aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_mam: Only check for locally generated stanza-idsKim Alvefur2021-08-311-2/+5
| | | | | | Otherwise a message archived by a remote server would be incorrectly silently discarded. This should be safe from spoofing thanks to strip_stanza_id earlier in the event chain.
* mod_mam: Explain behavior with absent mod_offline in a commentKim Alvefur2021-08-311-0/+4
|
* mod_mam: "Handle" messages that have been archived in the absense of mod_offlineKim Alvefur2020-06-251-0/+7
|
* mod_external_services: Factor out public function for converting to XMLKim Alvefur2021-08-301-28/+21
| | | | | | | | Along with the previous commit, allows building the XML thing yourself, should you wish to send it yourself or use it in a different context than an iq reply. API change: The 'reply' is removed from the event.
* mod_external_services: Factor out public function returning current servicesKim Alvefur2021-08-301-8/+11
| | | | | This way you get the _prepared_ services and don't have to do that mapping yourself.
* mod_external_services: Filter services by requested credentials using a SetKim Alvefur2021-08-301-23/+21
| | | | Please don't be accidentally quadratic.
* mod_external_services: Validate required attributes on credentials requestsKim Alvefur2021-08-292-1/+20
|
* Merge 0.11->trunkKim Alvefur2021-08-311-29/+29
|\
| * net.server_epoll: Fix to preserve ids of readded timersKim Alvefur2021-08-311-2/+2
| | | | | | | | | | | | | | Likely affected rescheduling but have no reports of this. After readding a timer, it would have been issued a new id. Rescheduling would use the previous id, thus not working.
* | Merge 0.11->trunkKim Alvefur2021-08-301-9/+9
|\|
| * makefile: fix prosody.version targetLucas2021-08-151-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | POSIX is quite explicit regarding the precedence of AND-OR lists [0]: > The operators "&&" and "||" shall have equal precedence and shall be > evaluated with left associativity. For example, both of the following > commands write solely `bar` to standard output: > false && echo foo || echo bar > true || echo foo && echo bar Given that, `prosody.version` target behaves as ((((((test -f prosody.release && cp ...) || test -f ...) && sed ...) || test -f ...) && hexdump ...) || echo unknown > $@) In the case of release tarballs, `prosody.release` does exist, so the first AND pair is executed. Given that it's successful, then the first `test -f` in the OR pair is ignored, and instead the `sed` in the AND pair is executed. `sed` success, as `.hg_archival.txt` exists, making the second `test -f` in the OR pair ignored, and `hexdump` in the AND pair is executed. Now, given that `.hg` doesn't exist, it fails, so the last `echo` is run, overwriting `prosody.version` with `unknown`. This can be worked around placing `()` around the AND pairs. Decided to use conditionals instead, as I think they better communicate the intention of the block. [0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_03
* | net.http: fail open if surrounding code does not configure TLSJonas Schäfer2021-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.
* | Merge 0.11->trunkMatthew Wild2021-08-260-0/+0
|\|
| * mod_c2s: Indicate stream secure state in error text when no stream features ↵Matthew Wild2021-07-061-1/+4
| | | | | | | | to offer
* | usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given roleMatthew Wild2021-08-262-3/+57
| |
* | mod_muc_mam: Omit queryid attribute from <fin/>Holger Weiss2021-08-061-1/+1
| | | | | | | | | | Since version 0.4 of XEP-0313, the <fin/> element is sent with the IQ result and no longer has a queryid attribute.
* | net.server_epoll: Split, attempt to clarify dirty noise messageKim Alvefur2021-08-161-1/+2
| | | | | | | | | | | | Only relevant because a "dirty" connection (with incoming data in LuaSocket's buffer) does not count as "readable" according to epoll, so special care needs to be taken to keep on processing it.
* | mod_c2s,mod_s2s: Fire event just before writesKim Alvefur2021-08-162-0/+14
| | | | | | | | | | Could allow e.g. a XEP-0198 implementation to efficiently send ack requests at optimal times without using timers or nextTick.
* | net.server: Add a predrain callaback just before writesKim Alvefur2021-08-163-0/+11
| | | | | | | | | | | | | | | | | | | | Allows sneaking in things in the write buffer just before it's sent to the network stack. For example ack requests, compression flushes or other things that make sense to send after stanzas or other things. This ensures any additional trailing data sent is included in the same write, and possibly the same TCP packet. Other methods used such as timers or nextTick might not have the same effect as it depends on scheduling.
* | mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2sKim Alvefur2021-08-161-0/+7
| | | | | | | | | | | | | | | | Signals that any pending outgoing stanzas that were in the write buffer have at least been sent off to the Kernel and maybe even sent out over the network. See 7a703af90c9c for mod_c2s commit
* | core.storagemanager: Respect archive ids issued by storage drivers in testsKim Alvefur2021-08-151-5/+6
| | | | | | | | | | | | Storage drivers may issue their own IDs tho none of the included ones do this atm, but the 3rd party module mod_storage_xmlarchive has its special format.
* | net.server_epoll: Improve efficiency of opportunistic writesKim Alvefur2021-08-141-1/+3
| | | | | | | | | | | | | | | | | | Should prevent further opportunistic write attempts after the kernel buffers are full and stops accepting writes. When combined with `keep_buffers = false` it should stop it from repeatedly recreating the buffer table and concatenating it back into a string when there's a lot to write.
* | mod_disco: Send XEP-0115 caps in s2s stream featuresKim Alvefur2021-08-121-0/+6
| | | | | | | | | | Not currently used for anything, but allowed and could be used in the future and might be used by other servers.
