diff options
| -rw-r--r-- | core/portmanager.lua | 4 | ||||
| -rw-r--r-- | net/server_select.lua | 3 | ||||
| -rw-r--r-- | plugins/mod_s2s/s2sout.lib.lua | 6 | ||||
| -rwxr-xr-x | prosodyctl | 34 | ||||
| -rw-r--r-- | util/dataforms.lua | 2 | ||||
| -rw-r--r-- | util/ip.lua | 23 | ||||
| -rw-r--r-- | util/openssl.lua | 22 | ||||
| -rw-r--r-- | util/rfc6724.lua (renamed from util/rfc3484.lua) | 15 |
8 files changed, 82 insertions, 27 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua index 1b767a09..7a247452 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -112,6 +112,7 @@ function activate(service_name) bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports ); local mode, ssl = listener.default_mode or "*a"; + local hooked_ports = {}; for interface in bind_interfaces do for port in bind_ports do @@ -152,6 +153,7 @@ function activate(service_name) if not handler then log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err)); else + table.insert(hooked_ports, "["..interface.."]:"..port_number); log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port_number); active_services:add(service_name, interface, port_number, { server = handler; @@ -162,7 +164,7 @@ function activate(service_name) end end end - log("info", "Activated service '%s'", service_name); + log("info", "Activated service '%s' on %s", service_name, #hooked_ports == 0 and "no ports" or table.concat(hooked_ports, ", ")); return true; end diff --git a/net/server_select.lua b/net/server_select.lua index bdf262ae..7eb330a8 100644 --- a/net/server_select.lua +++ b/net/server_select.lua @@ -149,7 +149,8 @@ _checkinterval = 1200000 -- interval in secs to check idle clients _sendtimeout = 60000 -- allowed send idle time in secs _readtimeout = 6 * 60 * 60 -- allowed read idle time in secs -_maxfd = luasocket._SETSIZE or 1024 -- We should ignore this on Windows. Perhaps by simply setting it to math.huge or something. +local is_windows = package.config:sub(1,1) == "\\" -- check the directory separator, to detemine whether this is Windows +_maxfd = luasocket._SETSIZE or (is_windows and math.huge) or 1024 -- max fd number, limit to 1024 by default to prevent glibc buffer overflow, but not on Windows _maxselectlen = luasocket._SETSIZE or 1024 -- But this still applies on Windows _maxsslhandshake = 30 -- max handshake round-trips diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index a22846db..cb2f8be4 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -13,7 +13,7 @@ local wrapclient = require "net.server".wrapclient; local initialize_filters = require "util.filters".initialize; local idna_to_ascii = require "util.encodings".idna.to_ascii; local new_ip = require "util.ip".new_ip; -local rfc3484_dest = require "util.rfc3484".destination; +local rfc6724_dest = require "util.rfc6724".destination; local socket = require "socket"; local adns = require "net.adns"; local dns = require "net.dns"; @@ -191,7 +191,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) if have_other_result then if #IPs > 0 then - rfc3484_dest(host_session.ip_hosts, sources); + rfc6724_dest(host_session.ip_hosts, sources); for i = 1, #IPs do IPs[i] = {ip = IPs[i], port = connect_port}; end @@ -227,7 +227,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) if have_other_result then if #IPs > 0 then - rfc3484_dest(host_session.ip_hosts, sources); + rfc6724_dest(host_session.ip_hosts, sources); for i = 1, #IPs do IPs[i] = {ip = IPs[i], port = connect_port}; end @@ -660,19 +660,29 @@ function cert_commands.config(arg) end local conf = openssl.config.new(); conf:from_prosody(hosts, config, arg); - for k, v in pairs(conf.distinguished_name) do - local nv; - if k == "commonName" then - v = arg[1] - elseif k == "emailAddress" then - v = "xmpp@" .. arg[1]; - end - nv = show_prompt(("%s (%s):"):format(k, nv or v)); - nv = (not nv or nv == "") and v or nv; - if nv:find"[\192-\252][\128-\191]+" then - conf.req.string_mask = "utf8only" + show_message("Please provide details to include in the certificate config file."); + show_message("Leave the field empty to use the default value or '.' to exclude the field.") + for i, k in ipairs(openssl._DN_order) do + local v = conf.distinguished_name[k]; + if v then + local nv; + if k == "commonName" then + v = arg[1] + elseif k == "emailAddress" then + v = "xmpp@" .. arg[1]; + elseif k == "countryName" then + local tld = arg[1]:match"%.