Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | mod_auth_internal_{plain,hashed}: Use constant-time string comparison for ↵ | Matthew Wild | 2021-05-10 | 2 | -3/+5 |
| | | | | secrets | ||||
* | mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default ↵ | Matthew Wild | 2021-05-07 | 5 | -5/+7 |
| | | | | | | | | | | | | stanza size limits c2s/bosh/ws streams will default to 256KB, s2s and components to 512KB. These values are aligned with ejabberd's default settings, which should reduce issues related to inconsistent size limits between servers on the XMPP network. The previous default (10MB) is excessive for any production server, and allows significant memory usage by even unauthenticated sessions. | ||||
* | mod_saslauth: Use a defined SASL error | Kim Alvefur | 2021-03-18 | 1 | -1/+1 |
| | |||||
* | mod_saslauth: Improve code style | Kim Alvefur | 2021-03-18 | 1 | -1/+3 |
| | | | | | | This many returns deserve their own line. `session["sasl_handler"]` style isn't used anywhere else. | ||||
* | mod_c2s: Log about missing conn on async state changes | Kim Alvefur | 2021-03-18 | 1 | -0/+4 |
| | |||||
* | mod_c2s: Improve code style | Kim Alvefur | 2021-03-18 | 1 | -2/+6 |
| | | | | | We don't use the quoted table indexing style that often, it's not needed here and it's enough to check for falsyness rather than `nil`. | ||||
* | mod_c2s: Fix traceback in session close when conn is nil | Kim Alvefur | 2021-03-17 | 1 | -2/+2 |
| | | | | Unclear how this happens. | ||||
* | mod_saslauth: Don't throw errors in async code when connections are gone | tmolitor | 2021-03-18 | 1 | -0/+1 |
| | | | | Fixes #1515 | ||||
* | mod_c2s: Don't throw errors in async code when connections are gone | tmolitor | 2021-03-18 | 1 | -2/+2 |
| | | | | Fixes #1507 | ||||
* | mod_http: Restore ip field for requests without proxies | Kim Alvefur | 2021-02-27 | 1 | -2/+2 |
| | | | | | 8603011e51fe optimized out more than just the loop, leaving the .ip field blank when the request wasn't from a proxy. | ||||
* | mod_http: Fix trusted proxies check (thanks buildbot) | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | is_trusted_proxy() is only in trunk, I dun goofed when I rebased 8603011e51fe from trunk. | ||||
* | mod_http: Skip IP resolution in non-proxied case | Kim Alvefur | 2021-02-18 | 1 | -1/+1 |
| | | | | | Skips doing the whole get_ip_from_request() dance if the request isn't from a proxy at all, even if the client sent the header for some reason. | ||||
* | mod_pep: Advertise base pubsub feature (fixes #1632)0.11.8 | Kim Alvefur | 2021-02-15 | 1 | -0/+1 |
| | | | | | Noticed while discussing feature discovery in Gajim Thanks lovetox | ||||
* | mod_s2s: Fix copypaste mistake in b3ae48362f78 | Kim Alvefur | 2020-12-16 | 1 | -1/+1 |
| | | | | | Directly sending something over s2s needs to use sends2s() but the code copied from mod_c2s had .send() | ||||
* | MUC: Fix logic bug causing unnecessary presence to be sent, fixes #1615 ↵ | Matthew Wild | 2020-12-15 | 1 | -2/+2 |
| | | | | (thanks damencho) | ||||
* | mod_s2s: Prevent whitespace keepalives the stream has been opened | Kim Alvefur | 2020-12-10 | 1 | -1/+4 |
| | | | | | | | | | This will result in the stream timing out instead, which is probably correct if the stream has not been opened yet. This was already done for c2s in e69df8093387 Thanks Ge0rG | ||||
