aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/certmanager.lua14
-rw-r--r--net/server_event.lua17
-rw-r--r--net/server_select.lua23
-rw-r--r--plugins/mod_admin_telnet.lua2
-rw-r--r--plugins/mod_c2s.lua9
-rw-r--r--plugins/mod_s2s/mod_s2s.lua9
-rwxr-xr-xprosody37
7 files changed, 60 insertions, 51 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 20a6d609..a9f8b644 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -17,10 +17,11 @@ local prosody = prosody;
local resolve_path = configmanager.resolve_relative_path;
local config_path = prosody.paths.config;
-local luasec_has_noticket;
+local luasec_has_noticket, luasec_has_verifyext;
if ssl then
local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4;
+ luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5;
end
module "certmanager"
@@ -28,8 +29,16 @@ module "certmanager"
-- Global SSL options if not overridden per-host
local default_ssl_config = configmanager.get("*", "core", "ssl");
local default_capath = "/etc/ssl/certs";
-local default_verify = (ssl and ssl.x509 and { "peer", "client_once", "continue", "ignore_purpose" }) or "none";
+local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
+local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+
+if not luasec_has_verifyext and ssl.x509 then
+ -- COMPAT mw/luasec-hg
+ for i=1,#default_verifyext do -- Remove lsec_ prefix
+ default_verify[#default_verify+1] = default_verifyext[i]:sub(6);
+ end
+end
function create_context(host, mode, user_ssl_config)
user_ssl_config = user_ssl_config or default_ssl_config;
@@ -46,6 +55,7 @@ function create_context(host, mode, user_ssl_config)
capath = resolve_path(config_path, user_ssl_config.capath or default_capath);
cafile = resolve_path(config_path, user_ssl_config.cafile);
verify = user_ssl_config.verify or default_verify;
+ verifyext = user_ssl_config.verifyext or default_verifyext;
options = user_ssl_config.options or default_options;
depth = user_ssl_config.depth;
};
diff --git a/net/server_event.lua b/net/server_event.lua
index f2626f5f..e69530ff 100644
--- a/net/server_event.lua
+++ b/net/server_event.lua
@@ -6,7 +6,6 @@
notes:
-- when using luaevent, never register 2 or more EV_READ at one socket, same for EV_WRITE
-- you cant even register a new EV_READ/EV_WRITE callback inside another one
- -- never call eventcallback:close( ) from inside eventcallback
-- to do some of the above, use timeout events or something what will called from outside
-- dont let garbagecollect eventcallbacks, as long they are running
-- when using luasec, there are 4 cases of timeout errors: wantread or wantwrite during reading or writing
@@ -121,14 +120,8 @@ do
self.position = new_position or self.position
return self.position;
end
- function interface_mt:_close() -- regs event to start self:_destroy()
- local callback = function( )
- self:_destroy();
- self.eventclose = nil
- return -1
- end
- self.eventclose = addevent( base, nil, EV_TIMEOUT, callback, 0 )
- return true
+ function interface_mt:_close()
+ return self:_destroy();
end
function interface_mt:_start_connection(plainssl) -- should be called from addclient
@@ -248,7 +241,7 @@ do
debug( "closing client with id:", self.id, self.fatalerror )
self:_lock( true, true, true ) -- first of all, lock the interface to avoid further actions
local _
- _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks!
+ _ = self.eventread and self.eventread:close( )
if self.type == "client" then
_ = self.eventwrite and self.eventwrite:close( )
_ = self.eventhandshake and self.eventhandshake:close( )
@@ -258,7 +251,7 @@ do
_ = self.eventwritetimeout and self.eventwritetimeout:close( )
_ = self.eventreadtimeout and self.eventreadtimeout:close( )
_ = self.ondisconnect and self:ondisconnect( self.fatalerror ~= "client to close" and self.fatalerror) -- call ondisconnect listener (wont be the case if handshake failed on connect)
- _ = self.conn and self.conn:close( ) -- close connection, must also be called outside of any socket registered events!
