From d76ff8e08e19c49cc6a3f76e3800d712356df9c0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Feb 2017 17:34:01 +0100 Subject: mod_admin_telnet: Print a message to open sessions when shutting down, including the reason --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index c73870f3..b24adcf9 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1130,6 +1130,12 @@ function def_env.http:list() return true; end +module:hook("server-stopping", function(event) + for conn, session in pairs(sessions) do + session.print("Shutting down: "..(event.reason or "unknown reason")); + end +end); + ------------- function printbanner(session) -- cgit v1.2.3 From 41c35464f7c214d30365f4c26619a82bad1e0b48 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Feb 2017 18:54:44 +0100 Subject: mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) --- plugins/mod_register.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 3d7a068c..63d0b077 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -20,6 +20,7 @@ local jid_bare = require "util.jid".bare; local compat = module:get_option_boolean("registration_compat", true); local allow_registration = module:get_option_boolean("allow_registration", false); local additional_fields = module:get_option("additional_registration_fields", {}); +local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local account_details = module:open_store("account_details"); @@ -75,7 +76,7 @@ module:hook("stream-features", function(event) local session, features = event.origin, event.features; -- Advertise registration to unauthorized clients only. - if not(allow_registration) or session.type ~= "c2s_unauthed" then + if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then return end @@ -183,6 +184,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) if not(allow_registration) or session.type ~= "c2s_unauthed" then session.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif require_encryption and not session.secure then + session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); else local query = stanza.tags[1]; if stanza.attr.type == "get" then -- cgit v1.2.3 From fdea58765aa6775559080c68e8b49565c387feae Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Feb 2017 22:56:28 +0100 Subject: util.adhoc: Pass command data to initial_data callback in order to allow loading per-user settings --- util/adhoc.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/adhoc.lua b/util/adhoc.lua index 671e85cf..17c9eee5 100644 --- a/util/adhoc.lua +++ b/util/adhoc.lua @@ -22,7 +22,7 @@ local function new_initial_data_form(form, initial_data, result_handler) return result_handler(fields, err, data); else return { status = "executing", actions = {"next", "complete", default = "complete"}, - form = { layout = form, values = initial_data() } }, "executing"; + form = { layout = form, values = initial_data(data) } }, "executing"; end end end -- cgit v1.2.3 From 3405d89baaf305a5b0c06005f29fd61616d55349 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 01:16:31 +0100 Subject: mod_tls: Suppress debug message if already using encryption --- plugins/mod_tls.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 3903a760..fbeb344b 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -63,7 +63,9 @@ end local function can_do_tls(session) if not session.conn.starttls then - session.log("debug", "Underlying connection does not support STARTTLS"); + if not session.secure then + session.log("debug", "Underlying connection does not support STARTTLS"); + end return false; elseif session.ssl_ctx ~= nil then return session.ssl_ctx; -- cgit v1.2.3 From 013b8292abda642906ca3ad4f3dc9300cd46954f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 02:15:15 +0100 Subject: mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837) --- plugins/mod_websocket.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c19ad566..47d170a1 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,6 +136,8 @@ function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; + conn.starttls = false; -- Prevent mod_tls from believing starttls can be done + if not request.headers.sec_websocket_key then response.headers.content_type = "text/html"; return [[Websocket -- cgit v1.2.3 From a330175614a22c622261e6a70b23c92b2a841bd4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 17:57:22 +0100 Subject: util.crand: Throw error if OpenSSLs RNG is not seeded --- util-src/crand.