From 24ac52313b0af5b07b066609bd1a069895ffde9f Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Jun 12 2010 13:54:06 +0000 Subject: Ver. 2.1.4 --- diff --git a/.cvsignore b/.cvsignore index ff96921..0fbdd0f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -ejabberd-2.1.3.tar.gz +ejabberd-2.1.4.tar.gz diff --git a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch index 09ae80c..cddb7bd 100644 --- a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch +++ b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch @@ -1,7 +1,7 @@ -From 53f8a296b0f83ea9dafc3aed8b49c34941f31454 Mon Sep 17 00:00:00 2001 +From 32b2458e39fa13190f575aafd2f410b2041ca78b Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Tue, 16 Feb 2010 16:03:38 +0300 -Subject: [PATCH 1/9] Fix PAM service example name to match actual one +Subject: [PATCH 01/12] Fix PAM service example name to match actual one Signed-off-by: Peter Lemenkov --- @@ -22,5 +22,5 @@ index 4087947..b351cfc 100644 %% %% Authentication using LDAP -- -1.6.6.1 +1.7.0.1 diff --git a/ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch b/ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch index 2767291..c1e1581 100644 --- a/ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch +++ b/ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch @@ -1,7 +1,7 @@ -From 6365359078925b436d1d3238a2dd6d6c11271fac Mon Sep 17 00:00:00 2001 +From ce99acea0e154c8d5f9c6348c8770512325851fb Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Tue, 16 Feb 2010 16:05:53 +0300 -Subject: [PATCH 2/9] Mention mod_ctlextra as an ejabberd module +Subject: [PATCH 02/12] Mention mod_ctlextra as an ejabberd module Signed-off-by: Peter Lemenkov --- @@ -9,7 +9,7 @@ Signed-off-by: Peter Lemenkov 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/ejabberd.app b/src/ejabberd.app -index 2f5f123..cc7e1f8 100644 +index 3d65f82..d780de4 100644 --- a/src/ejabberd.app +++ b/src/ejabberd.app @@ -70,6 +70,7 @@ @@ -21,5 +21,5 @@ index 2f5f123..cc7e1f8 100644 mod_echo, mod_http_bind, -- -1.6.6.1 +1.7.0.1 diff --git a/ejabberd-0003-Fixed-delays-in-s2s-connections.patch b/ejabberd-0003-Fixed-delays-in-s2s-connections.patch index 19101dd..bcda716 100644 --- a/ejabberd-0003-Fixed-delays-in-s2s-connections.patch +++ b/ejabberd-0003-Fixed-delays-in-s2s-connections.patch @@ -1,7 +1,7 @@ -From 019bf239560925edd809bb7922a49b3737412067 Mon Sep 17 00:00:00 2001 +From 24b6dfa0c8194435f51de87c40001f81f4b514c2 Mon Sep 17 00:00:00 2001 From: Sergei Golovan Date: Tue, 16 Feb 2010 16:07:37 +0300 -Subject: [PATCH 3/9] Fixed delays in s2s connections. +Subject: [PATCH 03/12] Fixed delays in s2s connections. Patch by Sergei Golovan increases timeouts in S2S and removes horrible 5-minute delay between remote server connection attempts after a falure (in case of @@ -13,10 +13,10 @@ network split when the delay is inadmissible). 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl -index f221302..b55c805 100644 +index 9b37833..cc217ef 100644 --- a/src/ejabberd_s2s_in.erl +++ b/src/ejabberd_s2s_in.erl -@@ -352,7 +352,7 @@ stream_established({xmlstreamelement, El}, StateData) -> +@@ -361,7 +361,7 @@ stream_established({xmlstreamelement, El}, StateData) -> case {ejabberd_s2s:allow_host(To, From), lists:member(LTo, ejabberd_router:dirty_get_all_domains())} of {true, true} -> @@ -26,10 +26,10 @@ index f221302..b55c805 100644 {verify, self(), Key, StateData#state.streamid}), diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl -index ac7eee2..048d018 100644 +index 69cbfdd..4661241 100644 --- a/src/ejabberd_s2s_out.erl +++ b/src/ejabberd_s2s_out.erl -@@ -90,7 +90,7 @@ +@@ -91,7 +91,7 @@ [From, Host, Type])). -endif. @@ -38,7 +38,7 @@ index ac7eee2..048d018 100644 %% We do not block on send anymore. -define(TCP_SEND_TIMEOUT, 15000). -@@ -226,8 +226,8 @@ open_socket(init, StateData) -> +@@ -227,8 +227,8 @@ open_socket(init, StateData) -> {error, _Reason} -> ?INFO_MSG("s2s connection: ~s -> ~s (remote server not found)", [StateData#state.myname, StateData#state.server]), @@ -50,5 +50,5 @@ index ac7eee2..048d018 100644 open_socket(stop, StateData) -> ?INFO_MSG("s2s connection: ~s -> ~s (stopped in open socket)", -- -1.6.6.1 +1.7.0.1 diff --git a/ejabberd-0004-Introducing-mod_admin_extra.patch b/ejabberd-0004-Introducing-mod_admin_extra.patch index 47d10a0..099d2cd 100644 --- a/ejabberd-0004-Introducing-mod_admin_extra.patch +++ b/ejabberd-0004-Introducing-mod_admin_extra.patch @@ -1,7 +1,7 @@ -From 766c7603bff9d7548d43229f855e9ac7b79c63cd Mon Sep 17 00:00:00 2001 +From 843ce577199c20241ad2f89a23d13240d0a52c7e Mon Sep 17 00:00:00 2001 From: Badlop Date: Tue, 16 Feb 2010 16:12:17 +0300 -Subject: [PATCH 4/9] Introducing mod_admin_extra +Subject: [PATCH 04/12] Introducing mod_admin_extra Adds the mod_admin_extra module to ejabberd. This module extends the functionality provided by ejabberdctl @@ -17,7 +17,7 @@ https://forge.process-one.net/browse/ejabberd-modules/mod_admin_extra create mode 100644 src/mod_admin_extra.erl diff --git a/src/ejabberd.app b/src/ejabberd.app -index cc7e1f8..ae8ce83 100644 +index d780de4..91d50d6 100644 --- a/src/ejabberd.app +++ b/src/ejabberd.app @@ -105,6 +105,7 @@ @@ -1314,5 +1314,5 @@ index 0000000..9f3ca14 +is_glob_match(String, Glob) -> + is_regexp_match(String, regexp:sh_to_awk(Glob)). -- -1.6.6.1 +1.7.0.1 diff --git a/ejabberd-0005-Fedora-specific-changes-to-ejabberdctl.patch b/ejabberd-0005-Fedora-specific-changes-to-ejabberdctl.patch index eafbd02..7039698 100644 --- a/ejabberd-0005-Fedora-specific-changes-to-ejabberdctl.patch +++ b/ejabberd-0005-Fedora-specific-changes-to-ejabberdctl.patch @@ -1,7 +1,7 @@ -From 1a2f7fc0f4ba4ff9f9cf1ee409ce461000685eef Mon Sep 17 00:00:00 2001 +From f4c26373ef2c0c1c58726c6d3c8de0416c23bd9a Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Tue, 16 Feb 2010 16:30:05 +0300 -Subject: [PATCH 5/9] Fedora-specific changes to ejabberdctl +Subject: [PATCH 05/12] Fedora-specific changes to ejabberdctl Signed-off-by: Peter Lemenkov --- @@ -44,5 +44,5 @@ index 9ede77d..69c74d6 100644 done if [ "$ID" -eq "$EJID" ] ; then -- -1.6.6.1 +1.7.0.1 diff --git a/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI-http-www.patch b/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI-http-www.patch deleted file mode 100644 index e2b3e7d..0000000 --- a/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI-http-www.patch +++ /dev/null @@ -1,425 +0,0 @@ -From 764adfa6bce78bc8615053a476c2bd38bdab349d Mon Sep 17 00:00:00 2001 -From: Badlop -Date: Tue, 29 Sep 2009 15:10:15 +0200 -Subject: [PATCH 6/9] Support to authenticate against SASL GSSAPI http://www.ejabberd.im/cyrsasl_gssapi - ---- - src/cyrsasl.erl | 34 ++++++----- - src/cyrsasl_anonymous.erl | 6 +- - src/cyrsasl_digest.erl | 4 +- - src/cyrsasl_gssapi.erl | 143 +++++++++++++++++++++++++++++++++++++++++++++ - src/cyrsasl_plain.erl | 5 +- - src/ejabberd.hrl | 7 ++ - src/ejabberd_c2s.erl | 8 ++- - src/ejabberd_net.erl | 39 ++++++++++++ - 8 files changed, 224 insertions(+), 22 deletions(-) - create mode 100644 src/cyrsasl_gssapi.erl - create mode 100644 src/ejabberd_net.erl - -diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl -index 121ef6d..192d5b5 100644 ---- a/src/cyrsasl.erl -+++ b/src/cyrsasl.erl -@@ -30,19 +30,20 @@ - -export([start/0, - register_mechanism/3, - listmech/1, -- server_new/7, -+ server_new/8, - server_start/3, - server_step/2]). - - -record(sasl_mechanism, {mechanism, module, require_plain_password}). ---record(sasl_state, {service, myname, realm, -- get_password, check_password, check_password_digest, -- mech_mod, mech_state}). -+-record(sasl_state, {service, myname, -+ mech_mod, mech_state, ctx}). -+ -+-include("ejabberd.hrl"). - - -export([behaviour_info/1]). - - behaviour_info(callbacks) -> -- [{mech_new, 4}, {mech_step, 2}]; -+ [{mech_new, 1}, {mech_step, 2}]; - behaviour_info(_Other) -> - undefined. - -@@ -50,6 +51,7 @@ start() -> - ets:new(sasl_mechanism, [named_table, - public, - {keypos, #sasl_mechanism.mechanism}]), -+ cyrsasl_gssapi:start([]), - cyrsasl_plain:start([]), - cyrsasl_digest:start([]), - cyrsasl_anonymous:start([]), -@@ -113,24 +115,26 @@ listmech(Host) -> - filter_anonymous(Host, Mechs). - - server_new(Service, ServerFQDN, UserRealm, _SecFlags, -- GetPassword, CheckPassword, CheckPasswordDigest) -> -+ GetPassword, CheckPassword, CheckPasswordDigest, FQDN) -> -+ Ctx = #sasl_ctx{ -+ host = ServerFQDN, -+ realm = UserRealm, -+ get_password = GetPassword, -+ check_password = CheckPassword, -+ check_password_digest= CheckPasswordDigest, -+ fqdn = FQDN -+ }, -+ - #sasl_state{service = Service, - myname = ServerFQDN, -- realm = UserRealm, -- get_password = GetPassword, -- check_password = CheckPassword, -- check_password_digest= CheckPasswordDigest}. -+ ctx = Ctx}. - - server_start(State, Mech, ClientIn) -> - case lists:member(Mech, listmech(State#sasl_state.myname)) of - true -> - case ets:lookup(sasl_mechanism, Mech) of - [#sasl_mechanism{module = Module}] -> -- {ok, MechState} = Module:mech_new( -- State#sasl_state.myname, -- State#sasl_state.get_password, -- State#sasl_state.check_password, -- State#sasl_state.check_password_digest), -+ {ok, MechState} = Module:mech_new(State#sasl_state.ctx), - server_step(State#sasl_state{mech_mod = Module, - mech_state = MechState}, - ClientIn); -diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl -index 2b3ba36..ec75f40 100644 ---- a/src/cyrsasl_anonymous.erl -+++ b/src/cyrsasl_anonymous.erl -@@ -27,12 +27,14 @@ - - -module(cyrsasl_anonymous). - ---export([start/1, stop/0, mech_new/4, mech_step/2]). -+-export([start/1, stop/0, mech_new/1, mech_step/2]). - - -behaviour(cyrsasl). - - -record(state, {server}). - -+-include("ejabberd.hrl"). -+ - start(_Opts) -> - cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false), - ok. -@@ -40,7 +42,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) -> -+mech_new(#sasl_ctx{host=Host}) -> - {ok, #state{server = Host}}. - - mech_step(State, _ClientIn) -> -diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl -index 2a7ce2a..a354778 100644 ---- a/src/cyrsasl_digest.erl -+++ b/src/cyrsasl_digest.erl -@@ -29,7 +29,7 @@ - - -export([start/1, - stop/0, -- mech_new/4, -+ mech_new/1, - mech_step/2]). - - -include("ejabberd.hrl"). -@@ -45,7 +45,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) -> -+mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password_digest=CheckPasswordDigest}) -> - {ok, #state{step = 1, - nonce = randoms:get_string(), - host = Host, -diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl -new file mode 100644 -index 0000000..d292565 ---- /dev/null -+++ b/src/cyrsasl_gssapi.erl -@@ -0,0 +1,143 @@ -+%%%---------------------------------------------------------------------- -+%%% File : cyrsasl_gssapi.erl -+%%% Author : Mikael Magnusson -+%%% Purpose : GSSAPI SASL mechanism -+%%% Created : 1 June 2007 by Mikael Magnusson -+%%% Id : $Id: $ -+%%%---------------------------------------------------------------------- -+%%% -+%%% Copyright (C) 2007 Mikael Magnusson -+%%% -+%%% Permission is hereby granted, free of charge, to any person -+%%% obtaining a copy of this software and associated documentation -+%%% files (the "Software"), to deal in the Software without -+%%% restriction, including without limitation the rights to use, copy, -+%%% modify, merge, publish, distribute, sublicense, and/or sell copies -+%%% of the Software, and to permit persons to whom the Software is -+%%% furnished to do so, subject to the following conditions: -+%%% -+%%% The above copyright notice and this permission notice shall be -+%%% included in all copies or substantial portions of the Software. -+%%% -+%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+%%% SOFTWARE. -+%%% -+ -+%%% -+%%% configuration options: -+%%% {sasl_realm, ""}. -+%%% -+%%% environment variables: -+%%% KRB5_KTNAME -+%%% -+ -+-module(cyrsasl_gssapi). -+-author('mikma@users.sourceforge.net'). -+-vsn('$Revision: $ '). -+ -+-include("ejabberd.hrl"). -+ -+-export([start/1, -+ stop/0, -+ mech_new/1, -+ mech_step/2]). -+ -+-behaviour(cyrsasl). -+ -+-define(SERVER, cyrsasl_gssapi). -+-define(MSG, ?DEBUG). -+ -+-record(state, {sasl, -+ needsmore=true, -+ step=0, -+ host, -+ authid, -+ authzid, -+ authrealm}). -+ -+start(_Opts) -> -+ ChildSpec = -+ {?SERVER, -+ {esasl, start_link, [{local, ?SERVER}]}, -+ transient, -+ 1000, -+ worker, -+ [esasl]}, -+ -+ {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec), -+ -+ cyrsasl:register_mechanism("GSSAPI", ?MODULE, false). -+ -+stop() -> -+ esasl:stop(?SERVER), -+ supervisor:terminate_child(ejabberd_sup, ?SERVER), -+ supervisor:delete_child(ejabberd_sup, ?SERVER). -+ -+mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) -> -+ ?MSG("mech_new ~p ~p~n", [Host, FQDN]), -+ {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN), -+ {ok, #state{sasl=Sasl,host=Host}}. -+ -+mech_step(State, ClientIn) when is_list(ClientIn) -> -+ catch do_step(State, ClientIn). -+ -+do_step(#state{needsmore=false}=State, _) -> -+ check_user(State); -+do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> -+ ?MSG("mech_step~n", []), -+ case esasl:step(Sasl, list_to_binary(ClientIn)) of -+ {ok, RspAuth} -> -+ ?MSG("ok~n", []), -+ {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name), -+ {ok, Authzid} = esasl:property_get(Sasl, authzid), -+ {Authid, [$@ | Auth_realm]} = -+ lists:splitwith(fun(E)->E =/= $@ end, Display_name), -+ State1 = State#state{authid=Authid, -+ authzid=Authzid, -+ authrealm=Auth_realm}, -+ handle_step_ok(State1, binary_to_list(RspAuth)); -+ {needsmore, RspAuth} -> -+ ?MSG("needsmore~n", []), -+ if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) -> -+ {error, "not-authorized"}; -+ true -> -+ {continue, binary_to_list(RspAuth), -+ State#state{step=Step+1}} -+ end; -+ {error, _} -> -+ {error, "not-authorized"} -+ end. -+ -+handle_step_ok(State, []) -> -+ check_user(State); -+handle_step_ok(#state{step=Step}=State, RspAuth) -> -+ ?MSG("continue~n", []), -+ {continue, RspAuth, State#state{needsmore=false,step=Step+1}}. -+ -+check_user(#state{authid=Authid,authzid=Authzid, -+ authrealm=Auth_realm,host=Host}) -> -+ Realm = ejabberd_config:get_local_option({sasl_realm, Host}), -+ -+ if Realm =/= Auth_realm -> -+ ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), -+ throw({error, "not-authorized"}); -+ true -> -+ ok -+ end, -+ -+ case ejabberd_auth:is_user_exists(Authid, Host) of -+ false -> -+ ?MSG("bad user ~p~n",[Authid]), -+ throw({error, "not-authorized"}); -+ true -> -+ ok -+ end, -+ -+ ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), -+ {ok, [{username, Authid}, {authzid, Authzid}]}. -diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl -index 129fb8b..d920463 100644 ---- a/src/cyrsasl_plain.erl -+++ b/src/cyrsasl_plain.erl -@@ -27,10 +27,11 @@ - -module(cyrsasl_plain). - -author('alexey@process-one.net'). - ---export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]). -+-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]). - - -behaviour(cyrsasl). - -+-include("ejabberd.hrl"). - -record(state, {check_password}). - - start(_Opts) -> -@@ -40,7 +41,7 @@ start(_Opts) -> - stop() -> - ok. - --mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) -> -+mech_new(#sasl_ctx{check_password=CheckPassword}) -> - {ok, #state{check_password = CheckPassword}}. - - mech_step(State, ClientIn) -> -diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl -index e1f0cfd..39a41d5 100644 ---- a/src/ejabberd.hrl -+++ b/src/ejabberd.hrl -@@ -59,3 +59,10 @@ - -define(CRITICAL_MSG(Format, Args), - ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)). - -+-record(sasl_ctx, { -+ host, -+ realm, -+ get_password, -+ check_password, -+ check_password_digest, -+ fqdn}). -diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl -index 6df6766..8edc1a0 100644 ---- a/src/ejabberd_c2s.erl -+++ b/src/ejabberd_c2s.erl -@@ -69,6 +69,7 @@ - -record(state, {socket, - sockmod, - socket_monitor, -+ fqdn, - xml_socket, - streamid, - sasl_state, -@@ -206,9 +207,11 @@ init([{SockMod, Socket}, Opts]) -> - Socket - end, - SocketMonitor = SockMod:monitor(Socket1), -+ {ok, FQDN} = ejabberd_net:gethostname(Socket), - {ok, wait_for_stream, #state{socket = Socket1, - sockmod = SockMod, - socket_monitor = SocketMonitor, -+ fqdn = FQDN, - xml_socket = XMLSocket, - zlib = Zlib, - tls = TLS, -@@ -252,6 +255,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> - send_header(StateData, Server, "1.0", DefaultLang), - case StateData#state.authenticated of - false -> -+ FQDN = StateData#state.fqdn, -+ ?INFO_MSG("FQDN: ~p~n", [FQDN]), - SASLState = - cyrsasl:server_new( - "jabber", Server, "", [], -@@ -266,7 +271,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> - fun(U, P, D, DG) -> - ejabberd_auth:check_password_with_authmodule( - U, Server, P, D, DG) -- end), -+ end, -+ FQDN), - Mechs = lists:map( - fun(S) -> - {xmlelement, "mechanism", [], -diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl -new file mode 100644 -index 0000000..e9ab70a ---- /dev/null -+++ b/src/ejabberd_net.erl -@@ -0,0 +1,39 @@ -+%%%---------------------------------------------------------------------- -+%%% File : ejabberd_net.erl -+%%% Author : Mikael Magnusson -+%%% Purpose : Serve C2S connection -+%%% Created : 6 June 2007 by Mikael Magnusson -+%%% Id : $Id: $ -+%%%---------------------------------------------------------------------- -+ -+-module(ejabberd_net). -+-author('mikma@users.sourceforge.net'). -+%% -update_info({update, 0}). -+ -+-export([gethostname/1]). -+ -+-include("ejabberd.hrl"). -+-include_lib("kernel/include/inet.hrl"). -+ -+%% Copied from ejabberd_socket.erl of ejabberd 2.0.3 -+-record(socket_state, {sockmod, socket, receiver}). -+ -+%% -+%% gethostname(Socket) -+%% -+gethostname(Socket) -> -+ ?INFO_MSG("gethostname ~p~n", [Socket]), -+%% {ok, "skinner.hem.za.org"}. -+ -+ case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of -+ undefined -> -+ {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket), -+ case inet:gethostbyaddr(Addr) of -+ {ok, HostEnt} when is_record(HostEnt, hostent) -> -+ {ok, HostEnt#hostent.h_name}; -+ {error, What} -> -+ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]), -+ error -+ end; -+ F -> {ok, F} -+ end. --- -1.6.6.1 - diff --git a/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI.patch b/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI.patch new file mode 100644 index 0000000..3f9480f --- /dev/null +++ b/ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI.patch @@ -0,0 +1,428 @@ +From 12008cf7b4072fd50273c94fc47db91280908491 Mon Sep 17 00:00:00 2001 +From: Badlop +Date: Tue, 29 Sep 2009 15:10:15 +0200 +Subject: [PATCH 06/12] Support to authenticate against SASL GSSAPI. + http://www.ejabberd.im/cyrsasl_gssapi + +--- + src/cyrsasl.erl | 34 ++++++----- + src/cyrsasl_anonymous.erl | 6 +- + src/cyrsasl_digest.erl | 4 +- + src/cyrsasl_gssapi.erl | 142 +++++++++++++++++++++++++++++++++++++++++++++ + src/cyrsasl_plain.erl | 5 +- + src/ejabberd.hrl | 7 ++ + src/ejabberd_c2s.erl | 8 ++- + src/ejabberd_net.erl | 42 +++++++++++++ + 8 files changed, 226 insertions(+), 22 deletions(-) + create mode 100644 src/cyrsasl_gssapi.erl + create mode 100644 src/ejabberd_net.erl + +diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl +index 121ef6d..192d5b5 100644 +--- a/src/cyrsasl.erl ++++ b/src/cyrsasl.erl +@@ -30,19 +30,20 @@ + -export([start/0, + register_mechanism/3, + listmech/1, +- server_new/7, ++ server_new/8, + server_start/3, + server_step/2]). + + -record(sasl_mechanism, {mechanism, module, require_plain_password}). +--record(sasl_state, {service, myname, realm, +- get_password, check_password, check_password_digest, +- mech_mod, mech_state}). ++-record(sasl_state, {service, myname, ++ mech_mod, mech_state, ctx}). ++ ++-include("ejabberd.hrl"). + + -export([behaviour_info/1]). + + behaviour_info(callbacks) -> +- [{mech_new, 4}, {mech_step, 2}]; ++ [{mech_new, 1}, {mech_step, 2}]; + behaviour_info(_Other) -> + undefined. + +@@ -50,6 +51,7 @@ start() -> + ets:new(sasl_mechanism, [named_table, + public, + {keypos, #sasl_mechanism.mechanism}]), ++ cyrsasl_gssapi:start([]), + cyrsasl_plain:start([]), + cyrsasl_digest:start([]), + cyrsasl_anonymous:start([]), +@@ -113,24 +115,26 @@ listmech(Host) -> + filter_anonymous(Host, Mechs). + + server_new(Service, ServerFQDN, UserRealm, _SecFlags, +- GetPassword, CheckPassword, CheckPasswordDigest) -> ++ GetPassword, CheckPassword, CheckPasswordDigest, FQDN) -> ++ Ctx = #sasl_ctx{ ++ host = ServerFQDN, ++ realm = UserRealm, ++ get_password = GetPassword, ++ check_password = CheckPassword, ++ check_password_digest= CheckPasswordDigest, ++ fqdn = FQDN ++ }, ++ + #sasl_state{service = Service, + myname = ServerFQDN, +- realm = UserRealm, +- get_password = GetPassword, +- check_password = CheckPassword, +- check_password_digest= CheckPasswordDigest}. ++ ctx = Ctx}. + + server_start(State, Mech, ClientIn) -> + case lists:member(Mech, listmech(State#sasl_state.myname)) of + true -> + case ets:lookup(sasl_mechanism, Mech) of + [#sasl_mechanism{module = Module}] -> +- {ok, MechState} = Module:mech_new( +- State#sasl_state.myname, +- State#sasl_state.get_password, +- State#sasl_state.check_password, +- State#sasl_state.check_password_digest), ++ {ok, MechState} = Module:mech_new(State#sasl_state.ctx), + server_step(State#sasl_state{mech_mod = Module, + mech_state = MechState}, + ClientIn); +diff --git a/src/cyrsasl_anonymous.erl b/src/cyrsasl_anonymous.erl +index 2b3ba36..ec75f40 100644 +--- a/src/cyrsasl_anonymous.erl ++++ b/src/cyrsasl_anonymous.erl +@@ -27,12 +27,14 @@ + + -module(cyrsasl_anonymous). + +--export([start/1, stop/0, mech_new/4, mech_step/2]). ++-export([start/1, stop/0, mech_new/1, mech_step/2]). + + -behaviour(cyrsasl). + + -record(state, {server}). + ++-include("ejabberd.hrl"). ++ + start(_Opts) -> + cyrsasl:register_mechanism("ANONYMOUS", ?MODULE, false), + ok. +@@ -40,7 +42,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) -> ++mech_new(#sasl_ctx{host=Host}) -> + {ok, #state{server = Host}}. + + mech_step(State, _ClientIn) -> +diff --git a/src/cyrsasl_digest.erl b/src/cyrsasl_digest.erl +index 2a7ce2a..a354778 100644 +--- a/src/cyrsasl_digest.erl ++++ b/src/cyrsasl_digest.erl +@@ -29,7 +29,7 @@ + + -export([start/1, + stop/0, +- mech_new/4, ++ mech_new/1, + mech_step/2]). + + -include("ejabberd.hrl"). +@@ -45,7 +45,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(Host, GetPassword, _CheckPassword, CheckPasswordDigest) -> ++mech_new(#sasl_ctx{host=Host, get_password=GetPassword, check_password_digest=CheckPasswordDigest}) -> + {ok, #state{step = 1, + nonce = randoms:get_string(), + host = Host, +diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl +new file mode 100644 +index 0000000..24a3796 +--- /dev/null ++++ b/src/cyrsasl_gssapi.erl +@@ -0,0 +1,142 @@ ++%%%---------------------------------------------------------------------- ++%%% File : cyrsasl_gssapi.erl ++%%% Author : Mikael Magnusson ++%%% Purpose : GSSAPI SASL mechanism ++%%% Created : 1 June 2007 by Mikael Magnusson ++%%% Id : $Id: $ ++%%%---------------------------------------------------------------------- ++%%% ++%%% Copyright (C) 2007 Mikael Magnusson ++%%% ++%%% Permission is hereby granted, free of charge, to any person ++%%% obtaining a copy of this software and associated documentation ++%%% files (the "Software"), to deal in the Software without ++%%% restriction, including without limitation the rights to use, copy, ++%%% modify, merge, publish, distribute, sublicense, and/or sell copies ++%%% of the Software, and to permit persons to whom the Software is ++%%% furnished to do so, subject to the following conditions: ++%%% ++%%% The above copyright notice and this permission notice shall be ++%%% included in all copies or substantial portions of the Software. ++%%% ++%%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++%%% EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++%%% MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++%%% NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++%%% BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++%%% ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++%%% CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++%%% SOFTWARE. ++%%% ++ ++%%% ++%%% configuration options: ++%%% {sasl_realm, ""}. ++%%% ++%%% environment variables: ++%%% KRB5_KTNAME ++%%% ++ ++-module(cyrsasl_gssapi). ++-author('mikma@users.sourceforge.net'). ++-vsn('$Revision: $ '). ++ ++-include("ejabberd.hrl"). ++ ++-export([start/1, ++ stop/0, ++ mech_new/1, ++ mech_step/2]). ++ ++-behaviour(cyrsasl). ++ ++-define(SERVER, cyrsasl_gssapi). ++ ++-record(state, {sasl, ++ needsmore=true, ++ step=0, ++ host, ++ authid, ++ authzid, ++ authrealm}). ++ ++start(_Opts) -> ++ ChildSpec = ++ {?SERVER, ++ {esasl, start_link, [{local, ?SERVER}]}, ++ transient, ++ 1000, ++ worker, ++ [esasl]}, ++ ++ {ok, _Pid} = supervisor:start_child(ejabberd_sup, ChildSpec), ++ ++ cyrsasl:register_mechanism("GSSAPI", ?MODULE, false). ++ ++stop() -> ++ esasl:stop(?SERVER), ++ supervisor:terminate_child(ejabberd_sup, ?SERVER), ++ supervisor:delete_child(ejabberd_sup, ?SERVER). ++ ++mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) -> ++ ?DEBUG("mech_new ~p ~p~n", [Host, FQDN]), ++ {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN), ++ {ok, #state{sasl=Sasl,host=Host}}. ++ ++mech_step(State, ClientIn) when is_list(ClientIn) -> ++ catch do_step(State, ClientIn). ++ ++do_step(#state{needsmore=false}=State, _) -> ++ check_user(State); ++do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> ++ ?DEBUG("mech_step~n", []), ++ case esasl:step(Sasl, list_to_binary(ClientIn)) of ++ {ok, RspAuth} -> ++ ?DEBUG("ok~n", []), ++ {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name), ++ {ok, Authzid} = esasl:property_get(Sasl, authzid), ++ {Authid, [$@ | Auth_realm]} = ++ lists:splitwith(fun(E)->E =/= $@ end, Display_name), ++ State1 = State#state{authid=Authid, ++ authzid=Authzid, ++ authrealm=Auth_realm}, ++ handle_step_ok(State1, binary_to_list(RspAuth)); ++ {needsmore, RspAuth} -> ++ ?DEBUG("needsmore~n", []), ++ if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) -> ++ {error, "not-authorized"}; ++ true -> ++ {continue, binary_to_list(RspAuth), ++ State#state{step=Step+1}} ++ end; ++ {error, _} -> ++ {error, "not-authorized"} ++ end. ++ ++handle_step_ok(State, []) -> ++ check_user(State); ++handle_step_ok(#state{step=Step}=State, RspAuth) -> ++ ?DEBUG("continue~n", []), ++ {continue, RspAuth, State#state{needsmore=false,step=Step+1}}. ++ ++check_user(#state{authid=Authid,authzid=Authzid, ++ authrealm=Auth_realm,host=Host}) -> ++ Realm = ejabberd_config:get_local_option({sasl_realm, Host}), ++ ++ if Realm =/= Auth_realm -> ++ ?DEBUG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), ++ throw({error, "not-authorized"}); ++ true -> ++ ok ++ end, ++ ++ case ejabberd_auth:is_user_exists(Authid, Host) of ++ false -> ++ ?DEBUG("bad user ~p~n",[Authid]), ++ throw({error, "not-authorized"}); ++ true -> ++ ok ++ end, ++ ++ ?DEBUG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), ++ {ok, [{username, Authid}, {authzid, Authzid}]}. +diff --git a/src/cyrsasl_plain.erl b/src/cyrsasl_plain.erl +index 129fb8b..d920463 100644 +--- a/src/cyrsasl_plain.erl ++++ b/src/cyrsasl_plain.erl +@@ -27,10 +27,11 @@ + -module(cyrsasl_plain). + -author('alexey@process-one.net'). + +--export([start/1, stop/0, mech_new/4, mech_step/2, parse/1]). ++-export([start/1, stop/0, mech_new/1, mech_step/2, parse/1]). + + -behaviour(cyrsasl). + ++-include("ejabberd.hrl"). + -record(state, {check_password}). + + start(_Opts) -> +@@ -40,7 +41,7 @@ start(_Opts) -> + stop() -> + ok. + +-mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) -> ++mech_new(#sasl_ctx{check_password=CheckPassword}) -> + {ok, #state{check_password = CheckPassword}}. + + mech_step(State, ClientIn) -> +diff --git a/src/ejabberd.hrl b/src/ejabberd.hrl +index e1f0cfd..39a41d5 100644 +--- a/src/ejabberd.hrl ++++ b/src/ejabberd.hrl +@@ -59,3 +59,10 @@ + -define(CRITICAL_MSG(Format, Args), + ejabberd_logger:critical_msg(?MODULE,?LINE,Format, Args)). + ++-record(sasl_ctx, { ++ host, ++ realm, ++ get_password, ++ check_password, ++ check_password_digest, ++ fqdn}). +diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl +index 6238cda..abaee5f 100644 +--- a/src/ejabberd_c2s.erl ++++ b/src/ejabberd_c2s.erl +@@ -71,6 +71,7 @@ + -record(state, {socket, + sockmod, + socket_monitor, ++ fqdn, + xml_socket, + streamid, + sasl_state, +@@ -208,9 +209,11 @@ init([{SockMod, Socket}, Opts]) -> + Socket + end, + SocketMonitor = SockMod:monitor(Socket1), ++ {ok, FQDN} = ejabberd_net:gethostname(Socket), + {ok, wait_for_stream, #state{socket = Socket1, + sockmod = SockMod, + socket_monitor = SocketMonitor, ++ fqdn = FQDN, + xml_socket = XMLSocket, + zlib = Zlib, + tls = TLS, +@@ -254,6 +257,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> + send_header(StateData, Server, "1.0", DefaultLang), + case StateData#state.authenticated of + false -> ++ FQDN = StateData#state.fqdn, ++ ?INFO_MSG("FQDN: ~p~n", [FQDN]), + SASLState = + cyrsasl:server_new( + "jabber", Server, "", [], +@@ -268,7 +273,8 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> + fun(U, P, D, DG) -> + ejabberd_auth:check_password_with_authmodule( + U, Server, P, D, DG) +- end), ++ end, ++ FQDN), + Mechs = lists:map( + fun(S) -> + {xmlelement, "mechanism", [], +diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl +new file mode 100644 +index 0000000..b6943e1 +--- /dev/null ++++ b/src/ejabberd_net.erl +@@ -0,0 +1,42 @@ ++%%%---------------------------------------------------------------------- ++%%% File : ejabberd_net.erl ++%%% Author : Mikael Magnusson ++%%% Purpose : Serve C2S connection ++%%% Created : 6 June 2007 by Mikael Magnusson ++%%% Id : $Id: $ ++%%%---------------------------------------------------------------------- ++ ++-module(ejabberd_net). ++-author('mikma@users.sourceforge.net'). ++%% -update_info({update, 0}). ++ ++-export([gethostname/1]). ++ ++-include("ejabberd.hrl"). ++-include_lib("kernel/include/inet.hrl"). ++ ++%% Copied from ejabberd_socket.erl of ejabberd 2.0.3 ++-record(socket_state, {sockmod, socket, receiver}). ++ ++%% ++%% gethostname(Socket) ++%% ++gethostname(Socket) -> ++ ?INFO_MSG("gethostname ~p~n", [Socket]), ++%% {ok, "skinner.hem.za.org"}. ++ ++ case ejabberd_config:get_local_option({sasl_fqdn, ?MYNAME}) of ++ undefined -> ++ {ok, {Addr, _Port}} = inet:sockname(Socket#socket_state.socket), ++ case inet:gethostbyaddr(Addr) of ++ {ok, HostEnt} when is_record(HostEnt, hostent) -> ++ {ok, HostEnt#hostent.h_name}; ++ {error, nxdomain} -> ++ % Quick fix ++ {ok, inet_parse:ntoa(Addr)}; ++ {error, What} -> ++ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p at Addr ~p", [Socket, What, Addr]), ++ error ++ end; ++ F -> {ok, F} ++ end. +-- +1.7.0.1 + diff --git a/ejabberd-0007-Change-directory-to-readable-by-everyone.patch b/ejabberd-0007-Change-directory-to-readable-by-everyone.patch new file mode 100644 index 0000000..dd03295 --- /dev/null +++ b/ejabberd-0007-Change-directory-to-readable-by-everyone.patch @@ -0,0 +1,31 @@ +From eb4c92ad7f7b084834d4be0b9c2ac9999762c626 Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Thu, 18 Mar 2010 14:57:21 +0300 +Subject: [PATCH 07/12] Change directory to readable by everyone + +This requires to suppress error messages like +"File operation error: eacces". See rhbz #564686. + +Signed-off-by: Peter Lemenkov +--- + src/ejabberdctl.template | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template +index 69c74d6..11bcac8 100644 +--- a/src/ejabberdctl.template ++++ b/src/ejabberdctl.template +@@ -351,6 +351,10 @@ wait_for_status() + return $status + } + ++# In order to prevent issues with "File operation error: eacces." ++# See rhbz #564686. ++cd / ++ + case $ARGS in + ' start') start;; + ' debug') debug;; +-- +1.7.0.1 + diff --git a/ejabberd-0007-Fixed-typo.patch b/ejabberd-0007-Fixed-typo.patch deleted file mode 100644 index 919212e..0000000 --- a/ejabberd-0007-Fixed-typo.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d4e215baf7edfb1fe534d91fc83eaeb9426589a0 Mon Sep 17 00:00:00 2001 -From: Peter Lemenkov -Date: Fri, 5 Mar 2010 17:48:51 +0300 -Subject: [PATCH 7/9] Fixed typo - -Signed-off-by: Peter Lemenkov ---- - src/ejabberd_net.erl | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl -index e9ab70a..d887c23 100644 ---- a/src/ejabberd_net.erl -+++ b/src/ejabberd_net.erl -@@ -32,7 +32,7 @@ gethostname(Socket) -> - {ok, HostEnt} when is_record(HostEnt, hostent) -> - {ok, HostEnt#hostent.h_name}; - {error, What} -> -- ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p", [What]), -+ ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p at Addr ~p", [Socket, What, Addr]), - error - end; - F -> {ok, F} --- -1.6.6.1 - diff --git a/ejabberd-0008-Install-.so-objects-with-0755-permissions.patch b/ejabberd-0008-Install-.so-objects-with-0755-permissions.patch new file mode 100644 index 0000000..0b582df --- /dev/null +++ b/ejabberd-0008-Install-.so-objects-with-0755-permissions.patch @@ -0,0 +1,26 @@ +From 030c2c17c48fd36b5da4083356db1a1069a29378 Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Sat, 12 Jun 2010 14:14:52 +0400 +Subject: [PATCH 08/12] Install *.so objects with 0755 permissions + +Signed-off-by: Peter Lemenkov +--- + src/Makefile.in | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/Makefile.in b/src/Makefile.in +index dd728ce..9a371a9 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -226,7 +226,7 @@ install: all + # + # Binary system libraries + install -d $(SODIR) +- install -m 644 *.so $(SODIR) ++ install -m 755 *.so $(SODIR) + # + # Translated strings + install -d $(MSGSDIR) +-- +1.7.0.1 + diff --git a/ejabberd-0008-Quick-fix-for-error-nxdomain.patch b/ejabberd-0008-Quick-fix-for-error-nxdomain.patch deleted file mode 100644 index 3ea7835..0000000 --- a/ejabberd-0008-Quick-fix-for-error-nxdomain.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 2bbffda3b07c07b6abf5d28e0b6af4094b56d981 Mon Sep 17 00:00:00 2001 -From: Peter Lemenkov -Date: Fri, 5 Mar 2010 21:13:35 +0300 -Subject: [PATCH 8/9] Quick fix for {error,nxdomain} - -Signed-off-by: Peter Lemenkov ---- - src/ejabberd_net.erl | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/src/ejabberd_net.erl b/src/ejabberd_net.erl -index d887c23..b6943e1 100644 ---- a/src/ejabberd_net.erl -+++ b/src/ejabberd_net.erl -@@ -31,6 +31,9 @@ gethostname(Socket) -> - case inet:gethostbyaddr(Addr) of - {ok, HostEnt} when is_record(HostEnt, hostent) -> - {ok, HostEnt#hostent.h_name}; -+ {error, nxdomain} -> -+ % Quick fix -+ {ok, inet_parse:ntoa(Addr)}; - {error, What} -> - ?ERROR_MSG("Error in gethostname:~nSocket: ~p~nError: ~p at Addr ~p", [Socket, What, Addr]), - error --- -1.6.6.1 - diff --git a/ejabberd-0009-Install-more-docs-by-default.patch b/ejabberd-0009-Install-more-docs-by-default.patch new file mode 100644 index 0000000..d3e8e82 --- /dev/null +++ b/ejabberd-0009-Install-more-docs-by-default.patch @@ -0,0 +1,35 @@ +From 0f17d3b131f84e1cdb5a950fae05f8f6f62df57a Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Sat, 12 Jun 2010 15:08:28 +0400 +Subject: [PATCH 09/12] Install more docs by default + +Signed-off-by: Peter Lemenkov +--- + src/Makefile.in | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/src/Makefile.in b/src/Makefile.in +index 9a371a9..8f7bc66 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -250,9 +250,17 @@ install: all + # + # Documentation + install -d $(DOCDIR) ++ install -m 644 ../doc/dev.html $(DOCDIR) ++ install -m 644 ../doc/features.html $(DOCDIR) + install -m 644 ../doc/guide.html $(DOCDIR) + install -m 644 ../doc/*.png $(DOCDIR) + install -m 644 ../doc/*.txt $(DOCDIR) ++ [ -f ../doc/features.pdf ] \ ++ && install -m 644 ../doc/features.pdf $(DOCDIR) \ ++ || echo "No ../doc/features.pdf was built" ++ [ -f ../doc/guide.pdf ] \ ++ && install -m 644 ../doc/guide.pdf $(DOCDIR) \ ++ || echo "No ../doc/guide.pdf was built" + + uninstall: uninstall-binary + +-- +1.7.0.1 + diff --git a/ejabberd-0009-Replace-MSG-with-DEBUG.patch b/ejabberd-0009-Replace-MSG-with-DEBUG.patch deleted file mode 100644 index dd6f963..0000000 --- a/ejabberd-0009-Replace-MSG-with-DEBUG.