From 3d20751178f3f22fc0faa3f2dd56e71b88e75dfe Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 Mar 2013 15:00:22 +0100
Subject: net.server: No sections in config anymore

---
 net/server.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/server.lua b/net/server.lua
index 3cdbe551..deabaa12 100644
--- a/net/server.lua
+++ b/net/server.lua
@@ -6,7 +6,7 @@
 -- COPYING file in the source package for more information.
 --
 
-local use_luaevent = prosody and require "core.configmanager".get("*", "core", "use_libevent");
+local use_luaevent = prosody and require "core.configmanager".get("*", "use_libevent");
 
 if use_luaevent then
 	use_luaevent = pcall(require, "luaevent.core");
@@ -43,7 +43,7 @@ end
 if prosody then
 	local config_get = require "core.configmanager".get;
 	local function load_config()
-		local settings = config_get("*", "core", "network_settings") or {};
+		local settings = config_get("*", "network_settings") or {};
 		if use_luaevent then
 			local event_settings = {
 				ACCEPT_DELAY = settings.event_accept_retry_interval;
-- 
cgit v1.2.3


From 0ef3252a3f63991bf901fa996085edef60634830 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 Mar 2013 15:00:49 +0100
Subject: prosody, prosodyctl: Remove last trace of "core" \o/

---
 prosody    |  4 ++--
 prosodyctl | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/prosody b/prosody
index 5802c348..875140de 100755
--- a/prosody
+++ b/prosody
@@ -207,8 +207,8 @@ function init_global_state()
 	prosody.full_sessions = full_sessions;
 	prosody.hosts = hosts;
 	
-	local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
-	local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+	local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+	local custom_plugin_paths = config.get("*", "plugin_paths");
 	if custom_plugin_paths then
 		local path_sep = package.config:sub(3,3);
 		-- path1;path2;path3;defaultpath...
diff --git a/prosodyctl b/prosodyctl
index 0d1194f4..a8cf0e69 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -109,11 +109,11 @@ do
 		os.exit(1);
 	end
 end
-local original_logging_config = config.get("*", "core", "log");
-config.set("*", "core", "log", { { levels = { min="info" }, to = "console" } });
+local original_logging_config = config.get("*", "log");
+config.set("*", "log", { { levels = { min="info" }, to = "console" } });
 
-local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
-local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+local custom_plugin_paths = config.get("*", "plugin_paths");
 if custom_plugin_paths then
 	local path_sep = package.config:sub(3,3);
 	-- path1;path2;path3;defaultpath...
@@ -142,8 +142,8 @@ if ok and pposix then
 	current_uid = pposix.getuid();
 	if current_uid == 0 then
 		-- We haz root!
-		local desired_user = config.get("*", "core", "prosody_user") or "prosody";
-		local desired_group = config.get("*", "core", "prosody_group") or desired_user;
+		local desired_user = config.get("*", "prosody_user") or "prosody";
+		local desired_group = config.get("*", "prosody_group") or desired_user;
 		local ok, err = pposix.setgid(desired_group);
 		if ok then
 			ok, err = pposix.initgroups(desired_user);
@@ -162,7 +162,7 @@ if ok and pposix then
 	end
 	
 	-- Set our umask to protect data files
-	pposix.umask(config.get("*", "core", "umask") or "027");
+	pposix.umask(config.get("*", "umask") or "027");
 	pposix.setenv("HOME", data_path);
 	pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
 else
@@ -267,7 +267,7 @@ local show_yesno = prosodyctl.show_yesno;
 local show_prompt = prosodyctl.show_prompt;
 local read_password = prosodyctl.read_password;
 
-local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
+local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
 -----------------------
 local commands = {};
 local command = arg[1];
@@ -410,7 +410,7 @@ function commands.start(arg)
 	
 	local ok, ret = prosodyctl.start();
 	if ok then
-		if config.get("*", "core", "daemonize") ~= false then
+		if config.get("*", "daemonize") ~= false then
 			local i=1;
 			while true do
 				local ok, running = prosodyctl.isrunning();
-- 
cgit v1.2.3


From 3ec1c834e665cbc60edeaff968899eef642b4450 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 Mar 2013 20:06:02 +0100
Subject: net.server, _select: Reorganise configuration of server_select to be
 more like server_event

