26
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-28 17:38:54 +01:00
Commit Graph

3477 Commits

Author SHA1 Message Date
Holger Weiss
86e17c379c Verify host name before offering SASL EXTERNAL
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:

1. Verify the certificate without checking the host name.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
   identity against the certificate host name(s).  On failure, abort the
   connection unconditionally.

ejabberd now does this instead:

1. Verify the certificate and compare the certificate host name(s)
   against the 'from' attribute of the stream header.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
   identity (if any) and consider the peer authenticated.

The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
2014-04-23 11:45:17 +02:00
Holger Weiss
4bc8b6bc9f Fix extraction of host names from certificates 2014-04-22 22:12:04 +02:00
badlop
9497dbff17 Merge pull request #162 from weiss/enable-carbons
Enable mod_carboncopy in example configuration
2014-04-22 13:53:23 +02:00
badlop
37d4109e8a Merge pull request #161 from weiss/fix-carbons
Let mod_carboncopy take care of messages sent to bare/unavailable JIDs
2014-04-22 13:52:11 +02:00
badlop
b73f28c93e Merge pull request #173 from weiss/force-configure-regeneration
Always regenerate the configure script when running ./autogen.sh
2014-04-22 12:52:22 +02:00
Holger Weiss
c98d539bb3 Force regeneration of configure script
As the version string is auto-generated from the git-describe(1) output,
the configure script may need to be regenerated even if configure.ac
wasn't modified.
2014-04-18 12:13:17 +02:00
badlop
4b52a8e4e3 Merge pull request #172 from weiss/accept-extauth-cache-false
Don't log an error when "extauth_cache: false" is specified
2014-04-17 19:55:51 +02:00
Holger Weiss
d350cc6361 Accept "extauth_cache: false"
Don't log a "configuration problem" message if "extauth_cache: false" is
explicitly specified, as that's a valid configuration setting as per the
documentation.
2014-04-16 14:15:14 +02:00
badlop
727197613a Merge pull request #171 from weiss/update-doc-url
Update a URL in the guide
2014-04-16 10:03:07 +02:00
badlop
cc6a4787af Merge pull request #170 from weiss/fix-doc-typos
Fix two small typos in the guide
2014-04-16 10:02:12 +02:00
Holger Weiss
27a7b38dee Update a URL in the guide 2014-04-16 00:31:15 +02:00
Holger Weiss
45687c52dc Fix two small typos in the guide 2014-04-16 00:25:11 +02:00
Paweł Chmielowski
7af7b7d3f0 Fix compilation on pre-R17 2014-04-15 17:05:25 +02:00
Paweł Chmielowski
d97b4fd9ca Fix loading translation files on R17 2014-04-15 17:05:22 +02:00
Alexey Shchepin
f93758a3cd Merge pull request #160 from runcom/protocol_options
Add option to specify openssl options
2014-04-15 19:01:21 +04:00
badlop
77d6d36a9d Merge pull request #167 from weiss/fix-modules-doc
Remove outdated comment from guide
2014-04-15 16:41:48 +02:00
badlop
57ba57b908 Merge pull request #168 from weiss/carbons-doc
Mention mod_carboncopy in documentation
2014-04-15 16:40:48 +02:00
Holger Weiss
c9d4f2146c Mention mod_carboncopy in documentation 2014-04-15 01:29:00 +02:00
Holger Weiss
46001aafaa Remove outdated comment from guide 2014-04-15 01:21:41 +02:00
badlop
ad680c508e Merge pull request #165 from weiss/fix-access-doc
Fix the description of the access rules syntax in the Guide
2014-04-12 16:42:05 +02:00
Holger Weiss
be43aa85f4 Fix description of access rules syntax 2014-04-11 14:00:10 +02:00
badlop
285c4c17cf Merge pull request #146 from jamielinux/master
Update FSF address
2014-04-11 13:35:46 +02:00
Evgeniy Khramtsov
a21edc2f3a Pretty print accepted transport address 2014-04-11 12:30:58 +02:00
Holger Weiss
515331baad Enable mod_carboncopy in example configuration
XEP-0280 seems to be quite popular these days.
2014-04-08 23:38:04 +02:00
Holger Weiss
b3b12effbc Carbons: Handle unavailable resource like bare JID
