Merge 0.10->trunk

7 files changed, 63 insertions, 44 deletions

diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index d20bcc7b..55eb2e55 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -170,6 +170,10 @@ function console_listener.ondisconnect(conn, err)
 	end
 end
 
+function console_listener.ondetach(conn)
+	sessions[conn] = nil;
+end
+
 -- Console commands --
 -- These are simple commands, not valid standalone in Lua
 
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index bb3858c0..4238b2e7 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -240,9 +240,9 @@ function listener.onconnect(conn)
 	function session.data(data)
 		-- Parse the data, which will store stanzas in session.pending_stanzas
 		if data then
-			data = filter("bytes/in", data);
-			if data then
-				local ok, err = stream:feed(data);
+		data = filter("bytes/in", data);
+		if data then
+			local ok, err = stream:feed(data);
 				if not ok then
 					log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
 					session:close("not-well-formed");
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
index 297609d8..53ef4ed0 100644
--- a/plugins/mod_component.lua
+++ b/plugins/mod_component.lua
@@ -317,6 +317,10 @@ function listener.ondisconnect(conn, err)
 	end
 end
 
+function listener.ondetach(conn)
+	sessions[conn] = nil;
+end
+
 module:provides("net", {
 	name = "component";
 	private = true;
diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index 2584299c..4c5e3e44 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -82,6 +82,15 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
 		local attr = stanza.attr;
 		local to, from = nameprep(attr.to), nameprep(attr.from);
 
+		if not hosts[to] then
+			-- Not a host that we serve
+			origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
+			origin:close("host-unknown");
+			return true;
+		elseif not from then
+			origin:close("improper-addressing");
+		end
+
 		if dwd and origin.secure then
 			if check_cert_status(origin, from) == false then
 				return
@@ -92,15 +101,6 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
 			end
 		end
 
-		if not hosts[to] then
-			-- Not a host that we serve
-			origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
-			origin:close("host-unknown");
-			return true;
-		elseif not from then
-			origin:close("improper-addressing");
-		end
-
 		origin.hosts[from] = { dialback_key = stanza[1] };
 
 		dialback_requests[from.."/"..origin.streamid] = origin;
diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua
index d666b907..0dd3dc67 100644
--- a/plugins/mod_net_multiplex.lua
+++ b/plugins/mod_net_multiplex.lua
@@ -34,7 +34,6 @@ end
 function listener.onincoming(conn, data)
 	if not data then return; end
 	local buf = buffers[conn];
-	buffers[conn] = nil;
 	buf = buf and buf..data or data;
 	for service, multiplex_pattern in pairs(available_services) do
 		if buf:match(multiplex_pattern) then
@@ -57,6 +56,8 @@ function listener.ondisconnect(conn, err)
 	buffers[conn] = nil; -- warn if no buffer?
 end
 
+listener.ondetach = listener.ondisconnect;
+
 module:provides("net", {
 	name = "multiplex";
 	config_prefix = "";
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 8614b857..0a2b5bb7 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -350,8 +350,11 @@ function stream_callbacks.streamopened(session, attr)
 		session.notopen = nil;
 	elseif session.direction == "outgoing" then
 		session.notopen = nil;
-		-- If we are just using the connection for verifying dialback keys, we won't try and auth it
-		if not attr.id then error("stream response did not give us a streamid!!!"); end
+		if not attr.id then
+			log("error", "Stream response did not give us a stream id!");
+			session:close({ condition = "undefined-condition", text = "Missing stream ID" });
+			return;
+		end
 		session.streamid = attr.id;
 
 		if session.secure and not session.cert_chain_status then
@@ -617,6 +620,10 @@ function listener.register_outgoing(conn, session)
 	initialize_session(session);
 end
 
+function listener.ondetach(conn)
+	sessions[conn] = nil;
+end
+
 function check_auth_policy(event)
 	local host, session = event.host, event.session;
 	local must_secure = secure_auth;
diff --git a/plugins/mod_s2s_auth_certs.lua b/plugins/mod_s2s_auth_certs.lua
index efc81130..dd0eb3cb 100644
--- a/plugins/mod_s2s_auth_certs.lua
+++ b/plugins/mod_s2s_auth_certs.lua
@@ -7,39 +7,42 @@ local log = module._log;
 module:hook("s2s-check-certificate", function(event)
 	local session, host, cert = event.session, event.host, event.cert;
 	local conn = session.conn:socket();
+	local log = session.log or log;
 
-	if cert then
-		local log = session.log or log;
-		local chain_valid, errors;
-		if conn.getpeerverification then
-			chain_valid, errors = conn:getpeerverification();
-		elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg
-			chain_valid, errors = conn:getpeerchainvalid();
-			errors = (not chain_valid) and { { errors } } or nil;
-		else
-			chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
+	if not cert then
+		log("warn", "No certificate provided by %s", host or "unknown host");
+		return;
+	end
+
+	local chain_valid, errors;
+	if conn.getpeerverification then
+		chain_valid, errors = conn:getpeerverification();
+	elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg
+		chain_valid, errors = conn:getpeerchainvalid();
+		errors = (not chain_valid) and { { errors } } or nil;
+	else
+		chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
+	end
+	-- Is there any interest in printing out all/the number of errors here?
+	if not chain_valid then
+		log("debug", "certificate chain validation result: invalid");
+		for depth, t in pairs(errors or NULL) do
+			log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
 		end
-		-- Is there any interest in printing out all/the number of errors here?
-		if not chain_valid then
-			log("debug", "certificate chain validation result: invalid");
-			for depth, t in pairs(errors or NULL) do
-				log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
-			end
-			session.cert_chain_status = "invalid";
-		else
-			log("debug", "certificate chain validation result: valid");
-			session.cert_chain_status = "valid";
+		session.cert_chain_status = "invalid";
+	else
+		log("debug", "certificate chain validation result: valid");
+		session.cert_chain_status = "valid";
 
-			-- We'll go ahead and verify the asserted identity if the
-			-- connecting server specified one.
-			if host then
-				if cert_verify_identity(host, "xmpp-server", cert) then
-					session.cert_identity_status = "valid"
-				else
-					session.cert_identity_status = "invalid"
-				end
-				log("debug", "certificate identity validation result: %s", session.cert_identity_status);
+		-- We'll go ahead and verify the asserted identity if the
+		-- connecting server specified one.
+		if host then
+			if cert_verify_identity(host, "xmpp-server", cert) then
+				session.cert_identity_status = "valid"
+			else
+				session.cert_identity_status = "invalid"
 			end
+			log("debug", "certificate identity validation result: %s", session.cert_identity_status);
 		end
 	end
 end, 509);