1. 13 Nov, 2014 1 commit
  2. 10 Nov, 2014 1 commit
  3. 03 Nov, 2014 1 commit
  4. 30 Oct, 2014 2 commits
    • Tom Evans's avatar
      OF-830: Do not use JID-escaping for group names · be100f1f
      Tom Evans authored
      Fixes roster group sharing when using the LDAP provider for users and
      groups, by reverting part of an earlier fix (OF-779).
      be100f1f
    • Tom Evans's avatar
      OF-460: Persist log.debug.enabled property · af77674e
      Tom Evans authored
      Fix settings for debug log so the admin UI setting is retained across
      restarts. The system property "log.debug.enabled" may also be used to
      manage this setting. If provided via openfire.xml, the property will be
      migrated into the DB during startup.
      af77674e
  5. 25 Oct, 2014 2 commits
  6. 22 Oct, 2014 1 commit
  7. 21 Oct, 2014 1 commit
  8. 17 Oct, 2014 2 commits
  9. 16 Oct, 2014 1 commit
  10. 09 Oct, 2014 1 commit
  11. 24 Sep, 2014 1 commit
  12. 17 Sep, 2014 1 commit
  13. 09 Sep, 2014 1 commit
  14. 25 Aug, 2014 1 commit
  15. 10 Aug, 2014 1 commit
    • Shawn Debnath's avatar
      In setup, some of the host settings are loaded from XML properties specified... · 8b2743f6
      Shawn Debnath authored
      In setup, some of the host settings are loaded from XML properties specified in openfire.xml, while others are incorrectly loaded from whats currently in JiveGlobals. Since we are in setup mode, JiveGlobals.getProperty returns null thereby ignoring any property overrides in openfire.xml specified by the user.
      
      Changelog: 
      1. Instead of just blindly setting anonymous auth to true, check if user has an override property in XML configuration, if not, default to true.
      2. Call getXMLProperty to load user configuration override values and not what is currently in JiveGlobals. During setup mode, this is always null.
      3. Instead of setting default values for auth, user, group, card, lockout, securityAudit and admin class names, check if the user has provided overrides for those properties, and if so, use those, otherwise use defaults.
      4. Expose a method to retrieve XML property names, and then in finishSetup, go through the rest of the XML properties overridden by user that were not touched by setup and individually set those. This is particularly useful when users have to specify primary and secondary * hybrid providers.
      8b2743f6
  16. 07 Aug, 2014 1 commit
    • jackrabbit128's avatar
      Fix for OF-835: · 18fffdac
      jackrabbit128 authored
      - install ReadThrottleFilterBuilder into filter chains
      - adjust SSLFilter positioning in chain so that ReadThrottleFilter works correctly
      18fffdac
  17. 05 Aug, 2014 1 commit
    • Dave Cridland's avatar
      More S2S fixes · dc21027b
      Dave Cridland authored
      Kim 'Zash' Alvefur commented that an empty authzid in EXTERNAL wasn't working.
      
      This patch adds this handling, and also changes authorization checks from a
      domain.contains() to a domain.equals().
      dc21027b
  18. 04 Aug, 2014 1 commit
  19. 24 Jun, 2014 1 commit
  20. 21 Jun, 2014 1 commit
    • Dele Olajide's avatar
      Section 8.5.1 of RFC 6121 - No such user · 637cc817
      Dele Olajide authored
      This cannot be enforced strictly for openfire IQ handlers to process packets for custom namespaces. I am modifying the original fix to exclude IQ handlers and also check for anonymous users.
      637cc817
  21. 18 Jun, 2014 1 commit
  22. 17 Jun, 2014 6 commits
    • Dave Cridland's avatar
      Add TLS/Authentication diagnostics · 5eb60080
      Dave Cridland authored
      This adds TLS information and Authentication choices to the server session
      details page.
      
      In doing so, it factors out a ServerSession interface, and LocalServerSession
      class.
      5eb60080
    • Dave Cridland's avatar
      Remove redundant certificate logic in TrustManager · 2827a330
      Dave Cridland authored
      Now subsumed by other checks.
      2827a330
    • Dave Cridland's avatar
      Tidy up outgoing sessions · 1aadb51f
      Dave Cridland authored
      A few changes here:
      
      1) Don't recurse up the DNS tree. That's just wrong.
      
      2) Also, don't assume that a subdomain is handled by a parent domain's server.
      Still wrong.
      
      3) Check certificates post-connect using our new logic, and drop the session
      if they don't match and we're not meant to be doing dialback.
      
      4) Do use EXTERNAL if offered, even if we're using a self-signed certificate.
      There's no value in not doing so, it's a bizarre behaviour.
      
      5) Disable S2S Compression; it's currently not working. XPP reset seems to fail,
      so doing replacement of the input stream instead.
      
      6) Protect against a null features after TLS. Seems unlikely to happen, but
      still.
      1aadb51f
    • Dave Cridland's avatar
      Log TLS requirement when trying Dialback · 1e14fddb
      Dave Cridland authored
      If a server requires TLS, it will reject our attempts to verify a dialback
      key currently. Log this in the logs rather than (confusingly) ignoring it.
      1e14fddb
    • Dave Cridland's avatar
      Support Dialback Without Dialback · 4c528c9d
      Dave Cridland authored
      When processing a <db:result/>, this checks for the certificate first. If
      this matches, then we don't bother actually dialling back, speeding up the
      session setup.
      
      This factors out the certificate verification function.
      4c528c9d
    • Dave Cridland's avatar
      Support dialback errors · 026c3f2f
      Dave Cridland authored
      See XEP-0220, Dialback Errors.
      
      This reduces disconnect in the case of piggybacking errors, and provides better
      diagnostics.
      026c3f2f
  23. 11 Jun, 2014 2 commits
  24. 08 Jun, 2014 2 commits
  25. 07 Jun, 2014 3 commits
  26. 06 Jun, 2014 1 commit
  27. 05 Jun, 2014 2 commits