aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | net.http: fail open if surrounding code does not configure TLSJonas Schäfer2021-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if surrounding code was not configuring the TLS context used default in net.http, it would not validate certificates at all. This is not a security issue with prosody, because prosody updates the context with `verify = "peer"` as well as paths to CA certificates in util.startup.init_http_client. Nevertheless... Let's not leave this pitfall out there in the open.
* | | Merge 0.11->trunkMatthew Wild2021-08-260-0/+0
|\| |
| * | mod_c2s: Indicate stream secure state in error text when no stream features ↵Matthew Wild2021-07-061-1/+4
| |/ | | | | | | to offer
* | usermanager, mod_authz_internal: Add methods to fetch users/JIDs of given roleMatthew Wild2021-08-262-3/+57
| |
* | mod_muc_mam: Omit queryid attribute from <fin/>Holger Weiss2021-08-061-1/+1
| | | | | | | | | | Since version 0.4 of XEP-0313, the <fin/> element is sent with the IQ result and no longer has a queryid attribute.
* | net.server_epoll: Split, attempt to clarify dirty noise messageKim Alvefur2021-08-161-1/+2
| | | | | | | | | | | | Only relevant because a "dirty" connection (with incoming data in LuaSocket's buffer) does not count as "readable" according to epoll, so special care needs to be taken to keep on processing it.
* | mod_c2s,mod_s2s: Fire event just before writesKim Alvefur2021-08-162-0/+14
| | | | | | | | | | Could allow e.g. a XEP-0198 implementation to efficiently send ack requests at optimal times without using timers or nextTick.
* | net.server: Add a predrain callaback just before writesKim Alvefur2021-08-163-0/+11
| | | | | | | | | | | | | | | | | | | | Allows sneaking in things in the write buffer just before it's sent to the network stack. For example ack requests, compression flushes or other things that make sense to send after stanzas or other things. This ensures any additional trailing data sent is included in the same write, and possibly the same TCP packet. Other methods used such as timers or nextTick might not have the same effect as it depends on scheduling.
* | mod_s2s: Fire 's2s-ondrain' event, mirroring mod_c2sKim Alvefur2021-08-161-0/+7
| | | | | | | | | | | | | | | | Signals that any pending outgoing stanzas that were in the write buffer have at least been sent off to the Kernel and maybe even sent out over the network. See 7a703af90c9c for mod_c2s commit
* | core.storagemanager: Respect archive ids issued by storage drivers in testsKim Alvefur2021-08-151-5/+6
| | | | | | | | | | | | Storage drivers may issue their own IDs tho none of the included ones do this atm, but the 3rd party module mod_storage_xmlarchive has its special format.
* | net.server_epoll: Improve efficiency of opportunistic writesKim Alvefur2021-08-141-1/+3
| | | | | | | | | | | | | | | | | | Should prevent further opportunistic write attempts after the kernel buffers are full and stops accepting writes. When combined with `keep_buffers = false` it should stop it from repeatedly recreating the buffer table and concatenating it back into a string when there's a lot to write.
* | mod_disco: Send XEP-0115 caps in s2s stream featuresKim Alvefur2021-08-121-0/+6
| | | | | | | | | | Not currently used for anything, but allowed and could be used in the future and might be used by other servers.
* | mod_admin_shell: Keep unrestricted environment for session lifetimeKim Alvefur2021-08-111-1/+5
| | | | | | | | | | | | | | | | Makes it so that global values set in the environment are kept longer than within one line, and thus can be used until the session ends. They still don't pollute the global environment, which is an error anyway. Thanks phryk for noticing.
* | mod_limits: Extend unlimited_jids to s2s sessions (for Ge0rG)Kim Alvefur2021-07-291-0/+15
| | | | | | | | | | This makes unlimited_jids also work for s2s connections, assuming the remote server has been identified.
* | mod_limits: Factor out function for disabling limits allowing use from shellKim Alvefur2021-07-291-9/+13
| | | | | | | | Also enables reuse for s2s, which we will add next.
* | mod_bosh: Add todo to use util.session to create session objectKim Alvefur2021-07-291-0/+1
| | | | | | | | | | So that we get single point where shared session properties can be added. But not now. One day. Maybe. Patches welcome.
* | mod_pubsub: Update callbacks on reload to more completely refresh configKim Alvefur2021-07-291-0/+8
| | | | | | | | | | | | | | | | | | This would also release any resources held via references from these callbacks. I'm not sure why we don't just re-new() the whole thing. Related to #1382
* | migrator: Silence assert in core.moduleapiKim Alvefur2021-07-291-0/+4
| | | | | | | | | | The assert triggers because we're not loading the stanza route, because we are unlikely to need it during migration.
* | migrator: Use parsed command line flags already parsed by util.startupKim Alvefur2021-07-291-14/+1
| |
* | migrator: Trick net.server into thinking the config is loadedKim Alvefur2021-07-291-0/+1
| | | | | | | | Fixes "Loading outside Prosody or Prosody not yet initialized"
* | migrator: Customise startup sequence to fix #1673 (Thanks acidsys)Kim Alvefur2021-07-291-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | Diverge from util.startup.prosodyctl() in order to skip unneeded behavior, such as loading the *Prosody* config file, which we do not need here, based on the `--config` flag which should point at the migrator config file instead. Notably removed: * read_config() since this loads the Prosody config * check_unwriteable() which checks logfiles specified in the Prosody config, so not relevant * make_dummy_hosts() but the migrator sets up its own hosts during migration
* | Fix various spelling errors (thanks codespell)Kim Alvefur2021-07-2711-11/+11
| | | | | | | | | | Also special thanks to timeless, for wordlessly reminding me to check for typos.
