aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* mod_tls: Record STARTTLS state so it can be shown in ShellKim Alvefur2022-08-022-1/+6
| | | | | | | This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS.
* Merge 0.12->trunkKim Alvefur2022-07-292-6/+3
|\
| * mod_storage_sql: Fix summary API with Postgres (fixes #1766)Kim Alvefur2022-07-221-4/+2
| | | | | | | | | | | | | | The ORDER BY and LIMIT clauses are not needed and don't even make much sense. This part was most likely a leftover from the :find method. Tested with sqlite and postgres 14
| * mod_http_files: Log warning about legacy modules using mod_http_filesKim Alvefur2022-07-171-2/+1
| | | | | | | | | | | | | | | | | | It is time. Most community modules should have been adjusted to work with the new (net.http.files) way. At some point this usage should be prevented. Related to #1765
* | Merge 0.12->trunkKim Alvefur2022-07-272-2/+6
|\|
| * mod_bookmarks: Reduce error about not having bookmarks to debug (thanks tom)Kim Alvefur2022-07-261-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is happens if the account is new and doesn't have any bookmarks yet, which is not a problem. Rarely seen since most clients currently use the older version of XEP-0084 stored in XEP-0049 rather than in PEP, but at least one (Converse.js )does. One scenario in which this would show up often is with Converse.js as a guest chat using anonymous authentication, where all "accounts" would always be new and not have any bookmarks. This scenario probably does not need to have mod_bookmarks at all, but if enabled globally it would likely become loaded onto the VirtualHost unless explicitly disabled.
| * mod_storage_sql: Fix bypass of load procedure under prosodyctlKim Alvefur2022-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | There's no 'prosody.prosodyctl' property other than this one, introduced in 6216743c188c in 2015. Guessing that the intent was to skip this when running as a prosodyctl command. The module.command code does its own version of this initialization, so this seems likely. Thanks raja for noticing
* | mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)Kim Alvefur2022-06-011-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187
* | compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-115-5/+5
| |
* | mod_storage_sql: Remove Lua 5.1 compatibility hackKim Alvefur2022-07-021-2/+1
| | | | | | | | Part of #1600
* | mod_mam: Silence luacheck (yay warnings in CI but not locally)Kim Alvefur2022-06-141-1/+1
| |
* | mod_mam: Clarify comment (thanks chili-b)Kim Alvefur2022-06-141-2/+6
| | | | | | | | | | This was slightly inaccurate since 6e1af07921d1 because the conditions are more complicated now.
* | mod_csi_simple: Collect stats on number of stanzas per flushKim Alvefur2022-06-141-0/+5
| | | | | | | | Because interesting, gives some idea about the efficiency.
* | mod_admin_shell: Show session id ping reply cameKim Alvefur2022-06-131-1/+1
| | | | | | | | | | | | To point out which one when more than one connection was established, or if it's an existing connection, allows correlation with s2s:show() or with logs.
* | Merge 0.12->trunkKim Alvefur2022-06-131-1/+1
|\|
| * mod_smacks: Fix #1761 by setting a flag earlierKim Alvefur2022-06-121-1/+1
| | | | | | | | | | | | This ensures that the flag is set even if the pre-drain callback is called from send(), as would be the case if opportunistic writes are enabled.
* | mod_saslauth: Advertise channel bindings via XEP-0440Kim Alvefur2020-12-061-0/+10
| | | | | | | | | | This is useful when there's more than one channel binding in circulation, since perhaps there will be varying support for them.
* | mod_admin_shell: Include last (mod_cron) task run time in module:info()Kim Alvefur2022-06-011-1/+11
| | | | | | | | Don't think this is otherwise shown anywhere outside of debug logs
* | mod_admin_shell: Drop unused argument [luacheck]Kim Alvefur2022-05-311-1/+1
| |
* | mod_admin_shell: Show bound ports in module:infoKim Alvefur2022-05-311-1/+11
| | | | | | | | I.e. the subset of port:list() relevant to the specified module.
* | mod_admin_shell: Document the 'watch' section in the built-in helpKim Alvefur2022-05-301-0/+4
| |
* | prosodyctl shell: Communicate width of terminal to mod_admin_shellKim Alvefur2022-05-301-5/+10
| | | | | | | | This lets it adjust the width of tables to the actual terminal width.
* | mod_smacks: Indicate that bounces are generated by the serverKim Alvefur2022-05-271-1/+2
| | | | | | | | | | Could arguably be implied by 'recipient-unavailable' since if it was available, this error wouldn't happen.
* | Merge 0.12->trunkKim Alvefur2022-05-271-3/+2
|\|
| * mod_smacks: Bounce unhandled stanzas from local origin (fix #1759)0.12.1Kim Alvefur2022-05-271-2/+1
| | | | | | | | | | | | | | | | | | Sending stanzas with a remote session as origin when the stanzas have a local JID in the from attribute trips validation in core.stanza_router, leading to warnings: > Received a stanza claiming to be from remote.example, over a stream authed for localhost.example Using module:send() uses the local host as origin, which is fine here.
| * mod_smacks: Fix bounce of stanzas directed to full JID on unclean disconnectKim Alvefur2022-05-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #1758 Introduced in 1ea01660c79a In e62025f949f9 to and from was inverted since it changed from acting on a reply to acting on the original stanza (or a clone thereof) Unsure of the purpose of this check, you don't usually send stanzas to your own full JID. Perhaps guarding against routing loops? The check was present in the original commit of mod_smacks, prosody-modules rev 9a7671720dec
* | mod_smacks: Remove debug log references to timer (not used anymore)Kim Alvefur2022-05-261-2/+1
| | | | | | | | Cuts down on noise as well
* | Merge 0.12->trunkKim Alvefur2022-05-261-3/+2
|\|
| * mod_smacks: Fix to use current method of counting acked stanzasKim Alvefur2022-05-261-3/+2
| | | | | | | | | | | | | | | | | | Fixes #1757 These places seem to have been left since e62025f949f9 The logic around expected_h in should_ack() misbehaved, always comparing with 0 + unacked instead of acked + unacked.
