aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mod_admin_shell: Keep unrestricted environment for session lifetimeKim Alvefur2021-08-111-1/+5
| | | | | | | | Makes it so that global values set in the environment are kept longer than within one line, and thus can be used until the session ends. They still don't pollute the global environment, which is an error anyway. Thanks phryk for noticing.
* mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)Kim Alvefur2021-07-291-0/+15
| | | | | This makes unlimited_jids also work for s2s connections, assuming the remote server has been identified.
* mod_limits: Factor out function for disabling limits allowing use from shellKim Alvefur2021-07-291-9/+13
| | | | Also enables reuse for s2s, which we will add next.
* mod_bosh: Add todo to use util.session to create session objectKim Alvefur2021-07-291-0/+1
| | | | | So that we get single point where shared session properties can be added. But not now. One day. Maybe. Patches welcome.
* mod_pubsub: Update callbacks on reload to more completely refresh configKim Alvefur2021-07-291-0/+8
| | | | | | | | | This would also release any resources held via references from these callbacks. I'm not sure why we don't just re-new() the whole thing. Related to #1382
* migrator: Silence assert in core.moduleapiKim Alvefur2021-07-291-0/+4
| | | | | The assert triggers because we're not loading the stanza route, because we are unlikely to need it during migration.
* migrator: Use parsed command line flags already parsed by util.startupKim Alvefur2021-07-291-14/+1
|
* migrator: Trick net.server into thinking the config is loadedKim Alvefur2021-07-291-0/+1
| | | | Fixes "Loading outside Prosody or Prosody not yet initialized"
* migrator: Customise startup sequence to fix #1673 (Thanks acidsys)Kim Alvefur2021-07-291-2/+19
| | | | | | | | | | | | Diverge from util.startup.prosodyctl() in order to skip unneeded behavior, such as loading the *Prosody* config file, which we do not need here, based on the `--config` flag which should point at the migrator config file instead. Notably removed: * read_config() since this loads the Prosody config * check_unwriteable() which checks logfiles specified in the Prosody config, so not relevant * make_dummy_hosts() but the migrator sets up its own hosts during migration
* Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-2711-11/+11
| | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* mod_pubsub: Update configuration on reload (fixes #1382)Kim Alvefur2021-07-251-0/+3
| | | | | | Because of the way the previous pubsub service is carried access module reloads, it would retain the configuration options with their previous values from when the service was first created.
* mod_pubsub: Silence warning about 'service' as argument [luacheck]Kim Alvefur2021-07-251-1/+1
| | | | | Maybe the 'service' in the outer scope should be moved down to minimize overlap with other functions that receive the same service as argument?
* mod_pep: Remove now unused util.cache importKim Alvefur2021-07-251-1/+0
|
* util.pubsub: Signal that 'persistent-items' is unsupported when disabledKim Alvefur2021-07-223-5/+7
| | | | | | XEP-0060 says that this the way to indicate that 'persistent-items' is unsupported, but doesn't explicitly say if it being disabled in the node configuration also counts as unsupported.
* mod_pep: Remove use of RLU cache when persist_items was set to falseKim Alvefur2021-07-211-8/+3
| | | | | | | | This behavior came from some confusion over the meaning of persist_items. The correct behavior is that items are only stored when it is set to true. When set to false, the service becomes a "pure" publish-subscribe service, where items are forgotten immediately after broadcasting.
* util.pubsub: Fix behavior of persist_items disabledKim Alvefur2021-07-222-7/+41
| | | | | | | | | | | | | When set to 'false' there is no need for a persistence interface at all, since items are not persisted after being broadcast. Had started wondering if maybe the behavior was wrong, after reading parts of XEP-0060 that pointed in that direction. Some discussion of this can be found in logs of xmpp:xsf@muc.xmpp.org?join from around 2021-07-20 Thanks to Ralph for confirming.
* mod_pubsub: Explicitly enable persistence by default to preserve behaviorKim Alvefur2021-07-213-2/+5
| | | | | | Since nodes were always persistent according to the XEP-0060 definition. Whether data is stored in memory or on disk was not what this setting was meant for.
* util.pubsub: Handle absence of node data interfaceKim Alvefur2021-07-211-17/+32
| | | | | | | | This is in preparation for fixing the behavior of 'persist_items', which was misunderstood at some point. In mod_pep it toggles between persistent storage and in-memory storage, while the correct behavior would be to toggle whether published items are stored at all or forgotten after being broadcast.
* mod_pubsub: Remove publisher field when not exposing publisherKim Alvefur2021-07-251-1/+3
| | | | | The publisher is already there on the item when the broadcaster gets it, so it needs to do the opposite thing.
* mod_pubsub: Normalize 'publisher' JIDKim Alvefur2021-07-251-2/+2
| | | | | | | | | | | | | All the XEP-0060 examples have the publisher attribute set to a bare JID, but the text does allow it to be the full JID. Since mod_pubsub is more likely used for open nodes that anyone can subscribe to it makes sense to not leak the full JIDs. This is also disabled by defaults. In mod_pep on the other hand it might make sense to have the full JID since that data is more likely to be broadcast to contacts which are already somewhat trusted.
