25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-12 15:57:31 +01:00
Commit Graph

482 Commits

Author SHA1 Message Date
Stu Tomlinson
da81590fef Validate additional listen opts
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):

2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue

This adds the necessary validators so they are correctly recognized.
2018-02-28 16:14:35 +00:00
Evgeniy Khramtsov
d625e24029 Introduce 'negotiation_timeout'
The option can be used to specify a period (in seconds) for a stream
negotiation to complete. If the timer fires, the stream is considered
as failed and the underlying connection gets closed. This is a global
option (you cannot set it per domain) and the default is 30 seconds.
2018-02-20 11:38:00 +03:00
Evgeniy Khramtsov
672c2f75d3 Introduce option 'validate_stream'
If set to `true`, all incoming XML packets are fully validated
against known schemas. If an error occurs, the packet will be bounced
with the corresponding error reason. The default value is `false`.
The option might be useful to protect client software from sofisticated
bugs related to XML validation as well as for client developers
who want to catch validation errors at early stage of development.

Note that the option might have slight performance impact, so use it
with care on loaded machines.
2018-02-09 18:12:50 +03:00
Evgeniy Khramtsov
5c85106a41 Fix type spec 2018-02-07 22:20:12 +03:00
Evgeniy Khramtsov
4b012a99d2 Introduce option 'captcha' for mod_block_strangers
When the option is set to `true`, the module will generate
CAPTCHA challenges for incoming subscription requests. The option
also implies that option `drop` is set to `true`. Note that
the module won't generate CAPTCHA challenges for messages: they
will still be rejected if `drop` is set to `true`.

Fixes #2246
2018-01-26 15:02:06 +03:00
Evgeniy Khramtsov
ba2b650464 Introduce new gen_mod callback: mod_options/1
The callback is supposed to provide known options and their default
values, as long as the documentation. Passing default values into
get_mod functions is now deprecated: all defaults should be provided
by the Mod:mod_options/1 callback.
2018-01-23 10:54:52 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
2d43c07c62 Get rid of ejabberd receiver
ejabberd receivers were meant to serve connections from frontends
to backends. However, this approach was not popular and frontend
related code was removed in previous releases. Now, ejabberd receiver's
code was also removed, making the code shorter and cleaner. Also, in
stress tests ejabberd now handles load more robustly, without
c2s processes overload (even with disabled shapers).

ejabberd_socket.erl is renamed to xmpp_socket.erl: it's supposed to
be finally moved into stand-alone xmpp library.
2017-12-26 18:55:57 +03:00
Holger Weiss
b54e1e49ba Don't let privacy list prevent local roster update 2017-12-23 22:45:01 +01:00
Evgeniy Khramtsov
08ce16f7ca Change loglevel of TLS failures 2017-12-19 15:33:30 +03:00
Evgeniy Khramtsov
614bd9dd72 Better process subtag decoding errors 2017-12-09 22:39:43 +03:00
Evgeniy Khramtsov
e4a4839880 Use ejabberd_cluster:send() in SM/C2S 2017-12-06 14:15:20 +03:00
Evgeniy Khramtsov
fbd6ea8a48 Move 'certfile' based options in a single place 2017-11-23 11:04:47 +03:00
Evgeniy Khramtsov
2531f37e5c Let validator know about c2s_dhfile 2017-11-16 00:40:36 +03:00
Evgeniy Khramtsov
c72e0a6ca6 Log warnings for c2s/s2s certfile option 2017-11-03 08:32:34 +03:00
Evgeniy Khramtsov
35b7203e01 Introduce 'certfiles' global option
The option is supposed to replace existing options 'c2s_certfile',
's2s_certfile' and 'domain_certfile'. The option accepts a list
of file paths (optionally with wildcards "*") containing either
PEM certificates or PEM private keys. At startup, ejabberd sorts
the certificates, finds matching private keys and rebuilds full
certificates chains which can be used by fast_tls. Example:

certfiles:
  - "/etc/letsencrypt/live/example.org/*.pem"
  - "/etc/letsencrypt/live/example.com/*.pem"
2017-11-01 00:20:27 +03:00
Evgeniy Khramtsov
d7250111ce Reuse some translation strings 2017-09-24 14:32:37 +03:00
Holger Weiss
64150cc7c5 Let 'domain_certfile' take higher precedence
If a 'domain_certfile' is specified, use that instead of the
's2s_certfile' (or 'c2s_certfile').
2017-08-13 20:31:03 +02:00
Holger Weiss
e1aaa1c99d ejabberd_c2s: Fix priority of 'certfile' option
Use the 'certfile' listener option rather than a 'domain_certfile' for
ejabberd_c2s listeners that have "tls: true" configured.  A
'domain_certfile' should only be preferred for STARTTLS connections.

