aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | mod_smacks: Indicate that bounces are generated by the serverKim Alvefur2022-05-271-1/+2
| | | | | | | | | | Could arguably be implied by 'recipient-unavailable' since if it was available, this error wouldn't happen.
* | Merge 0.12->trunkKim Alvefur2022-05-271-3/+2
|\|
| * mod_smacks: Bounce unhandled stanzas from local origin (fix #1759)0.12.1Kim Alvefur2022-05-271-2/+1
| | | | | | | | | | | | | | | | | | Sending stanzas with a remote session as origin when the stanzas have a local JID in the from attribute trips validation in core.stanza_router, leading to warnings: > Received a stanza claiming to be from remote.example, over a stream authed for localhost.example Using module:send() uses the local host as origin, which is fine here.
| * mod_smacks: Fix bounce of stanzas directed to full JID on unclean disconnectKim Alvefur2022-05-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #1758 Introduced in 1ea01660c79a In e62025f949f9 to and from was inverted since it changed from acting on a reply to acting on the original stanza (or a clone thereof) Unsure of the purpose of this check, you don't usually send stanzas to your own full JID. Perhaps guarding against routing loops? The check was present in the original commit of mod_smacks, prosody-modules rev 9a7671720dec
* | mod_smacks: Remove debug log references to timer (not used anymore)Kim Alvefur2022-05-261-2/+1
| | | | | | | | Cuts down on noise as well
* | Merge 0.12->trunkKim Alvefur2022-05-261-3/+2
|\|
| * mod_smacks: Fix to use current method of counting acked stanzasKim Alvefur2022-05-261-3/+2
| | | | | | | | | | | | | | | | | | Fixes #1757 These places seem to have been left since e62025f949f9 The logic around expected_h in should_ack() misbehaved, always comparing with 0 + unacked instead of acked + unacked.
* | Merge 0.12->trunkKim Alvefur2022-05-261-4/+0
|\|
| * util.prosodyctl.check: Remove now redundant unbound config tweakKim Alvefur2022-05-261-4/+0
| | | | | | | | | | | | | | This is now done in net.unbound itself Turning it back on in the config may still cause the problem of entries there masking the DNS values.
* | mod_smacks: Use session logging for remaining log messagesKim Alvefur2022-05-211-6/+6
| | | | | | | | For consistency and easier correlation of session events.
* | mod_smacks: Factor out some convenience functionsKim Alvefur2022-02-111-10/+21
| | | | | | | | | | Those lines are long and the risk of mistakes if another one needs to be added seems high, but lower when factored out like this.
* | util.stanza: Document top level attributes in Teal definitionKim Alvefur2022-05-171-3/+48
| | | | | | | | Tells you if you make a typo like "gropchat" or so
* | util.stanza: Document error conditions in Teal definitionKim Alvefur2022-05-171-2/+35
| | | | | | | | Gets you nice error messages if you make a typo in with error_reply()
* | net.server_epoll: Add option to defer accept() until data availableKim Alvefur2022-05-152-0/+7
| | | | | | | | | | | | | | | | | | | | This is a Linux(?) socket option that delays the accept signal until there is data available to read. E.g. with HTTP this might mean that a whole request can be handled without going back trough another turn of the main loop, and an initial client <stream> can be responded to. This may have effects on latency and resource use, as the server does not need to allocate resources until really needed.
* | net.server_epoll: Wrap LuaSocket object earlier to reuse option setting methodKim Alvefur2021-07-161-2/+2
| | | | | | | | | | Since it provides some protection and error handling in the form of logging.
* | net.server_epoll: Move call to refresh remote IP address out of wrapperKim Alvefur2021-07-161-1/+3
| | | | | | | | Reduces the side effects of wrapsocket()
* | net.server_epoll: Add support for TCP Fast OpenKim Alvefur2021-07-082-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Requires a patch to LuaSocket adding this socket option, https://github.com/lunarmodules/luasocket/pull/378 sysctl tweaks net.ipv4.tcp_fastopen=3 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 net.ipv4.tcp_fastopen_key=$(</proc/sys/kernel/random/uuid) Disabled by default since it an advanced performance tweak unlikely to be needed by most servers.
* | Merge 0.12->trunkKim Alvefur2022-05-161-1/+10
|\|
| * net.unbound: Adjust log level of error to error to errorKim Alvefur2022-05-161-1/+1
| | | | | | | | This error is an error, therefore it should be at the error level
| * net.unbound: Disable use of hosts file by default (fixes #1737)Kim Alvefur2022-05-161-0/+9
| | | | | | | | | | This mirrors the behaviour with net.dns and avoids the initialization issue in #1737
* | Merge 0.12->trunkKim Alvefur2022-05-161-2/+2
|\|
| * core.certmanager: Expand debug messages about cert lookups in indexKim Alvefur2022-05-161-2/+2
| | | | | | | | | | | | Answers my recurring question of > Using cert "certs/example.com.crt" from index ... for what?
* | Merge 0.12->trunkKim Alvefur2022-05-151-2/+2
|\|
| * mod_admin_shell: Tighten up type checks to fix #1754 (thanks clouded)Kim Alvefur2022-05-151-2/+2
| | | | | | | | | | | | Due to the dummy statistics provider (see core.statsmanager line 250) having a metatable that allows infinite indexing where everything is always the same table, which end up in suf() in the concatenation line.