---
 net/server.lua        | 14 +++++++++++---
 net/server_select.lua | 13 ++++++++++++-
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/net/server.lua b/net/server.lua
index deabaa12..ae3d45b0 100644
--- a/net/server.lua
+++ b/net/server.lua
@@ -42,6 +42,10 @@ end
 
 if prosody then
 	local config_get = require "core.configmanager".get;
+	local defaults = {};
+	for k,v in pairs(server.cfg or server.getsettings()) do
+		defaults[k] = v;
+	end
 	local function load_config()
 		local settings = config_get("*", "network_settings") or {};
 		if use_luaevent then
@@ -59,11 +63,15 @@ if prosody then
 				WRITE_TIMEOUT = settings.send_timeout;
 			};
 
-			for k, v in pairs(event_settings) do
-				server.cfg[k] = v;
+			for k,default in pairs(defaults) do
+				server.cfg[k] = event_settings[k] or default;
 			end
 		else
-			server.changesettings(settings);
+			local select_settings = {};
+			for k,default in pairs(defaults) do
+				select_settings[k] = settings[k] or default;
+			end
+			server.changesettings(select_settings);
 		end
 	end
 	load_config();
diff --git a/net/server_select.lua b/net/server_select.lua
index 63a94b7e..8ce9eed2 100644
--- a/net/server_select.lua
+++ b/net/server_select.lua
@@ -769,7 +769,18 @@ closeall = function( )
 end
 
 getsettings = function( )
-	return	_selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, nil, _maxselectlen, _maxsslhandshake, _maxfd
+	return {
+		select_timeout = _selecttimeout;
+		select_sleep_time = _sleeptime;
+		max_send_buffer_size = _maxsendlen;
+		max_receive_buffer_size = _maxreadlen;
+		select_idle_check_interval = _checkinterval;
+		send_timeout = _sendtimeout;
+		read_timeout = _readtimeout;
+		max_connections = _maxselectlen;
+		max_ssl_handshake_roundtrips = _maxsslhandshake;
+		highest_allowed_fd = _maxfd;
+	}
 end
 
 changesettings = function( new )
-- 
cgit v1.2.3


From 27377b993617a2840ef7f97948676c3d4a6b181a Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 23 Mar 2013 23:30:13 +0100
Subject: mod_s2s: Keep the dns answer object around a while so plugins can
 look at it

---
 plugins/mod_s2s/s2sout.lib.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index 5ebbee8e..f89c5fc4 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -90,7 +90,7 @@ function s2sout.attempt_connection(host_session, err)
 			host_session.connecting = nil;
 			if answer and #answer > 0 then
 				log("debug", "%s has SRV records, handling...", to_host);
-				local srv_hosts = {};
+				local srv_hosts = { answer = answer };
 				host_session.srv_hosts = srv_hosts;
 				for _, record in ipairs(answer) do
 					t_insert(srv_hosts, record.srv);
-- 
cgit v1.2.3


From 82e45d16423dd6543c4c307f65c311545b8895a3 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 25 Mar 2013 08:18:49 +0100
Subject: mod_s2s: session.from_host does not allways exist on incoming
 connections, true and nil or "our hostname" does not evaluate to what we want
 here

---
 plugins/mod_s2s/mod_s2s.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index ec969cc3..dc4d727d 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -211,7 +211,7 @@ end
 
 --- Helper to check that a session peer's certificate is valid
 local function check_cert_status(session)
-	local host = session.direction == "incoming" and session.from_host or session.to_host
+	local host = session.direction == "outgoing" and session.to_host or session.from_host
 	local conn = session.conn:socket()
 	local cert
 	if conn.getpeercertificate then
-- 
cgit v1.2.3


From 854db75cc239f511d266325edf15bd3182d68519 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 25 Mar 2013 19:08:15 +0100
Subject: mod_s2s: Reset secure flag on new connection attempt

---
 plugins/mod_s2s/s2sout.lib.lua | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index f89c5fc4..a22846db 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -271,6 +271,10 @@ function s2sout.make_connect(host_session, connect_host, connect_port)
 	
 	local from_host, to_host = host_session.from_host, host_session.to_host;
 	
+	-- Reset secure flag in case this is another
+	-- connection attempt after a failed STARTTLS
+	host_session.secure = nil;
+
 	local conn, handler;
 	if connect_host.proto == "IPv4" then
 		conn, handler = socket.tcp();
-- 
cgit v1.2.3


From e3b9a1075ecd03ef653f0598364e4ec373d66651 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 26 Mar 2013 09:25:20 +0100
Subject: mod_s2s: Prevent traceback when replying to incoming connection to a
 host we don't serve

