STUN via UDP can easily be abused for reflection/amplification DDoS
attacks. Suggest a non-standard port to make it harder for attackers to
discover the service.
Modern XMPP clients discover the port via XEP-0215, so there's no
advantage in sticking to the standard port.
Some users reported ejabberd being restarted by systemd due to missing
watchdog pings despite the actual service operating just fine. So far,
we weren't able to track down the issue, so we'll no longer enable the
watchdog in our example service unit.
Closes#4054.
New check_register_user hook in ejabberd_auth.erl
to allow blocking account registration when a tombstone exists.
Modified room_destroyed hook in mod_muc_room.erl
Until now the hook passed as arguments: LServer, Room, Host.
Now it passes: LServer, Room, Host, Persistent
That new Persistent argument passes the room persistent option,
required by mod_tombstones because only persistent rooms should generate
a tombstone, temporary ones should not.
And the persistent option should not be completely overwritten, as we must
still known its real value even when room is being destroyed.
mod_tombstones is available in experimental mode in ejabberd-contrib git.
Initial feature request: #2546
These days, TURN authentication is usually performed using ephemeral
credentials handed out by mod_stun_disco. In that case, the TURN realm
is irrelevant. Therefore, omit the misleading log message that warned
about a missing realm configuration.
(Commit 6eb2f07274 reduced the log level
of that message already.)
XEP-0388 says: "SASL2 MUST only be used by Clients or offered by Servers
after TLS negotiation". Therefore, we reject SASL2 negotiations over
unencrypted transports by default. However, TLS might be terminated
outside of ejabberd. Add the 'allow_unencrypted_sasl2' option to
support this use case.
Ignore node plugin defaults if the plugin handling the request isn't
enabled, rather than ignoring 'default_node_config' options and
applying plugin defaults in that case.
Use any option specified via 'default_node_config' by default, and take
the remaining defaults from the node plugin handling the request. This
is the documented behavior.
Before this change, the code applied the plugin defaults only if no
'default_node_config' existed at all. And even this logic didn't work
as intended, since 'default_node_config' yielded an empty list in case
it wasn't configured, which resulted in plugin defaults never being
applied.
Don't merge 'default_node_config' settings with the default options of
the first configured node plugin. Otherwise, the latter might later
override those of the plugin that should handle a node creation request.
For example, the following configuration would lead to the 'flat'
options being used by default for 'pep' nodes as well:
mod_pubsub:
plugins:
- flat
- pep
Modifies the CI build to integrate the GitHub Action-based test runner from the [XMPP Interop Testing project](https://xmpp-interop-testing.github.io). This executes additional integration tests that help verify ejabberd's compliance with XMPP specifications.
In this commit, none of the tests are excluded, which likely results in false positives. Therefor, the 'continue-on-error' flag is set. This should ideally be removed in a later commit.