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/util-src/crand.c b/util-src/crand.c index cc2047eb..e7caf683 100644 --- a/util-src/crand.c +++ b/util-src/crand.c @@ -67,6 +67,11 @@ int Lrandom(lua_State *L) { arc4random_buf(buf, len); ret = len; #elif defined(WITH_OPENSSL) + if(!RAND_status()) { + lua_pushliteral(L, "OpenSSL PRNG not seeded"); + lua_error(L); + } + ret = RAND_bytes(buf, len); if(ret == 1) { @@ -87,6 +92,7 @@ int luaopen_util_crand(lua_State *L) { #if (LUA_VERSION_NUM > 501) luaL_checkversion(L); #endif + lua_newtable(L); lua_pushcfunction(L, Lrandom); lua_setfield(L, -2, "bytes"); @@ -100,10 +106,6 @@ int luaopen_util_crand(lua_State *L) { #endif lua_setfield(L, -2, "_source"); -#if defined(WITH_OPENSSL) && defined(_WIN32) - /* TODO Do we need to seed this on Windows? */ -#endif - return 1; } -- cgit v1.2.3 From 4707d5665df4179e0b02a520ff36ad51a7b9d9be Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 18:12:24 +0100 Subject: util.crand: Clarify that lua_error does not return --- util-src/crand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util-src/crand.c b/util-src/crand.c index e7caf683..f3fa00ea 100644 --- a/util-src/crand.c +++ b/util-src/crand.c @@ -69,7 +69,7 @@ int Lrandom(lua_State *L) { #elif defined(WITH_OPENSSL) if(!RAND_status()) { lua_pushliteral(L, "OpenSSL PRNG not seeded"); - lua_error(L); + return lua_error(L); } ret = RAND_bytes(buf, len); -- cgit v1.2.3 From 2b4028fd7e707dc56356330366829f1c93e2d952 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Feb 2017 20:31:08 +0100 Subject: util.pposix: Fix typo in comment --- util-src/pposix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util-src/pposix.c b/util-src/pposix.c index 5e21be56..10edbd71 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -615,7 +615,7 @@ int lc_getrlimit(lua_State *L) { return 2; } } else { - /* Unsupported resoucrce. Sorry I'm pretty limited by POSIX standard. */ + /* Unsupported resource. Sorry I'm pretty limited by POSIX standard. */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-resource"); return 2; -- cgit v1.2.3 From 789026067573c961f96f9f5db83faf7346946b62 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 27 Feb 2017 14:55:01 +0100 Subject: prosodyctl: Handle move of 'unpack' in Lua 5.2 --- prosodyctl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/prosodyctl b/prosodyctl index 12c40c71..1ee780ba 100755 --- a/prosodyctl +++ b/prosodyctl @@ -621,6 +621,8 @@ function commands.reload(arg) end -- ejabberdctl compatibility +local unpack = table.unpack or unpack; -- luacheck: ignore 113 + function commands.register(arg) local user, host, password = unpack(arg); if (not (user and host)) or arg[1] == "--help" then -- cgit v1.2.3 From fc3b5c40915ff371a5e27d32b910f897c10e0f89 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 27 Feb 2017 15:17:12 +0100 Subject: tests/util.logger: Remove use of deprecated module function --- tests/util/logger.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/util/logger.lua b/tests/util/logger.lua index c133e332..44860d5d 100644 --- a/tests/util/logger.lua +++ b/tests/util/logger.lua @@ -14,7 +14,8 @@ local tostring = tostring; local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring; local do_pretty_printing = not os.getenv("WINDIR"); -module "logger" +local _ENV = nil +local _M = {} local logstyles = {}; @@ -25,7 +26,7 @@ if do_pretty_printing then logstyles["error"] = getstyle("bold", "red"); end -function init(name) +function _M.init(name) --name = nil; -- While this line is not commented, will automatically fill in file/line number info return function (level, message, ...) if level == "debug" or level == "info" then return; end -- cgit v1.2.3 From 9e586ac1dfdf187a7a5d5f80a818c92b13b16f0c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 27 Feb 2017 15:55:22 +0100 Subject: prosodyctl: Trim trailing whitespace --- prosodyctl | 124 ++++++++++++++++++++++++++++++------------------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/prosodyctl b/prosodyctl index 1ee780ba..cc440c59 100755 --- a/prosodyctl +++ b/prosodyctl @@ -2,7 +2,7 @@ -- Prosody IM -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -65,7 +65,7 @@ config = require "core.configmanager" local ENV_CONFIG; do local filenames = {}; - + local filename; if arg[1] == "--config" and arg[2] then table.insert(filenames, arg[2]); @@ -120,7 +120,7 @@ if custom_plugin_paths then -- path1;path2;path3;defaultpath... CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins"); end -prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, +prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, plugins = CFG_PLUGINDIR or "plugins", data = data_path }; if prosody.installed then @@ -161,7 +161,7 @@ if ok and pposix then print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); end end - + -- Set our umask to protect data files pposix.umask(config.get("*", "umask") or "027"); pposix.setenv("HOME", data_path); @@ -212,7 +212,7 @@ if #unwriteable_files > 0 then end -local error_messages = setmetatable({ +local error_messages = setmetatable({ ["invalid-username"] = "The given username is invalid in a Jabber ID"; ["invalid-hostname"] = "The given hostname is invalid"; ["no-password"] = "No password was supplied"; @@ -241,7 +241,7 @@ end for hostname, config in pairs(config.getconfig()) do hosts[hostname] = make_host(hostname); end - + local modulemanager = require "core.modulemanager" local prosodyctl = require "util.prosodyctl" @@ -290,30 +290,30 @@ function commands.adduser(arg) show_usage [[adduser user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) show_warning("The user will not be able to log in until this is changed."); hosts[host] = make_host(host); end - + if prosodyctl.user_exists{ user = user, host = host } then show_message [[That user already exists]]; return 1; end - + local password = read_password(); if not password then return 1; end - + local ok, msg = prosodyctl.adduser { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(msg) return 1; end @@ -329,30 +329,30 @@ function commands.passwd(arg) show_usage [[passwd user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) show_warning("The user will not be able to log in until this is changed."); hosts[host] = make_host(host); end - + if not prosodyctl.user_exists { user = user, host = host } then show_message [[That user does not exist, use prosodyctl adduser to create a new user]] return 1; end - + local password = read_password(); if not password then return 1; end - + local ok, msg = prosodyctl.passwd { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -368,12 +368,12 @@ function commands.deluser(arg) show_usage [[deluser user@host]] return 1; end - + if not host then show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; return 1; end - + if not hosts[host] then show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) hosts[host] = make_host(host); @@ -383,11 +383,11 @@ function commands.deluser(arg) show_message [[That user does not exist on this server]] return 1; end - + local ok, msg = prosodyctl.deluser { user = user, host = host }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -402,7 +402,7 @@ function commands.start(arg) show_message(error_messages[ret]); return 1; end - + if ret then local ok, ret = prosodyctl.getpid(); if not ok then @@ -413,7 +413,7 @@ function commands.start(arg) show_message("Prosody is already running with PID %s", ret or "(unknown)"); return 1; end - + local ok, ret = prosodyctl.start(); if ok then local daemonize = config.get("*", "daemonize"); @@ -441,8 +441,8 @@ function commands.start(arg) end show_message("Failed to start Prosody"); - show_message(error_messages[ret]) - return 1; + show_message(error_messages[ret]) + return 1; end function commands.status(arg) @@ -456,7 +456,7 @@ function commands.status(arg) show_message(error_messages[ret]); return 1; end - + if ret then local ok, ret = prosodyctl.getpid(); if not ok then @@ -489,7 +489,7 @@ function commands.stop(arg) show_message("Prosody is not running"); return 1; end - + local ok, ret = prosodyctl.stop(); if ok then local i=1; @@ -519,7 +519,7 @@ function commands.restart(arg) show_usage([[restart]], [[Restart a running Prosody server]]); return 1; end - + commands.stop(arg); return commands.start(arg); end @@ -530,14 +530,14 @@ function commands.about(arg) show_usage([[about]], [[Show information about this Prosody installation]]); return 1; end - + local pwd = "."; local lfs = require "lfs"; local array = require "util.array"; local keys = require "util.iterators".keys; local hg = require"util.mercurial"; local relpath = config.resolve_relative_path; - + print("Prosody "..