aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_s2s_bidi: Collect some metricsKim Alvefur2024-08-111-0/+7
|
* mod_auth_internal_{hashed,plain}: Respect flag for disabled accounts in ↵Kim Alvefur2024-08-092-0/+6
| | | | | | | test_password() This API method is used e.g. in HTTP modules which also should respect disabled accounts.
* mod_c2s,mod_s2s: Advertise idle-seconds per XEP-0478Kim Alvefur2024-08-032-8/+37
| | | | | | | | This is the time after liveness checks are performed via the respective read-timeout event, which by default involves sending a space character but could be overridden e.g. as is done by mod_smacks. Only advertised, unsure what we would do with it.
* core.certmanager: Include ffdhe2048 from RFC 7919 as default DH paramKim Alvefur2024-07-121-1/+13
| | | | | | | | | | | | This removes one manual (yet undocumented) step that was supposed to be done to get a complete 'intermediate' configuration. This file can be found on the Internet by searching for "ffdhe2048" and can be verified by comparing the hexadecimal representation of p from the RFC with the output of `openssl asn1parse`. Given the preference and prevalence of ECDHE, it seems likely that few would have noticed this.
* util.sslconfig: Support DH parameters as literal stringKim Alvefur2024-07-122-3/+16
| | | | Simplifies shipping well-known DH parameters in the config
* Merge 0.12->trunkKim Alvefur2024-07-110-0/+0
|\
| * util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-112-2/+6
| | | | | | | | Backport of 1f93e4f78c53
* | util.xtemplate: Fix error on applying each() to zero stanzasKim Alvefur2024-07-113-2/+10
| |
* | Merge 0.12->trunkKim Alvefur2024-07-071-1/+16
|\|
| * net.server_event: Add 'wrapserver' APIKim Alvefur2024-07-071-1/+16
| | | | | | | | | | | | | | | | | | This enables accepting admin stream socket (UNIX) connections trough the same procedures as any other (TCP) socket, which avoids problems caused by using the wrapclient API, which ends up discarding early data due to only expecting early connection failure. Fixes #1867
* | MUC: Don't default component admins to being room ownersMatthew Wild2024-06-182-1/+5
| | | | | | | | | | | | | | | | | | | | This change has various technical and social benefits. If ownership of a MUC is really needed, it can be gained using the 'Set affiliation' ad-hoc command or prosodyctl shell. Example client incompatibility with the old behaviour: - https://github.com/monal-im/Monal/issues/1085
* | MUC: Add per-room PM restriction functionality (thanks Wirlaburla)Matthew Wild2024-05-232-0/+127
| | | | | | | | Based on mod_muc_restrict_pm in prosody-modules d82c0383106a
* | Merge 0.12->trunkKim Alvefur2024-06-121-0/+2
|\|
| * scansion: Enable blocklist compat during tests to fix CIKim Alvefur2024-06-121-0/+2
| |
* | scansion: Add roster groups setting to pubsub form in testsKim Alvefur2024-06-124-0/+6
| |
* | util.prosodyctl: Use notify socket to wait for Prosody to be readyKim Alvefur2024-05-191-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, prosodyctl only waits for the pidfile to appear, which does not necessarily mean that Prosody is fully ready to receive traffic. By waiting until Prosody says it's ready via the systemd notify socket we know for sure that Prosody is really ready. Notably this should ensure that when running `make integration-test` Prosody is really ready when Scansion starts running tests. Not sure if this timeout handling is optimal.
* | net.server_epoll: Add support for systemd socket activationKim Alvefur2024-05-142-0/+41
| | | | | | | | | | | | | | | | | | | | Allows creating listening sockets and accepting client connections before Prosody starts. This is unlike normal Prosody dynamic resource management, where ports may added and removed at any time, and the ports defined by the config. Weird things happen if these are closed (e.g. due to reload) so here we prevent closing and ensure sockets are reused when opened again.
* | Merge 0.12->trunkKim Alvefur2024-04-271-2/+7
|\|
| * mod_admin_shell: Allow matching on host or bare JID in c2s:showKim Alvefur2023-03-311-2/+2
| | | | | | | | | | | | | | | | | | Only supporting exact match on full JID isn't helpful if you want to list sessions per host or user. Backport of 430333198e4c Fixes #1857
| * mod_blocklist: Drop blocked messages without error, option to restore ↵Kim Alvefur2024-04-271-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | compliant behavior From XEP-0191: > For message stanzas, the server SHOULD return an error, which SHOULD > be <service-unavailable/>. Following this may leak to a blocked JID that they have been blocked, which seems contrary to the goal of pretending to be perpetually offline.
* | mod_pep: Implement 'roster' (group) access_modelKim Alvefur2023-12-034-2/+26
| | | | | | | | | | | | | | Allows e.g. restricting your vcard4 to only family or similar. Notes: This does not include roster groups in the configuration form, so the client will have to get them from the actual roster.
* | mod_announce: Suppress luacheck warningsMatthew Wild2024-04-261-3/+3
| |
* | mod_announce: Add shell commands and APIs for sending to all/online/rolesMatthew Wild2024-04-241-3/+85
| |
* | prosodyctl shell: Fix invocation with 3+ command argumentsMatthew Wild2024-04-241-1/+1
| | | | | | | | | | | | | | The code correctly inserted the ',' when there was already a "%q" in the format string, but then the next argument would fail to match because it inserted ", %q" instead of "%q". The code now matches both, ensuring the generated code will not produce a syntax error with multiple arguments.
