25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00
Commit Graph

164 Commits

Author SHA1 Message Date
Paweł Chmielowski
1bd560f3f2 Fix potential message loss in terminating c2s sessions
Calling sync version of xmpp_stream_in/out:stop could lead to messages
never being processed by c2s process if they were queued in p1_server.

This could be reproduced by when having messages in offline storage,
starting sessions, enabling stream_mgmt, sending initial presence, and then immediately
</stream:stream>, messages that mod_offline would send process would not
be bounced back by stream_mgmt.
2020-04-01 14:36:01 +02:00
Badlop
2d32c66fd7 Update copyright to 2020 (#3149) 2020-01-28 15:49:23 +01:00
Evgeny Khramtsov
5770946f03 Correctly handle unicode in log messages 2019-09-23 15:17:20 +03:00
Evgeny Khramtsov
a8c6eec28c Fix certificate selection for s2s
The bug was introduced in c2cbb4d879
Fixes #3015
2019-09-06 22:20:07 +03:00
Evgeny Khramtsov
c5fde9d5af Get rid of useless dialyzer instructions 2019-07-01 10:36:20 +03:00
Evgeny Khramtsov
28b1d88772 Call ejabberd_s2s:allow_host/2 with correct virtual host 2019-06-24 21:18:57 +03:00
Evgeny Khramtsov
a3e0cbbdd8 Make logging messages more consistent 2019-06-24 20:32:34 +03:00
Evgeny Khramtsov
c2cbb4d879 Use correct virtual host for s2s options 2019-06-23 19:37:54 +03:00
Evgeny Khramtsov
4f69325e3c Fix shaper selection in ejabberd_c2s 2019-06-22 10:19:17 +03:00
Evgeny Khramtsov
e9a78d0de7 Make option 'validate_stream' global 2019-06-21 21:06:32 +03:00
Evgeny Khramtsov
a02cff0e78 Use new configuration validator 2019-06-14 12:33:26 +03:00
Evgeny Khramtsov
ed2abe471a Rename listening callback from start/2 to start/3
This will prevent conflicts in callback names in mod_mqtt
Old callback function is still supported.
2019-04-01 16:53:28 +03:00
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Holger Weiss
a9539fef22 ejabberd_s2s_in: Check for subdomain configuration
If an incoming s2s connection to a subdomain such as
conference.example.com is accepted, check for host-specific
configuration settings for that subdomain rather than for example.com.
This is for consistency with ejabberd_s2s_out, and with my previous
commit.
2018-12-01 10:14:04 +01:00
Holger Weiss
122dfec03d ejabberd_s2s_in: Check for subdomain certificate
If an incoming s2s connection to a subdomain such as
conference.example.com is accepted and a separate certificate is
available for that subdomain, offer that certificate instead of the one
for example.com.

Thanks to Mike Kuketz for reporting the bug.
2018-12-01 10:08:28 +01:00
Holger Weiss
3d4f65812e ejabberd_s2s_in: Fix indentation 2018-10-15 23:03:53 +02:00
Evgeny Khramtsov
39fa1a810d Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES =====
The commit introduces the following incompatibility:
- Option 'ca_path' is deprecated and has no effect anymore:
  option 'ca_file' should be used instead if needed.
==================================================
2018-09-27 20:37:27 +03:00
Evgeny Khramtsov
08f3d066b1 Switch more log message to warning level
The commit is supposed to improve logging at loglevel 3, which
is the recommended level for high loaded ejabberd servers
2018-09-19 23:12:14 +03:00
Evgeny Khramtsov
e96bfbdbfa Remove useless type specs 2018-09-18 13:24:06 +03:00
Evgeny Khramtsov
03de853e4f Refactor ejabberd_listener 2018-09-18 12:53:36 +03:00
Evgeny Khramtsov
de385591d0 Refactor ejabberd listener API 2018-09-17 11:21:02 +03:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Holger Weiss
8c8c480477 ejabberd_s2s_in: Log message on connection close
Log a message when an incoming s2s connection is closed, analogous to
the message on outgoing s2s connection close.
2018-08-29 16:23:56 +02:00
Evgeniy Khramtsov
d03432a956 Fix regression: list SASL EXTERNAL mechanism for inbound s2s 2018-07-10 10:14:08 +03:00
Evgeniy Khramtsov
0bb14d16c7 Move XMPP stream and SASL processing to xmpp repo 2018-07-06 01:07:36 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Evgeniy Khramtsov
4ea481d1dd Add validator for 'accept_interval' listening option 2018-04-30 11:52:00 +03:00
Stu Tomlinson
da81590fef Validate additional listen opts
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):

