| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
This matches the behaviour of the newer mod_sasl2 implementation. It allows
plugins to observe (and potentially, with caution, modify) the SASL exchange.
|
|
|
|
| |
E.g. the timeout could be extended under certain conditions.
|
|
|
|
|
|
|
|
|
|
|
| |
This merges the mod_s2s_smacks_timeout behavior from prosody-modules
This event is fired by mod_smacks when the connection has not responded
to an ack-request for a period of time defaulting to 30 seconds,
indicating that the connection has become stuck or non-responsive.
Closing it prevents routing further messages via this connection and
frees resources. A stuck connection may otherwise remain until for a
time determined by the OS TCP subsystem, which can be quite long.
|
|
|
|
|
|
| |
As extension point for rate limiting and similar checks, so they can
hook a single event instead of <{sasl1}auth> or stream features, which
might not be fired in case of SASL2 or e.g. HTTP based login.
|
|
|
|
|
|
|
| |
Previously these events fired after the session had been destroyed, which
removes many of the useful properties. The ones I chose to preserve here are
the ones used by the community module mod_audit, which seems like a good
baseline.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When registration_delete_grace_period is set, accounts will be disabled for
the specified grace period before they are fully deleted.
During the grace period, accounts can be restored with the user:restore()
shell command.
The primary purpose is to prevent accidental or malicious deletion of a user's
account, which is traditionally very easy for any XMPP client to do with a
single stanza.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This allows us to store a time, actor, comment and/or reason why an account
was disabled, which seems a generally useful thing to support.
|
|
|
|
|
|
| |
Some storage drivers will perform cleanup after the last iteration, but
if only one step is taken this might be delayed until the garbage
collector gets to it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This should simplify adding shell commands from other modules, which will
reduce the growth of mod_admin_shell and make it easier for community modules
to expose commands too.
|
|
|
|
|
| |
This makes it easier for commands added by other modules to add to the help
output, for example.
|
|
|
|
|
|
|
| |
The previous count would be invalid at this point.
Should be possible to math out how many items are left, but this is left
as future work.
|
|
|
|
|
|
|
| |
Weak tables are said to have suboptimal performance, so we might as well
get replace it with an increased default LRU cache size.
Sorry about the 'and'
|
|
|
|
| |
Should be done here too.
|
|
|
|
|
| |
Since datamanager can fall back to the old method of loading the whole
list, which wouldn't come with a :close method.
|
|
|
|
|
| |
This closes the two FDs that the random access list abstraction uses,
otherwise they are left to the garbage collector.
|
|
|
|
|
|
| |
Gives some access to node details which are otherwise hard to determine
if you only see the plain text summary, since it is shared based on the
pubsub#type setting (or payload xmlns).
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Had a hard time following what was happening when it did not specify
which grant or token was being removed.
|
|
|
|
|
| |
Potentially allows sorting on those directly as they will be in
increasing order.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Previously the whole grant was deleted if it found one expired toke,
which was not indented.
|
| |
|
|
|
|
| |
Does this make it clearer what is going on?
|
|
|
|
| |
Simplifies configuration, only one already existing boolean to flip.
|
|
|
|
|
| |
Complements the DANE support for outgoing connections included in
net.connect
|
|
|
|
|
| |
This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when
used with BOSH (that module tries to use event.stream.from).
|
|
|
|
| |
(thanks tmolitor)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
|
| |
|
|
|
|
|
|
|
| |
Some of the new roles don't quite fit nicely into 4 characters
(excluding ellipsis). Given the ability to dynamically add additional
roles from the config and possibly from modules, it seems better to just
make it a relative size since we can't know how long they will be.
|
|
|
|
| |
Explicit > implicit
|
| |
|