1. 26 Apr, 2017 2 commits
  2. 13 Apr, 2017 1 commit
  3. 01 Feb, 2017 1 commit
  4. 04 Jan, 2017 1 commit
  5. 21 Dec, 2016 1 commit
  6. 16 Dec, 2016 1 commit
    • Guus der Kinderen's avatar
      OF-477: Improve default XMPP domain name and FQDN · 4ba3e173
      Guus der Kinderen authored
      This commit intends to have better default values for two properties of Openfire:
      - the XMPP domain name (eg: igniterealtime.org)
      - the FQDN of the server (eg: xmpp.igniterealtime.org)
      
      Older code did not always make a clear distinction (ambiguously referring to
      'server name'). Having a proper FQDN has become more important, as newer SASL
      implementations depend on the client using the same FQDN as what is configured
      in the server).
      
      This commit removes support for changing the XMPP domain name at run time (although
      you can obviously still change the corresponding property). Instead, the FQDN can
      now be changes (although will require a restart).
      
      Additionally, the XMPPServerInfo implementation got a bit of a refactoring: values
      that are not expected to be modified (or considered unmodifiable from a functional
      perspective), are no longer passed around, but are rather hardcoded in the
      implementation. Support for deprecated ServerPort was removed.
      
      Finally, most access to the properties that hold the XMPP domain name and FQDN
      are now encapsulated by XMPPServerInfoImpl.
      4ba3e173
  7. 13 Dec, 2016 1 commit
    • Dave Cridland's avatar
      Handle and generate "=" as appropriate · 908f3a79
      Dave Cridland authored
      Although the RFC doesn't explicitly appear to say this, the SASL profile for
      XMPP has historically used "=" as a null indicator in all cases. This patch
      builds on Christian's to ensure this is properly checked and handled in
      challenge and client-sent cases.
      908f3a79
  8. 09 Sep, 2016 1 commit
  9. 16 Aug, 2016 2 commits
    • Dave Cridland's avatar
      Add EXTERNAL to the list of default SASL mechanisms · 04008796
      Dave Cridland authored
      Without this change, EXTERNAL is never offered by default.
      04008796
    • Guus der Kinderen's avatar
      OF-477: For DIGEST-MD5, use domain rather than host name. · ae861cd9
      Guus der Kinderen authored
      Judging from most current implementations (Smack, Conversations,
      Gajim), most clients will use the domain name rather than the
      fully qualified host name when constructing the DIGEST-MD5
      digest-uri. Although this isn't conforming to RFC2831, interop
      is of more value than 'doing the right thing'.
      
      This commit makes SASL use the domain name when the mechanism
      in play is DIGEST-MD5, and will use the host name for other
      mechanisms.
      ae861cd9
  10. 19 May, 2016 1 commit
  11. 09 May, 2016 1 commit
  12. 06 Apr, 2016 4 commits
  13. 07 Mar, 2016 3 commits
  14. 05 Mar, 2016 1 commit
    • Guus der Kinderen's avatar
      OF-1092: Refacotring SASL · 9017ee09
      Guus der Kinderen authored
      A bit of rework of the SASL implementation. Pushed implementations to Java
      Provider where this was not done before. When SASL fails, it is useful to be
      able to add some context to the failure. To do this,
      javax.security.sasl.SaslException is subclassed.
      9017ee09
  15. 16 Dec, 2015 2 commits
    • Guus der Kinderen's avatar
      OF-1007: Reduce code duplication · c8ab27b0
      Guus der Kinderen authored
      The code that verifies if an IP is on an (anonymous) whitelist is duplicated. That
      code should be centralized, similar to its non-anonymous cousin in LocalClientSession.
      c8ab27b0
    • Guus der Kinderen's avatar
      OF-1007: Don't over-optimize. · 5b422b94
      Guus der Kinderen authored
      Instead of a Set, the existing code uses a Map with empty string values 'for performance'.
      I am not buying it. Perhaps true in some performance test long, long ago, but there won't
      be any significant performance increase in doing this (it's just as likely to introduce
      a performance penalty). In any case, when we're running into a performance bottleneck here,
      we've got bigger fish to fry.
      5b422b94
  16. 30 Nov, 2015 1 commit
  17. 28 Nov, 2015 1 commit
  18. 25 Nov, 2015 2 commits
    • Guus der Kinderen's avatar
      OF-946: Centralize connection configuration. · e58d590b
      Guus der Kinderen authored
      This commit (which is compilable, but breaks some important
      functionality - work in progess) aims to centralize the configuration
      for connections. "Connections" are used in a broad sense here, and
      includes socket-based (TLS and legacy-mode SSL) client connections,
      BOSH-based client connections, component connections, connectionmanager
      (multiplexer) connections, but also connections to the admin panel.
      e58d590b
    • Guus der Kinderen's avatar
      938c0f26
  19. 23 Nov, 2015 1 commit
  20. 13 Nov, 2015 1 commit
  21. 09 Nov, 2015 1 commit
  22. 31 Oct, 2015 1 commit
  23. 30 Oct, 2015 2 commits
  24. 29 Oct, 2015 1 commit
  25. 28 Oct, 2015 1 commit
  26. 13 Oct, 2015 1 commit
  27. 12 Aug, 2015 1 commit
  28. 24 Jul, 2015 1 commit
    • Richard Midwinter's avatar
      OF-631: Implement SCRAM support · 44826566
      Richard Midwinter authored
      This implements the SCRAM-SHA1 mechanism, and includes extending the existing
      DefaultAuthProvider to store the Scram hashes for faster authentication.
      
      If user.scramHashedOnly is set to true, then only these non-reversable hashes
      are stored (and thus security is increased in exchanged for removing support
      for DIGEST-MD5 et al).
      44826566
  29. 07 Jul, 2015 1 commit
  30. 15 Jun, 2015 1 commit