We were sending swapped from/to attributes when replying to db:verify requests.
Some servers don't mind about this, but others like prosody checks this and
rejects the verification, the s2s connection in that case couldn't be established.
Please note that ejabberd takes care to create the tables in your
ODBC database if needed. The file pg.sql is provided for reference
purposes only, as it isn't needed when preparing the database.
- fix bug with caps 2.0: ERRORs were logged in some cases
- enhance record definitions
- turn string() data into binary() ones
- remove mod_caps:node_to_binary/2, mod_caps:features_to_binary/1 and mod_caps:binary_to_features/1.
Tested with Psi+ (caps 1.0) and OneTeam (caps 2.0), and they now don't produce ERROR REPORTs.
Fix sasl digest bug when username|password|resource strings had
all characters <= U+00FF and at least one character >= U+0080.
Warnning:
Note that by fixing the bug, we may be broking compatibility with clients
that "implements" it.
See comments on https://support.process-one.net/browse/EJAB-476
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
looking up domain_certfile options is #state.myname and not
#state.server
* If s2s_certfile is not specified, connect should still be part of the
tls options used by ejabberd_s2s_out
* Add #state.server to ejabberd_s2s_in processes and store the to
attribute in :wait_for_stream/2. Then use that server in
:wait_for_feature_request/2 to change the tls options like in
ejabberd_s2s_out.
Fixes EJAB-1086.
(EJAB-1334)
If the callback module has a socket type of independent and needs to
create the listener itself, do not pre-bind the port. The same holds if
there are errors in the listener configuration.
(EJAB-1334)
It may happen that auth or rdbms client tcp connections bind a local
socket to a port number required by a configered listener. The ejabberd
applications fails to start up and needs to be restarted.
In plain C you would bind(2) the listener port and listen(2) later on.
gen_tcp:listen/2 does not allow to separate these two steps though, so
another way is not to accept connections while start up. OTOH, the
kernel will syn/ack incoming connections and receive data, leaving them
in a buffer for the ejabberd to read from. If this is unwanted, a load
balancer would need to receive data from the ejabberd server before
adding the node to its pool.
This patch binds tcp ports while initializing the ejabberd_listener
process, storing ListenSockets in an ets table. start_listeners/0 will
reuse these ports later on.
The local function get_last/4 has been renamed to get_last_iq/4, since
it converts the result of get_last/2 (typically {ok, TimeStamp, Status})
to an iq packet.
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."
So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.
Fixes problem 3 of EJAB-1158.
For EJAB-1045, the special NS_VCARD block for handling incoming vcard
iqs on behalf of clients has already been restricted to cases where the
user or resource part of the recipient is empty. But then the packets
should not have been routed to the c2s process anyway. This patch
completely removes it.
is_privacy_allow is only used in ejabberd_c2s:handle_info/3 to determine
for a few presence types whether the packet is allowed to be forwarded
to the user's client. This only makes sense if To#jid.user and
To#jid.server match StateData#state.user and StateData#state.server.
Also, add the atom in as parameter to a new argument Dir of
is_privacy_allow and extract from that function
privacy_check_packet(StateData, From, To, Packet, Dir) which runs the
privavcy check without converting allow/deny to true/false.
The change for EJAB-1271 to change the direction of the privacy check
from out to in violates the idea that the check should imitate a
subscription state check of from. Rather correct the order of the From
and To parameters.
Modules configured by the administrator normally should not be treated
as optional, so a exception (error, exit, throw) to start them should not
be caught and logged only.
This patch re-raises a caught exception instead of ignoring the
exception and inserting the module's opts on success. That way
gen_mod:get_module_opt/4 should work while calling Module:start/2.
When a (non-frontend) socket module without any custom receiver fails to
start, the newly created ejabberd_receiver process needs to be properly
closed.
Changes included:
* Remove var in fixed field because Gajim and Tkabber display it to user
* Add workaround for Psi's overlap fields
* Add var=url attribute, required by Psi to display the field
* Provide the image URL as a copy-able form field
This is required in order to suppress error messages like
"File operation error: eacces" when ejabberd was started from directory,
which is not readable by INSTALLUSER (/root, for example). See rhbz #564686:
https://bugzilla.redhat.com/564686
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
ejabberd_loglevel:set/1 now understands more input formats:
set(Param) -> {module, ejabberd_logger}
Param = Level | {Level, CustomLevels}
CustomLevels = [CustomLevel]
CustomLevel = {Module, Level}
Module = atom()
Level = integer() | atom()
set(Level) is equivalent to set({Level, []}), so it clears all module
level customizations. log_src/2 adds additional function heads for those
_msg function and module combinations that need non-default behavior,
i.e. add or filter logging.
ejabberd_loglevel:get/0 only returns the default log level. To retrieve
the complete setting use ejabberd_logger:get/0 instead.
Split the monolithic function ejabberd_loglevel:ejabberd_logger_src/1
into separate functions returning deep lists.
log_src/2 now returns the code for any of *_msg/4. Its parameters are
the current loglevel (integer()) and a loglevel specification
(#loglevel{}), with added information in #loglevel:
- function: The api function enabled by this level, may be no_log
- event_type: The type of the event sent to the error_logger
- msg_prefix: One character used in the message (one of "DIWEC")
If the current loglevel is too low for logging, the api function is
optimized at compile time.
Iterating through the list of possible parent domains of a given domain
and comparing with the list of hosts or routes is almost always faster
than doing it the other way around. It naturally returns the shortest or
longest parent domain satisfying a predicate, whereas the possibly long
list compared with would need to be sorted by length first.