* | mod_saslauth: Only advertise channel binding if a finished message is available | Kim Alvefur | 2020-11-23 | 1 | -1/+1 |
| | | | | In some cases this method returns nothing, unclear why. | ||||
* | mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542) | Kim Alvefur | 2020-11-23 | 1 | -1/+4 |
| | | | | | | | | The 'tls-unique' channel binding is undefined in TLS 1.3 according to a single sentence in parenthesis in Apendix C of RFC 8446 This may trigger downgrade protection in clients that were expecting channel binding to be available. | ||||
* | mod_pubsub: Fix notification stanza type setting (fixes #1605) | Kim Alvefur | 2020-11-06 | 1 | -1/+1 |
| | |||||
* | mod_pubsub: Lower priority of default <body> generator | Kim Alvefur | 2020-11-05 | 1 | -1/+1 |
| | | | | | | | in order to avoid conflict with a handler at the default (0) priority, making it easier to write your own formatting in plugins. this follows the common pattern of default modules having lower priority | ||||
* | MUC: Preserve disco 'node' attribute (or lack thereof) in response (fix ↵ | Kim Alvefur | 2020-10-07 | 1 | -2/+2 |
| | | | | #1595) (thanks lessthan3) | ||||
* | MUC: Correct advertising of subject write access (really fixes #1155) | Kim Alvefur | 2020-10-04 | 1 | -2/+2 |
| | | | | | | | | | | Thanks pep. and lovetox XEP-0045 §6.4: > any field defined for the muc\#roomconfig FORM_TYPE can be included in > the extended service discovery fields Probably happened because the same mistake is in #1155 | ||||
* | mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425) | Kim Alvefur | 2020-10-03 | 1 | -0/+16 |
| | |||||
* | mod_bosh: Pick out the 'wait' before checking it instead of earlier | Kim Alvefur | 2020-10-03 | 1 | -1/+2 |
| | | | | | Going to add more host related checks, so to keep the wait variable closer to the related checks | ||||
* | mod_c2s,mod_s2s: Make stanza size limits configurable0.11.7 | Kim Alvefur | 2020-05-31 | 2 | -2/+4 |
| | |||||
* | mod_websocket: Refactor frame validity checking, also check ↵ | Matthew Wild | 2020-09-29 | 1 | -77/+95 |
| | | | | partially-received frames against constraints | ||||
* | mod_websocket: Continue to process data already in the buffer after an error ↵ | Matthew Wild | 2020-09-28 | 1 | -1/+1 |
| | | | | | | | | | | occurs Previously any error, or even a normal websocket close frame, would return early, leaving potentially entire frames in the buffer unprocessed and then discarded. This change stops processing new data, but returns an existing processed data up to the point of the error/close. | ||||
* | mod_websocket: Enforce stanza size limit and close stream | Matthew Wild | 2020-09-17 | 1 | -0/+4 |
| | |||||
* | mod_websocket: Add separate limit for frame buffer size | Matthew Wild | 2020-09-17 | 1 | -2/+2 |
| | |||||
* | mod_websocket: handle full frame buffer and raise stream error | Matthew Wild | 2020-09-17 | 1 | -1/+5 |
| | |||||
* | mod_websocket: Switch partial frame buffering to util.dbuffer | Matthew Wild | 2020-09-17 | 1 | -3/+8 |
| | | | | | This improves performance and enforces stanza size limits earlier in the pipeline. | ||||
* | mod_s2s: Escape invalid XML in loggin (same way as mod_c2s) fix #15740.11.6 | Kim Alvefur | 2020-08-01 | 1 | -2/+1 |
| | |||||
* | mod_muc_mam: Don't strip MUC <x> tags, fix #1567 | Kim Alvefur | 2020-06-21 | 1 | -3/+0 |
| | |||||
