| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
| |
This should simplify adding shell commands from other modules, which will
reduce the growth of mod_admin_shell and make it easier for community modules
to expose commands too.
|
|
|
|
|
| |
This makes it easier for commands added by other modules to add to the help
output, for example.
|
|
|
|
|
|
|
| |
The previous count would be invalid at this point.
Should be possible to math out how many items are left, but this is left
as future work.
|
|
|
|
|
|
|
| |
Weak tables are said to have suboptimal performance, so we might as well
get replace it with an increased default LRU cache size.
Sorry about the 'and'
|
|
|
|
| |
Should be done here too.
|
|
|
|
|
| |
Since datamanager can fall back to the old method of loading the whole
list, which wouldn't come with a :close method.
|
|
|
|
|
| |
This closes the two FDs that the random access list abstraction uses,
otherwise they are left to the garbage collector.
|
|
|
|
|
|
| |
Gives some access to node details which are otherwise hard to determine
if you only see the plain text summary, since it is shared based on the
pubsub#type setting (or payload xmlns).
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Had a hard time following what was happening when it did not specify
which grant or token was being removed.
|
|
|
|
|
| |
Potentially allows sorting on those directly as they will be in
increasing order.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Previously the whole grant was deleted if it found one expired toke,
which was not indented.
|
| |
|
|
|
|
| |
Does this make it clearer what is going on?
|
|
|
|
| |
Simplifies configuration, only one already existing boolean to flip.
|
|
|
|
|
| |
Complements the DANE support for outgoing connections included in
net.connect
|
|
|
|
|
| |
This matches what mod_c2s does, and fixes a traceback in mod_sasl2_fast when
used with BOSH (that module tries to use event.stream.from).
|
|
|
|
| |
(thanks tmolitor)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This channel binding method is now enabled when a hash is manually set in the
config, or it attempts to discover the hash automatically if the value is the
special string "auto".
A related change to mod_c2s prevents complicated certificate lookups in the
client connection hot path - this work now happens only when this channel
binding method is used. I'm not aware of anything else that uses ssl_cfg (vs
ssl_ctx).
Rationale for disabling by default:
- Minor performance impact in automatic cert detection
- This method is weak against a leaked/stolen private key (other methods such
as 'tls-exporter' would not be compromised in such a case)
Rationale for keeping the implementation:
- For some deployments, this may be the only method available (e.g. due to
TLS offloading in another process/server).
|
| |
|
|
|
|
|
|
|
| |
Some of the new roles don't quite fit nicely into 4 characters
(excluding ellipsis). Given the ability to dynamically add additional
roles from the config and possibly from modules, it seems better to just
make it a relative size since we can't know how long they will be.
|
|
|
|
| |
Explicit > implicit
|
| |
|
|
|
|
| |
Requested feature for many modules, notably MAM and file sharing.
|
|
|
|
|
|
| |
MattJ contributed new APIs for retrieving the actually used certificate
and chain to LuaSec, which are not in a release at the time of this
commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This originally used a WIP implementation of cert:sigalg(), a method to
retrieve certificate signature algorithm, but it was never submitted
upstream. https://github.com/Zash/luasec/tree/zash/sigalg
cert:getsignaturename() was merged in
https://github.com/brunoos/luasec/commit/de393417b7c7566caf1e0a0ad54132942ac4f049
XEP-0440 v0.3.0 made implementing tls-server-end-point a MUST
|
|
|
|
|
|
|
|
| |
Since this channel binding method is said to enable TLS offloading then
you need tell Prosody the hash (or the full cert), so this seems like a
good start.
Support is RECOMMENDED in XEP-0440 version 0.2
|
| |
|
|
|
|
| |
Ensures the periodic cleanup really does remove expired tokens.
|
|
|
|
| |
This should ensure expired grants eventually disappear.
|
|
|
|
|
|
|
|
|
|
| |
Generally it is expected that a grant would have at least one token as
long as the grant is in active use.
Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by
default, so the idea here is that if that refresh token expired and
another week goes by without the grant being used, then the whole grant
can be removed.
|
| |
|
| |
|
|
|
|
| |
Use of datetime was removed in 6ac5ad578565
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Suggested by jstein in the chat
This option label is used by XMPP clients to explain what the option does.
a) The user should know where the data is archived.
b) The user needs a statement that can be enabled/disabled by the variable. A question would have the wrong logic here.
|
| |
| |
| |
| | |
Does this run in a thread?
|
| |
| |
| |
| |
| | |
This ensures that all interactions with storage happen inside an async
thread, allowing async waiting to be performed in storage drivers.
|
| |
| |
| |
| |
| |
| |
| | |
Maybe it is better to run daily and weekly tasks 'now' on the theory
that people set these things up during times that are appropriate for
maintenance already, so the same time next day or next week might be
fine for periodic cleanup.
|
| |
| |
| |
| | |
Fixes "Could not delete messages for room 'x': (nil)"
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This method would previously never delete the first (and only) item
since it works out which item should become the first item after the
trim operation, which doesn't make sense when all should be removed.
This also works as an optimization for when all the last item should be
trimmed, thus items should be removed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Behavior change: It becomes up to the authorization module whether to
allow requests. The default, mod_authz_internal, will allow users on the
*parent* host only, breaking use by some components.
Remaining question is whether to deprecate the `http_file_share_access`
setting or leave as a way to complement/bypass access control?
|