aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xconfigure45
-rw-r--r--core/certmanager.lua7
-rw-r--r--net/adns.lua1
-rw-r--r--plugins/mod_blocklist.lua9
-rwxr-xr-xprosody4
-rw-r--r--prosody.cfg.lua.dist2
-rwxr-xr-xprosodyctl29
-rw-r--r--util/sslconfig.lua3
-rw-r--r--util/throttle.lua1
9 files changed, 49 insertions, 52 deletions
diff --git a/configure b/configure
index 63403738..c26f78ed 100755
--- a/configure
+++ b/configure
@@ -73,14 +73,18 @@ Configure $APP_NAME prior to building.
Default is to use /dev/urandom
--cflags=FLAGS Flags to pass to the compiler
Default is $CFLAGS
+--add-cflags=FLAGS Adds additional CFLAGS, preserving defaults.
+ Can be repeated.
--ldflags=FLAGS Flags to pass to the linker
Default is $LDFLAGS
+--add-ldflags=FLAGS Adds additional linker flags, preserving defaults.
+ Can be repeated.
--c-compiler=CC The C compiler to use when building modules.
Default is $CC
+--compiler-wrapper=WRAPPER Adds a prefix to compiler and linker calls,
+ usable for eg distcc or ccache.
--linker=CC The linker to use when building modules.
Default is $LD
---require-config Will cause $APP_NAME to refuse to run when
- it fails to find a configuration file
--no-example-certs Disables generation of example certificates.
EOF
}
@@ -172,6 +176,10 @@ do
LUA_SUFFIX="5.1";
LUA_SUFFIX_SET=yes
fi
+ if [ "$RUNWITH_SET" != "yes" ]; then
+ RUNWITH="lua$LUA_SUFFIX";
+ RUNWITH_SET=yes
+ fi
LUA_INCDIR="/usr/include/lua$LUA_SUFFIX"
LUA_INCDIR_SET=yes
CFLAGS="$CFLAGS -ggdb"
@@ -238,9 +246,6 @@ do
DATADIR="$value"
DATADIR_SET=yes
;;
- --require-config)
- REQUIRE_CONFIG=yes
- ;;
--lua-suffix)
[ -n "$value" ] || die "Missing value in flag $key."
LUA_SUFFIX="$value"
@@ -501,34 +506,6 @@ then
fi
fi
-echo_n "Configuring for system... "
-if uname -s
-then
- UNAME_S=`uname -s`
-else
- die "Could not determine operating system. 'uname -s' failed."
-fi
-echo_n "Configuring for architecture... "
-if uname -m
-then
- UNAME_M=`uname -m`
-else
- die "Could not determine processor architecture. 'uname -m' failed."
-fi
-
-if [ "$UNAME_S" = Linux ]
-then
- GCC_ARCH=`gcc -print-multiarch 2>/dev/null`
- if [ -n "$GCC_ARCH" -a -d "/usr/lib/$GCC_ARCH" ]
- then
- MULTIARCH_SUBDIR="lib/$GCC_ARCH"
- elif [ -d "/usr/lib64" ]
- then
- # Useful for Fedora systems
- MULTIARCH_SUBDIR="lib64"
- fi
-fi
-
if [ "$IDN_LIBRARY" = "icu" ]
then
IDNA_LIBS="$ICU_FLAGS"
@@ -574,8 +551,6 @@ LUA_DIR_SET=$LUA_DIR_SET
LUA_INCDIR=$LUA_INCDIR
LUA_LIBDIR=$LUA_LIBDIR
LUA_BINDIR=$LUA_BINDIR
-MULTIARCH_SUBDIR=$MULTIARCH_SUBDIR
-REQUIRE_CONFIG=$REQUIRE_CONFIG
IDN_LIB=$IDN_LIB
IDNA_LIBS=$IDNA_LIBS
OPENSSL_LIBS=$OPENSSL_LIBS
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 288836ce..2be66a21 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -107,6 +107,12 @@ local core_defaults = {
};
verifyext = { "lsec_continue", "lsec_ignore_purpose" };
curve = "secp384r1";
+ curveslist = {
+ "X25519",
+ "P-384",
+ "P-256",
+ "P-521",
+ };
ciphers = { -- Enabled ciphers in order of preference:
"HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set
"HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange
@@ -231,4 +237,5 @@ prosody.events.add_handler("config-reloaded", reload_ssl_config);
return {
create_context = create_context;
reload_ssl_config = reload_ssl_config;
+ find_cert = find_cert;
};
diff --git a/net/adns.lua b/net/adns.lua
index f1196a6c..a19cbd59 100644
--- a/net/adns.lua
+++ b/net/adns.lua
@@ -12,6 +12,7 @@ local new_resolver = require "net.dns".resolver;
local log = require "util.logger".init("adns");
local coroutine, tostring, pcall = coroutine, tostring, pcall;
+local setmetatable = setmetatable;
local function dummy_send(sock, data, i, j) return (j-i)+1; end
diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua
index ae24a2fc..e10ac27d 100644
--- a/plugins/mod_blocklist.lua
+++ b/plugins/mod_blocklist.lua
@@ -22,6 +22,7 @@ local jid_split = require"util.jid".split;
local storage = module:open_store();
local sessions = prosody.hosts[module.host].sessions;
+local full_sessions = prosody.full_sessions;
-- First level cache of blocklists by username.
