diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/certmanager.lua | 12 | ||||
| -rw-r--r-- | core/configmanager.lua | 33 | ||||
| -rw-r--r-- | core/features.lua | 4 | ||||
| -rw-r--r-- | core/moduleapi.lua | 8 | ||||
| -rw-r--r-- | core/modulemanager.lua | 1 | ||||
| -rw-r--r-- | core/usermanager.lua | 13 |
6 files changed, 52 insertions, 19 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 9e0ace6a..3acddf73 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -91,7 +91,7 @@ local function index_certs(dir, files_by_name, depth_limit) index_certs(full, files_by_name, depth_limit-1); end elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files - local f = io_open(full); + local f, err = io_open(full); if f then -- TODO look for chained certificates local firstline = f:read(); @@ -113,13 +113,17 @@ local function index_certs(dir, files_by_name, depth_limit) files_by_name[name] = { [full] = services; }; end end + else + log("debug", "Skipping expired certificate: %s", full); end end f:close(); + elseif err then + log("debug", "Failed to open file for indexing: %s", full); end end end - log("debug", "Certificate index: %q", files_by_name); + log("debug", "Certificate index in %s: %q", dir, files_by_name); -- | hostname | filename | service | return files_by_name; end @@ -189,10 +193,6 @@ local core_defaults = { single_ecdh_use = tls.features.options.single_ecdh_use; no_renegotiation = tls.features.options.no_renegotiation; }; - verifyext = { - "lsec_continue", -- Continue past certificate verification errors - "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates - }; curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1"; curveslist = { "X25519", diff --git a/core/configmanager.lua b/core/configmanager.lua index 36df0171..6c6b670b 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -18,6 +18,8 @@ local resolve_relative_path = require"prosody.util.paths".resolve_relative_path; local glob_to_pattern = require"prosody.util.paths".glob_to_pattern; local path_sep = package.config:sub(1,1); local get_traceback_table = require "prosody.util.debug".get_traceback_table; +local errors = require "prosody.util.error"; +local log = require "prosody.util.logger".init("config"); local encodings = deps.softreq"prosody.util.encodings"; local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end @@ -33,6 +35,8 @@ local parser = nil; local config_mt = { __index = function (t, _) return rawget(t, "*"); end}; local config = setmetatable({ ["*"] = { } }, config_mt); local files = {}; +local credentials_directory = nil; +local credential_fallback_fatal = true; -- When host not found, use global local host_mt = { __index = function(_, k) return config["*"][k] end } @@ -42,7 +46,12 @@ function _M.getconfig() end function _M.get(host, key) - return config[host][key]; + local v = config[host][key]; + if v and errors.is_error(v) then + log("warn", "%s:%d: %s", v.context.filename, v.context.fileline, v.text); + return nil; + end + return v; end function _M.rawget(host, key) local hostconfig = rawget(config, host); @@ -360,17 +369,17 @@ do env.FileLine = filereader(config_path, "*l"); env.FileLines = linereader(config_path); - if _G.prosody.paths.credentials then - env.Credential = filereader(_G.prosody.paths.credentials, "*a"); - elseif _G.prosody.process_type == "prosody" then + if credentials_directory then + env.Credential = filereader(credentials_directory, "*a"); + elseif credential_fallback_fatal then env.Credential = function() error("Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set", 2) end else env.Credential = function() - t_insert(warnings, ("%s:%d: Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set") - :format(config_file, get_line_number(config_file))); - return nil; + return errors.new({ + type = "continue"; + text = "Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set"; + }, { filename = config_file; fileline = get_line_number(config_file) }); end - end local chunk, err = envload(data, "@"..config_file, env); @@ -392,4 +401,12 @@ do end +function _M.set_credentials_directory(directory) + credentials_directory = directory; +end + +function _M.set_credential_fallback_mode(mode) + credential_fallback_fatal = mode == "error"; +end + return _M; diff --git a/core/features.lua b/core/features.lua index cd6618db..8e155f70 100644 --- a/core/features.lua +++ b/core/features.lua @@ -10,6 +10,10 @@ return { "mod_flags"; -- mod_cloud_notify bundled "mod_cloud_notify"; + -- mod_muc has built-in vcard support + "muc_vcard"; + -- mod_http_altconnect bundled + "http_altconnect"; -- Roles, module.may and per-session authz "permissions"; -- prosody.* namespace diff --git a/core/moduleapi.lua b/core/moduleapi.lua index b93536b5..50524b32 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -136,10 +136,14 @@ function api:require(lib) return f(); end -function api:depends(name) +function api:depends(name, soft) local modulemanager = require"prosody.core.modulemanager"; if self:get_option_inherited_set("modules_disabled", {}):contains(name) then - error("Dependency on disabled module mod_"..name); + if not soft then + error("Dependency on disabled module mod_"..name); + end + self:log("debug", "Not loading disabled soft dependency mod_%s", name); + return nil, "disabled"; end if not self.dependencies then self.dependencies = {}; diff --git a/core/modulemanager.lua b/core/modulemanager.lua index b8ba2f35..7295ba25 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -29,7 +29,6 @@ local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; local lua_version = _VERSION:match("5%.%d+$"); local autoload_modules = { - prosody.platform, "presence", "message", "iq", diff --git a/core/usermanager.lua b/core/usermanager.lua index 793e7af6..c179e21b 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -109,6 +109,7 @@ end local function set_password(username, password, host, resource) local ok, err = hosts[host].users.set_password(username, password); if ok then + log("info", "Account password changed: %s@%s", username, host); prosody.events.fire_event("user-password-changed", { username = username, host = host, resource = resource }); end return ok, err; @@ -126,12 +127,17 @@ local function user_exists(username, host) end local function create_user(username, password, host) - return hosts[host].users.create_user(username, password); + local ok, err = hosts[host].users.create_user(username, password); + if ok then + log("info", "User account created: %s@%s", username, host); + end + return ok, err; end local function delete_user(username, host) local ok, err = hosts[host].users.delete_user(username); if not ok then return nil, err; end + log("info", "User account deleted: %s@%s", username, host); prosody.events.fire_event("user-deleted", { username = username, host = host }); return storagemanager.purge(username, host); end @@ -158,6 +164,7 @@ local function enable_user(username, host) if not method then return nil, "method not supported"; end local ret, err = method(username); if ret then + log("info", "User account enabled: %s@%s", username, host); prosody.events.fire_event("user-enabled", { username = username, host = host }); end return ret, err; @@ -168,6 +175,7 @@ local function disable_user(username, host, meta) if not method then return nil, "method not supported"; end local ret, err = method(username, meta); if ret then + log("info", "User account disabled: %s@%s", username, host); prosody.events.fire_event("user-disabled", { username = username, host = host, meta = meta }); end return ret, err; @@ -198,6 +206,7 @@ local function set_user_role(user, host, role_name) local role, err = hosts[host].authz.set_user_role(user, role_name); if role then + log("info", "Account %s@%s role changed to %s", user, host, role_name); prosody.events.fire_event("user-role-changed", { username = user, host = host, role = role; }); @@ -244,7 +253,7 @@ local function add_user_secondary_role(user, host, role_name) local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); if role then prosody.events.fire_event("user-role-added", { - username = user, host = host, role = role; + username = user, host = host, role_name = role_name, role = role; }); end return role, err; |