4 files changed, 52 insertions, 14 deletions

diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua
index 545d4faf..c12f1c05 100644
--- a/plugins/mod_httpserver.lua
+++ b/plugins/mod_httpserver.lua
@@ -15,8 +15,20 @@ local t_concat = table.concat;
 local http_base = config.get("*", "core", "http_path") or "www_files";
 
 local response_400 = { status = "400 Bad Request", body = "<h1>Bad Request</h1>Sorry, we didn't understand your request :(" };
+local response_403 = { status = "403 Forbidden", body = "<h1>Forbidden</h1>You don't have permission to view the contents of this directory :(" };
 local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" };
 
+-- TODO: Should we read this from /etc/mime.types if it exists? (startup time...?)
+local mime_map = {
+	html = "text/html";
+	htm = "text/html";
+	xml = "text/xml";
+	xsl = "text/xml";
+	txt = "text/plain; charset=utf-8";
+	js = "text/javascript";
+	css = "text/css";
+};
+
 local function preprocess_path(path)
 	if path:sub(1,1) ~= "/" then
 		path = "/"..path;
@@ -36,11 +48,19 @@ local function preprocess_path(path)
 end
 
 function serve_file(path)
-	local f, err = open(http_base..path, "r");
+	local f, err = open(http_base..path, "rb");
 	if not f then return response_404; end
 	local data = f:read("*a");
 	f:close();
-	return data;
+	if not data then
+		return response_403;
+	end
+	local ext = path:match("%.([^.]*)$");
+	local mime = mime_map[ext]; -- Content-Type should be nil when not known
+	return {
+		headers = { ["Content-Type"] = mime; };
+		body = data;
+	};
 end
 
 local function handle_file_request(method, body, request)
diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua
index b75b9610..ed0dbd87 100644
--- a/plugins/mod_posix.lua
+++ b/plugins/mod_posix.lua
@@ -19,6 +19,9 @@ end
 
 local logger_set = require "util.logger".setwriter;
 
+local lfs = require "lfs";
+local stat = lfs.attributes;
+
 local prosody = _G.prosody;
 
 module.host = "*"; -- we're a global module
@@ -59,28 +62,38 @@ module:add_event_hook("server-starting", function ()
 		end
 	end);
 
-local pidfile_written;
+local pidfile;
+local pidfile_handle;
 
 local function remove_pidfile()
-	if pidfile_written then
-		os.remove(pidfile_written);
-		pidfile_written = nil;
+	if pidfile_handle then
+		pidfile_handle:close();
+		os.remove(pidfile);
+		pidfile, pidfile_handle = nil, nil;
 	end
 end
 
 local function write_pidfile()
-	if pidfile_written then
+	if pidfile_handle then
 		remove_pidfile();
 	end
-	local pidfile = module:get_option("pidfile");
+	pidfile = module:get_option("pidfile");
 	if pidfile then
-		local pf, err = io.open(pidfile, "w+");
-		if not pf then
-			module:log("error", "Couldn't write pidfile; %s", err);
+		local mode = stat(pidfile) and "r+" or "w+";
+		pidfile_handle, err = io.open(pidfile, mode);
+		if not pidfile_handle then
+			module:log("error", "Couldn't write pidfile at %s; %s", pidfile, err);
+			prosody.shutdown("Couldn't write pidfile");
 		else
-			pf:write(tostring(pposix.getpid()));
-			pf:close();
-			pidfile_written = pidfile;
+			if not lfs.lock(pidfile_handle, "w") then -- Exclusive lock
+				local other_pid = pidfile_handle:read("*a");
+				module:log("error", "Another Prosody instance seems to be running with PID %s, quitting", other_pid);
+				pidfile_handle = nil;
+				prosody.shutdown("Prosody already running");
+			else
+				pidfile_handle:write(tostring(pposix.getpid()));
+				pidfile_handle:flush();
+			end
 		end
 	end
 end
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 9fd719c9..2aee2be0 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -115,6 +115,9 @@ local function sasl_handler(session, stanza)
 		if not session.sasl_handler then
 			return session.send(build_reply("failure", "invalid-mechanism"));
 		end
+		if secure_auth_only and not session.secure then
+			return session.send(build_reply("failure", "encryption-required"));
+		end
 	elseif not session.sasl_handler then
 		return; -- FIXME ignoring out of order stanzas because ejabberd does
 	end
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 54b48161..67555b15 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -94,6 +94,8 @@ module:hook_stanza(xmlns_starttls, "proceed",
 		function (session, stanza)
 			module:log("debug", "Proceeding with TLS on s2sout...");
 			local format, to_host, from_host = string.format, session.to_host, session.from_host;
+			local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx;
+			session.conn.set_sslctx(ssl_ctx);
 			session:reset_stream();
 			session.conn.starttls(true);
 			session.secure = false;