-- Weak table so may randomly expire at any time.
@@ -271,8 +272,13 @@ local function bounce_iq(event)
end
local function bounce_message(event)
- local type = event.stanza.attr.type;
+ local stanza = event.stanza;
+ local type = stanza.attr.type;
if type == "chat" or not type or type == "normal" then
+ if full_sessions[stanza.attr.to] then
+ -- See #690
+ return drop_stanza(event);
+ end
return bounce_stanza(event);
end
return drop_stanza(event); -- drop headlines, groupchats etc
@@ -305,7 +311,6 @@ local prio_in, prio_out = 100, 100;
module:hook("presence/bare", drop_stanza, prio_in);
module:hook("presence/full", drop_stanza, prio_in);
--- FIXME See #690
module:hook("message/bare", bounce_message, prio_in);
module:hook("message/full", bounce_message, prio_in);
diff --git a/prosody b/prosody
index 9a15af1c..0fa19b17 100755
--- a/prosody
+++ b/prosody
@@ -93,7 +93,7 @@ function read_config()
print("\n");
print("**************************");
if level == "parser" then
- print("A problem occurred while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"..":");
+ print("A problem occured while reading the config file "..filename);
print("");
local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
if err:match("chunk has too many syntax levels$") then
@@ -105,7 +105,7 @@ function read_config()
print("");
elseif level == "file" then
print("Prosody was unable to find the configuration file.");
- print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+ print("We looked for: "..filename);
print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
end
diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist
index bd897f74..a0fc6c9e 100644
--- a/prosody.cfg.lua.dist
+++ b/prosody.cfg.lua.dist
@@ -65,7 +65,7 @@ modules_enabled = {
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
- --"websockets"; -- XMPP over WebSockets
+ --"websocket"; -- XMPP over WebSockets
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
diff --git a/prosodyctl b/prosodyctl
index 94d3a4e5..02237082 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -91,13 +91,13 @@ do
print("\n");
print("**************************");
if level == "parser" then
- print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+ print("A problem occured while reading the config file "..filename);
local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err)));
print("");
elseif level == "file" then
print("Prosody was unable to find the configuration file.");
- print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+ print("We looked for: "..filename);
print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
end
@@ -162,6 +162,17 @@ if have_pposix and pposix then
if not switched_user then
-- Boo!
print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
+ else
+ -- Make sure the Prosody user can read the config
+ local conf, err, errno = io.open(ENV_CONFIG);
+ if conf then
+ conf:close();
+ else
+ print("The config file is not readable by the '"..desired_user.."' user.");
+ print("Prosody will not be able to read it.");
+ print("Error was "..err);
+ os.exit(1);
+ end
end
end
@@ -892,18 +903,14 @@ function cert_commands.import(arg)
owner = config.get("*", "prosody_user") or "prosody";
group = config.get("*", "prosody_group") or owner;
end
+ local cm = require "core.certmanager";
local imported = {};
for _, host in ipairs(hostnames) do
for _, dir in ipairs(arg) do
- if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem")
- and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then
- copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
- copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
- table.insert(imported, host);
- elseif lfs.attributes(dir .. "/" .. host .. ".crt")
- and lfs.attributes(dir .. "/" .. host .. ".key") then
- copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
- copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
+ local paths = cm.find_cert(dir, host);
+ if paths then
+ copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
+ copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
table.insert(imported, host);
else
-- TODO Say where we looked
diff --git a/util/sslconfig.lua b/util/sslconfig.lua
index 931502b9..4c4e1d48 100644
--- a/util/sslconfig.lua
+++ b/util/sslconfig.lua
@@ -63,6 +63,9 @@ function finalisers.ciphers(cipherlist)
return cipherlist;
end
+-- Curve list too
+finalisers.curveslist = finalisers.ciphers;
+
-- protocol = "x" should enable only that protocol
-- protocol = "x+" should enable x and later versions
diff --git a/util/throttle.lua b/util/throttle.lua
index a8191886..1012f78a 100644
--- a/util/throttle.lua
+++ b/util/throttle.lua
@@ -1,7 +1,6 @@
local gettime = require "util.time".now
local setmetatable = setmetatable;
-local floor = math.floor;
local _ENV = nil;