diff options
-rw-r--r-- | core/certmanager.lua | 14 | ||||
-rw-r--r-- | net/server_event.lua | 17 | ||||
-rw-r--r-- | net/server_select.lua | 23 | ||||
-rw-r--r-- | plugins/mod_admin_telnet.lua | 2 | ||||
-rw-r--r-- | plugins/mod_c2s.lua | 9 | ||||
-rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 9 | ||||
-rwxr-xr-x | prosody | 37 |
7 files changed, 60 insertions, 51 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 20a6d609..a9f8b644 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -17,10 +17,11 @@ local prosody = prosody; local resolve_path = configmanager.resolve_relative_path; local config_path = prosody.paths.config; -local luasec_has_noticket; +local luasec_has_noticket, luasec_has_verifyext; if ssl then local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4; + luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5; end module "certmanager" @@ -28,8 +29,16 @@ module "certmanager" -- Global SSL options if not overridden per-host local default_ssl_config = configmanager.get("*", "core", "ssl"); local default_capath = "/etc/ssl/certs"; -local default_verify = (ssl and ssl.x509 and { "peer", "client_once", "continue", "ignore_purpose" }) or "none"; +local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil }; +local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; + +if not luasec_has_verifyext and ssl.x509 then + -- COMPAT mw/luasec-hg + for i=1,#default_verifyext do -- Remove lsec_ prefix + default_verify[#default_verify+1] = default_verifyext[i]:sub(6); + end +end function create_context(host, mode, user_ssl_config) user_ssl_config = user_ssl_config or default_ssl_config; @@ -46,6 +55,7 @@ function create_context(host, mode, user_ssl_config) capath = resolve_path(config_path, user_ssl_config.capath or default_capath); cafile = resolve_path(config_path, user_ssl_config.cafile); verify = user_ssl_config.verify or default_verify; + verifyext = user_ssl_config.verifyext or default_verifyext; options = user_ssl_config.options or default_options; depth = user_ssl_config.depth; }; diff --git a/net/server_event.lua b/net/server_event.lua index f2626f5f..e69530ff 100644 --- a/net/server_event.lua +++ b/net/server_event.lua @@ -6,7 +6,6 @@ notes: -- when using luaevent, never register 2 or more EV_READ at one socket, same for EV_WRITE -- you cant even register a new EV_READ/EV_WRITE callback inside another one - -- never call eventcallback:close( ) from inside eventcallback -- to do some of the above, use timeout events or something what will called from outside -- dont let garbagecollect eventcallbacks, as long they are running -- when using luasec, there are 4 cases of timeout errors: wantread or wantwrite during reading or writing @@ -121,14 +120,8 @@ do self.position = new_position or self.position return self.position; end - function interface_mt:_close() -- regs event to start self:_destroy() - local callback = function( ) - self:_destroy(); - self.eventclose = nil - return -1 - end - self.eventclose = addevent( base, nil, EV_TIMEOUT, callback, 0 ) - return true + function interface_mt:_close() + return self:_destroy(); end function interface_mt:_start_connection(plainssl) -- should be called from addclient @@ -248,7 +241,7 @@ do debug( "closing client with id:", self.id, self.fatalerror ) self:_lock( true, true, true ) -- first of all, lock the interface to avoid further actions local _ - _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks! + _ = self.eventread and self.eventread:close( ) if self.type == "client" then _ = self.eventwrite and self.eventwrite:close( ) _ = self.eventhandshake and self.eventhandshake:close( ) @@ -258,7 +251,7 @@ do _ = self.eventwritetimeout and self.eventwritetimeout:close( ) _ = self.eventreadtimeout and self.eventreadtimeout:close( ) _ = self.ondisconnect and self:ondisconnect( self.fatalerror ~= "client to close" and self.fatalerror) -- call ondisconnect listener (wont be the case if handshake failed on connect) - _ = self.conn and self.conn:close( ) -- close connection, must also be called outside of any socket registered events! + _ = self.conn and self.conn:close( ) -- close connection _ = self._server and self._server:counter(-1); self.eventread, self.eventwrite = nil, nil self.eventstarthandshake, self.eventhandshake, self.eventclose = nil, nil, nil @@ -342,7 +335,7 @@ do debug( "try