* | mod_pubsub: Update configuration on reload (fixes #1382)Kim Alvefur2021-07-251-0/+3
| | | | | | | | | | | | Because of the way the previous pubsub service is carried access module reloads, it would retain the configuration options with their previous values from when the service was first created.
* | mod_pubsub: Silence warning about 'service' as argument [luacheck]Kim Alvefur2021-07-251-1/+1
| | | | | | | | | | Maybe the 'service' in the outer scope should be moved down to minimize overlap with other functions that receive the same service as argument?
* | mod_pep: Remove now unused util.cache importKim Alvefur2021-07-251-1/+0
| |
* | util.pubsub: Signal that 'persistent-items' is unsupported when disabledKim Alvefur2021-07-223-5/+7
| | | | | | | | | | | | XEP-0060 says that this the way to indicate that 'persistent-items' is unsupported, but doesn't explicitly say if it being disabled in the node configuration also counts as unsupported.
* | mod_pep: Remove use of RLU cache when persist_items was set to falseKim Alvefur2021-07-211-8/+3
| | | | | | | | | | | | | | | | This behavior came from some confusion over the meaning of persist_items. The correct behavior is that items are only stored when it is set to true. When set to false, the service becomes a "pure" publish-subscribe service, where items are forgotten immediately after broadcasting.
* | util.pubsub: Fix behavior of persist_items disabledKim Alvefur2021-07-222-7/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | When set to 'false' there is no need for a persistence interface at all, since items are not persisted after being broadcast. Had started wondering if maybe the behavior was wrong, after reading parts of XEP-0060 that pointed in that direction. Some discussion of this can be found in logs of xmpp:xsf@muc.xmpp.org?join from around 2021-07-20 Thanks to Ralph for confirming.
* | mod_pubsub: Explicitly enable persistence by default to preserve behaviorKim Alvefur2021-07-213-2/+5
| | | | | | | | | | | | Since nodes were always persistent according to the XEP-0060 definition. Whether data is stored in memory or on disk was not what this setting was meant for.
* | util.pubsub: Handle absence of node data interfaceKim Alvefur2021-07-211-17/+32
| | | | | | | | | | | | | | | | This is in preparation for fixing the behavior of 'persist_items', which was misunderstood at some point. In mod_pep it toggles between persistent storage and in-memory storage, while the correct behavior would be to toggle whether published items are stored at all or forgotten after being broadcast.
* | mod_pubsub: Remove publisher field when not exposing publisherKim Alvefur2021-07-251-1/+3
| | | | | | | | | | The publisher is already there on the item when the broadcaster gets it, so it needs to do the opposite thing.
* | mod_pubsub: Normalize 'publisher' JIDKim Alvefur2021-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | All the XEP-0060 examples have the publisher attribute set to a bare JID, but the text does allow it to be the full JID. Since mod_pubsub is more likely used for open nodes that anyone can subscribe to it makes sense to not leak the full JIDs. This is also disabled by defaults. In mod_pep on the other hand it might make sense to have the full JID since that data is more likely to be broadcast to contacts which are already somewhat trusted.
* | scansion tests: Enable 'expose_publisher' since we test for itKim Alvefur2021-07-251-0/+1
| |
* | mod_pubsub: Respect 'expose publisher' setting in item retrievalKim Alvefur2021-07-252-1/+9
| |
* | mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-016-17/+20
| |
* | Merge 0.11->trunkKim Alvefur2021-07-232-58/+84
|\|
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-222-58/+84
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | | | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
* | core.certmanager: Support 'use_dane' setting to enable DANE supportKim Alvefur2021-07-181-0/+2
| | | | | | | | | | | | Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
* | Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-182-4/+6
| | | | | | | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* | mod_s2s: Clone 'extra' data to let resolvers add more to itKim Alvefur2021-07-181-1/+5
| | | | | | | | | | | | | | This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.
* | editorconfig: We use tabsKim Alvefur2021-07-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | This lets various supporting editors know what indentation style should be used for files in the repo. See https://editorconfig.org/ Coding style for Lua files is described in `doc/coding_style.md` The 3-space indentation in `configure` comes from its LuaRocks inheritance. `doc/doap.xml` is normalized with `xmllint` which spits out 2-space indentation.
* | mod_s2s: Handle measurement where the local host is unknownKim Alvefur2021-07-181-1/+1
| | | | | | | | | | This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.
* | mod_s2s: Guard against missing 'to' on incoming streamKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.
* | net.server_epoll: Fix traceback-causing typoKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | Caused "attempt to index a string value (local 'data')", but only if keep_buffers is set to false, which is not the default. Introduced in 917eca7be82b
* | net.server_epoll: Ensure timeouts match epoll flagsKim Alvefur2021-07-171-0/+6
| | | | | | | | | | Read and write timeouts should usually match whether we want to read or write.
* | net.server_epoll: Skip reset of read timeout when not readingKim Alvefur2021-07-171-1/+2
| | | | | | | | Should avoid rare but needless timer interactions
* | net.server_epoll: Reduce timer churn during TLS handshakeKim Alvefur2021-07-171-1/+1
| | | | | | | | | | Instead of removing and readding the timer, keep it and adjust it instead. Should reduce garbage production a bit.
* | net.server_epoll: Use only fatal "write" timeout during TLS negotiationKim Alvefur2021-07-161-3/+3
| | | | | | | | | | | | | | Only real difference between the read and write timeouts is that the former has a callback that allows the higher levels to keep the connection alive, while hitting the later is immediately fatal. We want the later behavior for TLS negotiation.