aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | prosodyctl: Add external connectivity check based on observe.jabber.networkJonas Schäfer2020-05-062-9/+88
| | | | | | | | | | | | | | | | | | | | | This uses the (experimental) observe.jabber.network API to perform external connectivity checks. The idea is to complement the checks prosodyctl can already do with a (nearly) complete s2s/c2s handshake from a remote party to test the entire stack.
* | | mod_c2s: Rename Direct TLS listener 'c2s_direct_tls' for clarityKim Alvefur2021-09-093-3/+3
| | | | | | | | | | | | And to follow existing naming practices better than 'legacy_ssl' did.
* | | util.prosodyctl.check: Add TODO about replacements for deprecated settingsKim Alvefur2021-09-091-0/+1
| | |
* | | util.prosodyctl.check: Check for server-to-server Direct TLS recordsKim Alvefur2021-09-091-1/+24
| | |
* | | mod_s2s: Rename Direct TLS listener 's2s_direct_tls'Kim Alvefur2021-09-091-1/+1
| | | | | | | | | | | | | | | Following the style of other options like (c2s|s2s)_require_encryption, s2s_secure_auth etc.
* | | mod_s2s: Add a Direct TLS listenerKim Alvefur2021-08-103-2/+16
| | | | | | | | | | | | | | | | | | Mirroring the c2s 'direct_tls'. Naming things is hard. direct_tls_s2s_ports = { 5269+1 }
* | | mod_s2s: Handle connections having TLS from the startKim Alvefur2021-08-101-0/+4
| | | | | | | | | | | | | | | This could be done with multiplexing, or a future additional port definition.
* | | mod_s2s: Factor out procedure for newly encrypted sessionsKim Alvefur2021-08-101-12/+16
| | | | | | | | | | | | | | | Goal is to call this if the connection is using Direct TLS, either via multiplexing or a future Direct TLS S2S port.
* | | mod_bosh,mod_websocket: Make into global-shared modules (...again)Kim Alvefur2021-06-212-22/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Global modules aren't quite considered loaded onto hosts, which causes confusion in some cases. They are also reported in the log as being served on http://*:5280/foo which is also a bit confusing, and can't be clicked. Global modules also have to have their paths configured in the global section, which could be confusing and unexpected. This global+shared method should be the best of both worlds.
* | | mod_c2s,mod_s2s: Indicate stanza size violation with condition from XEP-0205 ↵Kim Alvefur2021-09-063-2/+17
| | | | | | | | | | | | (thanks mjk)
* | | mod_pubsub: Move reversal of item order in <items>Kim Alvefur2021-09-051-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Examples in XEP-0060 suggest that items should be listed in chronological order, but we get them from the archive in reverse order. However when requesting specific items by id the results keep that order and we don't want to flip it again. At some point it would likely be best to use the archive API directly instead of this util.cache-compatible wrapper.
* | | mod_pubsub: Add support for limiting result size #1608Kim Alvefur2021-09-052-1/+201
| | |
* | | util.pubsub: Add support for limiting number of items to retrieveKim Alvefur2021-09-052-1/+63
| | | | | | | | | | | | | | | Hopefully this will eventually be upgraded to RSM, which is why the argument is called 'resultspec' and is a table.
* | | mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connectionsKim Alvefur2021-09-011-0/+8
| | | | | | | | | | | | As suggested by RFC 7590
* | | mod_storage_internal: Stop storing XEP-0091 timestampKim Alvefur2021-09-041-2/+1
| | | | | | | | | | | | | | | | | | | | | Should no longer be used by anything since the conversion of mod_offline to the archive API in 0.10.0, which was 4 years ago. The line clearing the property is left for a bit longer in case someone has very old offline messages or archived data.
* | | net.server_select: Deprecate and warn about itKim Alvefur2021-09-032-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | To be removed in the future, but not right now. Give the log warning a chance to prod anyone who might have network_backend="select" in their config first. There's also things built on Verse which uses server_select.lua, which will need to be updated somehow.