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 94d7e120d3ad6072774286df2d4b26ea2fcd34f7 Mon Sep 17 00:00:00 2001 -From: Badlop -Date: Mon, 8 Mar 2010 22:35:12 +0100 -Subject: [PATCH 9/9] Replace MSG with DEBUG - ---- - src/cyrsasl_gssapi.erl | 17 ++++++++--------- - 1 files changed, 8 insertions(+), 9 deletions(-) - -diff --git a/src/cyrsasl_gssapi.erl b/src/cyrsasl_gssapi.erl -index d292565..24a3796 100644 ---- a/src/cyrsasl_gssapi.erl -+++ b/src/cyrsasl_gssapi.erl -@@ -51,7 +51,6 @@ - -behaviour(cyrsasl). - - -define(SERVER, cyrsasl_gssapi). ---define(MSG, ?DEBUG). - - -record(state, {sasl, - needsmore=true, -@@ -80,7 +79,7 @@ stop() -> - supervisor:delete_child(ejabberd_sup, ?SERVER). - - mech_new(#sasl_ctx{host=Host, fqdn=FQDN}) -> -- ?MSG("mech_new ~p ~p~n", [Host, FQDN]), -+ ?DEBUG("mech_new ~p ~p~n", [Host, FQDN]), - {ok, Sasl} = esasl:server_start(?SERVER, "GSSAPI", "xmpp", FQDN), - {ok, #state{sasl=Sasl,host=Host}}. - -@@ -90,10 +89,10 @@ mech_step(State, ClientIn) when is_list(ClientIn) -> - do_step(#state{needsmore=false}=State, _) -> - check_user(State); - do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> -- ?MSG("mech_step~n", []), -+ ?DEBUG("mech_step~n", []), - case esasl:step(Sasl, list_to_binary(ClientIn)) of - {ok, RspAuth} -> -- ?MSG("ok~n", []), -+ ?DEBUG("ok~n", []), - {ok, Display_name} = esasl:property_get(Sasl, gssapi_display_name), - {ok, Authzid} = esasl:property_get(Sasl, authzid), - {Authid, [$@ | Auth_realm]} = -@@ -103,7 +102,7 @@ do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> - authrealm=Auth_realm}, - handle_step_ok(State1, binary_to_list(RspAuth)); - {needsmore, RspAuth} -> -- ?MSG("needsmore~n", []), -+ ?DEBUG("needsmore~n", []), - if (Step > 0) and (ClientIn =:= []) and (RspAuth =:= <<>>) -> - {error, "not-authorized"}; - true -> -@@ -117,7 +116,7 @@ do_step(#state{needsmore=true,sasl=Sasl,step=Step}=State, ClientIn) -> - handle_step_ok(State, []) -> - check_user(State); - handle_step_ok(#state{step=Step}=State, RspAuth) -> -- ?MSG("continue~n", []), -+ ?DEBUG("continue~n", []), - {continue, RspAuth, State#state{needsmore=false,step=Step+1}}. - - check_user(#state{authid=Authid,authzid=Authzid, -@@ -125,7 +124,7 @@ check_user(#state{authid=Authid,authzid=Authzid, - Realm = ejabberd_config:get_local_option({sasl_realm, Host}), - - if Realm =/= Auth_realm -> -- ?MSG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), -+ ?DEBUG("bad realm ~p (expected ~p)~n",[Auth_realm, Realm]), - throw({error, "not-authorized"}); - true -> - ok -@@ -133,11 +132,11 @@ check_user(#state{authid=Authid,authzid=Authzid, - - case ejabberd_auth:is_user_exists(Authid, Host) of - false -> -- ?MSG("bad user ~p~n",[Authid]), -+ ?DEBUG("bad user ~p~n",[Authid]), - throw({error, "not-authorized"}); - true -> - ok - end, - -- ?MSG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), -+ ?DEBUG("GSSAPI authenticated ~p ~p~n", [Authid, Authzid]), - {ok, [{username, Authid}, {authzid, Authzid}]}. --- -1.6.6.1 - diff --git a/ejabberd-0010-Change-directory-to-readable-by-everyone-in-order-to.patch b/ejabberd-0010-Change-directory-to-readable-by-everyone-in-order-to.patch deleted file mode 100644 index 67cbddc..0000000 --- a/ejabberd-0010-Change-directory-to-readable-by-everyone-in-order-to.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b02585f4b006441160cc0afd38293f214f4121c8 Mon Sep 17 00:00:00 2001 -From: Peter Lemenkov -Date: Thu, 18 Mar 2010 14:57:21 +0300 -Subject: [PATCH] Change directory to readable by everyone in order to prevent error - messages like "File operation error: eacces" issue. See rhbz #564686. - -Signed-off-by: Peter Lemenkov ---- - src/ejabberdctl.template | 4 ++++ - 1 files changed, 4 insertions(+), 0 deletions(-) - -diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template -index 69c74d6..11bcac8 100644 ---- a/src/ejabberdctl.template -+++ b/src/ejabberdctl.template -@@ -351,6 +351,10 @@ wait_for_status() - return $status - } - -+# In order to prevent issues with "File operation error: eacces." -+# See rhbz #564686. -+cd / -+ - case $ARGS in - ' start') start;; - ' debug') debug;; --- -1.6.6.1 - diff --git a/ejabberd-0010-Install-COPYING-file-along-with-other-docs.patch b/ejabberd-0010-Install-COPYING-file-along-with-other-docs.patch new file mode 100644 index 0000000..8b2b8e3 --- /dev/null +++ b/ejabberd-0010-Install-COPYING-file-along-with-other-docs.patch @@ -0,0 +1,25 @@ +From 94e29a76a6cd8aea45c7f9aa0f9d9ffc328d9689 Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Sat, 12 Jun 2010 16:24:12 +0400 +Subject: [PATCH 10/12] Install COPYING file along with other docs + +Signed-off-by: Peter Lemenkov +--- + src/Makefile.in | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/src/Makefile.in b/src/Makefile.in +index 8f7bc66..151328d 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -261,6 +261,7 @@ install: all + [ -f ../doc/guide.pdf ] \ + && install -m 644 ../doc/guide.pdf $(DOCDIR) \ + || echo "No ../doc/guide.pdf was built" ++ install -m 644 ../COPYING $(DOCDIR) + + uninstall: uninstall-binary + +-- +1.7.0.1 + diff --git a/ejabberd.spec b/ejabberd.spec index deae476..398eb1a 100644 --- a/ejabberd.spec +++ b/ejabberd.spec @@ -1,9 +1,8 @@ -%bcond_without fedora %global uid 27 -# Currently, hevea available only in Fedora -%if %{defined fedora} -# No hevea on Fedora for ppc64 +# Currently, hevea available only in Fedora and EL-6 +%if 0%{?el6}%{?fedora} +# No hevea for ppc64 # see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250253 %ifnarch ppc64 %define with_hevea 1 @@ -11,8 +10,8 @@ %endif Name: ejabberd -Version: 2.1.3 -Release: 6%{?dist} +Version: 2.1.4 +Release: 1%{?dist} Summary: A distributed, fault-tolerant Jabber/XMPP server Group: Applications/Internet @@ -39,7 +38,7 @@ Source9: ejabberdctl.pam Source10: ejabberdctl.apps Source11: ejabberd.pam -# Use ejabberd as an example for PAM service name +# Use ejabberd as an example for PAM service name (fedora/epel-specific) Patch1: ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch # Mention mod_ctlextra as an ejabberd