aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* man/prosodyctl: Normalize formatting syntaxKim Alvefur2022-02-022-115/+63
| | | | Filtered trough pandoc
* util.dns: Minor updates of SVCB parserKim Alvefur2022-02-021-1/+2
| | | | Now based on draft-ietf-dnsop-svcb-https-08
* util.dns: Implement SVCB record parserKim Alvefur2020-10-041-0/+54
| | | | Based on draft-ietf-dnsop-svcb-https-00
* util.dns: Fix returning read position after zero-length nameKim Alvefur2020-10-041-1/+1
| | | | | | Doesn't affect normal usage by Prosody since neither A nor AAAA records use this and SRV records has the host name last so the position is not needed.
* util.dnsregistry: Regenerate from IANA registryKim Alvefur2022-02-021-57/+120
| | | | | Note the duplicate 9 and 16 entries, neither of which are especially relevant for our resolver usage.
* tools.dnsregistry: For converting IANA DNS registry data to Lua tableKim Alvefur2020-10-041-0/+43
|
* util.dns: Move DNS parameters details into util.dnsregistryKim Alvefur2020-10-042-56/+63
| | | | | Goal is to regenerate this file from the IANA registry using a tool. Having it in a separate file will reduce vcs noise in util.dns
* doap: Make note of mod_mam storing XEP-0184 receiptsKim Alvefur2021-03-181-0/+8
|
* plugins: Update for namespace bump in XEP-0353 v0.4.0Kim Alvefur2022-01-114-4/+4
|
* util.prosodyctl.check: Fix reset of libunbound before DNS checksKim Alvefur2022-02-011-1/+1
| | | | | | | Probably worked anyway but settings might not always have been applied depending on what order things happens in. Error was hidden by the pcall, which was sorta intentional...
* doap: Let's say XEP-0368 support is complete nowKim Alvefur2022-01-311-1/+1
| | | | | We break the SHOULD about the merged _xmpp and _xmpps SRV handling, but we follow all the MUSTs
* util.prosodyctl.check: Fix A/AAAA check for proxy65 and httpKim Alvefur2022-01-301-2/+2
| | | | | | When there are no records to return the return value from dns.lookup() might be nil or might be a table containing zero records, depending on which DNS library is used
* util.prosodyctl.check: Include multiplexed ports in DNS checks #1704Kim Alvefur2022-01-301-0/+13
|
* mod_admin_shell: Add descriptions of each column to 'help columns'Kim Alvefur2022-01-301-5/+35
| | | | Since some of the titles are quite dense
* mod_admin_shell: Use exact match instead of Lua patterns in c2s,s2s:showKim Alvefur2022-01-301-2/+2
| | | | | | It is unexpected that 'example.com' matches 'exampleicom.org' and this use of Lua patterns is undocumented and unlikely to be widely known or used.
* mod_http_file_share: Use alternate syntax for filename in Content-DispositionKim Alvefur2022-01-291-1/+2
| | | | | | | | | | | | | | The Lua string.format %q doesn't behave correctly for all characters that should be escaped in a quoted-string. And who knows what effects higher Unicode might have here. Applying percent-encoding of filenames seems like the safest way to deal with filenames, as well as being easier than implementing the actual quoted-string transform, which seems complicated and I'm not even sure it covers every possible character. Filenames can safely be assumed to be UTF-8 since they are passed in an attribute in the query without any escaping.
* mod_admin_shell: Fix traceback on rendering graph of stats without extra labelsKim Alvefur2022-01-291-1/+1
| | | | | | Stops an error when extra_labels is nil since it attempts to index it Unsure about correctness
* mod_admin_shell: Add help section about statsKim Alvefur2022-01-291-1/+4
|
* mod_admin_shell: Add help section about customizing table columnsKim Alvefur2022-01-281-1/+17
|
* README: Reflow text to ~78 columnsKim Alvefur2022-01-281-9/+9
| | | | It's what `gwl` in my vim did. Must be optimal then.
* INSTALL: Update from site versionKim Alvefur2022-01-281-38/+44
|
* util.format: Expand explanation of purpose in commentsKim Alvefur2022-01-271-1/+6
|
* util.format: Skip control code escaping when doing full serializationKim Alvefur2022-01-272-3/+8
| | | | | | Fixes that a multi-line string ended up "like\ \9this" instead of "like\nthis" as can be demonstrated by somehow initiating a connection to a HTTP server.
* util.prosodyctl.cert: Look for certs matching 'http_host'Kim Alvefur2022-01-271-0/+4
| | | | | This should ensure any certificate needed for HTTP services will also be included in the certificate import.
* util.prosodyctl.check: Fix use of LuaSocket URL parserKim Alvefur2022-01-271-1/+1
|
* util.prosodyctl.check: Add HTTP related DNS checksKim Alvefur2022-01-271-8/+41
| | | | | Since XEP-0363 is essentially mandatory now this will hopefully help diagnose some common issues.
* util.prosodyctl.cert: Look for certificates in a consistent orderKim Alvefur2022-01-261-0/+9
| | | | | | | | | Shortest first, then alphabetically, so that it prefers the base domain over subdomains. Fixes that it might otherwise pick a random sub-domain for filename on each run, cluttering the certs directory and potentially tricking Prosody into using an older certificate that might be about to expire.
