aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | | * | | | | | | mod_c2s: Validate that a 'to' attribute exists at allKim Alvefur2019-11-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents traceback from nameprep(nil)
| | | * | | | | | | core.sessionmanager: Require that client-requested resources pass strict ↵Kim Alvefur2019-11-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | resourceprep
| | | * | | | | | | mod_bosh: Abort early if request is missing hostnameKim Alvefur2019-11-021-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents traceback from passing nil to nameprep()
| | | * | | | | | | mod_dialback: Abort early if request is missing addressing attributesKim Alvefur2019-11-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents traceback from passing nil to nameprep()
| | | * | | | | | | core.configmanager: Handle nameprep validation errorsKim Alvefur2019-11-021-2/+10
| | | | | | | | | |
| | | * | | | | | | core.configmanager: Ensure Hosts are given namesKim Alvefur2019-11-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents traceback from nameprep(nil)
| | | * | | | | | | MUC: Make nickname field in registration form requiredKim Alvefur2019-11-022-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents traceback from resourceprep(nil) muc#register_roomnick is also required in XEP-0045
| | | * | | | | | | core.sessionmanager: Fix traceback from passing nil to resourceprepKim Alvefur2019-11-021-1/+1
| | | | | | | | | |
| | | * | | | | | | util.encodings: Don't ignore non-strings passed to stringprep functionsKim Alvefur2019-11-021-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you manage to pass a table or something weird to these, you deserve to know.
| | | * | | | | | | net.http.codes: Avoid implicit number -> string coercionKim Alvefur2019-11-011-1/+1
| | | | | | | | | |
| | | * | | | | | | prosodyctl: Print friendly version of error messagesKim Alvefur2019-11-011-1/+1
| | | | | | | | | |
| | | * | | | | | | mod_register_ibr: Enforce strict JID validationKim Alvefur2019-11-011-1/+1
| | | | | | | | | |
| | | * | | | | | | util.prosodyctl: Enforce strict JID validation on user creationKim Alvefur2019-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is where 64ddcbc9a328 should have started. By preventing creation of users with invalid JIDs, it will slowly become safer to enforce strict validation on everything.
| | | * | | | | | | MUC: Strictly validate room JID on creationKim Alvefur2019-11-011-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should prevent any MUCs with invalid JID (according to current normalization routine)
| | | * | | | | | | util.error: Add well-known field 'code' in error templatesKim Alvefur2019-11-012-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Intended to be for HTTP-ish numeric status codes
| | | * | | | | | | mod_register_limits: Use util.error for managing rejection reasonsKim Alvefur2019-11-011-9/+28
| | | | | | | | | |
| | | * | | | | | | mod_register_ibr: Allow registartion rejection reason as util.error objectKim Alvefur2019-11-011-2/+9
| | | | | | | | | |
| | | * | | | | | | Backed out changeset 64ddcbc9a328 as it would prevent communicating with ↵Kim Alvefur2019-10-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2
| | | * | | | | | | MUC: Enforce strict resourceprep on nicknames (bye bye robot face)Kim Alvefur2019-09-231-0/+16
| | | | | | | | | |
| | | * | | | | | | core.stanza_router: Do strict jidprep on c2sKim Alvefur2019-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed.
| | | * | | | | | | util.encodings: Strictly verify that the 'strict' *prep argument is a booleanKim Alvefur2019-10-301-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to prevent mistakes like nodeprep(username:gsub("a","b")) from unintentionally invoking strict mode.
| | | * | | | | | | util.jid: Add a 'strict' flag for jidprep callsKim Alvefur2019-09-091-6/+6
| | | | | | | | | |
| | | * | | | | | | util.encodings: Optional strict flag to stringprepKim Alvefur2019-04-241-2/+14
| | | | | | | | | |
| | | * | | | | | | util.pubsub, pubsub.lib and tests: Add text to precondition-not-met error ↵Matthew Wild2019-10-274-4/+248
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (fixes #1455)
| | | * | | | | | | MUC: Advertise history related fields as integers via XEP-0122Kim Alvefur2019-10-201-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This takes advantage of data type validation and conversion done in util.dataforms.