* | | net.server: Pikc server_epoll as unconditional defaultKim Alvefur2021-09-031-2/+1
| | | | | | | | | | | | | | | | | | | | | Previously it would have gone for server_select if util.poll was for some reason not available, which should be never these days. And even if it was, best to flush it out by throwing loud errors so users notice. Then they can work around it by using select until we delete that one.
* | | net.server: Fall back to default backend from libevent instead of always selectKim Alvefur2021-09-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Fixes that selecting libevent when unavaibalbe would fall back to select instead of epoll, even if that's available. This way, we only have to update it in once place when choosing a new default.
* | | net.server_epoll: Prevent removed timers from being readdedKim Alvefur2021-08-311-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | In a case like this the timer would not be readded: addtimer(1, function(t, id) stop(id) return 1 end);
* | | mod_mam: Suppress offline message broadcast for MAM clientsKim Alvefur2021-08-312-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | MattJ on 09:34:24 > Zash: I think as a first step, offline messages should not be sent to > clients that request MAM https://chat.modernxmpp.org/log/modernxmpp/2021-08-31#2021-08-31-8518a542bd283686
* | | mod_mam: Only check for locally generated stanza-idsKim Alvefur2021-08-311-2/+5
| | | | | | | | | | | | | | | | | | Otherwise a message archived by a remote server would be incorrectly silently discarded. This should be safe from spoofing thanks to strip_stanza_id earlier in the event chain.
* | | mod_mam: Explain behavior with absent mod_offline in a commentKim Alvefur2021-08-311-0/+4
| | |
* | | mod_mam: "Handle" messages that have been archived in the absense of mod_offlineKim Alvefur2020-06-251-0/+7
| | |
* | | mod_external_services: Factor out public function for converting to XMLKim Alvefur2021-08-301-28/+21
| | | | | | | | | | | | | | | | | | | | | | | | Along with the previous commit, allows building the XML thing yourself, should you wish to send it yourself or use it in a different context than an iq reply. API change: The 'reply' is removed from the event.
* | | mod_external_services: Factor out public function returning current servicesKim Alvefur2021-08-301-8/+11
| | | | | | | | | | | | | | | This way you get the _prepared_ services and don't have to do that mapping yourself.
* | | mod_external_services: Filter services by requested credentials using a SetKim Alvefur2021-08-301-23/+21
| | | | | | | | | | | | Please don't be accidentally quadratic.
* | | mod_external_services: Validate required attributes on credentials requestsKim Alvefur2021-08-292-1/+20
| | |
* | | Merge 0.11->trunkKim Alvefur2021-08-311-29/+29
|\| |
| * | net.server_epoll: Fix to preserve ids of readded timersKim Alvefur2021-08-311-2/+2
| | | | | | | | | | | | | | | | | | | | | Likely affected rescheduling but have no reports of this. After readding a timer, it would have been issued a new id. Rescheduling would use the previous id, thus not working.
* | | Merge 0.11->trunkKim Alvefur2021-08-301-9/+9
|\| |
| * | makefile: fix prosody.version targetLucas2021-08-151-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | POSIX is quite explicit regarding the precedence of AND-OR lists [0]: > The operators "&&" and "||" shall have equal precedence and shall be > evaluated with left associativity. For example, both of the following > commands write solely `bar` to standard output: > false && echo foo || echo bar > true || echo foo && echo bar Given that, `prosody.version` target behaves as ((((((test -f prosody.release && cp ...) || test -f ...) && sed ...) || test -f ...) && hexdump ...) || echo unknown > $@) In the case of release tarballs, `prosody.release` does exist, so the first AND pair is executed. Given that it's successful, then the first `test -f` in the OR pair is ignored, and instead the `sed` in the AND pair is executed. `sed` success, as `.hg_archival.txt` exists, making the second `test -f` in the OR pair ignored, and `hexdump` in the AND pair is executed. Now, given that `.hg` doesn't exist, it fails, so the last `echo` is run, overwriting `prosody.version` with `unknown`. This can be worked around placing `()` around the AND pairs. Decided to use conditionals instead, as I think they better communicate the intention of the block. [0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_03
* | | net.http: fail open if surrounding code does not configure TLSJonas Schäfer2021-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.