module Patch2: ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch @@ -47,18 +46,16 @@ Patch2: ejabberd-0002-Mention-mod_ctlextra-as-an-ejabberd-module.patch Patch3: ejabberd-0003-Fixed-delays-in-s2s-connections.patch # Introducing mod_admin_extra Patch4: ejabberd-0004-Introducing-mod_admin_extra.patch -# BZ# 439583, 452326, 451554, 465196, 502361 +# BZ# 439583, 452326, 451554, 465196, 502361 (fedora/epel-specific) Patch5: ejabberd-0005-Fedora-specific-changes-to-ejabberdctl.patch -# http://www.ejabberd.im/cyrsasl_gssapi -Patch6: ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI-http-www.patch -# Typo in GSSAPI modules (sent upstream) -Patch7: ejabberd-0007-Fixed-typo.patch -# Quick fix for {error,nxdomain} issue -Patch8: ejabberd-0008-Quick-fix-for-error-nxdomain.patch -# Cleanup redundant defines -Patch9: ejabberd-0009-Replace-MSG-with-DEBUG.patch +# http://www.ejabberd.im/cyrsasl_gssapi (proposed for inclusion into upstream) +Patch6: ejabberd-0006-Support-to-authenticate-against-SASL-GSSAPI.patch # Fix issue with "File operation error: eacces" -Patch10:ejabberd-0010-Change-directory-to-readable-by-everyone-in-order-to.patch +Patch7: ejabberd-0007-Change-directory-to-readable-by-everyone.patch +# Fix so-lib permissions while installing (will be proposed for inclusion into upstream) +Patch8: ejabberd-0008-Install-.so-objects-with-0755-permissions.patch +Patch9: ejabberd-0009-Install-more-docs-by-default.patch +Patch10: ejabberd-0010-Install-COPYING-file-along-with-other-docs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -88,7 +85,7 @@ Requires: erlang Requires: erlang-esasl Requires: usermode # for flock in ejabberdctl -%if %{defined fedora} +%if 0%{?el6}%{?fedora} Requires: util-linux-ng %else Requires: util-linux @@ -103,6 +100,12 @@ Windows NT/2000/XP). %package doc Summary: Documentation for ejabberd +%if 0%{?el6}%{?fedora} +BuildArch: noarch +Obsoletes: %{name}-doc < 2.1.4 +%endif +# docdir owner +Requires: %{name} = %{version}-%{release} Group: Documentation %description doc @@ -117,12 +120,10 @@ Documentation for ejabberd. %patch4 -p1 -b .mod_admin_extra %patch5 -p1 -b .fedora_specific %patch6 -p1 -b .gssapi -%patch7 -p1 -b .gssapi_typo -%patch8 -p1 -b .nxdomain_fix -%patch9 -p1 -b .gssapi_cleanup -%patch10 -p1 -b .fix_access - -dos2unix src/odbc/mssql2000.sql +%patch7 -p1 -b .fix_access +%patch8 -p1 -b .fix_perms +%patch9 -p1 -b .install_docs +%patch10 -p1 -b .install_copying cp %{S:4} src cp %{S:5} src @@ -152,9 +153,6 @@ pushd src make install DESTDIR=%{buildroot} popd -# surprisingly, generic ejabberd makefile installs libraries with 644 permissions -chmod a+x %{buildroot}%{_libdir}/%{name}/priv/lib/*.so - # fix example SSL certificate path to real one, which we created recently (see above) %{__perl} -pi -e 's!/path/to/ssl.pem!/etc/ejabberd/ejabberd.pem!g' %{buildroot}/etc/ejabberd/ejabberd.cfg @@ -187,8 +185,8 @@ install -p -m 0644 src/odbc/mssql2005.sql %{buildroot}%{_datadir}/%{name} install -p -m 0644 src/odbc/mysql.sql %{buildroot}%{_datadir}/%{name} install -p -m 0644 src/odbc/pg.sql %{buildroot}%{_datadir}/%{name} -# removed files, which would be packaged later (see 'files' section) -rm -rf %{buildroot}%{_docdir}/%{name} +# rename doc-files directory properly +mv %{buildroot}%{_docdir}/%{name}{,-%{version}} # Clean up false security measure chmod 755 %{buildroot}%{_sbindir}/ejabberdctl @@ -209,7 +207,7 @@ if [ $1 -gt 1 ]; then # we should backup DB in every upgrade if ejabberdctl status >/dev/null ; then # Use timestamp to make database restoring easier - TIME=$(date +%Y-%m-%dT%H:%M:%S) + TIME=$(date +%%Y-%%m-%%dT%%H:%%M:%%S) BACKUPDIR=$(mktemp -d -p /var/tmp/ ejabberd-$TIME.XXXXXX) chown ejabberd:ejabberd $BACKUPDIR BACKUP=$BACKUPDIR/ejabberd-database @@ -279,7 +277,9 @@ rm -rf %{buildroot} %files %defattr(-,root,root,-) -%doc COPYING + +%dir %{_docdir}/%{name}-%{version} +%doc %{_docdir}/%{name}-%{version}/COPYING %attr(750,ejabberd,ejabberd) %dir %{_sysconfdir}/ejabberd %attr(640,ejabberd,ejabberd) %config(noreplace) %{_sysconfdir}/ejabberd/ejabberd.cfg @@ -349,38 +349,16 @@ rm -rf %{buildroot} %files doc %defattr(-,root,root,-) -%doc COPYING -%doc doc/dev.html -%doc doc/discorus.png -%doc doc/features.html -%doc doc/features.pdf -%doc doc/guide.html -%doc doc/guide.pdf -%doc doc/logo.png -%doc doc/release_notes_0.9.txt -%doc doc/release_notes_0.9.1.txt -%doc doc/release_notes_0.9.8.txt -%doc doc/release_notes_1.0.0.txt -%doc doc/release_notes_1.1.0.txt -%doc doc/release_notes_1.1.1.txt -%doc doc/release_notes_1.1.2.txt -%doc doc/release_notes_1.1.3.txt -%doc doc/release_notes_1.1.4.txt -%doc doc/release_notes_2.0.0.txt -%doc doc/release_notes_2.0.1.txt -%doc doc/release_notes_2.0.2.txt -%doc doc/release_notes_2.0.3.txt -%doc doc/release_notes_2.0.4.txt -%doc doc/release_notes_2.0.5.txt -%doc doc/release_notes_2.1.0.txt -%doc doc/release_notes_2.1.1.txt -%doc doc/release_notes_2.1.2.txt -%doc doc/release_notes_2.1.3.txt -%doc doc/webadmmain.png -%doc doc/webadmmainru.png -%doc doc/yozhikheader.png +%doc %{_docdir}/%{name}-%{version}/*.html +%doc %{_docdir}/%{name}-%{version}/*.png +%doc %{_docdir}/%{name}-%{version}/*.pdf +%doc %{_docdir}/%{name}-%{version}/*.txt %changelog +* Fri Jun 4 2010 Peter Lemenkov 2.1.4-1 +- Ver. 2.1.4 +- Rebased patches + * Mon Mar 29 2010 Peter Lemenkov 2.1.3-6 - File permissions for captcha.sh were fixed diff --git a/import.log b/import.log index 44bc232..ea97bff 100644 --- a/import.log +++ b/import.log @@ -23,3 +23,4 @@ ejabberd-2_1_3-3_fc12:F-12:ejabberd-2.1.3-3.fc12.src.rpm:1268910452 ejabberd-2_1_3-4_fc12:F-12:ejabberd-2.1.3-4.fc12.src.rpm:1268914259 ejabberd-2_1_3-5_fc12:F-12:ejabberd-2.1.3-5.fc12.src.rpm:1268986162 ejabberd-2_1_3-6_fc12:F-12:ejabberd-2.1.3-6.fc12.src.rpm:1272194212 +ejabberd-2_1_4-1_fc12:EL-6:ejabberd-2.1.4-1.fc12.src.rpm:1276350800 diff --git a/sources b/sources index fa758f8..58476f8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e5c87eda5312a6e8a53df0f9b4844b69 ejabberd-2.1.3.tar.gz +a73f2ae7c5c9ceccc295e6cbc6a70132 ejabberd-2.1.4.tar.gz