From 6aa6f988a67d19fb256f5fb7233eafdb2c0a7f67 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2013 15:00:22 +0100 Subject: net.server: No sections in config anymore --- net/server.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/server.lua b/net/server.lua index 3cdbe551..deabaa12 100644 --- a/net/server.lua +++ b/net/server.lua @@ -6,7 +6,7 @@ -- COPYING file in the source package for more information. -- -local use_luaevent = prosody and require "core.configmanager".get("*", "core", "use_libevent"); +local use_luaevent = prosody and require "core.configmanager".get("*", "use_libevent"); if use_luaevent then use_luaevent = pcall(require, "luaevent.core"); @@ -43,7 +43,7 @@ end if prosody then local config_get = require "core.configmanager".get; local function load_config() - local settings = config_get("*", "core", "network_settings") or {}; + local settings = config_get("*", "network_settings") or {}; if use_luaevent then local event_settings = { ACCEPT_DELAY = settings.event_accept_retry_interval; -- cgit v1.2.3 From 2e91cb38d916439977f5fe3e69c993b7825fc3ee Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2013 15:00:49 +0100 Subject: prosody, prosodyctl: Remove last trace of "core" \o/ --- prosody | 4 ++-- prosodyctl | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/prosody b/prosody index 5802c348..875140de 100755 --- a/prosody +++ b/prosody @@ -207,8 +207,8 @@ function init_global_state() prosody.full_sessions = full_sessions; prosody.hosts = hosts; - local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data"; - local custom_plugin_paths = config.get("*", "core", "plugin_paths"); + local data_path = config.get("*", "data_path") or CFG_DATADIR or "data"; + local custom_plugin_paths = config.get("*", "plugin_paths"); if custom_plugin_paths then local path_sep = package.config:sub(3,3); -- path1;path2;path3;defaultpath... diff --git a/prosodyctl b/prosodyctl index 0d1194f4..a8cf0e69 100755 --- a/prosodyctl +++ b/prosodyctl @@ -109,11 +109,11 @@ do os.exit(1); end end -local original_logging_config = config.get("*", "core", "log"); -config.set("*", "core", "log", { { levels = { min="info" }, to = "console" } }); +local original_logging_config = config.get("*", "log"); +config.set("*", "log", { { levels = { min="info" }, to = "console" } }); -local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data"; -local custom_plugin_paths = config.get("*", "core", "plugin_paths"); +local data_path = config.get("*", "data_path") or CFG_DATADIR or "data"; +local custom_plugin_paths = config.get("*", "plugin_paths"); if custom_plugin_paths then local path_sep = package.config:sub(3,3); -- path1;path2;path3;defaultpath... @@ -142,8 +142,8 @@ if ok and pposix then current_uid = pposix.getuid(); if current_uid == 0 then -- We haz root! - local desired_user = config.get("*", "core", "prosody_user") or "prosody"; - local desired_group = config.get("*", "core", "prosody_group") or desired_user; + local desired_user = config.get("*", "prosody_user") or "prosody"; + local desired_group = config.get("*", "prosody_group") or desired_user; local ok, err = pposix.setgid(desired_group); if ok then ok, err = pposix.initgroups(desired_user); @@ -162,7 +162,7 @@ if ok and pposix then end -- Set our umask to protect data files - pposix.umask(config.get("*", "core", "umask") or "027"); + pposix.umask(config.get("*", "umask") or "027"); pposix.setenv("HOME", data_path); pposix.setenv("PROSODY_CONFIG", ENV_CONFIG); else @@ -267,7 +267,7 @@ local show_yesno = prosodyctl.show_yesno; local show_prompt = prosodyctl.show_prompt; local read_password = prosodyctl.read_password; -local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2; +local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2; ----------------------- local commands = {}; local command = arg[1]; @@ -410,7 +410,7 @@ function commands.start(arg) local ok, ret = prosodyctl.start(); if ok then - if config.get("*", "core", "daemonize") ~= false then + if config.get("*", "daemonize") ~= false then local i=1; while true do local ok, running = prosodyctl.isrunning(); -- cgit v1.2.3 From 39acad1765011e6646dcc1308941b7b84a1fee60 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2013 20:06:02 +0100 Subject: net.server, _select: Reorganise configuration of server_select to be more like server_event --- net/server.lua | 14 +++++++++++--- net/server_select.lua | 13 ++++++++++++- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/net/server.lua b/net/server.lua index deabaa12..ae3d45b0 100644 --- a/net/server.lua +++ b/net/server.lua @@ -42,6 +42,10 @@ end if prosody then local config_get = require "core.configmanager".get; + local defaults = {}; + for k,v in pairs(server.cfg or server.getsettings()) do + defaults[k] = v; + end local function load_config() local settings = config_get("*", "network_settings") or {}; if use_luaevent then @@ -59,11 +63,15 @@ if prosody then WRITE_TIMEOUT = settings.send_timeout; }; - for k, v in pairs(event_settings) do - server.cfg[k] = v; + for k,default in pairs(defaults) do + server.cfg[k] = event_settings[k] or default; end else - server.changesettings(settings); + local select_settings = {}; + for k,default in pairs(defaults) do + select_settings[k] = settings[k] or default; + end + server.changesettings(select_settings); end end load_config(); diff --git a/net/server_select.lua b/net/server_select.lua index 63a94b7e..8ce9eed2 100644 --- a/net/server_select.lua +++ b/net/server_select.lua @@ -769,7 +769,18 @@ closeall = function( ) end getsettings = function( ) - return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, nil, _maxselectlen, _maxsslhandshake, _maxfd + return { + select_timeout = _selecttimeout; + select_sleep_time = _sleeptime; + max_send_buffer_size = _maxsendlen; + max_receive_buffer_size = _maxreadlen; + select_idle_check_interval = _checkinterval; + send_timeout = _sendtimeout; + read_timeout = _readtimeout; + max_connections = _maxselectlen; + max_ssl_handshake_roundtrips = _maxsslhandshake; + highest_allowed_fd = _maxfd; + } end changesettings = function( new ) -- cgit v1.2.3 From 9c4985d9d82aaf504ecda0026138608a119b0d78 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2013 23:30:13 +0100 Subject: mod_s2s: Keep the dns answer object around a while so plugins can look at it --- plugins/mod_s2s/s2sout.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 5ebbee8e..f89c5fc4 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -90,7 +90,7 @@ function s2sout.attempt_connection(host_session, err) host_session.connecting = nil; if answer and #answer > 0 then log("debug", "%s has SRV records, handling...", to_host); - local srv_hosts = {}; + local srv_hosts = { answer = answer }; host_session.srv_hosts = srv_hosts; for _, record in ipairs(answer) do t_insert(srv_hosts, record.srv); -- cgit v1.2.3 From 5c16f18d7269e720647a602864245bbbb70452ed Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Mar 2013 08:18:49 +0100 Subject: mod_s2s: session.from_host does not allways exist on incoming connections, true and nil or "our hostname" does not evaluate to what we want here --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ec969cc3..dc4d727d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -211,7 +211,7 @@ end --- Helper to check that a session peer's certificate is valid local function check_cert_status(session) - local host = session.direction == "incoming" and session.from_host or session.to_host + local host = session.direction == "outgoing" and session.to_host or session.from_host local conn = session.conn:socket() local cert if conn.getpeercertificate then -- cgit v1.2.3 From ae5806cd6798cbc1374f4713c42bb003a1f13c3d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Mar 2013 19:08:15 +0100 Subject: mod_s2s: Reset secure flag on new connection attempt --- plugins/mod_s2s/s2sout.lib.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index f89c5fc4..a22846db 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -271,6 +271,10 @@ function s2sout.make_connect(host_session, connect_host, connect_port) local from_host, to_host = host_session.from_host, host_session.to_host; + -- Reset secure flag in case this is another + -- connection attempt after a failed STARTTLS + host_session.secure = nil; + local conn, handler; if connect_host.proto == "IPv4" then conn, handler = socket.tcp(); -- cgit v1.2.3 From fee52c734177bb6181fccb286c3d57b1a7437212 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Mar 2013 09:25:20 +0100 Subject: mod_s2s: Prevent traceback when replying to incoming connection to a host we don't serve --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index dc4d727d..0d552ce8 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -486,7 +486,7 @@ function session_open_stream(session, from, to) from = from, to = to, } local local_host = session.direction == "outgoing" and from or to; - if not local_host or hosts[local_host].modules.dialback then + if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then attr["xmlns:db"] = 'jabber:server:dialback'; end -- cgit v1.2.3 From cfbd9d02e2b70a3c537a18532768d33882d0cd9f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Mar 2013 23:09:47 +0100 Subject: mod_s2s: Prevent s2s to and from hosts we serve locally --- plugins/mod_s2s/mod_s2s.