aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* util.dns: Minor updates of SVCB parserKim Alvefur2022-02-021-1/+2
| | | | Now based on draft-ietf-dnsop-svcb-https-08
* util.dns: Implement SVCB record parserKim Alvefur2020-10-041-0/+54
| | | | Based on draft-ietf-dnsop-svcb-https-00
* util.dns: Fix returning read position after zero-length nameKim Alvefur2020-10-041-1/+1
| | | | | | Doesn't affect normal usage by Prosody since neither A nor AAAA records use this and SRV records has the host name last so the position is not needed.
* util.dnsregistry: Regenerate from IANA registryKim Alvefur2022-02-021-57/+120
| | | | | Note the duplicate 9 and 16 entries, neither of which are especially relevant for our resolver usage.
* util.dns: Move DNS parameters details into util.dnsregistryKim Alvefur2020-10-042-56/+63
| | | | | Goal is to regenerate this file from the IANA registry using a tool. Having it in a separate file will reduce vcs noise in util.dns
* util.prosodyctl.check: Fix reset of libunbound before DNS checksKim Alvefur2022-02-011-1/+1
| | | | | | | Probably worked anyway but settings might not always have been applied depending on what order things happens in. Error was hidden by the pcall, which was sorta intentional...
* util.prosodyctl.check: Fix A/AAAA check for proxy65 and httpKim Alvefur2022-01-301-2/+2
| | | | | | When there are no records to return the return value from dns.lookup() might be nil or might be a table containing zero records, depending on which DNS library is used
* util.prosodyctl.check: Include multiplexed ports in DNS checks #1704Kim Alvefur2022-01-301-0/+13
|
* util.format: Expand explanation of purpose in commentsKim Alvefur2022-01-271-1/+6
|
* util.format: Skip control code escaping when doing full serializationKim Alvefur2022-01-271-1/+1
| | | | | | Fixes that a multi-line string ended up "like\ \9this" instead of "like\nthis" as can be demonstrated by somehow initiating a connection to a HTTP server.
* util.prosodyctl.cert: Look for certs matching 'http_host'Kim Alvefur2022-01-271-0/+4
| | | | | This should ensure any certificate needed for HTTP services will also be included in the certificate import.
* util.prosodyctl.check: Fix use of LuaSocket URL parserKim Alvefur2022-01-271-1/+1
|
* util.prosodyctl.check: Add HTTP related DNS checksKim Alvefur2022-01-271-8/+41
| | | | | Since XEP-0363 is essentially mandatory now this will hopefully help diagnose some common issues.
* util.prosodyctl.cert: Look for certificates in a consistent orderKim Alvefur2022-01-261-0/+9
| | | | | | | | | Shortest first, then alphabetically, so that it prefers the base domain over subdomains. Fixes that it might otherwise pick a random sub-domain for filename on each run, cluttering the certs directory and potentially tricking Prosody into using an older certificate that might be about to expire.
* util.xtemplate: Yet another string template libraryKim Alvefur2022-01-241-0/+86
| | | | | | This one takes a stanza as input Roughly based on util.interpolation
* Merge 0.11->trunkKim Alvefur2022-01-201-13/+5
|\
| * util.xml: Deduplicate handlers for restricted XML0.11.13Kim Alvefur2022-01-201-12/+5
| | | | | | | | | | Makes the code more like util.xmppstream, allowing easier comparisons if we ever need to apply fixes in the future.
| * util.xml: Break reference to help the GC (fix #1711)Kim Alvefur2022-01-201-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LuaExpat uses a registry reference to track handlers, which makes it so that an upvalue like this creates a reference loop that keeps the parser and its handlers from being garbage collected. The same issue has affected util.xmppstream in the past. Code for checking: local xml_parse = require"util.xml".parse; for i = 1, 10000 do xml_parse("<root/>") end collectgarbage(); collectgarbage(); print(collectgarbage("count"), "KiB"); A future release of LuaExpat may fix the underlying issue there.
| * util.xml: Do not allow doctypes, comments or processing instructions0.11.12Jonas Schäfer2022-01-101-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* | util.prosodyctl.cert: Check success of copy operations, warn on failKim Alvefur2022-01-191-4/+9
| | | | | | | | | | Debugging a case where certs are not imported correctly but prosodyctl still reports success. Hoping this will shed some light on it.
* | util.prosodyctl.cert: Pass variables via formatting instead of concatenationKim Alvefur2022-01-191-5/+5
| | | | | | | | | | Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().
* | util.jid: Explicitly check for nil rather than falsyKim Alvefur2022-01-151-14/+14
| | | | | | | | A boolean false should blow up.
* | util.xml: Do not allow doctypes, comments or processing instructionsJonas Schäfer2022-01-101-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* | util.prosodyctl.cert: Fix boolean logic bugKim Alvefur2022-01-091-1/+1
| | | | | | | | | | | | | | Boolean logic, never correct on the first try. We want to skip copying the same cert if it _has_ been imported already, not if it has not.