| | | * | | | | | | CHANGES: Add a line for #1335Kim Alvefur2019-10-201-0/+1
| | | | | | | | | |
| | | * | | | | | | MUC: Add controls for whose presence is broadcast (closes #1335)Lance Stout2019-10-203-5/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Committed by Zash
| | | * | | | | | | util.interpolation: Test map syntaxKim Alvefur2019-10-201-0/+7
| | | | | | | | | |
| | | * | | | | | | util.interpolation: Test array syntaxKim Alvefur2019-10-201-0/+8
| | | | | | | | | |
| | | * | | | | | | util.interpolation: Test #1452Kim Alvefur2019-10-201-1/+5
| | | | | | | | | |
| | | * | | | | | | Merge 0.11->trunkKim Alvefur2019-10-201-3/+3
| | | |\ \ \ \ \ \ \
| | | * | | | | | | | doap: Sort <implements> by XEP numberKim Alvefur2019-10-201-7/+7
| | | | | | | | | | |
| | | * | | | | | | | doap: mod_csi_simple tries to follow XEP-0286: Mobile Considerations, not ↵Kim Alvefur2019-10-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | XEP-0268
| | | * | | | | | | | doap: Trim a trailing '.' from a version/branch name for consistencyKim Alvefur2019-10-201-1/+1
| | | | | | | | | | |
| | | * | | | | | | | doap: Copy longer description from READMEKim Alvefur2019-10-201-1/+1
| | | | | | | | | | |
| | | * | | | | | | | Merge 0.11->trunkKim Alvefur2019-10-201-2/+0
| | | |\ \ \ \ \ \ \ \
| | | * | | | | | | | | MUC: Validate registration dataform more carefullyKim Alvefur2019-10-201-1/+13
| | | | | | | | | | | |
| | | * | | | | | | | | mod_saslauth: Demote "no SASL mechanisms" error back to warningKim Alvefur2019-10-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This gets printed before TLS if c2s_require_encryption = false, in which case it is just annoying.
| | | * | | | | | | | | mod_saslauth: Improve logging of why no SASL mechanisms were offeredKim Alvefur2019-10-151-6/+18
| | | | | | | | | | | |
| | | * | | | | | | | | mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanismsKim Alvefur2019-10-151-6/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes sets of excluded mechanisms easily available for use later.
| | | * | | | | | | | | mod_saslauth: Log (debug) messages about channel bindingKim Alvefur2019-10-151-0/+5
| | | | | | | | | | | |
| | | * | | | | | | | | doc/doap: Claim support for XEP-0368 by way of legacy_ssl_portsKim Alvefur2019-10-151-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > Server support of XEP-0368 means having the ability to accept direct TLS connections. This is what legacy_ssl_ports does. First trace of it seems to be 8458be0941e7
| | | * | | | | | | | | doc/doap: Claim support for XEP-0268 via mod_csi_simpleKim Alvefur2019-10-151-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mod_csi_simple tries to follow the advice in XEP-0268. Notably, since 7d78b24d8449 it also does this: > If the server receives data, the phones radio is already on, therefore > you should flush any pending data as soon as possible after receiving > data from a client
| | | * | | | | | | | | mod_saslauth: Remove useless debug log lineKim Alvefur2019-10-131-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fairly useless to only log half of SASL messages. Use mod_stanza_debug instead to get the full exchange.
| | | * | | | | | | | | mod_saslauth: Remove commented-out debug log lineKim Alvefur2019-10-131-1/+0
| | | | | | | | | | | |
| | | * | | | | | | | | net.server_epoll: Save IP and port from connection creation callKim Alvefur2019-10-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Might come out of :getpeername different later but at least it's something.
| | | * | | | | | | | | server_epoll: Log full string represestation when connectedKim Alvefur2019-10-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since they may have been unknown when the connection was created.
| | | * | | | | | | | | net.server_epoll: Handle getpeer/sockname returning a normal errorKim Alvefur2019-10-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These will sometimes return nil, "Transport not connected" but not throw a hard error. This shouldn't be treated as success.
| | | * | | | | | | | | net.server_epoll: Fix to get remote IP on direct TLS connectionsKim Alvefur2019-10-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A Direct TLS connection (eg HTTPS) gets turned into a LuaSec handle before the :updatenames call done in the :connect method. LuaSec does not expose the :getpeername and :getsockname methods, so the addresses remain obscured, making debugging trickier since the actual IP addrerss connected to does not show up.
| | | * | | | | | | | | net.server_epoll: Move a log message to improve orderingKim Alvefur2019-10-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was weird that it said "Prepared to start TLS" before "Client .. created"