25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Commit Graph

61 Commits

Author SHA1 Message Date
Badlop
589521bfd8 Update copyright year to 2024 (#4139) 2024-01-22 17:29:13 +01:00
Paweł Chmielowski
29ec5bff60 Add option to disable XEP-0474: SASL SCRAM Downgrade Protection support
Looks like clients using strophejs aren't able to authenticate when we
add data required by that spec to scram packets, so at least give a way
to disable this until clients will be fixed.
2024-01-16 12:03:35 +01:00
Paweł Chmielowski
7d4330b57a Increase default value of negotiation_timeout from 30s to 2m
This timeout also covers in-band registration, and if user don't fill
registration form in that time leads to disconnect and aborting
registration. This will allow for more time to finish that.
2023-12-04 13:24:32 +01:00
Alexey Shchepin
ec20691188 Disable update_sql_schema by default 2023-10-16 19:31:32 +03:00
Alexey Shchepin
c1af36ac20 Automatically create and update SQL schema 2023-10-16 18:21:08 +03:00
Paweł Chmielowski
12d47455ba Add auth_external_user_exists_check option
This makes `user_check` hook work better with authentication methods
that don't have a way to determine if user exists (like is the case for
jwt and cert based authentication), and as result will improve mod_offline
and mod_mam handling of offline messages to those users. This reuses
information stored by `mod_last` for this purpose.

Should fix issue #3377.
2023-10-11 14:17:18 +02:00
Paweł Chmielowski
00c76003cb Add ability to force alternative upsert implementation in mysql 2023-08-18 11:46:37 +02:00
Badlop
c333cc0776 New option install_contrib_modules
This option is read during ejabberd start or config reload.
It installs the listed modules which aren't yet installed,
as long as allow_contrib_modules is not disabled.
Edit ejabberd.yml and configure the desired ejabberd-contrib modules,
add them in the install_contrib_modules option,
finally start ejabberd (or reload config).
2023-06-09 10:27:13 +02:00
Badlop
c4a2f8d64f captcha_url option now accepts 'auto' value, and it's the default 2023-03-22 16:23:41 +01:00
Badlop
243697e25a Update copyright year to 2023 (#3967) 2023-01-10 13:52:04 +01:00
Jonathan Davies
25ddd7b152 Changed default outgoing_s2s_families to IPv6 as servers are within datacenters
where IPv6 is more commonly enabled (contrary to clients), and if it's not
present - it'll just fall back to IPv4.
2022-12-22 14:00:22 +01:00
Paweł Chmielowski
d49b50a055 Add log_modules_fully option to make some modules log everything independed from global loglevel 2022-12-01 13:24:46 +01:00
Badlop
8ea7690fc5 Support @VERSION@ and @SEMVER@ in captcha_cmd option 2022-10-24 12:35:30 +02:00
Holger Weiß
13d4787ea9
Bump default 's2s_timeout' value (#3653)
Wait for an hour before closing an idle s2s connection.

It's not uncommon for a connection to be idle for longer than ten
minutes but less than an hour.  For example, XEP-0410 suggests a ping
interval of fifteen minutes.  A longer idle timeout avoids the latency
and log entries associated with constantly re-establishing such
connections.

Co-authored-by: Paweł Chmielowski <pawel@process-one.net>
2022-10-18 16:08:16 +02:00
Mark Zealey
555ff2db4c
Add log_burst_limit_* options (#3865)
* Add log_burst_limit_* options

On our ejabberd deployment we were sometimes seeing more than 500
msgs/sec of legitimate traffic, however this was getting silently
dropped. Provide config options to enable this limit to be configured
from the config file.

