| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
As in the argument to user:create() and user:roles()
Tricky to come up with something sensible to write when Prosody core
only knows of the 'prosody:admin' role so far.
|
|
|
|
|
|
|
|
|
|
| |
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
|
|
|
|
|
|
|
|
|
|
| |
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
|
|
|
|
|
|
| |
Only allowing it to be passed directly makes it hard to combine plain
(i.e. starttls) and Direct TLS connections in the same connection
resolution procedure. But now we can, using chained resolvers!
|
|
|
|
| |
Say if you wanted to try both _xmpp and _xmpps services
|
|\ |
|
| |
| |
| |
| |
| | |
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| |
| |
| |
| |
| | |
Debugging a case where certs are not imported correctly but prosodyctl
still reports success. Hoping this will shed some light on it.
|
| |
| |
| |
| |
| | |
Prevents potential weirdness in case there's any %s or such in a host,
file or directory name, since show_warning() is printf().
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This tool hasn't been updated for recent XEP-0227 changes, hasn't seen
many changes at all since its introduction and I don't remember anyone
mentioning ever using it.
Using mod_storage_xmlarchive and the migrator or the 3rd party
mod_migrate tool should work better these days and should be the way
forward.
|
| |
| |
| |
| |
| |
| |
| |
| | |
documentation
Confusion!
Thanks Martin
|
| |
| |
| |
| |
| |
| | |
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
|
| | |
|
| |
| |
| |
| | |
:include(other_set), :add(item)
|
| |
| |
| |
| | |
270047afa6af
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is either caused by an earlier failure to bind http/s ports, in
which case that should be corrected, or explicitly disbling the http/s
ports, in which case ... why enable http modules?
Suggested by jonas’
|
| |
| |
| |
| |
| |
| |
| |
| | |
When http_external_url is set then the portmanager usage only really
serves as a check of whether any http service is enabled at all.
Should allow generating an URL from prosodyctl when http_external_url is
set.
|
| |
| |
| |
| | |
A boolean false should blow up.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The roster version is stored in a pseudo-item which has the key `false`.
The if condition in the touched code attempts to guard against this, but
it does not take into account that the jid prepping returns nil instead
of false.
By moving the jid prepping into the if, we can check for the metadata
entry safely.
|
| |
| |
| |
| |
| | |
An empty vCard store may look like the empty table, which does not have
the `attr` key, which would then blow up in util.stanza.deserialize.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since accessing this port directly over the wider Internet is unlikely
to intentional anymore. Most uses will likely be by reverse proxies, by
mistake or because of trouble configuring HTTPS.
Blocking mistaken uses is just a good thing, letting users send
potentially private things unencrypted tends to be Strongly Discouraged
these days.
Many reverse proxy setups operate over loopback, so listening there
instead of all interfaces is a net improvement.
Improved automatic certificate location and SNI support has mostly
eliminated the need for manual certificate configuration so HTTPS should
Just Work once certificates have been provided.
For local testing during development, connecting over loopback is likely
fine as well. When really needed, `http_interfaces` can still be set.
Suggested by Link Mauve
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the timer activates a bit early then a task might be just a few
seconds short of being allowed to run. This would run such a task rather
than wait another hour.
The value 0.5% chosen so that a weekly task does not run an entire hour
earlier than last time.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Metrics available or not depending on configuration is weird, even tho
it might be expensive to calculate and it's only really needed when
there is a global quota.
Default quota is set to infinity, which is essentially what it was.
Reports NaN if there is an error, which should count as over the
infinite default quota.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Found by accidentally publishing {urn:xmpp:bookmarks:0}conference
instead of :1 due to testing this earlier for the blocking.
By the principle of garbage in, garbage out, just generate a bookmark
from the item id / JID and carry on with a warning.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Having both the :0 and :1 nodes would be especially awkward, since there
is no upgrade path for this case. In theory, these should be rare since
no clients should have been doing XEP-0402 unless mod_bookmarks(2) was
enabled. This was guesstimated to be rare with most clients doing
XEP-0048 with Private XML.
|
| |
| |
| |
| |
| |
| |
| | |
Attempt to concatenate nil 'user'
Not much data actually makes sense but the migrator tries to write or
clear these.
|
| | |
|
| | |
|
| |
| |
| |
| | |
This can (and will) be used to support in-memory import/export functions.
|
| |
| |
| |
| | |
Should save some cycles and not log the debug message on every login.
|
| | |
|
| |
| |
| |
| | |
For compatibility with clients relying on the notifications
|
| |
| |
| |
| |
| |
| |
| | |
Boolean logic, never correct on the first try.
We want to skip copying the same cert if it _has_ been imported already,
not if it has not.
|
| |
| |
| |
| |
| | |
This sorta overloads the type suffix but PEP is used for enough stuff
to justify this hack
|
| | |
|
| | |
|
| |
| |
| |
| | |
Needed for things like mod_http_file_share
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Previously -v etc would do nothing and --config without argument would
not have worked correctly.
|
| |
| |
| |
| |
| |
| | |
The 'prosody' global is not global this early so there was no way to
override the process type field or argument parsing settings from
outside, e.g. from the migrator.
|