([a-z]+)$"; + if tld and #tld == 2 and tld ~= "uk" then + v = tld:upper(); + end + end + nv = show_prompt(("%s (%s):"):format(k, nv or v)); + nv = (not nv or nv == "") and v or nv; + if nv:find"[\192-\252][\128-\191]+" then + conf.req.string_mask = "utf8only" + end + conf.distinguished_name[k] = nv ~= "." and nv or nil; end - conf.distinguished_name[k] = nv ~= "." and nv or nil; end local conf_file = io.open(conf_filename, "w"); conf_file:write(conf:serialize()); diff --git a/util/dataforms.lua b/util/dataforms.lua index 55bad998..8634e337 100644 --- a/util/dataforms.lua +++ b/util/dataforms.lua @@ -53,7 +53,7 @@ function form_t.form(layout, data, formtype) elseif field_type == "boolean" then form:tag("value"):text((value and "1") or "0"):up(); elseif field_type == "fixed" then - + form:tag("value"):text(value):up(); elseif field_type == "jid-multi" then for _, jid in ipairs(value) do form:tag("value"):text(jid):up(); diff --git a/util/ip.lua b/util/ip.lua index 2f09c034..de287b16 100644 --- a/util/ip.lua +++ b/util/ip.lua @@ -64,9 +64,6 @@ local function v4scope(ip) -- Link-local unicast: elseif fields[1] == 169 and fields[2] == 254 then return 0x2; - -- Site-local unicast: - elseif (fields[1] == 10) or (fields[1] == 192 and fields[2] == 168) or (fields[1] == 172 and (fields[2] >= 16 and fields[2] < 32)) then - return 0x5; -- Global unicast: else return 0xE; @@ -97,6 +94,14 @@ local function label(ip) return 0; elseif commonPrefixLength(ip, new_ip("2002::", "IPv6")) >= 16 then return 2; + elseif commonPrefixLength(ip, new_ip("2001::", "IPv6")) >= 32 then + return 5; + elseif commonPrefixLength(ip, new_ip("fc00::", "IPv6")) >= 7 then + return 13; + elseif commonPrefixLength(ip, new_ip("fec0::", "IPv6")) >= 10 then + return 11; + elseif commonPrefixLength(ip, new_ip("3ffe::", "IPv6")) >= 16 then + return 12; elseif commonPrefixLength(ip, new_ip("::", "IPv6")) >= 96 then return 3; elseif commonPrefixLength(ip, new_ip("::ffff:0:0", "IPv6")) >= 96 then @@ -111,10 +116,18 @@ local function precedence(ip) return 50; elseif commonPrefixLength(ip, new_ip("2002::", "IPv6")) >= 16 then return 30; + elseif commonPrefixLength(ip, new_ip("2001::", "IPv6")) >= 32 then + return 5; + elseif commonPrefixLength(ip, new_ip("fc00::", "IPv6")) >= 7 then + return 3; + elseif commonPrefixLength(ip, new_ip("fec0::", "IPv6")) >= 10 then + return 1; + elseif commonPrefixLength(ip, new_ip("3ffe::", "IPv6")) >= 16 then + return 1; elseif commonPrefixLength(ip, new_ip("::", "IPv6")) >= 96 then - return 20; + return 1; elseif commonPrefixLength(ip, new_ip("::ffff:0:0", "IPv6")) >= 96 then - return 10; + return 35; else return 40; end diff --git a/util/openssl.lua b/util/openssl.lua index 0decb579..ef3fba96 100644 --- a/util/openssl.lua +++ b/util/openssl.lua @@ -23,11 +23,12 @@ function config.new() prompt = "no", }, distinguished_name = { - commonName = "example.com", countryName = "GB", + -- stateOrProvinceName = "", localityName = "The Internet", organizationName = "Your Organisation", organizationalUnitName = "XMPP Department", + commonName = "example.com", emailAddress = "xmpp@example.com", }, v3_extensions = { @@ -43,6 +44,17 @@ function config.new() }, ssl_config_mt); end +local DN_order = { + "countryName"; + "stateOrProvinceName"; + "localityName"; + "streetAddress"; + "organizationName"; + "organizationalUnitName"; + "commonName"; + "emailAddress"; +} +_M._DN_order = DN_order; function ssl_config:serialize() local s = ""; for k, t in pairs(self) do @@ -53,6 +65,14 @@ function ssl_config:serialize() s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]); end end + elseif k == "distinguished_name" then + for i=1,#DN_order do + local k = DN_order[i] + local v = t[k]; + if v then + s = s .. ("%s = %s\n"):format(k, v); + end + end else for k, v in pairs(t) do s = s .. ("%s = %s\n"):format(k, v); diff --git a/util/rfc3484.lua b/util/rfc6724.lua index 5ee572a0..c8aec631 100644 --- a/util/rfc3484.lua +++ b/util/rfc6724.lua @@ -1,13 +1,22 @@ -- Prosody IM --- Copyright (C) 2008-2011 Florian Zeitz +-- Copyright (C) 2011-2013 Florian Zeitz -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -local commonPrefixLength = require"util.ip".commonPrefixLength +-- This is used to sort destination addresses by preference +-- during S2S connections. +-- We can't hand this off to getaddrinfo, since it blocks + +local ip_commonPrefixLength = require"util.ip".commonPrefixLength local new_ip = require"util.ip".new_ip; +local function commonPrefixLength(ipA, ipB) + local len = ip_commonPrefixLength(ipA, ipB); + return len < 64 and len or 64; +end + local function t_sort(t, comp) for i = 1, (#t - 1) do for j = (i + 1), #t do @@ -56,7 +65,7 @@ local function source(dest, candidates) return false; end - -- Rule 7: Prefer public addresses (over temporary ones) + -- Rule 7: Prefer temporary addresses (over public ones) -- XXX: No way to determine this -- Rule 8: Use longest matching prefix if commonPrefixLength(ipA, dest) > commonPrefixLength(ipB, dest) then |