aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/portmanager.lua11
-rw-r--r--net/server.lua18
-rw-r--r--net/server_select.lua13
-rw-r--r--plugins/mod_s2s/mod_s2s.lua16
-rw-r--r--plugins/mod_s2s/s2sout.lib.lua6
-rwxr-xr-xprosody4
-rwxr-xr-xprosodyctl18
7 files changed, 63 insertions, 23 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua
index b02ba53b..9684e9db 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -1,6 +1,7 @@
local config = require "core.configmanager";
local certmanager = require "core.certmanager";
local server = require "net.server";
+local socket = require "socket";
local log = require "util.logger".init("portmanager");
local multitable = require "util.multitable";
@@ -17,9 +18,13 @@ module "portmanager";
--- Config
-local default_interfaces = { "*" };
-local default_local_interfaces = { "127.0.0.1" };
-if config.get("*", "use_ipv6") then
+local default_interfaces = { };
+local default_local_interfaces = { };
+if config.get("*", "use_ipv4") ~= false then
+ table.insert(default_interfaces, "*");
+ table.insert(default_local_interfaces, "127.0.0.1");
+end
+if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
table.insert(default_interfaces, "::");
table.insert(default_local_interfaces, "::1");
end
diff --git a/net/server.lua b/net/server.lua
index 3cdbe551..ae3d45b0 100644
--- a/net/server.lua
+++ b/net/server.lua
@@ -6,7 +6,7 @@
-- COPYING file in the source package for more information.
--
-local use_luaevent = prosody and require "core.configmanager".get("*", "core", "use_libevent");
+local use_luaevent = prosody and require "core.configmanager".get("*", "use_libevent");
if use_luaevent then
use_luaevent = pcall(require, "luaevent.core");
@@ -42,8 +42,12 @@ end
if prosody then
local config_get = require "core.configmanager".get;
+ local defaults = {};
+ for k,v in pairs(server.cfg or server.getsettings()) do
+ defaults[k] = v;
+ end
local function load_config()
- local settings = config_get("*", "core", "network_settings") or {};
+ local settings = config_get("*", "network_settings") or {};
if use_luaevent then
local event_settings = {
ACCEPT_DELAY = settings.event_accept_retry_interval;
@@ -59,11 +63,15 @@ if prosody then
WRITE_TIMEOUT = settings.send_timeout;
};
- for k, v in pairs(event_settings) do
- server.cfg[k] = v;
+ for k,default in pairs(defaults) do
+ server.cfg[k] = event_settings[k] or default;
end
else
- server.changesettings(settings);
+ local select_settings = {};
+ for k,default in pairs(defaults) do
+ select_settings[k] = settings[k] or default;
+ end
+ server.changesettings(select_settings);
end
end
load_config();
diff --git a/net/server_select.lua b/net/server_select.lua
index 63a94b7e..8ce9eed2 100644
--- a/net/server_select.lua
+++ b/net/server_select.lua
@@ -769,7 +769,18 @@ closeall = function( )
end
getsettings = function( )
- return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, nil, _maxselectlen, _maxsslhandshake, _maxfd
+ return {
+ select_timeout = _selecttimeout;
+ select_sleep_time = _sleeptime;
+ max_send_buffer_size = _maxsendlen;
+ max_receive_buffer_size = _maxreadlen;
+ select_idle_check_interval = _checkinterval;
+ send_timeout = _sendtimeout;
+ read_timeout = _readtimeout;
+ max_connections = _maxselectlen;
+ max_ssl_handshake_roundtrips = _maxsslhandshake;
+ highest_allowed_fd = _maxfd;
+ }
end
changesettings = function( new )
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index ec969cc3..6893d184 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -80,6 +80,10 @@ function route_to_existing_session(event)
log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
return false;
end
+ if hosts[to_host] then
+ log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
+ return false;
+ end
local host = hosts[from_host].s2sout[to_host];
if host then
-- We have a connection to this host already
@@ -188,6 +192,9 @@ function make_authenticated(event)
});
end
end
+ if hosts[host] then
+ session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
+ end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then
@@ -211,7 +218,7 @@ end
--- Helper to check that a session peer's certificate is valid
local function check_cert_status(session)
- local host = session.direction == "incoming" and session.from_host or session.to_host
