diff options
author | Kim Alvefur <zash@zash.se> | 2017-09-29 13:45:03 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-09-29 13:45:03 +0200 |
commit | ca622317f100d67023e2088179011eb61a243a2d (patch) | |
tree | cd04cb8a03e077a91511ed8d509a4e2e83588628 | |
parent | db450adf9e7f6dbb96cddb15a8b929f367435981 (diff) | |
parent | 37d1497aedaf666ed0a1c4d5eeb47c54b1efd98c (diff) | |
download | prosody-ca622317f100d67023e2088179011eb61a243a2d.tar.gz prosody-ca622317f100d67023e2088179011eb61a243a2d.zip |
Merge 0.10->trunk
-rwxr-xr-x | configure | 45 | ||||
-rw-r--r-- | core/certmanager.lua | 7 | ||||
-rw-r--r-- | net/adns.lua | 1 | ||||
-rw-r--r-- | plugins/mod_blocklist.lua | 9 | ||||
-rwxr-xr-x | prosody | 4 | ||||
-rw-r--r-- | prosody.cfg.lua.dist | 2 | ||||
-rwxr-xr-x | prosodyctl | 29 | ||||
-rw-r--r-- | util/sslconfig.lua | 3 | ||||
-rw-r--r-- | util/throttle.lua | 1 |
9 files changed, 49 insertions, 52 deletions
@@ -73,14 +73,18 @@ Configure $APP_NAME prior to building. Default is to use /dev/urandom --cflags=FLAGS Flags to pass to the compiler Default is $CFLAGS +--add-cflags=FLAGS Adds additional CFLAGS, preserving defaults. + Can be repeated. --ldflags=FLAGS Flags to pass to the linker Default is $LDFLAGS +--add-ldflags=FLAGS Adds additional linker flags, preserving defaults. + Can be repeated. --c-compiler=CC The C compiler to use when building modules. Default is $CC +--compiler-wrapper=WRAPPER Adds a prefix to compiler and linker calls, + usable for eg distcc or ccache. --linker=CC The linker to use when building modules. Default is $LD ---require-config Will cause $APP_NAME to refuse to run when - it fails to find a configuration file --no-example-certs Disables generation of example certificates. EOF } @@ -172,6 +176,10 @@ do LUA_SUFFIX="5.1"; LUA_SUFFIX_SET=yes fi + if [ "$RUNWITH_SET" != "yes" ]; then + RUNWITH="lua$LUA_SUFFIX"; + RUNWITH_SET=yes + fi LUA_INCDIR="/usr/include/lua$LUA_SUFFIX" LUA_INCDIR_SET=yes CFLAGS="$CFLAGS -ggdb" @@ -238,9 +246,6 @@ do DATADIR="$value" DATADIR_SET=yes ;; - --require-config) - REQUIRE_CONFIG=yes - ;; --lua-suffix) [ -n "$value" ] || die "Missing value in flag $key." LUA_SUFFIX="$value" @@ -501,34 +506,6 @@ then fi fi -echo_n "Configuring for system... " -if uname -s -then - UNAME_S=`uname -s` -else - die "Could not determine operating system. 'uname -s' failed." -fi -echo_n "Configuring for architecture... " -if uname -m -then - UNAME_M=`uname -m` -else - die "Could not determine processor architecture. 'uname -m' failed." -fi - -if [ "$UNAME_S" = Linux ] -then - GCC_ARCH=`gcc -print-multiarch 2>/dev/null` - if [ -n "$GCC_ARCH" -a -d "/usr/lib/$GCC_ARCH" ] - then - MULTIARCH_SUBDIR="lib/$GCC_ARCH" - elif [ -d "/usr/lib64" ] - then - # Useful for Fedora systems - MULTIARCH_SUBDIR="lib64" - fi -fi - if [ "$IDN_LIBRARY" = "icu" ] then IDNA_LIBS="$ICU_FLAGS" @@ -574,8 +551,6 @@ LUA_DIR_SET=$LUA_DIR_SET LUA_INCDIR=$LUA_INCDIR LUA_LIBDIR=$LUA_LIBDIR LUA_BINDIR=$LUA_BINDIR -MULTIARCH_SUBDIR=$MULTIARCH_SUBDIR -REQUIRE_CONFIG=$REQUIRE_CONFIG IDN_LIB=$IDN_LIB IDNA_LIBS=$IDNA_LIBS OPENSSL_LIBS=$OPENSSL_LIBS diff --git a/core/certmanager.lua b/core/certmanager.lua index 288836ce..2be66a21 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -107,6 +107,12 @@ local core_defaults = { }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; + curveslist = { + "X25519", + "P-384", + "P-256", + "P-521", + }; ciphers = { -- Enabled ciphers in order of preference: "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange @@ -231,4 +237,5 @@ prosody.events.add_handler("config-reloaded", reload_ssl_config); return { create_context = create_context; reload_ssl_config = reload_ssl_config; + find_cert = find_cert; }; diff --git a/net/adns.lua b/net/adns.lua index f1196a6c..a19cbd59 100644 --- a/net/adns.lua +++ b/net/adns.lua @@ -12,6 +12,7 @@ local new_resolver = require "net.dns".resolver; local log = require "util.logger".init("adns"); local coroutine, tostring, pcall = coroutine, tostring, pcall; +local setmetatable = setmetatable; local function dummy_send(sock, data, i, j) return (j-i)+1; end diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua index ae24a2fc..e10ac27d 100644 --- a/plugins/mod_blocklist.lua +++ b/plugins/mod_blocklist.lua @@ -22,6 +22,7 @@ local jid_split = require"util.jid".split; local storage = module:open_store(); local sessions = prosody.hosts[module.host].sessions; +local full_sessions = prosody.full_sessions; -- First level cache of blocklists by username. -- Weak table so may randomly expire at any time. @@ -271,8 +272,13 @@ local function bounce_iq(event) end local function bounce_message(event) - local type = event.stanza.attr.type; + local stanza = event.stanza; + local type = stanza.attr.type; if type == "chat" or not type or type == "normal" then + if full_sessions[stanza.attr.to] then + -- See #690 + return drop_stanza(event); + end return bounce_stanza(event); end return drop_stanza(event); -- drop headlines, groupchats etc @@ -305,7 +311,6 @@ local prio_in, prio_out = 100, 100; module:hook("presence/bare", drop_stanza, prio_in); module:hook("presence/full", drop_stanza, prio_in); --- FIXME See #690 module:hook("message/bare", bounce_message, prio_in); module:hook("message/full", bounce_message, prio_in); @@ -93,7 +93,7 @@ function read_config() print("\n"); print("**************************"); if level == "parser" then - print("A problem occurred while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"..":"); + print("A problem occured while reading the config file "..filename); print(""); local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)"); if err:match("chunk has too many syntax levels$") then @@ -105,7 +105,7 @@ function read_config() print(""); elseif level == "file" then print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("We looked for: "..filename); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index bd897f74..a0fc6c9e 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -65,7 +65,7 @@ modules_enabled = { -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websockets"; -- XMPP over WebSockets + --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality @@ -91,13 +91,13 @@ do print("\n"); print("**************************"); if level == "parser" then - print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("A problem occured while reading the config file "..filename); local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)"); print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err))); print(""); elseif level == "file" then print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("We looked for: "..filename); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end @@ -162,6 +162,17 @@ if have_pposix and pposix then if not switched_user then -- Boo! print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); + else + -- Make sure the Prosody user can read the config + local conf, err, errno = io.open(ENV_CONFIG); + if conf then + conf:close(); + else + print("The config file is not readable by the '"..desired_user.."' user."); + print("Prosody will not be able to read it."); + print("Error was "..err); + os.exit(1); + end end end @@ -892,18 +903,14 @@ function cert_commands.import(arg) owner = config.get("*", "prosody_user") or "prosody"; group = config.get("*", "prosody_group") or owner; end + local cm = require "core.certmanager"; local imported = {}; for _, host in ipairs(hostnames) do for _, dir in ipairs(arg) do - if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem") - and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then - copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); - table.insert(imported, host); - elseif lfs.attributes(dir .. "/" .. host .. ".crt") - and lfs.attributes(dir .. "/" .. host .. ".key") then - copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); + local paths = cm.find_cert(dir, host); + if paths then + copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group); + copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); table.insert(imported, host); else -- TODO Say where we looked diff --git a/util/sslconfig.lua b/util/sslconfig.lua index 931502b9..4c4e1d48 100644 --- a/util/sslconfig.lua +++ b/util/sslconfig.lua @@ -63,6 +63,9 @@ function finalisers.ciphers(cipherlist) return cipherlist; end +-- Curve list too +finalisers.curveslist = finalisers.ciphers; + -- protocol = "x" should enable only that protocol -- protocol = "x+" should enable x and later versions diff --git a/util/throttle.lua b/util/throttle.lua index a8191886..1012f78a 100644 --- a/util/throttle.lua +++ b/util/throttle.lua @@ -1,7 +1,6 @@ local gettime = require "util.time".now local setmetatable = setmetatable; -local floor = math.floor; local _ENV = nil; |