ejabberd_listener: Try to create provisional socket in final directory (#4422)

and if that path is too long, then try HOME directory,
if that's too long too, throw error explaining the problem.

By the way, cutting the base64 string to 107 is a bad idea,
as it encodes the final path, which would get lost and crash.

.github/workflows/runtime.yml

@@ -31,9 +31,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        otp: ['20', '25', '26', '27', '28']
+        otp: ['24', '25', '26', '27', '28']
         rebar: ['rebar', 'rebar3']
         exclude:
+        - otp: '24'
+          rebar: 'rebar'
         - otp: '27'
           rebar: 'rebar'
         - otp: '28'

src/ejabberd_c2s.erl

@@ -455,7 +455,7 @@ sasl_mechanisms(Mechs, #{lserver := LServer, stream_encrypted := Encrypted} = St
 	   (<<"EXTERNAL">>) -> maps:get(tls_verify, State, false);
 	   (_) -> false
 	end, Mechs -- Mechs1),
-    case ejabberd_option:auth_password_types_hidden_in_scram1() of
+    case ejabberd_option:auth_password_types_hidden_in_sasl1() of
 	[] -> Mechs2;
 	List ->
 	    Mechs3 = lists:foldl(

src/ejabberd_config_transformer.erl

@@ -230,6 +230,8 @@ filter(_Host, captcha_host, _, _) ->
 filter(_Host, route_subdomains, _, _) ->
     warn_removed_option(route_subdomains, s2s_access),
     false;
+filter(_Host, auth_password_types_hidden_in_scram1, Val, _) ->
+    {true, {auth_password_types_hidden_in_sasl1, Val}};
 filter(Host, modules, ModOpts, State) ->
     NoDialbackHosts = maps:get(remove_s2s_dialback, State, []),
     ModOpts1 = lists:filter(

src/ejabberd_listener.erl

@@ -224,13 +224,26 @@ setup_provisional_udsocket_dir(DefinitivePath) ->
     ProvisionalPath = get_provisional_udsocket_path(DefinitivePath),
     ?INFO_MSG("Creating a Unix Domain Socket provisional file at ~ts for the definitive path ~s",
               [ProvisionalPath, DefinitivePath]),
-    ProvisionalPath.
+    ProvisionalPathAbsolute = relative_socket_to_mnesia(ProvisionalPath),
+    create_base_dir(ProvisionalPathAbsolute),
+    ProvisionalPathAbsolute.
 
 get_provisional_udsocket_path(Path) ->
     PathBase64 = misc:term_to_base64(Path),
     PathBuild = filename:join(misc:get_home(), PathBase64),
-    %% Shorthen the path, a long path produces a crash when opening the socket.
-    binary:part(PathBuild, {0, erlang:min(107, byte_size(PathBuild))}).
+    DestPath = filename:join(filename:dirname(Path), PathBase64),
+    case {byte_size(DestPath) > 107, byte_size(PathBuild) > 107} of
+        {false, _} ->
+            DestPath;
+        {true, false} ->
+            ?INFO_MSG("The provisional Unix Domain Socket path ~ts is longer than 107, let's use home directory instead which is ~p", [DestPath, byte_size(PathBuild)]),
+            PathBuild;
+        {true, true} ->
+            ?ERROR_MSG("The Unix Domain Socket path ~ts is too long, "
+                       "and I cannot create the provisional file safely. "
+                       "Please configure a shorter path and try again.", [Path]),
+            throw({error_socket_path_too_long, Path})
+    end.
 
 get_definitive_udsocket_path(<<"unix", _>> = Unix) ->
     Unix;
@@ -271,17 +284,20 @@ set_definitive_udsocket(<<"unix:", Path/binary>>, Opts) ->
             end
     end,
     FinalPath = relative_socket_to_mnesia(Path),
-    FinalPathDir = filename:dirname(FinalPath),
-    case file:make_dir(FinalPathDir) of
-        ok ->
-            file:change_mode(FinalPathDir, 8#00700);
-        _ ->
-            ok
-    end,
+    create_base_dir(FinalPath),
     file:rename(Prov, FinalPath);
 set_definitive_udsocket(Port, _Opts) when is_integer(Port) ->
     ok.
 