* | | Merge 0.11->trunkMatthew Wild2021-08-260-0/+0
|\| |
| * | mod_c2s: Indicate stream secure state in error text when no stream features ↵Matthew Wild2021-07-061-1/+4
| |/ | | | | | | to offer
* | usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given roleMatthew Wild2021-08-262-3/+57
| |
* | mod_muc_mam: Omit queryid attribute from <fin/>Holger Weiss2021-08-061-1/+1
| | | | | | | | | | Since version 0.4 of XEP-0313, the <fin/> element is sent with the IQ result and no longer has a queryid attribute.
* | net.server_epoll: Split, attempt to clarify dirty noise messageKim Alvefur2021-08-161-1/+2
| | | | | | | | | | | | Only relevant because a "dirty" connection (with incoming data in LuaSocket's buffer) does not count as "readable" according to epoll, so special care needs to be taken to keep on processing it.
* | mod_c2s,mod_s2s: Fire event just before writesKim Alvefur2021-08-162-0/+14
| | | | | | | | | | Could allow e.g. a XEP-0198 implementation to efficiently send ack requests at optimal times without using timers or nextTick.
* | net.server: Add a predrain callaback just before writesKim Alvefur2021-08-163-0/+11
| | | | | | | | | | | | | | | | | | | | Allows sneaking in things in the write buffer just before it's sent to the network stack. For example ack requests, compression flushes or other things that make sense to send after stanzas or other things. This ensures any additional trailing data sent is included in the same write, and possibly the same TCP packet. Other methods used such as timers or nextTick might not have the same effect as it depends on scheduling.
* | mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2sKim Alvefur2021-08-161-0/+7
| | | | | | | | | | | | | | | | Signals that any pending outgoing stanzas that were in the write buffer have at least been sent off to the Kernel and maybe even sent out over the network. See 7a703af90c9c for mod_c2s commit
* | core.storagemanager: Respect archive ids issued by storage drivers in testsKim Alvefur2021-08-151-5/+6
| | | | | | | | | | | | Storage drivers may issue their own IDs tho none of the included ones do this atm, but the 3rd party module mod_storage_xmlarchive has its special format.
* | net.server_epoll: Improve efficiency of opportunistic writesKim Alvefur2021-08-141-1/+3
| | | | | | | | | | | | | | | | | | Should prevent further opportunistic write attempts after the kernel buffers are full and stops accepting writes. When combined with `keep_buffers = false` it should stop it from repeatedly recreating the buffer table and concatenating it back into a string when there's a lot to write.
* | mod_disco: Send XEP-0115 caps in s2s stream featuresKim Alvefur2021-08-121-0/+6
| | | | | | | | | | Not currently used for anything, but allowed and could be used in the future and might be used by other servers.
* | mod_admin_shell: Keep unrestricted environment for session lifetimeKim Alvefur2021-08-111-1/+5
| | | | | | | | | | | | | | | | Makes it so that global values set in the environment are kept longer than within one line, and thus can be used until the session ends. They still don't pollute the global environment, which is an error anyway. Thanks phryk for noticing.
* | mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)Kim Alvefur2021-07-291-0/+15
| | | | | | | | | | This makes unlimited_jids also work for s2s connections, assuming the remote server has been identified.
* | mod_limits: Factor out function for disabling limits allowing use from shellKim Alvefur2021-07-291-9/+13
| | | | | | | | Also enables reuse for s2s, which we will add next.
* | mod_bosh: Add todo to use util.session to create session objectKim Alvefur2021-07-291-0/+1
| | | | | | | | | | So that we get single point where shared session properties can be added. But not now. One day. Maybe. Patches welcome.
* | mod_pubsub: Update callbacks on reload to more completely refresh configKim Alvefur2021-07-291-0/+8
| | | | | | | | | | | | | | | | | | This would also release any resources held via references from these callbacks. I'm not sure why we don't just re-new() the whole thing. Related to #1382
* | migrator: Silence assert in core.moduleapiKim Alvefur2021-07-291-0/+4
| | | | | | | | | | The assert triggers because we're not loading the stanza route, because we are unlikely to need it during migration.
* | migrator: Use parsed command line flags already parsed by util.startupKim Alvefur2021-07-291-14/+1
| |