+ local host = session.direction == "outgoing" and session.to_host or session.from_host
local conn = session.conn:socket()
local cert
if conn.getpeercertificate then
@@ -321,6 +328,11 @@ function stream_callbacks.streamopened(session, attr)
end
end
+ if hosts[from] then
+ session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
+ return;
+ end
+
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;
@@ -486,7 +498,7 @@ function session_open_stream(session, from, to)
from = from, to = to,
}
local local_host = session.direction == "outgoing" and from or to;
- if not local_host or hosts[local_host].modules.dialback then
+ if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then
attr["xmlns:db"] = 'jabber:server:dialback';
end
diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index 5ebbee8e..a22846db 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -90,7 +90,7 @@ function s2sout.attempt_connection(host_session, err)
host_session.connecting = nil;
if answer and #answer > 0 then
log("debug", "%s has SRV records, handling...", to_host);
- local srv_hosts = {};
+ local srv_hosts = { answer = answer };
host_session.srv_hosts = srv_hosts;
for _, record in ipairs(answer) do
t_insert(srv_hosts, record.srv);
@@ -271,6 +271,10 @@ function s2sout.make_connect(host_session, connect_host, connect_port)
local from_host, to_host = host_session.from_host, host_session.to_host;
+ -- Reset secure flag in case this is another
+ -- connection attempt after a failed STARTTLS
+ host_session.secure = nil;
+
local conn, handler;
if connect_host.proto == "IPv4" then
conn, handler = socket.tcp();
diff --git a/prosody b/prosody
index 5802c348..875140de 100755
--- a/prosody
+++ b/prosody
@@ -207,8 +207,8 @@ function init_global_state()
prosody.full_sessions = full_sessions;
prosody.hosts = hosts;
- local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
- local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+ local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+ local custom_plugin_paths = config.get("*", "plugin_paths");
if custom_plugin_paths then
local path_sep = package.config:sub(3,3);
-- path1;path2;path3;defaultpath...
diff --git a/prosodyctl b/prosodyctl
index 0d1194f4..a8cf0e69 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -109,11 +109,11 @@ do
os.exit(1);
end
end
-local original_logging_config = config.get("*", "core", "log");
-config.set("*", "core", "log", { { levels = { min="info" }, to = "console" } });
+local original_logging_config = config.get("*", "log");
+config.set("*", "log", { { levels = { min="info" }, to = "console" } });
-local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
-local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+local custom_plugin_paths = config.get("*", "plugin_paths");
if custom_plugin_paths then
local path_sep = package.config:sub(3,3);
-- path1;path2;path3;defaultpath...
@@ -142,8 +142,8 @@ if ok and pposix then
current_uid = pposix.getuid();
if current_uid == 0 then
-- We haz root!
- local desired_user = config.get("*", "core", "prosody_user") or "prosody";
- local desired_group = config.get("*", "core", "prosody_group") or desired_user;
+ local desired_user = config.get("*", "prosody_user") or "prosody";
+ local desired_group = config.get("*", "prosody_group") or desired_user;
local ok, err = pposix.setgid(desired_group);
if ok then
ok, err = pposix.initgroups(desired_user);
@@ -162,7 +162,7 @@ if ok and pposix then
end
-- Set our umask to protect data files
- pposix.umask(config.get("*", "core", "umask") or "027");
+ pposix.umask(config.get("*", "umask") or "027");
pposix.setenv("HOME", data_path);
pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
else
@@ -267,7 +267,7 @@ local show_yesno = prosodyctl.show_yesno;
local show_prompt = prosodyctl.show_prompt;
local read_password = prosodyctl.read_password;
-local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
+local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
-----------------------
local commands = {};
local command = arg[1];
@@ -410,7 +410,7 @@ function commands.start(arg)
local ok, ret = prosodyctl.start();
if ok then
- if config.get("*", "core", "daemonize") ~= false then
+ if config.get("*", "daemonize") ~= false then
local i=1;
while true do
local ok, running = prosodyctl.isrunning();