* | mod_blocklist: Fix fix signal for letting stanzas passKim Alvefur2024-04-231-2/+0
| | | | | | | | Returning nothing/nil lets stanzas pass, returning anything else blocks
* | mod_blocklist: Check JID of mediated MUC invite sender against blocklistMatthew Wild2024-04-221-1/+16
| | | | | | | | | | This ensures that someone on your blocklist is unable to invite you to MUC rooms.
* | mod_saslauth: Log when tls-exporter is NOT supported, as well as when it isMatthew Wild2024-04-171-0/+2
| |
* | net.unbound: Show canonical name in textual format (e.g. in shell)Kim Alvefur2024-04-141-1/+5
| | | | | | | | | | | | | | libunbound does not tell us the whole chain of CNAMEs, only the final canonical name. This is to aid in debugging since it will only be shown in the shell.
* | mod_http_file_share: Fix expiry disabled check for new config APIKim Alvefur2024-04-081-1/+1
| | | | | | | | Similar to 26c30844cac6
* | util.startup: Fix notifying config-reload to systemdKim Alvefur2024-04-081-1/+1
| | | | | | | | Does this event name seem backwards to anyone else?
* | mod_version: Fix uname result style (thanks riau)Kim Alvefur2024-04-071-3/+3
| | | | | | | | `result[, err]`, not `ok, err|result`, must have confused it with pcall
* | mod_server_contact_info: Sort form fields to please scansionKim Alvefur2024-04-061-1/+2
| | | | | | | | | | The unstable hash table order caused the tests to fail and I don't know how to tell scansion to ignore the order.
* | mod_version: Handle access denied from uname()Kim Alvefur2024-04-061-1/+6
| | | | | | | | | | Discovered while experimenting with a stricter SystemCallFilter setting See man:systemd.exec(5)
* | mod_admin_shell: Add connection created timeaidan2024-04-031-0/+12
| | | | | | | | | | | | This adds an output format option to show the time that the connection was created. Ref #1852
* | Merge 0.12->trunkKim Alvefur2024-04-041-2/+2
|\|
| * mod_invites_adhoc: Fix result form type (thanks betarays)Kim Alvefur2024-04-041-2/+2
| |
* | util.startup: Support systemd Type=notify service typeKim Alvefur2024-04-042-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | This lets Prosody report its lifecycle status to systemd, so it knows when Prosody has completed its startup, when it's reloading and shutting down. Both Type=notify and Type=notify-reload is supported Example systemd .service configuration snippet: [Service] Type=notify
* | MUC: Fix legacy hats (thanks nicoco)Kim Alvefur2024-03-281-2/+8
| | | | | | | | Why do we not have tests for this?
* | MUC: Switch to official XEP-0317 namespace for Hats (including compat) ↵Kim Alvefur2024-03-282-3/+12
| | | | | | | | (thanks nicoco)
* | util.startup: Fix exiting on pidfile troubleKim Alvefur2024-03-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | prosody.shutdown() relies on prosody.main_thread, which has not been set yet at this point. Doing a clean shutdown might actually be harmful in case it tears down things set up by the conflicting Prosody, such as the very pidfile we were looking at. Thanks again SigmaTel71 for noticing
* | Merge 0.12->trunkMatthew Wild2024-03-271-0/+51
|\|
| * prosodyctl check: Warn about invalid domain names in the config fileMatthew Wild2024-03-271-0/+51
| | | | | | | | | | This ensures that domain names of virtual hosts and components are valid in XMPP, and that they are encoded correctly.
* | util.startup: Abort before initialization of logging when started as rootKim Alvefur2024-03-241-3/+3
| | | | | | | | | | Prevents creation of log files owned by the root user which could be inaccessible once started correctly.
* | util.startup: Don't use not yet existent shutdown procedure when started as ↵Kim Alvefur2024-03-241-1/+1
| | | | | | | | root (thanks SigmaTel71)
* | util.startup: Check root after detecting platform and reading config (thanks ↵Kim Alvefur2024-03-241-1/+1
| | | | | | | | | | | | | | | | SigmaTel71) Ensures that startup.detect_platform() runs so know whether to use the POSIX method of checking the current user or something else. Also after reading the config so we know whether the root override setting is set.
* | mod_posix: Move everything to util.startupKim Alvefur2024-03-232-121/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows greater control over the order of events. Notably, the internal ordering between daemonization, initialization of libunbound and setup of signal handling is sensitive. libunbound starts a separate thread for processing DNS requests. If this thread is started before signal handling has been set up, it will not inherit the signal handlers and instead behave as it would have before signal handlers were set up, i.e. cause the whole process to immediately exit. libunbound is usually initialized on the first DNS request, usually triggered by an outgoing s2s connection attempt. If daemonization happens before signals have been set up, signals may not be processed at all.
* | mod_bosh: Set base_type on sessionMatthew Wild2024-03-171-1/+1
| | | | | | | | | | This fixes a traceback with mod_saslauth. Ideally we move this to util.session at some point, though.
* | util.startup: Back out 598df17b8ebbKim Alvefur2024-03-101-1/+1
| | | | | | | | | | | | | | | | Broke signal handling again, such that an early s2s connection results in libunbound catching signals and getting Prosody killed on e.g. SIGHUP This returns to the situation where prosody --daemonize does not respond to signals.
* | util.startup: Hook signals after daemonizationKim Alvefur2024-03-061-1/+1
| | | | | | | | | | | | signalfds stop working with epoll after forking hooking signals later should not affect anything
* | mod_pubsub: Ignore shadowed variable [luacheck]Kim Alvefur2024-03-061-0/+1
| |