As the session manager handles messages sent to unavailable resources
just like messages sent to bare JIDs, mod_carboncopy must do that, too.
That is, forward them only to those carbon-copy-enabled resources that
don't have a top priority, in order to avoid duplicates.
2014-04-08 23:32:30 +02:00
Antonio Murdaca
fbf71f86f3 Add option to specify openssl options 2014-04-08 18:46:52 +02:00
Holger Weiss
9d5426315f Carbons: Also forward messages sent to bare JIDs
Don't ignore messages sent to bare JIDs, but forward them to all
carbon-copy-enabled resources that don't have the highest priority.
2014-04-07 22:10:08 +02:00
Holger Weiss
c114eb3736 XEP-0198: Don't bounce/resend forwarded messages
On connection timeout, drop any messages that were forwarded by some
encapsulating protocol, such as XEP-0280 carbon copies or XEP-0313
archive messages.  Bouncing or resending them could easily lead to
unexpected results.
2014-04-07 21:21:11 +02:00
Badlop
66006ba017 Update Hebrew translation (thanks to Isratine Citizen) 2014-04-07 16:26:50 +02:00
badlop
f3bbfb1c66 Merge pull request #159 from weiss/update-gitignore
Update the gitignore(5) file
2014-04-07 13:29:37 +02:00
badlop
766ab1eb46 Merge pull request #158 from weiss/fix-lang-type
Fix a type error
2014-04-07 13:28:41 +02:00
badlop
76fb7d284a Merge pull request #157 from weiss/fix-mod-update
Fix badarg issue on module update web site
2014-04-07 13:27:31 +02:00
badlop
2d441b3305 Merge pull request #156 from hamano/devel
mod_register_web: check same acl as mod_register.
2014-04-07 12:39:22 +02:00
Holger Weiss
0befeb7d93 Let Git ignore the "ebin" directory 2014-04-06 00:56:36 +02:00
Holger Weiss
a2679e9d51 Let Git ignore files generated by "make install" 2014-04-06 00:56:09 +02:00
Holger Weiss
37f409d254 Fix a type error 2014-04-06 00:39:51 +02:00
Holger Weiss
e02a4913d2 Fix badarg issue on module update web site 2014-04-05 23:23:44 +02:00
HAMANO Tsukasa
1250ee5d77 mod_register_web: check same acl as mod_register. 2014-04-04 04:07:29 +09:00
Badlop
8b9c49440a Fix user_resources command, and ejabberd_xmlrpc parsing auth details in call 2014-03-31 16:51:47 +02:00
Badlop
5bf3c784da New Bash completion script for ejabberdctl, experimental (EJAB-1042) 2014-03-26 16:43:56 +01:00
Badlop
a5a065290b Small change in ejabberd_ctl output format to support bash completion 2014-03-26 16:43:53 +01:00
Badlop
ac0e199d36 Provide meaningful text to user when admin kicks session (EJAB-1455) 2014-03-26 16:01:37 +01:00
Holger Weiss
a97c716352 XEP-0198: Bounce unacked stanzas by default
If the new "resend_on_timeout" option is set to false (which it is by
default), bounce any unacknowledged stanzas instead of re-routing them.
2014-03-25 23:23:38 +01:00
Evgeniy Khramtsov
2150b10901 Fix service_info options processing 2014-03-25 09:52:57 +04:00
Evgeniy Khramtsov
5c36c44689 Remove annyoing warnings 2014-03-25 09:42:12 +04:00
Badlop
d5f90965d7 Fix ACLs syntax change (thanks to jokker23)(issue #140) 2014-03-24 19:40:55 +01:00
Holger Weiss
2da6933bb7 Remove "fun" element from c2s #state
Memory consumption wise, local "fun" references are quite expensive.
2014-03-22 20:25:43 +01:00
Holger Weiss
e360c56f87 Support XEP-0198 session resumption
Implement the optional session resumption feature described in XEP-0198.
A client that supports this feature may now resume the previous session
(within a configurable number of seconds) if the connection was lost.
During resumption, ejabberd will retransmit any stanzas that hadn't been
acknowledged by the client.
2014-03-19 00:51:33 +01:00
badlop
2b527f5e9a Merge pull request #149 from iulianlaz/carboncopy-fix-msg-back-to-original-sender
#148 Carbon copy sends message back to original sender solved
2014-03-16 20:59:49 +01:00
Holger Weiss
88a200e100 Remove some commented out code
The code that had been commented out at some earlier point in time would
now break XEP-0198.
2014-03-16 00:12:47 +01:00