* | util.startup: Allow supplying an argument parsing settingsKim Alvefur2022-01-091-2/+2
| | | | | | | | | | | | The 'prosody' global is not global this early so there was no way to override the process type field or argument parsing settings from outside, e.g. from the migrator.
* | util.prosodyctl.check: Parameterize replacement instructionsKim Alvefur2022-01-081-11/+25
| | | | | | | | | | This ought to make it easier to translate in the future. And easier to reword, now!
* | util.prosodyctl.check: Move word to ease future translationsKim Alvefur2022-01-081-13/+13
| | | | | | | | | | | | | | | | | | | | | | Recent experience with translations in the context of Snikket highlighted that sentences spread across concatenated strings like this makes the experience less than pleasant for translators. We don't have translation yet, but it is a future goal and why not? The duplication can be solved with a parameterized function for the common cases.
* | util.prosodyctl.check: Use same wording about 'daemonize' and 'no_daemonize'Kim Alvefur2022-01-081-1/+1
| | | | | | | | Why would they use different wording?
* | util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-061-1/+6
| | | | | | | | | | Previously this would end up passing the "max" directly to the underlying storage.
* | util.dependencies: Enable warning about missing lua-unboundKim Alvefur2022-01-051-3/+2
| | | | | | | | Packages exists now.
* | util.stanza: Remove dead codeKim Alvefur2021-12-311-5/+0
| | | | | | | | | | These cases are caught by `check_text(v, ..)` above. Those errors do not contain the attribute however, which would have been nice.
* | util.stanza: Make type error message consistent with othersKim Alvefur2021-12-311-1/+1
| |
* | util.datamapper: Add support for $ref pointersKim Alvefur2021-12-291-18/+39
| | | | | | | | Allows reuse of repetitive definitions in schemas.
* | util.jsonschema: Add support for $ref pointersKim Alvefur2021-12-291-21/+33
| |
* | util.jsonpointer: Resolve JSON Pointers per RFC 6901Kim Alvefur2021-12-291-0/+40
| |
* | mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438Kim Alvefur2021-12-261-1/+1
| | | | | | | | | | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
* | openmetrics/histograms: improve code clarityKim Alvefur2021-12-272-2/+2
| | | | | | | | | | If buckets thresholds are to be taken as "less than or equal to", then using the less than or equal to operator seems sensible.
* | openmetrics/histograms: fix incorrect condition for bucketingJonas Schäfer2021-12-262-2/+2
| | | | | | | | | | | | The buckets thresholds are to be taken as "less than or equal to". The condition as written in the code did only "less than", not "less than or equal to". That's fixed now.
* | util.xml: Use variable instead of constant for consistency (thanks Thijs)Matthew Wild2021-12-261-1/+1
| |
* | util.prosodyctl.check: Remove obsolete settings from known globalsKim Alvefur2021-12-251-2/+0
| |
* | util.prosodyctl.check: Add some more obsolete settingsKim Alvefur2021-12-251-0/+6
| |
* | util.id: Add a 'tiny' variantKim Alvefur2021-12-021-0/+3
| | | | | | | | | | Conversations uses this for its randomized resources. Presumably fine and collision resistant enough when you have a few devices at most.
* | util.id: Adjust entropy levels, with rationalesKim Alvefur2021-12-021-3/+14
| | | | | | | | | | Modules using ids for logging should not need the now pretty large medium one.
* | util.prosodyctl.cert: Copy SAN/wildcard certs only onceKim Alvefur2021-12-221-1/+5
| |
* | util.x509: Fix to include wildcard identityKim Alvefur2021-12-221-0/+3
| |
* | prosodyctl cert: use the indexing functions for better UXJonas Schäfer2021-12-211-13/+15
| | | | | | | | | | | | These provide (a) a way to deal with random assortments of certs and (b) avoid unnecessary error messages and warnings, according to #1669 anyway, which this fixes.
* | core.certmanager: Rename preset option to 'tls_preset'Kim Alvefur2021-12-221-0/+1
| | | | | | | | TLS good, SSL bad.
* | adminstream: fire disconnected event on lower layer disconnectJonas Schäfer2021-12-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | This may in theory cause multiple disconnect events for the adminstream client, if the only code using that wasn't calling os.exit right away. Hence, this should be a good enough partial fix for #1671. It is not a full fix, because the shell will only notice the disconnect after one has hit enter in the input; until then, it is stuck in a read() call to stdin and completely oblivious to the disconnect.
* | util.smqueue: Simplify compat table, fix dependent modules (thanks Martin)Kim Alvefur2021-12-161-9/+4
| | | | | | | | | | | | There was an off-by-one in the modulo calculation. Switching to a plain old array-table makes the apparent size of the queue wrong, but since some of the queue may not be available this is likely for the best.
* | util.smqueue: Abstract queue with acknowledgements and overflowKim Alvefur2021-12-141-0/+61
| | | | | | | | | | | | | | | | Meant to be used in mod_smacks for XEP-0198 Meant to have a larger virtual size than actual number of items stored, on the theory that in most cases, the excess will be acked before needed for a resumption event.