Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-28 17:38:54 +01:00
Code Releases Activity
3,079 Commits 7 Branches 110 Tags 68 MiB
fafec77e56
Commit Graph

2547 Commits

Author SHA1 Message Date
Evgeniy Khramtsov
fafec77e56 Make it possible to get/set vCards for MUC rooms 2014-05-04 23:23:17 +04:00
Evgeniy Khramtsov
806c0e56e1 Do not crash on version downgrade 2014-05-03 17:55:03 +04:00
Evgeniy Khramtsov
d0ffcb7fd4 Assume udp_recv/5 now returns new options 2014-05-03 17:48:26 +04:00
Evgeniy Khramtsov
955487391d Assume tcp_init/2 and udp_init/2 now return new options 2014-05-03 17:48:17 +04:00
Evgeniy Khramtsov
47a39ce738 Remove unused function 2014-05-02 17:43:23 +04:00
Evgeniy Khramtsov
ebd760b7c9 Forking support 2014-05-02 17:43:17 +04:00
Evgeniy Khramtsov
f8417f7c1f Remove empty line 2014-05-02 17:43:09 +04:00
Evgeniy Khramtsov
3c98de69dc Some cleanup 2014-05-02 17:43:03 +04:00
Evgeniy Khramtsov
ab6774d93d Fix CSeq comparison 2014-05-02 17:42:57 +04:00
Evgeniy Khramtsov
58aa200297 Optimize request processing 2014-05-02 17:42:51 +04:00
Evgeniy Khramtsov
a1337cb73f Do not proxy stray responses statelessly (as per RFC 6026) 2014-05-02 17:42:45 +04:00
Evgeniy Khramtsov
e7e4055cbb Don't use erlang:integer_to_binary/1 2014-05-02 17:42:37 +04:00
Evgeniy Khramtsov
1d771fe646 Rewrite 'Contact' headers in REGISTER requests 2014-05-02 17:42:31 +04:00
Evgeniy Khramtsov
8e2bc8d19e Check for 'max_user_sessions' option 2014-05-02 17:42:13 +04:00
Evgeniy Khramtsov
0117787317 Process gen_server timeouts correctly 2014-05-02 17:40:25 +04:00
Evgeniy Khramtsov
16e5d66572 Move some code in a separate function 2014-05-02 17:38:47 +04:00
Evgeniy Khramtsov
6a95422af8 Multiple REGISTER bindings support 2014-05-02 17:38:28 +04:00
Evgeniy Khramtsov
35faffe7da Locate sessions by proxy processes directly 2014-05-02 17:31:17 +04:00
HAMANO Tsukasa
d83368d73d fix ejabberd_system_monitor:s2s_out_info/1 error 2014-05-01 15:12:04 +09:00
Evgeny Khramtsov
c545b3de6d Merge pull request #178 from hamano/devel 
undefined ejabberd_socket:get_conn_type/1
 2014-04-30 21:49:54 +04:00
Evgeniy Khramtsov
02e0649d18 SIP support 
Conflicts:
	configure
	configure.ac
	doc/guide.tex
 2014-04-30 19:38:15 +04:00
Badlop
ec6c58a21c Fix error reporting in previous commit 2014-04-30 16:02:20 +02:00
Badlop
b3714a1b2e Fix formatting string argument (thanks to Locojay)(github #129) 2014-04-30 15:59:44 +02:00
Evgeny Khramtsov
81a906af01 Merge pull request #191 from hamano/added_get_random_pid_error_handling 
fix error handling when sql calling with unknown host.
 2014-04-30 17:02:39 +04:00
badlop
65519cf262 Merge pull request #190 from hamano/mod_register_web_response_404 
mod_register_web should response 404 instead of process crash.
 2014-04-30 12:42:43 +02:00
badlop
a1b8c54c16 Merge pull request #187 from weiss/fix-ejabberdctl-output 
Let ejabberdctl accept binary string arguments
 2014-04-30 12:41:12 +02:00
HAMANO Tsukasa
a6408e9281 fix error handling when sql calling with unknown host. 2014-04-30 15:32:07 +09:00
HAMANO Tsukasa
0e0bd3329d mod_register_web should response 404 instead of process crash. 2014-04-30 13:39:17 +09:00
Evgeny Khramtsov
9563b0228f Merge pull request #177 from weiss/log-tls-sasl-external 
Log TLS status for outgoing s2s with SASL EXTERNAL
 2014-04-30 00:38:18 +04:00
Evgeny Khramtsov
8419322884 Merge pull request #181 from weiss/check-tls-before-auth 
Check TLS state before requesting SASL EXTERNAL for outgoing s2s connections
 2014-04-30 00:36:08 +04:00
Evgeny Khramtsov
c37aa1b46d Merge pull request #185 from weiss/verify-cert-for-s2s-out 
Support certificate verification for outgoing s2s connections
 2014-04-30 00:08:24 +04:00
Evgeny Khramtsov
599fdb9ac2 Merge pull request #186 from weiss/add-disconnect-command 
New ejabberd command: disconnect_user/2
 2014-04-29 15:41:41 +04:00
Holger Weiss
ebbceab93f Translate disconnect_user/2 string sent to client 2014-04-29 11:56:28 +02:00
Holger Weiss
bb2c8b59f8 Avoid #state.lang type errors in corner cases 
If #state.lang is used before being initialized to some binary string,
the translation code would crash.
 2014-04-29 11:41:24 +02:00
Evgeny Khramtsov
4073394e7a Merge pull request #182 from hamano/register_account_acl 
fix checking acl in mod_register_web
 2014-04-29 13:06:53 +04:00
Evgeny Khramtsov
29aead19d9 Merge pull request #179 from hamano/added_get_random_pid_error_handling 
added get_random_pid/1 error handling
 2014-04-29 13:05:58 +04:00
Holger Weiss
d09c268b20 Let ejabberdctl accept binary string arguments 
Don't print the following message if an ejabberd command expects binary
string arguments: "This command cannot be executed using ejabberdctl.
Try ejabberd_xmlrpc."
 2014-04-29 01:11:08 +02:00
Holger Weiss
6d1055abec New ejabberd command: disconnect_user/2 2014-04-29 00:50:43 +02:00
Holger Weiss
49bdbf2895 Support certificate verification for outgoing s2s 
Handle "s2s_use_starttls: required_trusted" the same way for outgoing
s2s connections as for incoming connections.  That is, check the remote
server's certificate (including the host name) and abort the connection
if verification fails.
 2014-04-28 01:42:02 +02:00
Holger Weiss
1aa4ed3f35 Don't mess with s2s out when aborting s2s in 
Don't try to look up and close outgoing connections to a given server
when aborting incoming connections from that server due to certificate
verification errors.  The ejabberd_s2s:find_connection/2 call actually
created one or more *new* connections if less than 'max_s2s_connections'
connections were found.  Then, no more than one of those possibly new
connections were stopped by the ejabberd_s2s_out:stop_connection/1 call.