+create_base_dir(Path) ->
+    Dirname = filename:dirname(Path),
+    case file:make_dir(Dirname) of
+        ok ->
+            file:change_mode(Dirname, 8#00700);
+        _ ->
+            ok
+    end.
+
 relative_socket_to_mnesia(Path1) ->
     case filename:pathtype(Path1) of
         absolute ->

src/ejabberd_option.erl

@@ -18,7 +18,7 @@
 -export([auth_method/0, auth_method/1]).
 -export([auth_opts/0, auth_opts/1]).
 -export([auth_password_format/0, auth_password_format/1]).
--export([auth_password_types_hidden_in_scram1/0, auth_password_types_hidden_in_scram1/1]).
+-export([auth_password_types_hidden_in_sasl1/0, auth_password_types_hidden_in_sasl1/1]).
 -export([auth_scram_hash/0, auth_scram_hash/1]).
 -export([auth_stored_password_types/0, auth_stored_password_types/1]).
 -export([auth_use_cache/0, auth_use_cache/1]).
@@ -264,12 +264,12 @@ auth_password_format() ->
 auth_password_format(Host) ->
     ejabberd_config:get_option({auth_password_format, Host}).
 
--spec auth_password_types_hidden_in_scram1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
-auth_password_types_hidden_in_scram1() ->
-    auth_password_types_hidden_in_scram1(global).
--spec auth_password_types_hidden_in_scram1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
-auth_password_types_hidden_in_scram1(Host) ->
-    ejabberd_config:get_option({auth_password_types_hidden_in_scram1, Host}).
+-spec auth_password_types_hidden_in_sasl1() -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_sasl1() ->
+    auth_password_types_hidden_in_sasl1(global).
+-spec auth_password_types_hidden_in_sasl1(global | binary()) -> ['plain' | 'scram_sha1' | 'scram_sha256' | 'scram_sha512'].
+auth_password_types_hidden_in_sasl1(Host) ->
+    ejabberd_config:get_option({auth_password_types_hidden_in_sasl1, Host}).
 
 -spec auth_scram_hash() -> 'sha' | 'sha256' | 'sha512'.
 auth_scram_hash() ->

src/ejabberd_options.erl

@@ -79,7 +79,7 @@ opt_type(auth_opts) ->
     end;
 opt_type(auth_stored_password_types) ->
     econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
-opt_type(auth_password_types_hidden_in_scram1) ->
+opt_type(auth_password_types_hidden_in_sasl1) ->
     econf:list(econf:enum([plain, scram_sha1, scram_sha256, scram_sha512]));
 opt_type(auth_password_format) ->
     econf:enum([plain, scram]);
@@ -566,7 +566,7 @@ options() ->
      {auth_password_format, plain},
      {auth_scram_hash, sha},
      {auth_stored_password_types, []},
-     {auth_password_types_hidden_in_scram1, []},
+     {auth_password_types_hidden_in_sasl1, []},
      {auth_external_user_exists_check, true},
      {auth_use_cache,
       fun(Host) -> ejabberd_config:get_option({use_cache, Host}) end},

src/ejabberd_options_doc.erl

@@ -399,12 +399,12 @@ doc() ->
                "depends on the _`auth_scram_hash`_ option."), "",
             ?T("The default value is 'plain'."), ""]}},
 
-     {auth_password_types_hidden_in_scram1,
+     {auth_password_types_hidden_in_sasl1,
       #{value => "[plain | scram_sha1 | scram_sha256 | scram_sha512]",
         note => "added in 25.07",
         desc =>
-        ?T("List of password types that should not be offered in SCRAM1 authenticatication. "
-           "Because SCRAM1, unlike SCRAM2, can't have list of available mechanisms tailored to "
+        ?T("List of password types that should not be offered in SASL1 authenticatication. "
+           "Because SASL1, unlike SASL2, can't have list of available mechanisms tailored to "
            "individual user, it's possible that offered mechanisms will not be compatible "
            "with stored password, especially if new password type was added recently. "
            "This option allows disabling offering some mechanisms in SASL1, to a time until new "