(prosody.version or "(unknown version)")); print(""); print("# Prosody directories"); @@ -608,10 +608,10 @@ function commands.reload(arg) show_message("Prosody is not running"); return 1; end - + local ok, ret = prosodyctl.reload(); if ok then - + show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect."); return 0; end @@ -643,11 +643,11 @@ function commands.register(arg) return 1; end end - + local ok, msg = prosodyctl.adduser { user = user, host = host, password = password }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -667,9 +667,9 @@ function commands.unregister(arg) end local ok, msg = prosodyctl.deluser { user = user, host = host }; - + if ok then return 0; end - + show_message(error_messages[msg]) return 1; end @@ -1012,7 +1012,7 @@ function commands.check(arg) print(" Connections will fail."); ok = false; end - + print("Done.\n"); end if not what or what == "dns" then @@ -1021,7 +1021,7 @@ function commands.check(arg) local ip = require "util.ip"; local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222}); local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269}); - + local c2s_srv_required, s2s_srv_required; if not c2s_ports:contains(5222) then c2s_srv_required = true; @@ -1029,11 +1029,11 @@ function commands.check(arg) if not s2s_ports:contains(5269) then s2s_srv_required = true; end - + local problem_hosts = set.new(); - + local external_addresses, internal_addresses = set.new(), set.new(); - + local fqdn = socket.dns.tohostname(socket.dns.gethostname()); if fqdn then local res = dns.lookup(idna.to_ascii(fqdn), "A"); @@ -1049,9 +1049,9 @@ function commands.check(arg) end end end - + local local_addresses = require"util.net".local_addresses() or {}; - + for addr in it.values(local_addresses) do if not ip.new_ip(addr).private then external_addresses:add(addr); @@ -1059,19 +1059,19 @@ function commands.check(arg) internal_addresses:add(addr); end end - + if external_addresses:empty() then print(""); print(" Failed to determine the external addresses of this server. Checks may be inaccurate."); c2s_srv_required, s2s_srv_required = true, true; end - + local v6_supported = not not socket.tcp6; - + for jid, host_options in enabled_hosts() do local all_targets_ok, some_targets_ok = true, false; local node, host = jid_split(jid); - + local is_component = not not host_options.component_module; print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); if node then @@ -1115,12 +1115,12 @@ function commands.check(arg) if target_hosts:empty() then target_hosts:add(host); end - + if target_hosts:contains("localhost") then print(" Target 'localhost' cannot be accessed from other servers"); target_hosts:remove("localhost"); end - + local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {}))) + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {}))) + set.new({ config.get(host, "component_module") }); @@ -1139,7 +1139,7 @@ function commands.check(arg) print(" File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP."); end end - + for host in target_hosts do local host_ok_v4, host_ok_v6; local res = dns.lookup(idna.to_ascii(host), "A"); @@ -1174,7 +1174,7 @@ function commands.check(arg) end end end - + local bad_protos = {} if not host_ok_v4 then table.insert(bad_protos, "IPv4"); @@ -1303,20 +1303,20 @@ if command and command:match("^mod_") then -- Is a command in a module show_message("Failed to load module '"..module_name.."': "..err); os.exit(1); end - + table.remove(arg, 1); - + local module = modulemanager.get_module("*", module_name); if not module then show_message("Failed to load module '"..module_name.."': Unknown error"); os.exit(1); end - + if not modulemanager.module_has_method(module, "command") then show_message("Fail: mod_"..module_name.." does not support any commands"); os.exit(1); end - + local ok, ret = modulemanager.call_module_method(module, "command", arg); if ok then if type(ret) == "number" then @@ -1364,8 +1364,8 @@ if not commands[command] then -- Show help for all commands done[command_name] = true; end end - - + + os.exit(0); end -- cgit v1.2.3