---
 plugins/mod_s2s/mod_s2s.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index dc4d727d..0d552ce8 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -486,7 +486,7 @@ function session_open_stream(session, from, to)
 		from = from, to = to,
 	}
 	local local_host = session.direction == "outgoing" and from or to;
-	if not local_host or hosts[local_host].modules.dialback then
+	if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then
 		attr["xmlns:db"] = 'jabber:server:dialback';
 	end
 
-- 
cgit v1.2.3


From 1ae928562845db6f1ce859ec99691c24122d4600 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Wed, 27 Mar 2013 23:09:47 +0100
Subject: mod_s2s: Prevent s2s to and from hosts we serve locally

---
 plugins/mod_s2s/mod_s2s.lua | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 0d552ce8..6893d184 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -80,6 +80,10 @@ function route_to_existing_session(event)
 		log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
 		return false;
 	end
+	if hosts[to_host] then
+		log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
+		return false;
+	end
 	local host = hosts[from_host].s2sout[to_host];
 	if host then
 		-- We have a connection to this host already
@@ -188,6 +192,9 @@ function make_authenticated(event)
 			});
 		end
 	end
+	if hosts[host] then
+		session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
+	end
 	if session.type == "s2sout_unauthed" then
 		session.type = "s2sout";
 	elseif session.type == "s2sin_unauthed" then
@@ -321,6 +328,11 @@ function stream_callbacks.streamopened(session, attr)
 			end
 		end
 
+		if hosts[from] then
+			session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
+			return;
+		end
+
 		if session.secure and not session.cert_chain_status then
 			if check_cert_status(session) == false then
 				return;
-- 
cgit v1.2.3


From 1b1da546867e1ed1a6db7b4e00607874d3f915ad Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Wed, 27 Mar 2013 23:32:34 +0100
Subject: portmanager: use_ipv6 defaults to true if luasocket has ipv6 support

---
 core/portmanager.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/portmanager.lua b/core/portmanager.lua
index b02ba53b..4c13f1ad 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -1,6 +1,7 @@
 local config = require "core.configmanager";
 local certmanager = require "core.certmanager";
 local server = require "net.server";
+local socket = require "socket";
 
 local log = require "util.logger".init("portmanager");
 local multitable = require "util.multitable";
@@ -19,7 +20,7 @@ module "portmanager";
 
 local default_interfaces = { "*" };
 local default_local_interfaces = { "127.0.0.1" };
-if config.get("*", "use_ipv6") then
+if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
 	table.insert(default_interfaces, "::");
 	table.insert(default_local_interfaces, "::1");
 end
-- 
cgit v1.2.3


From e83dd1f241b696502a39bf510f06836e16b075d0 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Wed, 27 Mar 2013 23:48:39 +0100
Subject: portmanager: Add use_ipv4 option, default to true.

---
 core/portmanager.lua | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/portmanager.lua b/core/portmanager.lua
index 4c13f1ad..9684e9db 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -18,8 +18,12 @@ module "portmanager";
 
 --- Config
 
-local default_interfaces = { "*" };
-local default_local_interfaces = { "127.0.0.1" };
+local default_interfaces = { };
+local default_local_interfaces = { };
+if config.get("*", "use_ipv4") ~= false then
+	table.insert(default_interfaces, "*");
+	table.insert(default_local_interfaces, "127.0.0.1");
+end
 if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
 	table.insert(default_interfaces, "::");
 	table.insert(default_local_interfaces, "::1");
-- 
cgit v1.2.3


From 64440086ea5ee8d2f1726f2101ced46d4f08b929 Mon Sep 17 00:00:00 2001
From: Tobias Markmann <tm@ayena.de>
Date: Thu, 28 Mar 2013 12:49:19 +0100
Subject: mod_privacy: Drop stanzas of type groupchat, so users aren't kicked
 from their chatrooms when blocking specific MUC occupants.

---
 plugins/mod_privacy.lua | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua
index 7ec94922..dc6b153a 100644
--- a/plugins/mod_privacy.lua
+++ b/plugins/mod_privacy.lua
@@ -366,6 +366,10 @@ function checkIfNeedToBeBlocked(e, session)
 		end
 		if apply then
 			if block then
+				-- drop and not bounce groupchat messages, otherwise users will get kicked
+				if stanza.attr.type == "groupchat" then
+					return true;
+				end
 				module:log("debug", "stanza blocked: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from));
 				if stanza.name == "message" then
 					origin.send(st.error_reply(stanza, "cancel", "service-unavailable"));
-- 
cgit v1.2.3