aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/s2smanager.lua14
-rw-r--r--net/dns.lua2
-rw-r--r--plugins/mod_legacyauth.lua11
-rw-r--r--util-src/Makefile.win4
-rw-r--r--util-src/encodings.c8
5 files changed, 24 insertions, 15 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 118bbf0c..daf2c871 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -255,20 +255,20 @@ function try_connect(host_session, connect_host, connect_port)
host_session.connecting = nil;
-- COMPAT: This is a compromise for all you CNAME-(ab)users :)
- if not (reply and reply[1] and reply[1].a) then
+ if not (reply and reply[#reply] and reply[#reply].a) then
local count = max_dns_depth;
reply = dns.peek(connect_host, "CNAME", "IN");
- while count > 0 and reply and reply[1] and not reply[1].a and reply[1].cname do
- log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[1].cname), count);
- reply = dns.peek(reply[1].cname, "A", "IN") or dns.peek(reply[1].cname, "CNAME", "IN");
+ while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do
+ log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count);
+ reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN");
count = count - 1;
end
end
-- end of CNAME resolving
- if reply and reply[1] and reply[1].a then
- log("debug", "DNS reply for %s gives us %s", connect_host, reply[1].a);
- return make_connect(host_session, reply[1].a, connect_port);
+ if reply and reply[#reply] and reply[#reply].a then
+ log("debug", "DNS reply for %s gives us %s", connect_host, reply[#reply].a);
+ return make_connect(host_session, reply[#reply].a, connect_port);
else
log("debug", "DNS lookup failed to get a response for %s", connect_host);
if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can
diff --git a/net/dns.lua b/net/dns.lua
index d6462031..e793c397 100644
--- a/net/dns.lua
+++ b/net/dns.lua
@@ -510,7 +510,7 @@ function resolver:adddefaultnameservers () -- - - - - adddefaultnameservers
local resolv_conf = io.open("/etc/resolv.conf");
if resolv_conf then
for line in resolv_conf:lines() do
- local address = string.match (line, '^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$')
+ local address = line:gsub("#.*$", ""):match('^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$')
if address then self:addnameserver (address) end
end
elseif os.getenv("WINDIR") then
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 9a9c3902..4d0d7ca1 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -15,6 +15,8 @@ local secure_auth_only = module:get_option("require_encryption");
local sessionmanager = require "core.sessionmanager";
local usermanager = require "core.usermanager";
+local nodeprep = require "util.encodings".stringprep.nodeprep;
+local resourceprep = require "util.encodings".stringprep.resourceprep;
module:add_feature("jabber:iq:auth");
module:add_event_hook("stream-features", function (session, features)
@@ -44,6 +46,8 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
:tag("resource"):up());
else
username, password, resource = t_concat(username), t_concat(password), t_concat(resource);
+ username = nodeprep(username);
+ resource = resourceprep(resource)
local reply = st.reply(stanza);
if usermanager.validate_credentials(session.host, username, password) then
-- Authentication successful!
@@ -53,7 +57,12 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth",
success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource);
if not success then
session.send(st.error_reply(stanza, err_type, err, err_msg));
- return true; -- FIXME need to unauthenticate here
+ session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager?
+ return true;
+ elseif resource ~= session.resource then -- server changed resource, not supported by legacy auth
+ session.send(st.error_reply(stanza, "cancel", "conflict", "The requested resource could not be assigned to this session."));
+ session:close(); -- FIXME undo resource bind and auth instead of closing the session?
+ return true;
end
end
session.send(st.reply(stanza));
diff --git a/util-src/Makefile.win b/util-src/Makefile.win
index d76aaccb..00b3f6fc 100644
--- a/util-src/Makefile.win
+++ b/util-src/Makefile.win
@@ -1,7 +1,7 @@
LUA_PATH=$(LUA_DEV)
-IDN_PATH=.\libidn-1.9
-OPENSSL_PATH=.\openssl-0.9.8i
+IDN_PATH=..\..\libidn-1.15
+OPENSSL_PATH=..\..\openssl-0.9.8k
LUA_INCLUDE=$(LUA_PATH)\include
LUA_LIB=$(LUA_PATH)\lib\lua5.1.lib
diff --git a/util-src/encodings.c b/util-src/encodings.c
index d7aabc14..65d7d501 100644
--- a/util-src/encodings.c
+++ b/util-src/encodings.c
@@ -172,11 +172,11 @@ static int Lidna_to_ascii(lua_State *L) /** idna.to_ascii(s) */
int ret = idna_to_ascii_8z(s, &output, 0);
if (ret == IDNA_SUCCESS) {
lua_pushstring(L, output);
- if (output) free(output);
+ idn_free(output);
return 1;
} else {
lua_pushnil(L);
- if (output) free(output);
+ idn_free(output);
return 1; // TODO return error message
}
}
@@ -189,11 +189,11 @@ static int Lidna_to_unicode(lua_State *L) /** idna.to_unicode(s) */
int ret = idna_to_unicode_8z8z(s, &output, 0);
if (ret == IDNA_SUCCESS) {
lua_pushstring(L, output);
- if (output) free(output);
+ idn_free(output);
return 1;
} else {
lua_pushnil(L);
- if (output) free(output);
+ idn_free(output);
return 1; // TODO return error message
}
}