diff options
-rw-r--r-- | plugins/mod_admin_telnet.lua | 6 | ||||
-rw-r--r-- | plugins/mod_register.lua | 5 | ||||
-rw-r--r-- | plugins/mod_tls.lua | 4 | ||||
-rw-r--r-- | plugins/mod_websocket.lua | 2 | ||||
-rwxr-xr-x | prosodyctl | 126 | ||||
-rw-r--r-- | tests/util/logger.lua | 5 | ||||
-rw-r--r-- | util-src/crand.c | 10 | ||||
-rw-r--r-- | util-src/pposix.c | 2 | ||||
-rw-r--r-- | util/adhoc.lua | 2 |
9 files changed, 90 insertions, 72 deletions
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 3250e2ed..0913eb6d 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1167,6 +1167,12 @@ function def_env.http:list() return true; end +module:hook("server-stopping", function(event) + for conn, session in pairs(sessions) do + session.print("Shutting down: "..(event.reason or "unknown reason")); + end +end); + ------------- function printbanner(session) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index ee3f88ba..72e91368 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -21,6 +21,7 @@ local new_cache = require "util.cache".new; local compat = module:get_option_boolean("registration_compat", true); local allow_registration = module:get_option_boolean("allow_registration", false); local additional_fields = module:get_option("additional_registration_fields", {}); +local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local account_details = module:open_store("account_details"); @@ -83,7 +84,7 @@ module:hook("stream-features", function(event) local session, features = event.origin, event.features; -- Advertise registration to unauthorized clients only. - if not(allow_registration) or session.type ~= "c2s_unauthed" then + if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then return end @@ -213,6 +214,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) if not(allow_registration) or session.type ~= "c2s_unauthed" then log("debug", "Attempted registration when disabled or already authenticated"); session.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif require_encryption and not session.secure then + session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); else local query = stanza.tags[1]; if stanza.attr.type == "get" then diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 3903a760..fbeb344b 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -63,7 +63,9 @@ end local function can_do_tls(session) if not session.conn.starttls then - session.log("debug", "Underlying connection does not support STARTTLS"); + if not session.secure then + session.log("debug", "Underlying connection does not support STARTTLS"); + end return false; elseif session.ssl_ctx ~= nil then return session.ssl_ctx; diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c19ad566..47d170a1 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,6 +136,8 @@ function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; + conn.starttls = false; -- Prevent mod_tls from believing starttls can be done + if not request.headers.sec_websocket_key then response.headers.content_type = "text/html"; return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> @@ -2,7 +2,7 @@ -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -65,7 +65,7 @@ config = require "core.configmanager" local ENV_CONFIG; do local filenames = {}; - + local filename; if arg[1] == "--config" and arg[2] then table.insert(filenames, arg[2]); @@ -120,7 +120,7 @@ if custom_plugin_paths then -- path1;path2;path3;defaultpath... CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins"); end -prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, +prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, plugins = CFG_PLUGINDIR or "plugins", data = data_path }; if prosody.installed then @@ -161,7 +161,7 @@ if ok and pposix then print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); end end - + -- Set our umask to protect data files pposix.umask(config.get("*", "umask") or "027"); pposix.setenv("HOME", data_path); @@ -212,7 +212,7 @@ if #unwriteable_files > 0 then end -local error_messages = setmetatable({ +local error_messages = setmetatable({ ["invalid-username"] = "The given username is invalid in a Jabber ID"; ["invalid-hostname"] = "The given hostname is invalid"; ["no-password"] = "No password was supplied"; @@ -241,7 +241,7 @@ end for hostname, config in pairs(config.getconfig()) do hosts[hostname] = make_host(hostname); end - + local modulemanager = require "core.modulemanager" local prosodyctl = require "util.prosodyctl" @@ -290,30 +290,30 @@ function commands.adduser(arg) show_usage [[adduser user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) show_warning("The user will not be able to log in until this is changed."); hosts[host] = make_host(host); end - + if