Closes #1911.
2017-08-05 18:59:32 +02:00
Holger Weiss
d6f1d3df5b Support XEP-0357: Push Notifications
Closes #1379.
2017-07-20 20:22:50 +02:00
Badlop
aaef1a14b4 Fix set_presence command to work in recent ejabberd 2017-07-07 10:55:08 +02:00
Evgeniy Khramtsov
5bb7a0b0db Don't let a receiver to crash if a controller is unavailable
Fixes #1796
2017-06-22 16:58:46 +03:00
Evgeniy Khramtsov
a71065fcda Ciphers should be a binary string 2017-05-17 15:42:18 +03:00
Evgeniy Khramtsov
f782955c06 Implement cache for roster 2017-05-17 14:47:35 +03:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
d3c8fb7705 Check presence of some files during option validation 2017-05-12 09:34:57 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
f2dc8c0442 Emit deprecation warning for SM related listening options 2017-05-05 12:31:17 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Evgeniy Khramtsov
7129aebe76 Don't re-define validation functions in multiple places 2017-04-28 13:23:32 +03:00
Holger Weiss
b8a7720986 ejabberd_c2s: Don't close session on stream resume
Don't let ejabberd_c2s close the session and unset presence if a
'c2s_terminated' callback stops hook execution, as is done in
mod_stream_mgmt:c2s_terminated/2 on resumption.

Fixes #1680.
2017-04-19 01:20:28 +02:00
Evgeniy Khramtsov
7c9415356d Function fix_from_to/2 should not crash when 'from' is undefined
Fixes #1678
2017-04-18 01:38:35 +03:00
Evgeniy Khramtsov
5774edfe79 Improve ejabberd_c2s:close() 2017-04-15 08:30:41 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Evgeniy Khramtsov
dd11ed82d7 Report more TLS errors 2017-03-08 08:27:54 +03:00
Evgeniy Khramtsov
d0a185f2d9 Report some TLS errors 2017-03-07 18:46:02 +03:00
Evgeniy Khramtsov
489385d565 Make sure all hooks are called with proper host in ejabberd_c2s 2017-02-28 16:47:31 +03:00
Evgeniy Khramtsov
c1439ddd5b Get rid of jid:to_string/1 and jid:from_string/1 2017-02-26 10:07:12 +03:00
Evgeniy Khramtsov
5b112c86bf Fix a case clause and run c2s_filter_send on send_error/3 2017-02-24 07:57:57 +03:00
Evgeniy Khramtsov
7d68112265 Start/stop virtual hosts when reloading configuration file 2017-02-23 10:12:19 +03:00
Holger Weiss
61cdee97fc ejabberd_c2s: Don't drop 'user_send_packet' result
When handling a <session/> IQ, use the stanza returned by the
'user_send_packet' hook.

Thanks to Evgeniy for spotting this.
2017-02-20 13:07:34 +01:00
Holger Weiss
7c159e3881 Let ejabberd_c2s handle <session/> IQ
This fixes the counting of incoming stanzas for stream management.
2017-02-19 22:43:10 +01:00
Evgeniy Khramtsov
940ca9311d Fix some dialyzer warnings 2017-02-18 09:36:27 +03:00
Evgeniy Khramtsov
8b2d308498 Change routing API
Now 'From' and 'To' arguments must be omitted in functions
and structures related to routing.
The commit deprecates the following functions:
     ejabberd_router:route/3 in favor of ejabberd_router:route/1
     ejabberd_router:route_error/4 in favor of ejabberd_router:route_error/2
     ejabberd_local:route_iq/4 in favor of ejabberd_local:route_iq/2
     ejabberd_local:route_iq/5 in favor of ejabberd_local:route_iq/3
The format of {route, From, To, Packet} is changed in favor of {route, Packet}
2017-02-16 11:10:24 +03:00
Evgeniy Khramtsov
6fd89f5fe0 Attach IP metadata to every stanza received from stream 2017-02-14 17:09:25 +03:00
Evgeniy Khramtsov
9d144bd495 Do not drop default TLS options
Fixes #1484
2017-01-26 10:58:26 +03:00
Evgeniy Khramtsov
48d8498dbb Avoid using maps:get/2 to keep compatibility with OTP 17.5 2017-01-23 16:30:16 +03:00