* | mod_admin_shell: Keep unrestricted environment for session lifetimeKim Alvefur2021-08-111-1/+5
| | | | | | | | | | | | | | | | Makes it so that global values set in the environment are kept longer than within one line, and thus can be used until the session ends. They still don't pollute the global environment, which is an error anyway. Thanks phryk for noticing.
* | mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)Kim Alvefur2021-07-291-0/+15
| | | | | | | | | | This makes unlimited_jids also work for s2s connections, assuming the remote server has been identified.
* | mod_limits: Factor out function for disabling limits allowing use from shellKim Alvefur2021-07-291-9/+13
| | | | | | | | Also enables reuse for s2s, which we will add next.
* | mod_bosh: Add todo to use util.session to create session objectKim Alvefur2021-07-291-0/+1
| | | | | | | | | | So that we get single point where shared session properties can be added. But not now. One day. Maybe. Patches welcome.
* | mod_pubsub: Update callbacks on reload to more completely refresh configKim Alvefur2021-07-291-0/+8
| | | | | | | | | | | | | | | | | | This would also release any resources held via references from these callbacks. I'm not sure why we don't just re-new() the whole thing. Related to #1382
* | migrator: Silence assert in core.moduleapiKim Alvefur2021-07-291-0/+4
| | | | | | | | | | The assert triggers because we're not loading the stanza route, because we are unlikely to need it during migration.
* | migrator: Use parsed command line flags already parsed by util.startupKim Alvefur2021-07-291-14/+1
| |
* | migrator: Trick net.server into thinking the config is loadedKim Alvefur2021-07-291-0/+1
| | | | | | | | Fixes "Loading outside Prosody or Prosody not yet initialized"
* | migrator: Customise startup sequence to fix #1673 (Thanks acidsys)Kim Alvefur2021-07-291-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | Diverge from util.startup.prosodyctl() in order to skip unneeded behavior, such as loading the *Prosody* config file, which we do not need here, based on the `--config` flag which should point at the migrator config file instead. Notably removed: * read_config() since this loads the Prosody config * check_unwriteable() which checks logfiles specified in the Prosody config, so not relevant * make_dummy_hosts() but the migrator sets up its own hosts during migration
* | Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-2711-11/+11
| | | | | | | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* | mod_pubsub: Update configuration on reload (fixes #1382)Kim Alvefur2021-07-251-0/+3
| | | | | | | | | | | | Because of the way the previous pubsub service is carried access module reloads, it would retain the configuration options with their previous values from when the service was first created.
* | mod_pubsub: Silence warning about 'service' as argument [luacheck]Kim Alvefur2021-07-251-1/+1
| | | | | | | | | | Maybe the 'service' in the outer scope should be moved down to minimize overlap with other functions that receive the same service as argument?
* | mod_pep: Remove now unused util.cache importKim Alvefur2021-07-251-1/+0
| |
* | util.pubsub: Signal that 'persistent-items' is unsupported when disabledKim Alvefur2021-07-223-5/+7
| | | | | | | | | | | | XEP-0060 says that this the way to indicate that 'persistent-items' is unsupported, but doesn't explicitly say if it being disabled in the node configuration also counts as unsupported.
* | mod_pep: Remove use of RLU cache when persist_items was set to falseKim Alvefur2021-07-211-8/+3
| | | | | | | | | | | | | | | | This behavior came from some confusion over the meaning of persist_items. The correct behavior is that items are only stored when it is set to true. When set to false, the service becomes a "pure" publish-subscribe service, where items are forgotten immediately after broadcasting.
* | util.pubsub: Fix behavior of persist_items disabledKim Alvefur2021-07-222-7/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | When set to 'false' there is no need for a persistence interface at all, since items are not persisted after being broadcast. Had started wondering if maybe the behavior was wrong, after reading parts of XEP-0060 that pointed in that direction. Some discussion of this can be found in logs of xmpp:xsf@muc.xmpp.org?join from around 2021-07-20 Thanks to Ralph for confirming.
* | mod_pubsub: Explicitly enable persistence by default to preserve behaviorKim Alvefur2021-07-213-2/+5
| | | | | | | | | | | | Since nodes were always persistent according to the XEP-0060 definition. Whether data is stored in memory or on disk was not what this setting was meant for.
* | util.pubsub: Handle absence of node data interfaceKim Alvefur2021-07-211-17/+32
| | | | | | | | | | | | | | | | This is in preparation for fixing the behavior of 'persist_items', which was misunderstood at some point. In mod_pep it toggles between persistent storage and in-memory storage, while the correct behavior would be to toggle whether published items are stored at all or forgotten after being broadcast.
* | mod_pubsub: Remove publisher field when not exposing publisherKim Alvefur2021-07-251-1/+3
| | | | | | | | | | The publisher is already there on the item when the broadcaster gets it, so it needs to do the opposite thing.
* | mod_pubsub: Normalize 'publisher' JIDKim Alvefur2021-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | All the XEP-0060 examples have the publisher attribute set to a bare JID, but the text does allow it to be the full JID. Since mod_pubsub is more likely used for open nodes that anyone can subscribe to it makes sense to not leak the full JIDs. This is also disabled by defaults. In mod_pep on the other hand it might make sense to have the full JID since that data is more likely to be broadcast to contacts which are already somewhat trusted.
* | scansion tests: Enable 'expose_publisher' since we test for itKim Alvefur2021-07-251-0/+1
| |
* | mod_pubsub: Respect 'expose publisher' setting in item retrievalKim Alvefur2021-07-252-1/+9
| |
* | mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-016-17/+20
| |
* | Merge 0.11->trunkKim Alvefur2021-07-232-58/+84
|\|
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-222-58/+84
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | | | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.