prosodyctl.user_exists{ user = user, host = host } then show_message [[That user already exists]]; return 1; end - + local password = read_password(); if not password then return 1; end - + local ok, msg = prosodyctl.adduser { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(msg) return 1; end @@ -329,30 +329,30 @@ function commands.passwd(arg) show_usage [[passwd user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) show_warning("The user will not be able to log in until this is changed."); hosts[host] = make_host(host); end - + if not prosodyctl.user_exists { user = user, host = host } then show_message [[That user does not exist, use prosodyctl adduser to create a new user]] return 1; end - + local password = read_password(); if not password then return 1; end - + local ok, msg = prosodyctl.passwd { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -368,12 +368,12 @@ function commands.deluser(arg) show_usage [[deluser user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) hosts[host] = make_host(host); @@ -383,11 +383,11 @@ function commands.deluser(arg) show_message [[That user does not exist on this server]] return 1; end - + local ok, msg = prosodyctl.deluser { user = user, host = host }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -402,7 +402,7 @@ function commands.start(arg) show_message(error_messages[ret]); return 1; end - + if ret then local ok, ret = prosodyctl.getpid(); if not ok then @@ -413,7 +413,7 @@ function commands.start(arg) show_message("Prosody is already running with PID %s", ret or "(unknown)"); return 1; end - + local ok, ret = prosodyctl.start(); if ok then local daemonize = config.get("*", "daemonize"); @@ -441,8 +441,8 @@ function commands.start(arg) end show_message("Failed to start Prosody"); - show_message(error_messages[ret]) - return 1; + show_message(error_messages[ret]) + return 1; end function commands.status(arg) @@ -456,7 +456,7 @@ function commands.status(arg) show_message(error_messages[ret]); return 1; end - + if ret then local ok, ret = prosodyctl.getpid(); if not ok then @@ -489,7 +489,7 @@ function commands.stop(arg) show_message("Prosody is not running"); return 1; end - + local ok, ret = prosodyctl.stop(); if ok then local i=1; @@ -519,7 +519,7 @@ function commands.restart(arg) show_usage([[restart]], [[Restart a running Prosody server]]); return 1; end - + commands.stop(arg); return commands.start(arg); end @@ -530,14 +530,14 @@ function commands.about(arg) show_usage([[about]], [[Show information about this Prosody installation]]); return 1; end - + local pwd = "."; local lfs = require "lfs"; local array = require "util.array"; local keys = require "util.iterators".keys; local hg = require"util.mercurial"; local relpath = config.resolve_relative_path; - + print("Prosody "..(prosody.version or "(unknown version)")); print(""); print("# Prosody directories"); @@ -608,10 +608,10 @@ function commands.reload(arg) show_message("Prosody is not running"); return 1; end - + local ok, ret = prosodyctl.reload(); if ok then - + show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect."); return 0; end @@ -621,6 +621,8 @@ function commands.reload(arg) end -- ejabberdctl compatibility +local unpack = table.unpack or unpack; -- luacheck: ignore 113 + function commands.register(arg) local user, host, password = unpack(arg); if (not (user and host)) or arg[1] == "--help" then @@ -641,11 +643,11 @@ function commands.register(arg) return 1; end end - + local ok, msg = prosodyctl.adduser { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -665,9 +667,9 @@ function commands.unregister(arg) end local ok, msg = prosodyctl.deluser { user = user, host = host }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -1010,7 +1012,7 @@ function commands.check(arg) print(" Connections will fail."); ok = false; end - + print("Done.\n"); end if not what or what == "dns" then @@ -1019,7 +1021,7 @@ function commands.check(arg) local ip = require "util.ip"; local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222}); local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269}); - + local c2s_srv_required, s2s_srv_required; if not c2s_ports:contains(5222) then c2s_srv_required = true; @@ -1027,11 +1029,11 @@ function commands.check(arg) if not s2s_ports:contains(5269) then s2s_srv_required = true; end - + local problem_hosts = set.new(); - + local external_addresses, internal_addresses = set.new(), set.new(); - + local fqdn = socket.dns.tohostname(socket.dns.gethostname()); if fqdn then local res = dns.lookup(idna.to_ascii(fqdn), "A"); @@ -1047,9 +1049,9 @@ function commands.check(arg) end end end - + local local_addresses = require"util.net".local_addresses() or {}; - + for addr in it.values(local_addresses) do