* | mod_auth_internal_*: Apply saslprep to passwords | Kim Alvefur | 2020-05-23 | 3 | -2/+25 |
| | | | | Related to #1560 | ||||
* | mod_storage_internal: Fix error in time limited queries on items without ↵ | Kim Alvefur | 2020-05-15 | 1 | -2/+4 |
| | | | | 'when' field, fixes #1557 | ||||
* | mod_muc_mam: Remove spoofed archive IDs before archiving, fix #1552 | Kim Alvefur | 2020-05-11 | 1 | -1/+1 |
| | | | | | | | | | The stanza-id added during archiving looks exactly like what should be stripped, so the stripping must happen before archiving. Getting priorities right is hard! Also no test coverage yet. | ||||
* | mod_csi_simple: Consider XEP-0353: Jingle Message Initiation important | Kim Alvefur | 2020-05-08 | 1 | -0/+3 |
| | | | | | | Improves experience with VoIP calls initiated via JMI Closes #1548 | ||||
* | mod_muc_mam: Fix missing advertising of XEP-0359, fixes #1547 | Kim Alvefur | 2020-05-08 | 1 | -0/+1 |
| | |||||
* | mod_muc_mam: Fix stanza id filter event name, fixes #1546 | Kim Alvefur | 2020-04-29 | 1 | -1/+1 |
| | | | | Nice typo | ||||
* | mod_tls: Log when certificates are (re)loaded | Kim Alvefur | 2020-04-26 | 1 | -1/+7 |
| | | | | Meant to reduce user confusion over what's reloaded and not. | ||||
* | mod_carbons: Fix handling of incoming MUC PMs #1540 | Kim Alvefur | 2020-04-26 | 1 | -1/+1 |
| | | | | | | | 27f5db07bec9 fixed this wrong. The code is supposed to check if the stanza is NOT sent to your bare JID. A MUC PM is always sent to your full JID. Hopefully nobody sends MUC invites to full JIDs, because those would be skipped by this as well. | ||||
* | mod_http_files: Avoid using inode in etag, fix #1498 | Kim Alvefur | 2020-04-25 | 1 | -1/+1 |
| | |||||
* | MUC: Always include 'affiliation'/'role' attributes, defaulting to 'none' if nil | Matthew Wild | 2020-04-23 | 1 | -1/+1 |
| | |||||
* | mod_vcard4: Report correct error condition (fixes #1521) | Kim Alvefur | 2020-04-03 | 1 | -2/+2 |
| | | | | On error, the second return value is the error condition, not the third. | ||||
* | mod_register_ibr: Add FORM_TYPE as required by XEP-0077 (fixes #1511) | Emmanuel Gil Peyrot | 2019-09-29 | 1 | -0/+2 |
| | | | | Backport of f90abf142d53 from trunk | ||||
* | mod_storage_sql: Add index covering sort_id to improve performance (fixes #1505) | Kim Alvefur | 2020-03-22 | 1 | -0/+1 |
| | |||||
* | mod_admin_telnet: Handle unavailable cipher info (fixes #1510) | Kim Alvefur | 2020-03-22 | 1 | -5/+8 |
| | | | | | | | | The LuaSec :info() method gathers info using the OpenSSL function SSL_get_current_cipher(). Documentation for this function states that it may return NULL if no session has been established (yet). If so, the LuaSec functions wrapping this return nil, triggering a nil-indexing error in mod_admin_telnet. | ||||
* | MUC: Persist affiliation_data in new MUC format! | Matthew Wild | 2020-03-12 | 1 | -0/+1 |
| | |||||
* | mod_mam,mod_muc_mam: Allow other work to be performed during archive cleanup ↵ | Kim Alvefur | 2020-03-11 | 2 | -2/+10 |
| | | | | | | | | | | | (fixes #1504) This lets Prosody handle socket related work between each step in the cleanup in order to prevent the server from being completely blocked during this. An async storage backend would not need this but those are currently rare. | ||||
* | mod_pubsub, mod_pep: Ensure correct number of children of <item/> (fixes #1496) | Kim Alvefur | 2020-02-27 | 2 | -2/+2 |
| |