* | mod_smacks: Initialize queue before sending <enable>Kim Alvefur2022-05-151-1/+1
| | | | | | | | | | | | | | | | Setting the .smacks field enables code paths that expects the queue to be present. The queue is initialized in wrap_session_out(). With opportunistic writes enabled this happens immediately on .sends2s(), so the sending <enable> must happen before OR after these two lines, not in the middle.
* | mod_cron: Remove difference between teal versionKim Alvefur2022-05-151-1/+1
| | | | | | | | | | This previously was considered an error because the module API Teal spec did not document a return value from module:add_timer()
* | teal/moduleapi: Describe timer wrapperKim Alvefur2022-05-151-1/+6
| | | | | | | | Since it's used in mod_cron
* | Merge 0.12->trunkKim Alvefur2022-05-092-2/+9
|\|
| * util.jsonschema: Lua <5.3 compat here tooKim Alvefur2022-05-091-1/+4
| |
| * util.jsonpointer: Fix Lua <5.3 compatKim Alvefur2022-05-091-1/+5
| |
* | util.async: Add Teal description fileKim Alvefur2022-05-082-1/+43
| |
* | Merge 0.12->trunkKim Alvefur2022-05-083-2/+40
|\|
| * util.jsonpointer: Fix off-by-one in array resolutionKim Alvefur2022-05-082-2/+2
| | | | | | | | | | | | Fixes #1753 Not known to be used anywhere
| * util.jsonpointer: Add basic testsKim Alvefur2022-05-081-0/+38
| | | | | | | | Example values from RFC 6901
* | mod_s2s: Log queued stanzas for which no error reply is producedKim Alvefur2022-05-071-0/+2
| | | | | | | | | | | | This would mainly be error stanzas. Good to have some trace of when handling of them are finished.
* | mod_s2s: Don't bounce queued error stanzas (thanks Martin)Kim Alvefur2022-05-071-1/+1
| | | | | | | | | | | | | | | | | | The check for the type attr was lost in 11765f0605ec leading to attempts to create error replies for error stanzas, which util.stanza rejects. Tested by sending <message to="reject.badxmpp.eu" type="error"><error/></message> which produced a traceback previously.
* | Merge 0.12->trunkMatthew Wild2022-05-061-1/+5
|\|
| * mod_invites_adhoc: Fall back to generic allow_user_invites for role-less usersMatthew Wild2022-05-061-1/+5
| | | | | | | | Fixes #1752
* | Merge 0.12->trunkKim Alvefur2022-05-053-0/+3
|\|
| * mod_cron: Fix recording last task run time #1751Kim Alvefur2022-05-052-0/+2
| | | | | | | | | | | | | | The type checks, they do nothing! Observed: Tasks that were supposed to run weekly or daily were running each hour.
| * util.prosodyctl.check: turn: Report lack of TURN services as a problem #1749Kim Alvefur2022-05-031-0/+1
| | | | | | | | | | Rationale: It seems unlikely that someone who has not configured any TURN service runs 'prosodyctl check turn' expecting this to be okay.
* | net.server_select: Restore dependency on LuaSec to soft for testsKim Alvefur2022-04-271-3/+1
| | | | | | | | | | server_select is used in e.g. storagemanager tests, and some of the CI runners are lacking LuaSec, which resulted in failures.
* | net.tls_luasec: Harden dependency on LuaSecKim Alvefur2022-04-271-3/+2
| | | | | | | | | | | | We at some point decided that it was okay to have a hard dependency the TLS library. Especially here since this module is meant to contain all LuaSec specifics.
* | Merge 0.12->trunkKim Alvefur2022-04-271-1/+1
|\|
| * core.moduleapi: Fix 'global' property via :context() - #1748Kim Alvefur2022-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | The 'global' property should reflect whether the module API instance represents the global context or a VirtualHost or Component context. However the module:context() method did not override this, leading the property of the previous module shining trough, leading to bugs in code relying on the 'global' property. See also #1736
* | mod_tls: pass target hostname to starttlsJonas Schäfer2021-09-171-1/+1
| | | | | | | | In case the network backend needs it for outgoing SNI or something.
* | mod_tls: tell network backend to stop reading while preparing TLSJonas Schäfer2022-04-021-0/+7
| |
* | mod_tls: Do not offer TLS if the connection is considered secureJonas Schäfer2021-09-171-0/+3
| | | | | | | | | | | | | | | | | | | | This may be necessary if the session.conn object is not exchanged by the network backend when establishing TLS. In that case, the starttls method will always exist and thus that is not a good indicator for offering TLS. However, the secure bit already tells us that TLS has been established or is not to be established on the connection, so we use that instead.
* | net: refactor sslconfig to not depend on LuaSecJonas Schäfer2022-04-026-17/+51
| | | | | | | | | | | | | | | | | | | | | | This now requires that the network backend exposes a tls_builder function, which essentially wraps the former util.sslconfig.new() function, passing a factory to create the eventual SSL context. That allows a net.server backend to pick whatever it likes as SSL context factory, as long as it understands the config table passed by the SSL config builder. Heck, a backend could even mock and replace the entire SSL config builder API.
* | net: isolate LuaSec-specificsJonas Schäfer2022-04-2712-82/+237
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.