From ffe1c722e051d68ff1b220b5a38184da6dccad23 Mon Sep 17 00:00:00 2001 From: Evgeny Khramtsov Date: Wed, 26 Jun 2019 10:40:30 +0300 Subject: [PATCH] Deprecate 'route_subdomains' option This option was introduced to fulfill requirement of RFC3920 10.3, but in practice it was very inconvenient and many admins were forced to change its value to 's2s' (i.e. to behaviour that violates the RFC). Also, it seems like in RFC6120 this requirement no longer presents. Those admins who used this option to block s2s with their subdomains can use 's2s_access' option for the same purpose. --- src/ejabberd_config_transformer.erl | 3 ++ src/ejabberd_option.erl | 8 ---- src/ejabberd_options.erl | 3 -- src/ejabberd_s2s.erl | 65 +++++++---------------------- 4 files changed, 18 insertions(+), 61 deletions(-) diff --git a/src/ejabberd_config_transformer.erl b/src/ejabberd_config_transformer.erl index 2ab952e48..82d9c4a15 100644 --- a/src/ejabberd_config_transformer.erl +++ b/src/ejabberd_config_transformer.erl @@ -197,6 +197,9 @@ filter(_Host, Opt, Val, _) when Opt == outgoing_s2s_timeout; filter(_Host, captcha_host, _, _) -> warn_deprecated_option(captcha_host, captcha_url), true; +filter(_Host, route_subdomains, _, _) -> + warn_removed_option(route_subdomains, s2s_access), + false; filter(Host, modules, ModOpts, State) -> NoDialbackHosts = maps:get(remove_s2s_dialback, State, []), ModOpts1 = lists:filter( diff --git a/src/ejabberd_option.erl b/src/ejabberd_option.erl index 64f178b9d..188a416bf 100644 --- a/src/ejabberd_option.erl +++ b/src/ejabberd_option.erl @@ -111,7 +111,6 @@ -export([riak_server/0]). -export([riak_start_interval/0]). -export([riak_username/0]). --export([route_subdomains/0, route_subdomains/1]). -export([router_cache_life_time/0]). -export([router_cache_missed/0]). -export([router_cache_size/0]). @@ -756,13 +755,6 @@ riak_start_interval() -> riak_username() -> ejabberd_config:get_option({riak_username, global}). --spec route_subdomains() -> 'local' | 's2s'. -route_subdomains() -> - route_subdomains(global). --spec route_subdomains(global | binary()) -> 'local' | 's2s'. -route_subdomains(Host) -> - ejabberd_config:get_option({route_subdomains, Host}). - -spec router_cache_life_time() -> 'infinity' | pos_integer(). router_cache_life_time() -> ejabberd_config:get_option({router_cache_life_time, global}). diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl index b07c7a269..80a0e4f21 100644 --- a/src/ejabberd_options.erl +++ b/src/ejabberd_options.erl @@ -294,8 +294,6 @@ opt_type(riak_start_interval) -> econf:timeout(second); opt_type(riak_username) -> econf:string(); -opt_type(route_subdomains) -> - econf:enum([s2s, local]); opt_type(router_cache_life_time) -> econf:timeout(second, infinity); opt_type(router_cache_missed) -> @@ -568,7 +566,6 @@ options() -> {riak_server, "127.0.0.1"}, {riak_start_interval, timer:seconds(30)}, {riak_username, nil}, - {route_subdomains, local}, {router_cache_life_time, fun(Host) -> ejabberd_config:get_option({cache_life_time, Host}) end}, {router_cache_missed, diff --git a/src/ejabberd_s2s.erl b/src/ejabberd_s2s.erl index c32f01567..5e793ec36 100644 --- a/src/ejabberd_s2s.erl +++ b/src/ejabberd_s2s.erl @@ -361,10 +361,6 @@ do_route(Packet) -> {error, Reason} -> Lang = xmpp:get_lang(Packet), Err = case Reason of - policy_violation -> - xmpp:err_policy_violation( - ?T("Server connections to local " - "subdomains are forbidden"), Lang); forbidden -> xmpp:err_forbidden(?T("Access denied by service policy"), Lang); internal_server_error -> @@ -374,12 +370,12 @@ do_route(Packet) -> end. -spec start_connection(jid(), jid()) - -> {ok, pid()} | {error, policy_violation | forbidden | internal_server_error}. + -> {ok, pid()} | {error, forbidden | internal_server_error}. start_connection(From, To) -> start_connection(From, To, []). -spec start_connection(jid(), jid(), [proplists:property()]) - -> {ok, pid()} | {error, policy_violation | forbidden | internal_server_error}. + -> {ok, pid()} | {error, forbidden | internal_server_error}. start_connection(From, To, Opts) -> #jid{lserver = MyServer} = From, #jid{lserver = Server} = To, @@ -395,24 +391,19 @@ start_connection(From, To, Opts) -> %% service and if the s2s host is not blacklisted or %% is in whitelist: LServer = ejabberd_router:host_of_route(MyServer), - case is_service(From, To) of - true -> - {error, policy_violation}; - false -> - case allow_host(LServer, Server) of - true -> - NeededConnections = needed_connections_number( - [], - MaxS2SConnectionsNumber, - MaxS2SConnectionsNumberPerNode), - open_several_connections(NeededConnections, MyServer, - Server, From, FromTo, - MaxS2SConnectionsNumber, - MaxS2SConnectionsNumberPerNode, Opts); - false -> - {error, forbidden} - end - end; + case allow_host(LServer, Server) of + true -> + NeededConnections = needed_connections_number( + [], + MaxS2SConnectionsNumber, + MaxS2SConnectionsNumberPerNode), + open_several_connections(NeededConnections, MyServer, + Server, From, FromTo, + MaxS2SConnectionsNumber, + MaxS2SConnectionsNumberPerNode, Opts); + false -> + {error, forbidden} + end; L when is_list(L) -> NeededConnections = needed_connections_number(L, MaxS2SConnectionsNumber, @@ -512,32 +503,6 @@ needed_connections_number(Ls, MaxS2SConnectionsNumber, lists:min([MaxS2SConnectionsNumber - length(Ls), MaxS2SConnectionsNumberPerNode - length(LocalLs)]). -%%-------------------------------------------------------------------- -%% Function: is_service(From, To) -> true | false -%% Description: Return true if the destination must be considered as a -%% service. -%% -------------------------------------------------------------------- --spec is_service(jid(), jid()) -> boolean(). -is_service(From, To) -> - LFromDomain = From#jid.lserver, - case ejabberd_option:route_subdomains(LFromDomain) of - s2s -> % bypass RFC 3920 10.3 - false; - local -> - Hosts = ejabberd_option:hosts(), - P = fun (ParentDomain) -> - lists:member(ParentDomain, Hosts) - end, - lists:any(P, parent_domains(To#jid.lserver)) - end. - -parent_domains(Domain) -> - lists:foldl(fun (Label, []) -> [Label]; - (Label, [Head | Tail]) -> - [<