to close server with id:", tostring(self.id)) self.fatalerror = "server to close" self:_lock( true ) - self:_close( 0 ) -- add new event to remove the server interface + self:_close( 0 ) return true end end diff --git a/net/server_select.lua b/net/server_select.lua index 8cb4e235..97b9f199 100644 --- a/net/server_select.lua +++ b/net/server_select.lua @@ -185,6 +185,9 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco end handler.remove = function( ) connections = connections - 1 + if handler then + handler.resume( ) + end end handler.close = function() socket:close( ) @@ -197,6 +200,25 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco --mem_free( ) out_put "server.lua: closed server handler and removed sockets from list" end + handler.pause = function() + if not handler.paused then + socket:close( ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _socketlist[ socket ] = nil + socket = nil; + handler.paused = true; + end + end + handler.resume = function() + if handler.paused then + socket = socket_bind( ip, serverport ); + socket:settimeout( 0 ) + _readlistlen = addsocket(_readlist, socket, _readlistlen) + _socketlist[ socket ] = handler + handler.paused = false; + end + end handler.ip = function( ) return ip end @@ -208,6 +230,7 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco end handler.readbuffer = function( ) if connections > maxconnections then + handler.pause( ) out_put( "server.lua: refused new client connection: server full" ) return false end diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 12ab2355..e1b90684 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -149,6 +149,7 @@ function console_listener.onincoming(conn, data) end for line in data:gmatch("[^\n]*[\n\004]") do + if session.closed then return end console:process_line(session, line); session.send(string.char(0)); end @@ -168,6 +169,7 @@ end function commands.bye(session) session.print("See you! :)"); + session.closed = true; session.disconnect(); end commands.quit, commands.exit = commands.bye, commands.bye; diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 72085113..89d678ca 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -265,6 +265,15 @@ function listener.associate_session(conn, session) sessions[conn] = session; end +module:hook("server-stopping", function(event) + local reason = event.reason; + for _, session in pairs(sessions) do + session:close{ condition = "system-shutdown", text = reason }; + end +end, 1000); + + + module:provides("net", { name = "c2s"; listener = listener; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 788a64af..ad628a9b 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -506,6 +506,15 @@ end s2sout.set_listener(listener); +module:hook("server-stopping", function(event) + local reason = event.reason; + for _, session in pairs(sessions) do + session:close{ condition = "system-shutdown", text = reason }; + end +end,500); + + + module:provides("net", { name = "s2s"; listener = listener; @@ -374,43 +374,6 @@ end function cleanup() log("info", "Shutdown status: Cleaning up"); prosody.events.fire_event("server-cleanup"); - - -- Ok, we're quitting I know, but we - -- need to do some tidying before we go :) - server.setquitting(false); - - log("info", "Shutdown status: Closing all active sessions"); - for hostname, host in pairs(hosts) do - log("debug", "Shutdown status: Closing client connections for %s", hostname) - if host.sessions then - local reason = { condition = "system-shutdown", text = "Server is shutting down" }; - if prosody.shutdown_reason then - reason.text = reason.text..": "..prosody.shutdown_reason; - end - for username, user in pairs(host.sessions) do - for resource, session in pairs(user.sessions) do - log("debug", "Closing connection for %s@%s/%s", username, hostname, resource); - session:close(reason); - end - end - end - - log("debug", "Shutdown status: Closing outgoing s2s connections from %s", hostname); - if host.s2sout then - for remotehost, session in pairs(host.s2sout) do - if session.close then - session:close("system-shutdown"); - else - log("warn", "Unable to close outgoing s2s session to %s, no session:close()?!", remotehost); - end - end - end - end - - log("info", "Shutdown status: Closing all server connections"); - server.closeall(); - - server.setquitting(true); end -- Are you ready? :) |