commits

Author SHA1 Message Date
Evgeniy Khramtsov
fc794b680a Add cache options to the validator 2017-05-17 16:03:41 +03:00
Evgeniy Khramtsov
a71065fcda Ciphers should be a binary string 2017-05-17 15:42:18 +03:00
Evgeniy Khramtsov
7165196211 Get rid of unused variable 2017-05-17 15:24:32 +03:00
Evgeniy Khramtsov
f782955c06 Implement cache for roster 2017-05-17 14:47:35 +03:00
Evgeniy Khramtsov
3f13396d73 Fix use_cache/1 callback 2017-05-15 08:58:37 +03:00
Konstantinos Kallas
88365ed507 New account functional, very crude 2017-05-15 01:41:09 +03:00
Evgeniy Khramtsov
061d5f2380 Shut up dialyzer/xref if public_key:short_name_hash/1 is not available 2017-05-13 13:11:08 +03:00
Evgeniy Khramtsov
2d17a2850c Only validate certfiles if public_key:short_name_hash/1 is available 2017-05-12 17:51:17 +03:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
d3c8fb7705 Check presence of some files during option validation 2017-05-12 09:34:57 +03:00
Evgeniy Khramtsov
9fe16a29e1 Gracefully process malformed passwords during password change 2017-05-11 17:15:23 +03:00
Evgeniy Khramtsov
31a3cc7b10 Gracefully process malformed passwords during registration 2017-05-11 17:09:26 +03:00
Evgeniy Khramtsov
a8dc5f80d1 Add 'access_remove' ACL to mod_register 2017-05-11 16:37:01 +03:00
Evgeniy Khramtsov
81d9770d4f Update Elixir tests for using new auth API 2017-05-11 16:15:18 +03:00
Evgeniy Khramtsov
cdb191bb48 Rename is_user_exists -> user_exists 2017-05-11 15:49:06 +03:00
Evgeniy Khramtsov
633b68db11 Use cache for authentication backends
The commit introduces the following API incompatibilities:

In ejabberd_auth.erl:
* dirty_get_registered_users/0 is renamed to get_users/0
* get_vh_registered_users/1 is renamed to get_users/1
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is renamed to count_users/1
* get_vh_registered_users_number/2 is renamed to count_users/2

In ejabberd_auth callbacks
* plain_password_required/0 is replaced by plain_password_required/1
  where the argument is a virtual host
* store_type/0 is replaced by store_type/1 where the argument is
  a virtual host
* set_password/3 is now an optional callback
* remove_user/3 callback is no longer needed
* remove_user/2 now should return `ok | {error, atom()}`
* is_user_exists/2 now must only be implemented for backends
  with `external` store type
* check_password/6 is no longer needed
* check_password/4 now must only be implemented for backends
  with `external` store type
* try_register/3 is now an optional callback and should return
  `ok | {error, atom()}`
* dirty_get_registered_users/0 is no longer needed
* get_vh_registered_users/1 is no longer needed
* get_vh_registered_users/2 is renamed to get_users/2
* get_vh_registered_users_number/1 is no longer needed
* get_vh_registered_users_number/2 is renamed to count_users/2
* get_password_s/2 is no longer needed
* get_password/2 now must only be implemented for backends with
  `plain` or `scram` store type

Additionally, the commit introduces two new callbacks:
* use_cache/1 where the argument is a virtual host
* cache_nodes/1 where the argument is a virtual host

New options are also introduced: `auth_use_cache`, `auth_cache_missed`,
`auth_cache_life_time` and `auth_cache_size`.
2017-05-11 14:37:21 +03:00
Badlop
e890525788 Use misc:atom_to_binary/1 instead of the deprecated jlib.erl (#1510) 2017-05-10 12:05:52 +02:00
Badlop
6b8c61b3a2 Update comment: aux.erl was renamed to misc.erl 2017-05-10 12:03:13 +02:00
Badlop
4849ac9781 Use jid:encode/1 instead of the deprecated jid:to_string/1 (#1510) 2017-05-10 11:22:15 +02:00
Lamtei W
cd18d3d8a7 Fix: update sql statement, added missing delimeter for sql queries 2017-05-10 11:22:11 +02:00
Lamtei W
a0908ba393 Added export function for mam module 2017-05-10 11:22:07 +02:00
Konstantinos Kallas
02dbe39b06 Examining jose functionality 2017-05-09 23:27:37 +03:00
Konstantinos Kallas
67a00939db Small improvements to the acme module 2017-05-08 20:29:58 +03:00
Evgeniy Khramtsov
5d7a704ca5 Remove forgotten 'export_all' 2017-05-08 17:23:29 +03:00
Evgeniy Khramtsov
cee90a886e Don't list 'redis_pool_size' option multiple times 2017-05-08 17:22:34 +03:00
Evgeniy Khramtsov
6b6d07745d Split some functions in smaller ones 2017-05-08 16:29:01 +03:00
Konstantinos Kallas
05362b9a7d Very basic acme client, only stubs 2017-05-08 15:35:11 +03:00
Evgeniy Khramtsov
bf2a2f291f State that Erlang 17.5 or higher is only supported 2017-05-08 15:10:42 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
6aefd24eb3 LOG_PATH macro should be of string type 2017-05-06 09:42:06 +03:00
Evgeniy Khramtsov
3241c2506b Introduce 'sql_connect_timeout' option (#1698) 2017-05-05 16:25:10 +03:00
Evgeniy Khramtsov
48d6ae1def Introduce 'sql_query_timeout' option
Fixes #1698
2017-05-05 13:20:28 +03:00
Evgeniy Khramtsov
f2dc8c0442 Emit deprecation warning for SM related listening options 2017-05-05 12:31:17 +03:00
Evgeniy Khramtsov
b174e2c9c6 Improve validation of second-level options 2017-05-05 11:11:17 +03:00
Evgeniy Khramtsov
fb17c1b99f Make it possible to validate second-level options 2017-05-04 17:34:32 +03:00
Paweł Chmielowski
e790e66f47 Fix elixir tests 2017-05-04 12:17:41 +02:00
Paweł Chmielowski
c64e77a08c Catch exceptions from acl:add_list in web admin 2017-05-04 12:01:22 +02:00
Evgeniy Khramtsov
cf53d834e9 Introduce 'iqdisc' global option 2017-05-04 12:24:47 +03:00
Evgeniy Khramtsov
a2a4a4970e Validate module options on start_module/2 2017-05-04 09:09:10 +03:00
Badlop
31fa36003f Parse ldap_uids in mod_vcard_ldap like in eldap_utils (#319) 2017-05-03 23:32:56 +02:00
Christophe Romain
cd1c41e448 Merge pull request #1697 from pipo02mix/dockerfile-17-04
Update Dockerfile to be able to build 17.04 ejabberd version
2017-05-03 09:29:23 +02:00
Evgeniy Khramtsov
54cc49bc70 Validate new options before module reloading 2017-05-01 14:01:12 +03:00
Evgeniy Khramtsov
fe662c1a0a Don't forget to delete digraph 2017-05-01 10:14:00 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
2b63d07329 Merge branch 'new-option-validation' 2017-04-29 11:48:57 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Paweł Chmielowski
2bcf822637 Fix elixir tests 2017-04-28 10:08:09 +02:00
Evgeniy Khramtsov
6658c0d386 Bump cache_tab version 2017-04-27 20:07:44 +03:00