Badlop [Mon, 21 Feb 2011 21:33:23 +0000 (22:33 +0100)]
Add support for '@online@' Shared Roster Group (thanks to Martin Langhoff)(EJAB-1391)
New version of the @online@ patch originally by Collabora.
Notes:
- the presence push is mediated via the group rather than
per user - this may reduce memory footprint... _if_ ejabberd
has some smart optimisation in that codepath
- it assumes that any group with membership @online@ _displays_
online as well -- this is a simplification and breaks the
decoupling that ejabberd has in this regard.
This reverts commit c890b17834f2593a9af56e093523653102349989.
This change made ejabberd more strict in protocol compliance, which breaks Psi 0.14 and other clients.
We must grant a grace period to client developers to fix their clients. So this isn't going to be included
in 2.1.x.
Pablo Polvorin [Wed, 1 Dec 2010 18:54:58 +0000 (15:54 -0300)]
Fix cyrsasl_digest RFC-2831 2.1.2.1 (EJAB-476)
Fix sasl digest bug when username|password|resource strings had
all characters <= U+00FF and at least one character >= U+0080.
Warnning:
Note that by fixing the bug, we may be broking compatibility with clients
that "implements" it.
See comments on https://support.process-one.net/browse/EJAB-476
Increase maximum restart strategy of the ODBC supervisor. Do not brutally kill ODBC processes on supervisor shutdown to avoid polution of the mnesia table
Andreas Köhler [Sat, 6 Nov 2010 19:09:33 +0000 (20:09 +0100)]
Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
looking up domain_certfile options is #state.myname and not
#state.server
* If s2s_certfile is not specified, connect should still be part of the
tls options used by ejabberd_s2s_out
* Add #state.server to ejabberd_s2s_in processes and store the to
attribute in :wait_for_stream/2. Then use that server in
:wait_for_feature_request/2 to change the tls options like in
ejabberd_s2s_out.
Andreas Köhler [Mon, 8 Nov 2010 12:46:56 +0000 (13:46 +0100)]
Before binding tcp ports, checks the socket type and listener options
If the callback module has a socket type of independent and needs to
create the listener itself, do not pre-bind the port. The same holds if
there are errors in the listener configuration.
Andreas Köhler [Tue, 2 Nov 2010 13:43:03 +0000 (14:43 +0100)]
Bind listener ports early and start accepting connections later
It may happen that auth or rdbms client tcp connections bind a local
socket to a port number required by a configered listener. The ejabberd
applications fails to start up and needs to be restarted.
In plain C you would bind(2) the listener port and listen(2) later on.
gen_tcp:listen/2 does not allow to separate these two steps though, so
another way is not to accept connections while start up. OTOH, the
kernel will syn/ack incoming connections and receive data, leaving them
in a buffer for the ejabberd to read from. If this is unwanted, a load
balancer would need to receive data from the ejabberd server before
adding the node to its pool.
This patch binds tcp ports while initializing the ejabberd_listener
process, storing ListenSockets in an ets table. start_listeners/0 will
reuse these ports later on.
Andreas Köhler [Fri, 5 Nov 2010 17:32:25 +0000 (18:32 +0100)]
Refactor mod_last to use the same core get_last/2 functionality, but keep api stable
The local function get_last/4 has been renamed to get_last_iq/4, since
it converts the result of get_last/2 (typically {ok, TimeStamp, Status})
to an iq packet.
Andreas Köhler [Fri, 5 Nov 2010 14:44:22 +0000 (15:44 +0100)]
Before forwarding last activity requests to a user, check that the user's presence is visible for From
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."
So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.
Andreas Köhler [Fri, 5 Nov 2010 02:54:56 +0000 (03:54 +0100)]
Remove dead code for NS_VCARD iq packets from ejabberd_c2s
For EJAB-1045, the special NS_VCARD block for handling incoming vcard
iqs on behalf of clients has already been restricted to cases where the
user or resource part of the recipient is empty. But then the packets
should not have been routed to the c2s process anyway. This patch
completely removes it.
Andreas Köhler [Fri, 5 Nov 2010 02:29:32 +0000 (03:29 +0100)]
Use c2s state data as user and server in ejabberd_c2s:is_privacy_allow
is_privacy_allow is only used in ejabberd_c2s:handle_info/3 to determine
for a few presence types whether the packet is allowed to be forwarded
to the user's client. This only makes sense if To#jid.user and
To#jid.server match StateData#state.user and StateData#state.server.
Also, add the atom in as parameter to a new argument Dir of
is_privacy_allow and extract from that function
privacy_check_packet(StateData, From, To, Packet, Dir) which runs the
privavcy check without converting allow/deny to true/false.