* scansion tests: Enable 'expose_publisher' since we test for itKim Alvefur2021-07-251-0/+1
|
* mod_pubsub: Respect 'expose publisher' setting in item retrievalKim Alvefur2021-07-252-1/+9
|
* mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-016-17/+20
|
* Merge 0.11->trunkKim Alvefur2021-07-232-58/+84
|\
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-222-58/+84
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | | | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
* | core.certmanager: Support 'use_dane' setting to enable DANE supportKim Alvefur2021-07-181-0/+2
| | | | | | | | | | | | Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
* | Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-182-4/+6
| | | | | | | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* | mod_s2s: Clone 'extra' data to let resolvers add more to itKim Alvefur2021-07-181-1/+5
| | | | | | | | | | | | | | This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.
* | editorconfig: We use tabsKim Alvefur2021-07-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | This lets various supporting editors know what indentation style should be used for files in the repo. See https://editorconfig.org/ Coding style for Lua files is described in `doc/coding_style.md` The 3-space indentation in `configure` comes from its LuaRocks inheritance. `doc/doap.xml` is normalized with `xmllint` which spits out 2-space indentation.
* | mod_s2s: Handle measurement where the local host is unknownKim Alvefur2021-07-181-1/+1
| | | | | | | | | | This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.
* | mod_s2s: Guard against missing 'to' on incoming streamKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.
* | net.server_epoll: Fix traceback-causing typoKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | Caused "attempt to index a string value (local 'data')", but only if keep_buffers is set to false, which is not the default. Introduced in 917eca7be82b
* | net.server_epoll: Ensure timeouts match epoll flagsKim Alvefur2021-07-171-0/+6
| | | | | | | | | | Read and write timeouts should usually match whether we want to read or write.
* | net.server_epoll: Skip reset of read timeout when not readingKim Alvefur2021-07-171-1/+2
| | | | | | | | Should avoid rare but needless timer interactions
* | net.server_epoll: Reduce timer churn during TLS handshakeKim Alvefur2021-07-171-1/+1
| | | | | | | | | | Instead of removing and readding the timer, keep it and adjust it instead. Should reduce garbage production a bit.
* | net.server_epoll: Use only fatal "write" timeout during TLS negotiationKim Alvefur2021-07-161-3/+3
| | | | | | | | | | | | | | Only real difference between the read and write timeouts is that the former has a callback that allows the higher levels to keep the connection alive, while hitting the later is immediately fatal. We want the later behavior for TLS negotiation.
* | net.server_epoll: Optimize concatenation of exactly 2 buffer chunksKim Alvefur2021-07-161-1/+3
| | | | | | | | | | | | Saves a function call. I forget if I measured this kind of thing but IIRC infix concatenation is faster than a function call up to some number of items, but let's stop at 2 here.
* | net.server_epoll: Avoid allocating a buffer table for single writesKim Alvefur2021-07-161-11/+20
| | | | | | | | | | | | | | writebuffer is now string | { string } Saves the allocation of a buffer table until the second write, which could be rare, especially with opportunistic writes.
* | net.server_epoll: Optionally let go of buffersKim Alvefur2021-07-161-5/+17
| | | | | | | | | | Reusing an already existing buffer table would reduce garbage, but keeping it while idle is a waste.
* | net.server_epoll: Propagate returns from opportunistic writesKim Alvefur2021-07-161-3/+4
| | | | | | | | | | So that if a write ends up writing directly to the socket, it gets the actual return value
* | net.server_epoll: Set minimum wait time to 1ms, matching epollKim Alvefur2021-07-151-1/+1
| | | | | | | | | | | | | | | | | | | | A timeout value less than 0.001 gets turned into zero on the C side, so epoll_wait() returns instantly and essentially busy-loops up to 1ms, e.g. when a timer event ends up scheduled (0, 0.001)ms into the future. Unsure if this has much effect in practice, but it may waste a small amount of CPU time. How much would depend on how often this ends up happening and how fast the CPU gets trough main loop iterations.
* | prosodyctl: Add a note about checking the order of listed commandsKim Alvefur2021-07-151-1/+1
| | | | | | | | Should Plugin really be first? What order makes the most sense?
* | prosodyctl: Add cert to command listingKim Alvefur2021-07-151-1/+3
| | | | | | | | | | This hides a whole bunch of subcommands tho, maybe those should be explicitly listed?
* | prosodyctl: Add 'shell' to command listingKim Alvefur2021-07-151-1/+2
| |
* | prosodyctl: Add 'check' to command listing (fixes #1622)Kim Alvefur2021-05-301-0/+10
| | | | | | | | | | Along with infrastructure for the other commands that live in external modules.
* | net.server_epoll: Add setting for disabling the Nagle algorithmKim Alvefur2021-07-141-0/+6
| | | | | | | | Nagle increases latency and is the bane of all networking!
* | net.server_epoll: Support setting keepalive idle timeKim Alvefur2021-07-141-0/+3
| | | | | | | | | | | | | | Activated by setting config.tcp_keepalive to a number, in seconds. Defaults to 2h. Depends on LuaSocket support for this option.
* | net.server_epoll: Add way to enable TCP keeplives on all connectionsKim Alvefur2021-07-141-1/+6
| | | | | | | | | | | | In case one wishes to enable this for all connections, not just c2s (not Direct TLS ones, because LuaSec) and s2s. Unclear what use these are, since they kick in after 2 hours of idle time.