* | mod_smacks: Use session logging for remaining log messagesKim Alvefur2022-05-211-6/+6
| | | | | | | | For consistency and easier correlation of session events.
* | mod_smacks: Factor out some convenience functionsKim Alvefur2022-02-111-10/+21
| | | | | | | | | | Those lines are long and the risk of mistakes if another one needs to be added seems high, but lower when factored out like this.
* | Merge 0.12->trunkKim Alvefur2022-05-151-2/+2
|\|
| * mod_admin_shell: Tighten up type checks to fix #1754 (thanks clouded)Kim Alvefur2022-05-151-2/+2
| | | | | | | | | | | | Due to the dummy statistics provider (see core.statsmanager line 250) having a metatable that allows infinite indexing where everything is always the same table, which end up in suf() in the concatenation line.
* | mod_smacks: Initialize queue before sending <enable>Kim Alvefur2022-05-151-1/+1
| | | | | | | | | | | | | | | | Setting the .smacks field enables code paths that expects the queue to be present. The queue is initialized in wrap_session_out(). With opportunistic writes enabled this happens immediately on .sends2s(), so the sending <enable> must happen before OR after these two lines, not in the middle.
* | mod_s2s: Log queued stanzas for which no error reply is producedKim Alvefur2022-05-071-0/+2
| | | | | | | | | | | | This would mainly be error stanzas. Good to have some trace of when handling of them are finished.
* | mod_s2s: Don't bounce queued error stanzas (thanks Martin)Kim Alvefur2022-05-071-1/+1
| | | | | | | | | | | | | | | | | | The check for the type attr was lost in 11765f0605ec leading to attempts to create error replies for error stanzas, which util.stanza rejects. Tested by sending <message to="reject.badxmpp.eu" type="error"><error/></message> which produced a traceback previously.
* | Merge 0.12->trunkMatthew Wild2022-05-061-1/+5
|\|
| * mod_invites_adhoc: Fall back to generic allow_user_invites for role-less usersMatthew Wild2022-05-061-1/+5
| | | | | | | | Fixes #1752
* | Merge 0.12->trunkKim Alvefur2022-05-051-0/+1
|\|
| * mod_cron: Fix recording last task run time #1751Kim Alvefur2022-05-051-0/+1
| | | | | | | | | | | | | | The type checks, they do nothing! Observed: Tasks that were supposed to run weekly or daily were running each hour.
* | mod_tls: pass target hostname to starttlsJonas Schäfer2021-09-171-1/+1
| | | | | | | | In case the network backend needs it for outgoing SNI or something.
* | mod_tls: tell network backend to stop reading while preparing TLSJonas Schäfer2022-04-021-0/+7
| |
* | mod_tls: Do not offer TLS if the connection is considered secureJonas Schäfer2021-09-171-0/+3
| | | | | | | | | | | | | | | | | | | | This may be necessary if the session.conn object is not exchanged by the network backend when establishing TLS. In that case, the starttls method will always exist and thus that is not a good indicator for offering TLS. However, the secure bit already tells us that TLS has been established or is not to be established on the connection, so we use that instead.
* | net: isolate LuaSec-specificsJonas Schäfer2022-04-275-23/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.
* | Merge 0.12->trunkMatthew Wild2022-04-251-0/+11
|\|
| * mod_s2s: Improve robustness of outgoing s2s certificate verificationMatthew Wild2022-04-251-0/+11
| | | | | | | | | | | | | | | | | | This change ensures we have positively verified the certificates of the server we are connecting to before marking the session as authenticated. It protects against situations where the verify-or-close stage of the connection was interrupted (e.g. due to an uncaught error). Thanks to Zash for discovery and testing.
* | mod_s2s: Distinguish DANE TLSA errors from generic cert chain errorsKim Alvefur2022-04-251-0/+2
| | | | | | | | | | | | Otherwise it would just report "is not trusted" unless you inspect the logs. This message is sent to to the remote server, and will hopefully show up in their logs, allowing the admin to fix their DANE setup.
* | mod_s2s: Recognise and report errors with CA or intermediate certsKim Alvefur2022-04-251-0/+8
| | | | | | | | | | Should be invoked for cases such as when the Let's Encrypt intermediate certificate expired not too long ago.
* | mod_smacks: Improve activation of smacks on outgoing s2sKim Alvefur2022-04-241-21/+16
| | | | | | | | | | | | | | | | | | Using a timer was a hack to get around that stream features are not available at the right time and sendq stanzas were stored as strings so could not be counted properly. The later has now been fixed and the former is fixed by recording the relevant stream feature on the session so that the correct version of XEP-0198 can be activated once the connection has been authenticated and is ready to start.
* | mod_admin_shell: Add watch:stanzas() commandMatthew Wild2022-03-231-0/+38
| |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 07:18:56 +0000