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 0d552ce8..6893d184 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -80,6 +80,10 @@ function route_to_existing_session(event) log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); return false; end + if hosts[to_host] then + log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host); + return false; + end local host = hosts[from_host].s2sout[to_host]; if host then -- We have a connection to this host already @@ -188,6 +192,9 @@ function make_authenticated(event) }); end end + if hosts[host] then + session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); + end if session.type == "s2sout_unauthed" then session.type = "s2sout"; elseif session.type == "s2sin_unauthed" then @@ -321,6 +328,11 @@ function stream_callbacks.streamopened(session, attr) end end + if hosts[from] then + session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" }); + return; + end + if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; -- cgit v1.2.3 From 45fa794da047da8df938702a0131a6fe17d68736 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Mar 2013 23:32:34 +0100 Subject: portmanager: use_ipv6 defaults to true if luasocket has ipv6 support --- core/portmanager.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/portmanager.lua b/core/portmanager.lua index b02ba53b..4c13f1ad 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -1,6 +1,7 @@ local config = require "core.configmanager"; local certmanager = require "core.certmanager"; local server = require "net.server"; +local socket = require "socket"; local log = require "util.logger".init("portmanager"); local multitable = require "util.multitable"; @@ -19,7 +20,7 @@ module "portmanager"; local default_interfaces = { "*" }; local default_local_interfaces = { "127.0.0.1" }; -if config.get("*", "use_ipv6") then +if socket.tcp6 and config.get("*", "use_ipv6") ~= false then table.insert(default_interfaces, "::"); table.insert(default_local_interfaces, "::1"); end -- cgit v1.2.3 From 077cfbe8a4e8ecb1a271a8991cedd5c150b9563d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Mar 2013 23:48:39 +0100 Subject: portmanager: Add use_ipv4 option, default to true. --- core/portmanager.lua | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/portmanager.lua b/core/portmanager.lua index 4c13f1ad..9684e9db 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -18,8 +18,12 @@ module "portmanager"; --- Config -local default_interfaces = { "*" }; -local default_local_interfaces = { "127.0.0.1" }; +local default_interfaces = { }; +local default_local_interfaces = { }; +if config.get("*", "use_ipv4") ~= false then + table.insert(default_interfaces, "*"); + table.insert(default_local_interfaces, "127.0.0.1"); +end if socket.tcp6 and config.get("*", "use_ipv6") ~= false then table.insert(default_interfaces, "::"); table.insert(default_local_interfaces, "::1"); -- cgit v1.2.3 From afbece2a947a2583a60daf6ec70259992c357e69 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Thu, 28 Mar 2013 12:49:19 +0100 Subject: mod_privacy: Drop stanzas of type groupchat, so users aren't kicked from their chatrooms when blocking specific MUC occupants. --- plugins/mod_privacy.lua | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua index 7ec94922..dc6b153a 100644 --- a/plugins/mod_privacy.lua +++ b/plugins/mod_privacy.lua @@ -366,6 +366,10 @@ function checkIfNeedToBeBlocked(e, session) end if apply then if block then + -- drop and not bounce groupchat messages, otherwise users will get kicked + if stanza.attr.type == "groupchat" then + return true; + end module:log("debug", "stanza blocked: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from)); if stanza.name == "message" then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); -- cgit v1.2.3