- 26 Apr, 2017 2 commits
-
-
Guus der Kinderen authored
Javadoc comment are dangling if they don't belong to any class, method or field. For example a Javadoc comment in between method declarations that have their own javadoc comments. These generate needless warnings, which are in most instances easily solved. By far most problems occur in the license block that's in most files.
-
Dave Cridland authored
-
- 13 Apr, 2017 1 commit
-
-
Guus der Kinderen authored
* OF-1311: Allow lists to be stored in a property. * OF-1312: Allow SASL mechanisms to be configured in the admin console.
-
- 01 Feb, 2017 1 commit
-
-
akrherz authored
-
- 04 Jan, 2017 1 commit
-
-
daryl herzmann authored
-
- 21 Dec, 2016 1 commit
-
-
Dave Cridland authored
-
- 16 Dec, 2016 1 commit
-
-
Guus der Kinderen authored
This commit intends to have better default values for two properties of Openfire: - the XMPP domain name (eg: igniterealtime.org) - the FQDN of the server (eg: xmpp.igniterealtime.org) Older code did not always make a clear distinction (ambiguously referring to 'server name'). Having a proper FQDN has become more important, as newer SASL implementations depend on the client using the same FQDN as what is configured in the server). This commit removes support for changing the XMPP domain name at run time (although you can obviously still change the corresponding property). Instead, the FQDN can now be changes (although will require a restart). Additionally, the XMPPServerInfo implementation got a bit of a refactoring: values that are not expected to be modified (or considered unmodifiable from a functional perspective), are no longer passed around, but are rather hardcoded in the implementation. Support for deprecated ServerPort was removed. Finally, most access to the properties that hold the XMPP domain name and FQDN are now encapsulated by XMPPServerInfoImpl.
-
- 13 Dec, 2016 1 commit
-
-
Dave Cridland authored
Although the RFC doesn't explicitly appear to say this, the SASL profile for XMPP has historically used "=" as a null indicator in all cases. This patch builds on Christian's to ensure this is properly checked and handled in challenge and client-sent cases.
-
- 09 Sep, 2016 1 commit
-
-
Christian Schudt authored
Also don't use it in challenges. RFC 6120 § 6.4.3. does not mention the equals-sign logic. However the success case (§ 6.4.6) explicitly does.
-
- 16 Aug, 2016 2 commits
-
-
Dave Cridland authored
Without this change, EXTERNAL is never offered by default.
-
Guus der Kinderen authored
Judging from most current implementations (Smack, Conversations, Gajim), most clients will use the domain name rather than the fully qualified host name when constructing the DIGEST-MD5 digest-uri. Although this isn't conforming to RFC2831, interop is of more value than 'doing the right thing'. This commit makes SASL use the domain name when the mechanism in play is DIGEST-MD5, and will use the host name for other mechanisms.
-
- 19 May, 2016 1 commit
-
-
Guus der Kinderen authored
* OF-477: SASL realm should be XMPP domain. * OF-477: DigestMD5-specific Realm property.
-
- 09 May, 2016 1 commit
-
-
Guus der Kinderen authored
Sasl.createSaslServer() explicitly states that the value of serverName must be a fully qualified host name.
-
- 06 Apr, 2016 4 commits
-
-
Guus der Kinderen authored
Openfire should not need to be restarted after a configuration change for SASL.
-
Guus der Kinderen authored
The GSSAPI SASL mechanism can be enabled by default. It won't be offered unless there is a specific gssapi-configuration option present.
-
Guus der Kinderen authored
Openfire should not offer SASL mechanisms if the JVM has no implementation for them.
-
Guus der Kinderen authored
The changes for OF-1092 accidentally removed a snippet of code that translates a non-optional part of the GSSAPI SASL configuration. This commit restores that, with a difference: the configuration is now checked continuously, intead of just on server startup. This allows for configuration changes that need not be followed by an Openfire restart.
-
- 07 Mar, 2016 3 commits
-
-
Guus der Kinderen authored
-
Guus der Kinderen authored
AuthProvider has quite some complexity that exists solely for XEP-0078. This commit removes most of that, by replacing the generic checks for digest and plain support with a non-generic implementation, that will work for any auth provider that supports password retrieval.
-
Guus der Kinderen authored
Although it evaluates as a boolean, the POLICY_NOANONYMOUS property value must be a String value (as defined by javax.security.sasl.Sasl#POLICY_NOANONYMOUS)
-
- 05 Mar, 2016 1 commit
-
-
Guus der Kinderen authored
A bit of rework of the SASL implementation. Pushed implementations to Java Provider where this was not done before. When SASL fails, it is useful to be able to add some context to the failure. To do this, javax.security.sasl.SaslException is subclassed.
-
- 16 Dec, 2015 2 commits
-
-
Guus der Kinderen authored
The code that verifies if an IP is on an (anonymous) whitelist is duplicated. That code should be centralized, similar to its non-anonymous cousin in LocalClientSession.
-
Guus der Kinderen authored
Instead of a Set, the existing code uses a Map with empty string values 'for performance'. I am not buying it. Perhaps true in some performance test long, long ago, but there won't be any significant performance increase in doing this (it's just as likely to introduce a performance penalty). In any case, when we're running into a performance bottleneck here, we've got bigger fish to fry.
-
- 30 Nov, 2015 1 commit
-
-
Guus der Kinderen authored
-
- 28 Nov, 2015 1 commit
-
-
Guus der Kinderen authored
-
- 25 Nov, 2015 2 commits
-
-
Guus der Kinderen authored
This commit (which is compilable, but breaks some important functionality - work in progess) aims to centralize the configuration for connections. "Connections" are used in a broad sense here, and includes socket-based (TLS and legacy-mode SSL) client connections, BOSH-based client connections, component connections, connectionmanager (multiplexer) connections, but also connections to the admin panel.
-
Guus der Kinderen authored
-
- 23 Nov, 2015 1 commit
-
-
Christian Schudt authored
-
- 13 Nov, 2015 1 commit
-
-
akrherz authored
-
- 09 Nov, 2015 1 commit
-
-
Christian Schudt authored
-
- 31 Oct, 2015 1 commit
-
-
Christian Schudt authored
These are actually not required by Java compiler and therefore have been removed with dfb69a76, but qdox needs them.
-
- 30 Oct, 2015 2 commits
-
-
Christian Schudt authored
-
Christian Schudt authored
-
- 29 Oct, 2015 1 commit
-
-
Christian Schudt authored
- Use String.getBytes(Charset) instead of String.getBytes(String) - Use new String(byte[], Charset) instead of new String(byte[], String) -> Get rid of UnsupportedEncodingException. -> Less try-catch blocks.
-
- 28 Oct, 2015 1 commit
-
-
Christian Schudt authored
This is the more correct API and also has very minor performance benefits.
-
- 13 Oct, 2015 1 commit
-
-
Guus der Kinderen authored
-
- 12 Aug, 2015 1 commit
-
-
Francois Steyn authored
2) Implemented change as per Kalchenko Alexandr (https://community.igniterealtime.org/thread/55544)
-
- 24 Jul, 2015 1 commit
-
-
Richard Midwinter authored
This implements the SCRAM-SHA1 mechanism, and includes extending the existing DefaultAuthProvider to store the Scram hashes for faster authentication. If user.scramHashedOnly is set to true, then only these non-reversable hashes are stored (and thus security is increased in exchanged for removing support for DIGEST-MD5 et al).
-
- 07 Jul, 2015 1 commit
-
-
Victor Hong authored
-
- 15 Jun, 2015 1 commit
-
-
Victor Hong authored
-