aboutsummaryrefslogtreecommitdiffstats
path: root/core
Commit message (Collapse)AuthorAgeFilesLines
* usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into ↵Matthew Wild2020-02-231-1/+1
| | | | the latter
* stanza_router: only fire pre-stanza if firing other preevents (e.g. for c2s ↵Matthew Wild2020-02-051-6/+6
| | | | sessions)
* sessionmanager: Support passing an auth scope to make_authenticatedMatthew Wild2020-02-051-1/+2
|
* portmanager: Don't auto-start network services under prosodyctlMatthew Wild2020-02-051-1/+1
|
* usermanager: Add get_roles() functionMatthew Wild2020-02-051-1/+7
|
* stanza_router: Add once-per-routed-stanza event, pre-stanzaMatthew Wild2020-02-051-1/+8
|
* mod_authz_internal, usermanager: Rename to mod_authz_configMatthew Wild2020-01-271-1/+1
|
* usermanager: Load authz providers on components alsoMatthew Wild2020-01-271-4/+6
|
* usermanager, mod_authz_internal: Move admin-checking functionality into a ↵Matthew Wild2020-01-271-30/+32
| | | | | | | module. Fixes #517 (ish). Note: Removes the ability for mod_auth_* providers to determine user admin status. Such modules will need to have their is_admin methods ported to be a mod_authz_* provider.
* core.moduleapi: Hook correct event type in some casesKim Alvefur2020-01-161-1/+2
| | | | | In rare cases, module.host can be a bare JID, in which case this test did the wrong thing.
* core.moduleapi: Rename local name for util.error for consistencyKim Alvefur2019-12-301-6/+6
| | | | It's called 'errors' everywhere else except here.
* core.moduleapi: Fix error context in :send_iq APIKim Alvefur2019-12-301-1/+1
| | | | | It got passed as argument to reject() instead of the util.error function and was lost.
* core.statsmanager: Ignore unused variable [luacheck]Kim Alvefur2019-12-231-0/+1
|
* core.portmanager: Ignore unused return variable [luacheck]Kim Alvefur2019-12-231-0/+1
|
* core.modulemanager: Silence warning about unused err variable [luacheck]Kim Alvefur2019-12-201-1/+2
|
* core.stanza_router: Silence warning about unused err_message [luacheck]Kim Alvefur2019-12-201-1/+1
|
* core.stanza_router: Extract host part of JIDs directly [luacheck]Kim Alvefur2019-12-201-3/+4
| | | | Silences warning about unused return values
* rostermanager, mod_presence: Support for subscription preapproval (fixes #686)Matthew Wild2019-12-191-3/+20
|
* core.portmanager: Complete error message for SNI TLS context problemsKim Alvefur2019-11-301-1/+1
|
* core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI ↵Kim Alvefur2019-11-292-10/+6
| | | | support)
* core.portmanager: Don't set the first TLS context with a cert as main contextKim Alvefur2019-11-291-4/+0
| | | | Don't think this works and it's apparently acceptable to require SNI these days.
* Merge 0.11->trunkKim Alvefur2019-11-2311-63/+348
|\
| * s2s: Allow passing a custom error for bouncing queued stanzas (#770)Kim Alvefur2019-11-231-2/+2
| | | | | | | | Since stream errors and stanza errors are different
| * core.sessionmanager: Require that client-requested resources pass strict ↵Kim Alvefur2019-11-021-1/+1
| | | | | | | | resourceprep
| * core.configmanager: Handle nameprep validation errorsKim Alvefur2019-11-021-2/+10
| |
| * core.configmanager: Ensure Hosts are given namesKim Alvefur2019-11-021-0/+6
| | | | | | | | Prevents traceback from nameprep(nil)
| * core.sessionmanager: Fix traceback from passing nil to resourceprepKim Alvefur2019-11-021-1/+1
| |
| * Backed out changeset 64ddcbc9a328 as it would prevent communicating with ↵Kim Alvefur2019-10-301-1/+1
| | | | | | | | valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2
| * core.stanza_router: Do strict jidprep on c2sKim Alvefur2019-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed.
| * core.s2smanager: Fix traceback due to mixup with to/fromKim Alvefur2019-10-051-1/+1
| | | | | | | | Forgot to swap to and from in 3123a13cf577
| * core.s2smanager: Remove bidi-enabled s2sin from outgoing routing tableKim Alvefur2019-10-051-0/+3
| | | | | | | | Caused creation of new s2sout instead of proper bidi-enabled s2sin.
| * core.modulemanager: Split lists across multiple lines for improved readabilityKim Alvefur2019-09-291-2/+18
| | | | | | | | Patches will also be easier to read.
| * mod_s2s_bidi: Enables bi-directional streams via XEP-0288Kim Alvefur2019-09-081-1/+1
| |
| * core.stanza_router: Handle s2s in more direction-agnostic wayKim Alvefur2019-09-071-2/+2
| |
| * core.s2smanager: Add map of names authenticate for remote on s2sout for ↵Kim Alvefur2019-09-071-0/+1
| | | | | | | | | | | | parity with s2sin Making s2sin and -out look more alike in preparation for bidi support
| * core.s2smanager: Add [direction] boolean flags to s2s connectionsKim Alvefur2019-09-071-0/+2
| | | | | | | | This will allow representing connections that go both directions
| * core.certmanager: Lower severity for tls config not having certKim Alvefur2019-09-071-2/+4
| | | | | | | | | | | | | | This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key.
| * core.certmanager: Remove unused import [luacheck]Kim Alvefur2019-08-251-1/+0
| |
| * Remove COMPAT with temporary luasec forkKim Alvefur2019-08-251-7/+0
| | | | | | | | | | The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014.
| * core.certmanager: Move EECDH ciphers before EDH in default cipherstringKim Alvefur2019-08-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now
| * core.moduleapi: Restructure send_iq method for more atomic cleanupKim Alvefur2019-08-211-16/+23
| | | | | | | | | | All cleanup in one spot instead of two, and at the end which fits with cleanup happening afterwards.
| * core.moduleapi: Uppercase "IQ stanza" for consistencyKim Alvefur2019-08-211-1/+1
| | | | | | | | It's written like that elsewhere in the send_iq method
| * core.portmanager: Remove unused local [luacheck]Kim Alvefur2019-07-301-1/+1
| |
| * core.portmanager: Remove tostring call from loggingKim Alvefur2019-07-301-1/+1
| | | | | | | | Taken care of by loggingmanager now
| * core.sessionmanager: Remove tostring call from loggingKim Alvefur2019-07-301-3/+3
| | | | | | | | Taken care of by loggingmanager now
| * core.stanza_router: Remove tostring call from loggingKim Alvefur2019-07-301-1/+1
| | | | | | | | Taken care of by loggingmanager now
| * core.s2smanager: Rewrite log line to use formatting instead of concatenationKim Alvefur2019-07-301-5/+3
| | | | | | | | | | Makes it more in line with logging elsewhere. Potentially avoids or at least delays creation of new string.
| * core.s2smanager: Remove use of tostring in loggingKim Alvefur2019-07-291-2/+2
| | | | | | | | This is now performed by loggingmanager
| * core/sessionmanager: Remove unnecessary fallback in make_authenticatedMaxime “pep” Buquet2019-06-011-1/+1
| |
| * Merge 0.11->trunkKim Alvefur2019-04-241-1/+1
| |\