| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Previously these events fired after the session had been destroyed, which
removes many of the useful properties. The ones I chose to preserve here are
the ones used by the community module mod_audit, which seems like a good
baseline.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When registration_delete_grace_period is set, accounts will be disabled for
the specified grace period before they are fully deleted.
During the grace period, accounts can be restored with the user:restore()
shell command.
The primary purpose is to prevent accidental or malicious deletion of a user's
account, which is traditionally very easy for any XMPP client to do with a
single stanza.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This allows us to store a time, actor, comment and/or reason why an account
was disabled, which seems a generally useful thing to support.
|
|
|
|
|
|
| |
Some storage drivers will perform cleanup after the last iteration, but
if only one step is taken this might be delayed until the garbage
collector gets to it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This should simplify adding shell commands from other modules, which will
reduce the growth of mod_admin_shell and make it easier for community modules
to expose commands too.
|
|
|
|
|
| |
This makes it easier for commands added by other modules to add to the help
output, for example.
|
|
|
|
|
|
|
| |
The previous count would be invalid at this point.
Should be possible to math out how many items are left, but this is left
as future work.
|
|
|
|
|
|
|
| |
Weak tables are said to have suboptimal performance, so we might as well
get replace it with an increased default LRU cache size.
Sorry about the 'and'
|
|
|
|
| |
Should be done here too.
|
|
|
|
|
| |
Since datamanager can fall back to the old method of loading the whole
list, which wouldn't come with a :close method.
|
|
|
|
|
| |
This closes the two FDs that the random access list abstraction uses,
otherwise they are left to the garbage collector.
|
|
|
|
|
|
| |
Gives some access to node details which are otherwise hard to determine
if you only see the plain text summary, since it is shared based on the
pubsub#type setting (or payload xmlns).
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Had a hard time following what was happening when it did not specify
which grant or token was being removed.
|
|
|
|
|
| |
Potentially allows sorting on those directly as they will be in
increasing order.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Previously the whole grant was deleted if it found one expired toke,
which was not indented.
|
| |
|
|
|
|
| |
Does this make it clearer what is going on?
|
|
|
|
| |
Simplifies configuration, only one already existing boolean to flip.
|
|
|
|
|
| |
Complements the DANE support for outgoing connections included in
net.connect
|
|
|
|
|
| |
This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when
used with BOSH (that module tries to use event.stream.from).
|
|
|
|
| |
(thanks tmolitor)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
|
| |
|
|
|
|
|
|
|
| |
Some of the new roles don't quite fit nicely into 4 characters
(excluding ellipsis). Given the ability to dynamically add additional
roles from the config and possibly from modules, it seems better to just
make it a relative size since we can't know how long they will be.
|
|
|
|
| |
Explicit > implicit
|
| |
|
|
|
|
| |
Requested feature for many modules, notably MAM and file sharing.
|
|
|
|
|
|
| |
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
|
|
|
|
|
|
|
|
| |
Since this channel binding method is said to enable TLS offloading then
you need tell Prosody the hash (or the full cert), so this seems like a
good start.
Support is RECOMMENDED in XEP-0440 version 0.2
|
| |
|