2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue

This adds the necessary validators so they are correctly recognized.
2018-02-28 16:14:35 +00:00
Evgeniy Khramtsov
d625e24029 Introduce 'negotiation_timeout'
The option can be used to specify a period (in seconds) for a stream
negotiation to complete. If the timer fires, the stream is considered
as failed and the underlying connection gets closed. This is a global
option (you cannot set it per domain) and the default is 30 seconds.
2018-02-20 11:38:00 +03:00
Evgeniy Khramtsov
672c2f75d3 Introduce option 'validate_stream'
If set to `true`, all incoming XML packets are fully validated
against known schemas. If an error occurs, the packet will be bounced
with the corresponding error reason. The default value is `false`.
The option might be useful to protect client software from sofisticated
bugs related to XML validation as well as for client developers
who want to catch validation errors at early stage of development.

Note that the option might have slight performance impact, so use it
with care on loaded machines.
2018-02-09 18:12:50 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
2d43c07c62 Get rid of ejabberd receiver
ejabberd receivers were meant to serve connections from frontends
to backends. However, this approach was not popular and frontend
related code was removed in previous releases. Now, ejabberd receiver's
code was also removed, making the code shorter and cleaner. Also, in
stress tests ejabberd now handles load more robustly, without
c2s processes overload (even with disabled shapers).

ejabberd_socket.erl is renamed to xmpp_socket.erl: it's supposed to
be finally moved into stand-alone xmpp library.
2017-12-26 18:55:57 +03:00
Evgeniy Khramtsov
08ce16f7ca Change loglevel of TLS failures 2017-12-19 15:33:30 +03:00
Evgeniy Khramtsov
c72e0a6ca6 Log warnings for c2s/s2s certfile option 2017-11-03 08:32:34 +03:00
Evgeniy Khramtsov
5bb7a0b0db Don't let a receiver to crash if a controller is unavailable
Fixes #1796
2017-06-22 16:58:46 +03:00
Holger Weiss
5802062746 Cosmetic change: Fix indentation errors 2017-05-24 17:16:16 +02:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
5774edfe79 Improve ejabberd_c2s:close() 2017-04-15 08:30:41 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Evgeniy Khramtsov
dd11ed82d7 Report more TLS errors 2017-03-08 08:27:54 +03:00
Evgeniy Khramtsov
d0a185f2d9 Report some TLS errors 2017-03-07 18:46:02 +03:00
Evgeniy Khramtsov
7d68112265 Start/stop virtual hosts when reloading configuration file 2017-02-23 10:12:19 +03:00
Evgeniy Khramtsov
8b2d308498 Change routing API
Now 'From' and 'To' arguments must be omitted in functions
and structures related to routing.
The commit deprecates the following functions:
     ejabberd_router:route/3 in favor of ejabberd_router:route/1
     ejabberd_router:route_error/4 in favor of ejabberd_router:route_error/2
     ejabberd_local:route_iq/4 in favor of ejabberd_local:route_iq/2
     ejabberd_local:route_iq/5 in favor of ejabberd_local:route_iq/3
The format of {route, From, To, Packet} is changed in favor of {route, Packet}
2017-02-16 11:10:24 +03:00
Evgeniy Khramtsov
6fd89f5fe0 Attach IP metadata to every stanza received from stream 2017-02-14 17:09:25 +03:00
Evgeniy Khramtsov
d5d906184f Merge branch 'new_stream'
Conflicts:
	src/cyrsasl.erl
	src/ejabberd_c2s.erl
	src/ejabberd_cluster.erl
	src/ejabberd_frontend_socket.erl
	src/ejabberd_node_groups.erl
	src/ejabberd_router.erl
	src/mod_bosh.erl
	src/mod_ip_blacklist.erl
	src/mod_muc_mnesia.erl
	src/mod_offline.erl
	src/mod_proxy65_sm.erl
2017-01-20 19:35:46 +03:00
Evgeniy Khramtsov
31491ebe16 Fix some corner cases while re-reading RFC6120 2017-01-13 11:35:47 +03:00