* Pass new logging vars in via ejabberdctl
2022-08-01 12:07:54 +02:00
Holger Weiss
121fc716b0 domain_balancing: Allow for specifying 'type' only
Allow for specifying the 'type' of 'domain_balancing' without specifying
the 'component_number' (as per the example in the documentation).  The
balancing 'type' is then applied to the dynamic number of component
instances.
2022-04-04 00:14:32 +02:00
Badlop
b3211b1f71 Update copyright year to 2022 2022-02-11 09:39:25 +01:00
Badlop
6e0161470e Update newest copyright year to 2021 (#3464) 2021-01-27 17:02:06 +01:00
Paweł Chmielowski
faaee94060 Add oauth_cache_rest_failure_life_time option
This allows to use shorted life time for failures in rest oauth
backend than specified in oauth_cache_life_time.
2021-01-27 11:23:39 +01:00
Paweł Chmielowski
1dc0ecd1e9 Allow to use different hash for storing scram passwords 2020-12-08 12:06:52 +01:00
Holger Weiss
0a88f9c8a9 Merge remote-tracking branch 'processone/pr/3396'
* processone/pr/3396:
  Add outbound s2s out interface (ipv4/ipv6)
2020-11-04 12:19:49 +01:00
Jerome Sautret
fdda572c9a Added sql_odbc_driver option for mssql db
Add an option to choose the ODBC driver when sql_type is set to mssql
2020-10-08 16:23:34 +02:00
Daniel Kenzelmann
604cc9bb3a Add outbound s2s out interface (ipv4/ipv6)
Adding options taking IPs as string:
outgoing_s2s_ipv4_address: "1.2.3.4"
outgoing_s2s_ipv6_address: "2000:1:1:1::1"
2020-09-21 22:18:46 +02:00
Badlop
e234ced107 Support ejabberd_auth_http's auth_opts (processone/ejabberd-contrib#284) 2020-02-19 13:18:39 +01:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Evgeny Khramtsov
97da380acd Generate ejabberd.yml.5 man page from source code directly
Several documentation callbacks (doc/0 and mod_doc/0) are implemented
and `ejabberdctl man` command is added to generate a man page. Note
that the command requires a2x to be installed (which is a part of
asciidoc package).
2020-01-08 12:24:51 +03:00
Alexey Shchepin
2a35cadf80 Merge branch 'pg_prepared_statements' of https://github.com/sabudaye/ejabberd into sabudaye-pg_prepared_statements
Conflicts:
	ejabberd.yml.example
	src/ejabberd_sql.erl
2019-11-26 19:45:01 +03:00
Evgeny Khramtsov
3826a9ed58 Also group duplicated list-like options inside host_config/append_host_config 2019-11-07 12:14:08 +03:00
Evgeny Khramtsov
bb26d7c379 Accept a list in c2s_ciphers/s2s_ciphers options 2019-11-05 17:54:56 +03:00
Evgeny Khramtsov
a202818037
Merge pull request #3069 from nosnilmot/jwt-custom-jid-field
Add option for JWT field name containing JID
2019-10-26 11:03:19 +03:00
Stu Tomlinson
b2651dae0f Add option for JWT field name containing JID 2019-10-25 16:56:18 +01:00
Evgeny Khramtsov
f981a2ef17 Improve jwt_key validator 2019-10-25 18:30:50 +03:00
Alexey Shchepin
c7470f5107 Handle the case when JWT key file contains JWK set 2019-10-25 16:33:22 +03:00
Evgeny Khramtsov
f1a35cc9ac Avoid calling to logger module on OTP<22 2019-10-25 15:27:47 +03:00
Evgeny Khramtsov
e4a8afb15d Replace lager with built-in new logging API
This change requires Erlang/OTP-21.0 or higher.
The commit also deprecates the following options:
  - log_rotate_date
  - log_rate_limit

Furthermore, these options have no effect. The logger now fully
relies on log_rotate_size, that cannot be 0 anymore.

The loglevel option now accepts levels in literal formats.
Those are: none, emergency, alert, critical, error, warning, notice, info, debug.
Old integer values (0-5) are still supported and automatically converted
into literal format.
2019-10-18 19:12:32 +03:00
Paweł Chmielowski
9822535e70 Convert oauth_expire option to accept timeout values 2019-10-15 11:28:47 +02:00
Alexey Shchepin
8f7fa38949 Support OAUTH client authentication 2019-09-27 20:36:58 +03:00
Evgeny Khramtsov
e227940b85 Improve ACME implementation
Fixes #2487, fixes #2590, fixes #2638
2019-09-20 12:36:31 +03:00
Alexey Shchepin
0fe1e40a9d JWT-only authentication for some users (#3012) 2019-09-18 18:46:24 +03:00
Evgeny Khramtsov
9ec69b8d62 Don't treat 'Host' header as a virtual XMPP host
Fixes #2989
2019-08-13 18:30:28 +03:00
Evgeny Khramtsov
d796dcace5 Spawn SQL connections on demand only 2019-08-12 12:21:31 +03:00
Evgeny Khramtsov
4be98b5aef Log an error when JWT authentication is configured without jwt_key 2019-07-19 12:01:57 +03:00
Evgeny Khramtsov
55d42b9000 Fix typo 2019-07-18 22:35:16 +03:00
Evgeny Khramtsov
6d6e3e348d Improve robustness of reading jwt_key option 2019-07-18 22:31:08 +03:00
Evgeny Khramtsov
3f7d9e3ad6 Remove Riak support
Reasons:
- Riak DB development is almost halted after Basho
- riak-erlang-client is abandoned and doesn't work
  correctly with OTP22
- Riak is slow in comparison to other databases
- Missing key ordering makes it impossible to implement range
  queries efficiently (e.g. MAM queries)
2019-07-18 19:31:12 +03:00
Evgeny Khramtsov
d718b35d46 Use econf:timeout() instead of econf:pos_int() wherever appropriate 2019-07-17 22:15:56 +03:00
Evgeny Khramtsov
4658d478b4 Don't call ejabberd_option from ejabberd_options 2019-07-03 19:23:05 +03:00
Evgeny Khramtsov
b7f6620166 Fix jwt_key option processing 2019-07-03 19:16:54 +03:00
Alexey Shchepin
ff6884f313 Read jwt_key from file 2019-07-03 05:33:35 +03:00
Alexey Shchepin
3e5c0a1df8 Authentication using JWT tokens 2019-07-01 05:01:55 +03:00