It's not really necessary to bother with outgoing connections at all,
here.
 2014-04-28 00:17:05 +02:00
Holger Weiss
eabca82765 Send stream trailer before closing s2s connection 
When aborting an incoming s2s connection due to certificate verification
errors, send a stream trailer before closing the socket.
 2014-04-27 00:28:42 +02:00
HAMANO Tsukasa
71dba66330 fix checking acl in mod_register_web 2014-04-24 18:15:39 +09:00
Holger Weiss
d805d198ac Check TLS state before requesting SASL EXTERNAL 
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
 2014-04-24 11:04:10 +02:00
HAMANO Tsukasa
ffe9f3c192 added get_random_pid/1 error handling 2014-04-24 15:34:41 +09:00
HAMANO Tsukasa
219f9276d1 undefined ejabberd_socket:get_conn_type/1 2014-04-24 12:42:22 +09:00
Holger Weiss
f988aad940 Log TLS status for outgoing s2s with SASL EXTERNAL 2014-04-23 23:28:13 +02:00
HAMANO Tsukasa
9ec014c184 added error handling in mod_pubsub_odbc. 2014-04-23 23:35:34 +09:00
Holger Weiss
86e17c379c Verify host name before offering SASL EXTERNAL 
Prior to this commit, ejabberd handled certificate authentication for
incoming s2s connections like this:

1. Verify the certificate without checking the host name.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, compare the authorization
   identity against the certificate host name(s).  On failure, abort the
   connection unconditionally.

ejabberd now does this instead:

1. Verify the certificate and compare the certificate host name(s)
   against the 'from' attribute of the stream header.  On failure,
   behave according to 's2s_use_starttls'.  On success:
2. Offer SASL EXTERNAL.
3. If the remote server chooses SASL EXTERNAL, ignore the authorization
   identity (if any) and consider the peer authenticated.

The old behavior was suggested by previous versions of XEP-0178, the new
behavior is suggested by the current version 1.1.
 2014-04-23 11:45:17 +02:00
Holger Weiss
4bc8b6bc9f Fix extraction of host names from certificates 2014-04-22 22:12:04 +02:00
badlop
37d4109e8a Merge pull request #161 from weiss/fix-carbons 
Let mod_carboncopy take care of messages sent to bare/unavailable JIDs
 2014-04-22 13:52:11 +02:00