* mod_pubsub: Allow configuring summary templatesKim Alvefur2022-01-241-6/+11
| | | | | Enables generation of summaries for more than Atom without additional modules.
* mod_pubsub: Use the util.xtemplate to render Atom summaryKim Alvefur2022-01-241-9/+3
|
* util.xtemplate: Yet another string template libraryKim Alvefur2022-01-242-0/+187
| | | | | | This one takes a stanza as input Roughly based on util.interpolation
* mod_pubsub: Use the 'pubsub#type' setting to pick summary generatorKim Alvefur2022-01-241-1/+2
| | | | | | Allows using different ones even if multiple semantically different formats share the same root element xmlns, e.g. generic Atom and XEP-0277 entries.
* mod_tls: Set ALPN on outgoing connectionsKim Alvefur2022-01-251-1/+2
| | | | | | | | | Relevant and sometimes needed for Direct TLS which mod_s2s uses this context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN based dispatch is used. All these contexts should likely move away from mod_tls and into either mod_s2s or portmanager. The later already duplicates some of this work.
* mod_admin_shell: Add command to show current user rolesKim Alvefur2022-01-231-0/+20
|
* mod_admin_shell: Add help section about rolesKim Alvefur2022-01-231-0/+12
| | | | | | | As in the argument to user:create() and user:roles() Tricky to come up with something sensible to write when Prosody core only knows of the 'prosody:admin' role so far.
* mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tlsKim Alvefur2022-01-212-8/+17
| | | | | | | | | | So that the same TLS context is used for both Direct TLS and starttls, since they are supposed to be functionally identical apart from the few extra round trips. A new event is added because the 's2s-created' event fires much later, after a connection has already been established, where we need the TLS context before that.
* mod_s2s: Enable outgoing Direct TLS connectionsKim Alvefur2022-01-212-3/+10
| | | | | | | | | | Makes it faster by cutting out the roundtrips involved in <starttls/>, at the cost of making an additional SRV lookup. Since we already ignore a missing <starttls/> offer and try anyway there is not much difference in security. The fact that XMPP is used and the hostnames involved might still be visible until the future Encrypted ClientHello extension allows hiding those too.
* net.connect: Allow passing TLS context from resolverKim Alvefur2022-01-211-1/+2
| | | | | | Only allowing it to be passed directly makes it hard to combine plain (i.e. starttls) and Direct TLS connections in the same connection resolution procedure. But now we can, using chained resolvers!
* net.resolvers.chain: A resolver for combining other resolversKim Alvefur2022-01-211-0/+38
| | | | Say if you wanted to try both _xmpp and _xmpps services
* Merge 0.11->trunkKim Alvefur2022-01-201-13/+5
|\
| * util.xml: Deduplicate handlers for restricted XML0.11.13Kim Alvefur2022-01-201-12/+5
| | | | | | | | | | Makes the code more like util.xmppstream, allowing easier comparisons if we ever need to apply fixes in the future.
| * util.xml: Break reference to help the GC (fix #1711)Kim Alvefur2022-01-201-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LuaExpat uses a registry reference to track handlers, which makes it so that an upvalue like this creates a reference loop that keeps the parser and its handlers from being garbage collected. The same issue has affected util.xmppstream in the past. Code for checking: local xml_parse = require"util.xml".parse; for i = 1, 10000 do xml_parse("<root/>") end collectgarbage(); collectgarbage(); print(collectgarbage("count"), "KiB"); A future release of LuaExpat may fix the underlying issue there.
| * Added tag 0.11.12 for changeset 783056b4e448Matthew Wild2022-01-130-0/+0
| |
| * util.xml: Do not allow doctypes, comments or processing instructions0.11.12Jonas Schäfer2022-01-102-3/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* | util.prosodyctl.cert: Check success of copy operations, warn on failKim Alvefur2022-01-191-4/+9
| | | | | | | | | | Debugging a case where certs are not imported correctly but prosodyctl still reports success. Hoping this will shed some light on it.
* | util.prosodyctl.cert: Pass variables via formatting instead of concatenationKim Alvefur2022-01-191-5/+5
| | | | | | | | | | Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().
* | tools/xep227toprosody: Remove obsolete tool in favor of storage driverKim Alvefur2022-01-181-269/+0
| | | | | | | | | | | | | | | | | | | | This tool hasn't been updated for recent XEP-0227 changes, hasn't seen many changes at all since its introduction and I don't remember anyone mentioning ever using it. Using mod_storage_xmlarchive and the migrator or the 3rd party mod_migrate tool should work better these days and should be the way forward.
* | core.certmanager: Use 'tls_profile' instead of 'tls_preset' to match ↵Kim Alvefur2022-01-181-3/+3
| | | | | | | | | | | | | | | | documentation Confusion! Thanks Martin
* | core.certmanager: Apply TLS preset before global settings (thanks Menel)Kim Alvefur2022-01-181-1/+1
| | | | | | | | | | | | Allows overriding settings via the global 'ssl' settings as before. This order was probably accidental. That said, 'ssl' is a giant footgun we will want to discourage use of.
* | mod_storage_xep0227: Fix luacheck warningMatthew Wild2022-01-171-1/+1
| |
* | mod_storage_xep0227: Fix traceback during iteration of driver storesMatthew Wild2022-01-171-1/+1
| | | | | | | | :include(other_set), :add(item)