diff options
| -rw-r--r-- | core/s2smanager.lua | 14 | ||||
| -rw-r--r-- | net/dns.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_legacyauth.lua | 11 | ||||
| -rw-r--r-- | util-src/Makefile.win | 4 | ||||
| -rw-r--r-- | util-src/encodings.c | 8 |
5 files changed, 24 insertions, 15 deletions
diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 118bbf0c..daf2c871 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -255,20 +255,20 @@ function try_connect(host_session, connect_host, connect_port) host_session.connecting = nil; -- COMPAT: This is a compromise for all you CNAME-(ab)users :) - if not (reply and reply[1] and reply[1].a) then + if not (reply and reply[#reply] and reply[#reply].a) then local count = max_dns_depth; reply = dns.peek(connect_host, "CNAME", "IN"); - while count > 0 and reply and reply[1] and not reply[1].a and reply[1].cname do - log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[1].cname), count); - reply = dns.peek(reply[1].cname, "A", "IN") or dns.peek(reply[1].cname, "CNAME", "IN"); + while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do + log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count); + reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN"); count = count - 1; end end -- end of CNAME resolving - if reply and reply[1] and reply[1].a then - log("debug", "DNS reply for %s gives us %s", connect_host, reply[1].a); - return make_connect(host_session, reply[1].a, connect_port); + if reply and reply[#reply] and reply[#reply].a then + log("debug", "DNS reply for %s gives us %s", connect_host, reply[#reply].a); + return make_connect(host_session, reply[#reply].a, connect_port); else log("debug", "DNS lookup failed to get a response for %s", connect_host); if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can diff --git a/net/dns.lua b/net/dns.lua index d6462031..e793c397 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -510,7 +510,7 @@ function resolver:adddefaultnameservers () -- - - - - adddefaultnameservers local resolv_conf = io.open("/etc/resolv.conf"); if resolv_conf then for line in resolv_conf:lines() do - local address = string.match (line, '^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$') + local address = line:gsub("#.*$", ""):match('^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$') if address then self:addnameserver (address) end end elseif os.getenv("WINDIR") then diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 9a9c3902..4d0d7ca1 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -15,6 +15,8 @@ local secure_auth_only = module:get_option("require_encryption"); local sessionmanager = require "core.sessionmanager"; local usermanager = require "core.usermanager"; +local nodeprep = require "util.encodings".stringprep.nodeprep; +local resourceprep = require "util.encodings".stringprep.resourceprep; module:add_feature("jabber:iq:auth"); module:add_event_hook("stream-features", function (session, features) @@ -44,6 +46,8 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", :tag("resource"):up()); else username, password, resource = t_concat(username), t_concat(password), t_concat(resource); + username = nodeprep(username); + resource = resourceprep(resource) local reply = st.reply(stanza); if usermanager.validate_credentials(session.host, username, password) then -- Authentication successful! @@ -53,7 +57,12 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource); if not success then session.send(st.error_reply(stanza, err_type, err, err_msg)); - return true; -- FIXME need to unauthenticate here + session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager? + return true; + elseif resource ~= session.resource then -- server changed resource, not supported by legacy auth + session.send(st.error_reply(stanza, "cancel", "conflict", "The requested resource could not be assigned to this session.")); + session:close(); -- FIXME undo resource bind and auth instead of closing the session? + return true; end end session.send(st.reply(stanza)); diff --git a/util-src/Makefile.win b/util-src/Makefile.win index d76aaccb..00b3f6fc 100644 --- a/util-src/Makefile.win +++ b/util-src/Makefile.win @@ -1,7 +1,7 @@ LUA_PATH=$(LUA_DEV) -IDN_PATH=.\libidn-1.9 -OPENSSL_PATH=.\openssl-0.9.8i +IDN_PATH=..\..\libidn-1.15 +OPENSSL_PATH=..\..\openssl-0.9.8k LUA_INCLUDE=$(LUA_PATH)\include LUA_LIB=$(LUA_PATH)\lib\lua5.1.lib diff --git a/util-src/encodings.c b/util-src/encodings.c index d7aabc14..65d7d501 100644 --- a/util-src/encodings.c +++ b/util-src/encodings.c @@ -172,11 +172,11 @@ static int Lidna_to_ascii(lua_State *L) /** idna.to_ascii(s) */ int ret = idna_to_ascii_8z(s, &output, 0); if (ret == IDNA_SUCCESS) { lua_pushstring(L, output); - if (output) free(output); + idn_free(output); return 1; } else { lua_pushnil(L); - if (output) free(output); + idn_free(output); return 1; // TODO return error message } } @@ -189,11 +189,11 @@ static int Lidna_to_unicode(lua_State *L) /** idna.to_unicode(s) */ int ret = idna_to_unicode_8z8z(s, &output, 0); if (ret == IDNA_SUCCESS) { lua_pushstring(L, output); - if (output) free(output); + idn_free(output); return 1; } else { lua_pushnil(L); - if (output) free(output); + idn_free(output); return 1; // TODO return error message } } |