if not ip.new_ip(addr).private then external_addresses:add(addr); @@ -1057,19 +1059,19 @@ function commands.check(arg) internal_addresses:add(addr); end end - + if external_addresses:empty() then print(""); print(" Failed to determine the external addresses of this server. Checks may be inaccurate."); c2s_srv_required, s2s_srv_required = true, true; end - + local v6_supported = not not socket.tcp6; - + for jid, host_options in enabled_hosts() do local all_targets_ok, some_targets_ok = true, false; local node, host = jid_split(jid); - + local is_component = not not host_options.component_module; print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); if node then @@ -1113,12 +1115,12 @@ function commands.check(arg) if target_hosts:empty() then target_hosts:add(host); end - + if target_hosts:contains("localhost") then print(" Target 'localhost' cannot be accessed from other servers"); target_hosts:remove("localhost"); end - + local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {}))) + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {}))) + set.new({ config.get(host, "component_module") }); @@ -1137,7 +1139,7 @@ function commands.check(arg) print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP."); end end - + for host in target_hosts do local host_ok_v4, host_ok_v6; local res = dns.lookup(idna.to_ascii(host), "A"); @@ -1172,7 +1174,7 @@ function commands.check(arg) end end end - + local bad_protos = {} if not host_ok_v4 then table.insert(bad_protos, "IPv4"); @@ -1301,20 +1303,20 @@ if command and command:match("^mod_") then -- Is a command in a module show_message("Failed to load module '"..module_name.."': "..err); os.exit(1); end - + table.remove(arg, 1); - + local module = modulemanager.get_module("*", module_name); if not module then show_message("Failed to load module '"..module_name.."': Unknown error"); os.exit(1); end - + if not modulemanager.module_has_method(module, "command") then show_message("Fail: mod_"..module_name.." does not support any commands"); os.exit(1); end - + local ok, ret = modulemanager.call_module_method(module, "command", arg); if ok then if type(ret) == "number" then @@ -1362,8 +1364,8 @@ if not commands[command] then -- Show help for all commands done[command_name] = true; end end - - + + os.exit(0); end diff --git a/tests/util/logger.lua b/tests/util/logger.lua index c133e332..44860d5d 100644 --- a/tests/util/logger.lua +++ b/tests/util/logger.lua @@ -14,7 +14,8 @@ local tostring = tostring; local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring; local do_pretty_printing = not os.getenv("WINDIR"); -module "logger" +local _ENV = nil +local _M = {} local logstyles = {}; @@ -25,7 +26,7 @@ if do_pretty_printing then logstyles["error"] = getstyle("bold", "red"); end -function init(name) +function _M.init(name) --name = nil; -- While this line is not commented, will automatically fill in file/line number info return function (level, message, ...) if level == "debug" or level == "info" then return; end diff --git a/util-src/crand.c b/util-src/crand.c index cc2047eb..f3fa00ea 100644 --- a/util-src/crand.c +++ b/util-src/crand.c @@ -67,6 +67,11 @@ int Lrandom(lua_State *L) { arc4random_buf(buf, len); ret = len; #elif defined(WITH_OPENSSL) + if(!RAND_status()) { + lua_pushliteral(L, "OpenSSL PRNG not seeded"); + return lua_error(L); + } + ret = RAND_bytes(buf, len); if(ret == 1) { @@ -87,6 +92,7 @@ int luaopen_util_crand(lua_State *L) { #if (LUA_VERSION_NUM > 501) luaL_checkversion(L); #endif + lua_newtable(L); lua_pushcfunction(L, Lrandom); lua_setfield(L, -2, "bytes"); @@ -100,10 +106,6 @@ int luaopen_util_crand(lua_State *L) { #endif lua_setfield(L, -2, "_source"); -#if defined(WITH_OPENSSL) && defined(_WIN32) - /* TODO Do we need to seed this on Windows? */ -#endif - return 1; } diff --git a/util-src/pposix.c b/util-src/pposix.c index 5e21be56..10edbd71 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -615,7 +615,7 @@ int lc_getrlimit(lua_State *L) { return 2; } } else { - /* Unsupported resoucrce. Sorry I'm pretty limited by POSIX standard. */ + /* Unsupported resource. Sorry I'm pretty limited by POSIX standard. */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-resource"); return 2; diff --git a/util/adhoc.lua b/util/adhoc.lua index 671e85cf..17c9eee5 100644 --- a/util/adhoc.lua +++ b/util/adhoc.lua @@ -22,7 +22,7 @@ local function new_initial_data_form(form, initial_data, result_handler) return result_handler(fields, err, data); else return { status = "executing", actions = {"next", "complete", default = "complete"}, - form = { layout = form, values = initial_data() } }, "executing"; + form = { layout = form, values = initial_data(data) } }, "executing"; end end end |