diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/certmanager.lua | 12 | ||||
| -rw-r--r-- | core/configmanager.lua | 35 | ||||
| -rw-r--r-- | core/features.lua | 4 | ||||
| -rw-r--r-- | core/moduleapi.lua | 8 | ||||
| -rw-r--r-- | core/modulemanager.lua | 1 | ||||
| -rw-r--r-- | core/usermanager.lua | 2 |
6 files changed, 42 insertions, 20 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 9e0ace6a..3acddf73 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -91,7 +91,7 @@ local function index_certs(dir, files_by_name, depth_limit) index_certs(full, files_by_name, depth_limit-1); end elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files - local f = io_open(full); + local f, err = io_open(full); if f then -- TODO look for chained certificates local firstline = f:read(); @@ -113,13 +113,17 @@ local function index_certs(dir, files_by_name, depth_limit) files_by_name[name] = { [full] = services; }; end end + else + log("debug", "Skipping expired certificate: %s", full); end end f:close(); + elseif err then + log("debug", "Failed to open file for indexing: %s", full); end end end - log("debug", "Certificate index: %q", files_by_name); + log("debug", "Certificate index in %s: %q", dir, files_by_name); -- | hostname | filename | service | return files_by_name; end @@ -189,10 +193,6 @@ local core_defaults = { single_ecdh_use = tls.features.options.single_ecdh_use; no_renegotiation = tls.features.options.no_renegotiation; }; - verifyext = { - "lsec_continue", -- Continue past certificate verification errors - "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates - }; curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1"; curveslist = { "X25519", diff --git a/core/configmanager.lua b/core/configmanager.lua index 1da50ae5..6c6b670b 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -18,6 +18,8 @@ local resolve_relative_path = require"prosody.util.paths".resolve_relative_path; local glob_to_pattern = require"prosody.util.paths".glob_to_pattern; local path_sep = package.config:sub(1,1); local get_traceback_table = require "prosody.util.debug".get_traceback_table; +local errors = require "prosody.util.error"; +local log = require "prosody.util.logger".init("config"); local encodings = deps.softreq"prosody.util.encodings"; local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end @@ -33,6 +35,8 @@ local parser = nil; local config_mt = { __index = function (t, _) return rawget(t, "*"); end}; local config = setmetatable({ ["*"] = { } }, config_mt); local files = {}; +local credentials_directory = nil; +local credential_fallback_fatal = true; -- When host not found, use global local host_mt = { __index = function(_, k) return config["*"][k] end } @@ -42,7 +46,12 @@ function _M.getconfig() end function _M.get(host, key) - return config[host][key]; + local v = config[host][key]; + if v and errors.is_error(v) then + log("warn", "%s:%d: %s", v.context.filename, v.context.fileline, v.text); + return nil; + end + return v; end function _M.rawget(host, key) local hostconfig = rawget(config, host); @@ -198,7 +207,6 @@ do FileContents = true, FileLine = true, FileLines = true, - Secret = true, Credential = true, Include = true, include = true, RunScript = true }, { __index = function (_, k) @@ -361,19 +369,18 @@ do env.FileLine = filereader(config_path, "*l"); env.FileLines = linereader(config_path); - if _G.prosody.paths.secrets then - env.Credential = filereader(_G.prosody.paths.secrets, "*a"); - elseif _G.prosody.process_type == "prosody" then + if credentials_directory then + env.Credential = filereader(credentials_directory, "*a"); + elseif credential_fallback_fatal then env.Credential = function() error("Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set", 2) end else env.Credential = function() - t_insert(warnings, ("%s:%d: Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set") - :format(config_file, get_line_number(config_file))); - return nil; + return errors.new({ + type = "continue"; + text = "Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set"; + }, { filename = config_file; fileline = get_line_number(config_file) }); end - end - env.Secret = env.Credential; -- COMPAT remove after all the early adopters s/Secret/Credential/ local chunk, err = envload(data, "@"..config_file, env); @@ -394,4 +401,12 @@ do end +function _M.set_credentials_directory(directory) + credentials_directory = directory; +end + +function _M.set_credential_fallback_mode(mode) + credential_fallback_fatal = mode == "error"; +end + return _M; diff --git a/core/features.lua b/core/features.lua index cd6618db..8e155f70 100644 --- a/core/features.lua +++ b/core/features.lua @@ -10,6 +10,10 @@ return { "mod_flags"; -- mod_cloud_notify bundled "mod_cloud_notify"; + -- mod_muc has built-in vcard support + "muc_vcard"; + -- mod_http_altconnect bundled + "http_altconnect"; -- Roles, module.may and per-session authz "permissions"; -- prosody.* namespace diff --git a/core/moduleapi.lua b/core/moduleapi.lua index b93536b5..50524b32 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -136,10 +136,14 @@ function api:require(lib) return f(); end -function api:depends(name) +function api:depends(name, soft) local modulemanager = require"prosody.core.modulemanager"; if self:get_option_inherited_set("modules_disabled", {}):contains(name) then - error("Dependency on disabled module mod_"..name); + if not soft then + error("Dependency on disabled module mod_"..name); + end + self:log("debug", "Not loading disabled soft dependency mod_%s", name); + return nil, "disabled"; end if not self.dependencies then self.dependencies = {}; diff --git a/core/modulemanager.lua b/core/modulemanager.lua index b8ba2f35..7295ba25 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -29,7 +29,6 @@ local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; local lua_version = _VERSION:match("5%.%d+$"); local autoload_modules = { - prosody.platform, "presence", "message", "iq", diff --git a/core/usermanager.lua b/core/usermanager.lua index 793e7af6..3cd6f16d 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -244,7 +244,7 @@ local function add_user_secondary_role(user, host, role_name) local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); if role then prosody.events.fire_event("user-role-added", { - username = user, host = host, role = role; + username = user, host = host, role_name = role_name, role = role; }); end return role, err; |