aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_s2s
Commit message (Collapse)AuthorAgeFilesLines
* mod_component, mod_s2s: Iterate over child tags instead of child nodes (can ↵Kim Alvefur2017-09-141-10/+8
| | | | include text) in stream error (same as 176b7f4e4ac9)
* mod_s2s: Lower log message to 'warn' level, standard for remotely-triggered ↵vault/0.9.11Matthew Wild2016-09-271-1/+1
| | | | protocol issues
* mod_c2s, mod_s2s: Lower priority of session shutdown to negative, so that ↵Kim Alvefur2016-01-261-1/+1
| | | | plugins hooking at the default priority run first (fixes #601)
* Backout 63f5870f9afe, no longer needed since Windows is currently unsupportedKim Alvefur2016-01-211-24/+22
|
* mod_s2s: Mark stream as opened directly after opening stream, prevents ↵Kim Alvefur2015-05-131-1/+1
| | | | session.close opening it again
* mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data ↵Kim Alvefur2015-05-131-4/+3
| | | | after session was closed
* mod_s2s/s2sout: Use the local address assigned to UDP sockets instead of ↵Kim Alvefur2015-05-131-22/+24
| | | | util.net to enumerate possible source addresses
* mod_s2s/s2sout: Remove now unused config option dns_max_depthKim Alvefur2015-05-131-1/+0
|
* net.dns, mod_s2s: Add chasing of CNAMEs to net.dns and remove it from mod_s2sKim Alvefur2015-04-241-12/+0
|
* mod_s2s: to/from attributes are required on s2s stream headers. Set them to ↵vault/0.9.8Matthew Wild2015-03-241-1/+1
| | | | '' when not available. Fixes #468.
* mod_s2s: Capitalize log messageKim Alvefur2014-10-101-1/+1
|
* net.http, net.http.server, mod_c2s, mod_s2s, mod_component, ↵Matthew Wild2014-08-291-0/+4
| | | | mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent)
* mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream ↵Kim Alvefur2014-09-021-2/+5
| | | | error instead of throwing an unhandled error
* mod_c2s, mod_s2s: Log received invalid stream headersMatthew Wild2014-08-231-0/+1
|
* mod_s2s: Reset stream ID when resetting stream [compliance]Kim Alvefur2014-08-271-0/+1
|
* mod_s2s: Mark stream as opened earlier for outgoing connections, fixes ↵Kim Alvefur2014-08-261-1/+2
| | | | double stream headers on policy failures
* mod_s2s: Log a warning if no local addresses are found, as this breaks s2soutKim Alvefur2014-02-091-0/+3
|
* mod_s2s: Include IP in log messages, if host is unavailableFlorian Zeitz2014-01-051-4/+4
|
* mod_admin_telnet, mod_s2s: Fix reporting of certificate chain validation detailsKim Alvefur2013-08-061-1/+1
|
* mod_s2s: Improve policy checkKim Alvefur2013-08-051-1/+1
|
* mod_s2s: Log certificate identity validation resultKim Alvefur2013-08-041-0/+1
|
* mod_s2s/s2sout.lib: Remove unused variables and importsMatthew Wild2013-06-181-6/+2
|
* mod_s2s/s2sout.lib: Remove reference to undefined globalMatthew Wild2013-06-181-1/+0
|
* mod_s2s/s2sout.lib: Use new util.net.local_addresses() to fetch local ↵Matthew Wild2013-06-181-12/+5
| | | | interface addresses
* mod_s2s/s2sout.lib: Only attempt to create an IPv6 socket if LuaSocket ↵Matthew Wild2013-06-181-2/+5
| | | | supports IPv6
* mod_s2s: Fix interaction between s2s_secure_auth and s2s_require_encryption, ↵Matthew Wild2013-05-181-2/+2
| | | | in particular ensure that when s2s_require_encryption is NOT set, do not require encryption on s2s_insecure_domains.
* util.rfc{3484,6724}: Update to RFC 6724Florian Zeitz2013-04-301-3/+3
|
* mod_s2s: Ensure that to/from on stream headers are always correct, fixes #338Matthew Wild2013-04-291-6/+7
|
* mod_s2s: Obey tcp_keepalives option for s2s too, and make it individually ↵Matthew Wild2013-04-261-1/+2
| | | | configurable through s2s_tcp_keepalives (thanks yeled)
* mod_c2s, mod_s2s, net.http, net.http.server: Improve tracebacks (omit ↵Matthew Wild2013-04-221-1/+1
| | | | traceback function), to make it clearer where an error occured
* mod_s2s: Add missing spaceKim Alvefur2013-04-151-1/+1
|
* mod_s2s: Adjust priority of route/remote hooks to negative values (like most ↵Kim Alvefur2013-04-081-2/+2
| | | | other internal hooks)
* mod_s2s: Add COMPAT cahin verification code for older LuaSec versionsKim Alvefur2013-04-041-2/+11
|
* mod_s2s: Close incoming s2s with stream error when secure and we don't trust ↵Matthew Wild2013-04-011-1/+5
| | | | their certificate
* mod_s2s: Prevent s2s to and from hosts we serve locallyKim Alvefur2013-03-271-0/+12
|
* mod_s2s: Prevent traceback when replying to incoming connection to a host we ↵Kim Alvefur2013-03-261-1/+1
| | | | don't serve
* mod_s2s: Reset secure flag on new connection attemptKim Alvefur2013-03-251-0/+4
|
* mod_s2s: session.from_host does not allways exist on incoming connections, ↵Kim Alvefur2013-03-251-1/+1
| | | | true and nil or "our hostname" does not evaluate to what we want here
* mod_s2s: Keep the dns answer object around a while so plugins can look at itKim Alvefur2013-03-231-1/+1
|
* mod_s2s: Fix variable usage in check_auth_policy (thanks Florob)Matthew Wild2013-03-221-6/+7
|
* mod_s2s: Remove unused variableMatthew Wild2013-03-221-1/+0
|
* mod_s2s: Add controls for certificate validation via the s2s_secure_auth ↵Matthew Wild2013-03-221-3/+32
| | | | option. Plugins can now return false from handling s2s-check-certificate to prevent connection establishment (s2sin+s2sout)
* s2smanager, mod_s2s, mod_dialback, mod_saslauth: Move ↵Matthew Wild2013-03-221-2/+74
| | | | s2smanager.make_authenticated() to mod_s2s, and plugins now signal authentication via the s2s-authenticated event
* mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for ↵Kim Alvefur2013-03-162-13/+26
| | | | opening streams
* mod_s2s: Do not include xmlns:db declaration in stream header if ↵Matthew Wild2013-03-121-1/+2
| | | | mod_dialback is not loaded
* mod_s2s: Make sure host variable is reachableKim Alvefur2013-03-111-2/+1
|
* mod_s2s: Fire s2s-check-certificate event after validating a certificate, to ↵Matthew Wild2013-03-101-0/+1
| | | | allow plugins to override standard procedure
* mod_s2s, mod_dialback: Rename s2s-authenticate-legacy event to ↵Matthew Wild2013-03-101-1/+1
| | | | s2sout-authenticate-legacy for clarity. Also, hello!
* mod_s2s: Don't try to close sessions that were destroyed before timeoutKim Alvefur2013-01-241-0/+2
|
* prosody, mod_c2s, mod_s2s: Move closing of c2s and s2s sessions to ↵Kim Alvefur2012-12-281-0/+9
| | | | respective plugins