+ _ = self.conn and self.conn:close( ) -- close connection
_ = self._server and self._server:counter(-1);
self.eventread, self.eventwrite = nil, nil
self.eventstarthandshake, self.eventhandshake, self.eventclose = nil, nil, nil
@@ -342,7 +335,7 @@ do
debug( "try to close server with id:", tostring(self.id))
self.fatalerror = "server to close"
self:_lock( true )
- self:_close( 0 ) -- add new event to remove the server interface
+ self:_close( 0 )
return true
end
end
diff --git a/net/server_select.lua b/net/server_select.lua
index 8cb4e235..97b9f199 100644
--- a/net/server_select.lua
+++ b/net/server_select.lua
@@ -185,6 +185,9 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco
end
handler.remove = function( )
connections = connections - 1
+ if handler then
+ handler.resume( )
+ end
end
handler.close = function()
socket:close( )
@@ -197,6 +200,25 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco
--mem_free( )
out_put "server.lua: closed server handler and removed sockets from list"
end
+ handler.pause = function()
+ if not handler.paused then
+ socket:close( )
+ _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
+ _readlistlen = removesocket( _readlist, socket, _readlistlen )
+ _socketlist[ socket ] = nil
+ socket = nil;
+ handler.paused = true;
+ end
+ end
+ handler.resume = function()
+ if handler.paused then
+ socket = socket_bind( ip, serverport );
+ socket:settimeout( 0 )
+ _readlistlen = addsocket(_readlist, socket, _readlistlen)
+ _socketlist[ socket ] = handler
+ handler.paused = false;
+ end
+ end
handler.ip = function( )
return ip
end
@@ -208,6 +230,7 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco
end
handler.readbuffer = function( )
if connections > maxconnections then
+ handler.pause( )
out_put( "server.lua: refused new client connection: server full" )
return false
end
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index 12ab2355..e1b90684 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -149,6 +149,7 @@ function console_listener.onincoming(conn, data)
end
for line in data:gmatch("[^\n]*[\n\004]") do
+ if session.closed then return end
console:process_line(session, line);
session.send(string.char(0));
end
@@ -168,6 +169,7 @@ end
function commands.bye(session)
session.print("See you! :)");
+ session.closed = true;
session.disconnect();
end
commands.quit, commands.exit = commands.bye, commands.bye;
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index 72085113..89d678ca 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -265,6 +265,15 @@ function listener.associate_session(conn, session)
sessions[conn] = session;
end
+module:hook("server-stopping", function(event)
+ local reason = event.reason;
+ for _, session in pairs(sessions) do
+ session:close{ condition = "system-shutdown", text = reason };
+ end
+end, 1000);
+
+
+
module:provides("net", {
name = "c2s";
listener = listener;
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 788a64af..ad628a9b 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -506,6 +506,15 @@ end
s2sout.set_listener(listener);
+module:hook("server-stopping", function(event)
+ local reason = event.reason;
+ for _, session in pairs(sessions) do
+ session:close{ condition = "system-shutdown", text = reason };
+ end
+end,500);
+
+
+
module:provides("net", {
name = "s2s";
listener = listener;
diff --git a/prosody b/prosody
index c1606874..da77719d 100755
--- a/prosody
+++ b/prosody
@@ -374,43 +374,6 @@ end
function cleanup()
log("info", "Shutdown status: Cleaning up");
prosody.events.fire_event("server-cleanup");
-
- -- Ok, we're quitting I know, but we
- -- need to do some tidying before we go :)
- server.setquitting(false);
-
- log("info", "Shutdown status: Closing all active sessions");
- for hostname, host in pairs(hosts) do
- log("debug", "Shutdown status: Closing client connections for %s", hostname)
- if host.sessions then
- local reason = { condition = "system-shutdown", text = "Server is shutting down" };
- if prosody.shutdown_reason then
- reason.text = reason.text..": "..prosody.shutdown_reason;
- end
- for username, user in pairs(host.sessions) do
- for resource, session in pairs(user.sessions) do
- log("debug", "Closing connection for %s@%s/%s", username, hostname, resource);
- session:close(reason);
- end
- end
- end
-
- log("debug", "Shutdown status: Closing outgoing s2s connections from %s", hostname);
- if host.s2sout then
- for remotehost, session in pairs(host.s2sout) do
- if session.close then
- session:close("system-shutdown");
- else
- log("warn", "Unable to close outgoing s2s session to %s, no session:close()?!", remotehost);
- end
- end
- end
- end
-
- log("info", "Shutdown status: Closing all server connections");
- server.closeall();
-
- server.setquitting(true);
end
-- Are you ready? :)