From 911cb9d48898a35652e0e8ae53a7b5459522431d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 18 Nov 2009 01:05:38 +0000 Subject: net.dns: Be more strict about checking the DNS replies we receive --- net/dns.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/dns.lua b/net/dns.lua index 04b2cf22..5d5f512f 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -726,7 +726,8 @@ function resolver:receive(rset) -- - - - - - - - - - - - - - - - - receive local packet = sock:receive(); if packet then response = self:decode(packet); - if response then + if response and self.active[response.header.id] + and self.active[response.header.id][response.question.raw] then --print('received response'); --self.print(response); -- cgit v1.2.3 From 38fe146c0509a615a8f201c9fa5814178cb8b918 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 18 Nov 2009 01:09:09 +0000 Subject: net.dns: Be more strict about the records we cache --- net/dns.lua | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net/dns.lua b/net/dns.lua index 5d5f512f..c50e893c 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -731,17 +731,16 @@ function resolver:receive(rset) -- - - - - - - - - - - - - - - - - receive --print('received response'); --self.print(response); - for i,section in pairs({ 'answer', 'authority', 'additional' }) do - for j,rr in pairs(response[section]) do + for j,rr in pairs(response.answer) do + if rr.name:sub(-#response.question[1].name, -1) == response.question[1].name then self:remember(rr, response.question[1].type) end end -- retire the query local queries = self.active[response.header.id]; - if queries[response.question.raw] then - queries[response.question.raw] = nil; - end + queries[response.question.raw] = nil; + if not next(queries) then self.active[response.header.id] = nil; end if not next(self.active) then self:closeall(); end -- cgit v1.2.3 From ae703e45bfafd588fe99250d220f46748e3f1122 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Wed, 18 Nov 2009 06:21:59 +0500 Subject: util.sasl: Added compatibility workaround for jwchat sending an encoded trailing '\0' in SASL responses. --- util/sasl.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/sasl.lua b/util/sasl.lua index b6fc6d66..91ce768c 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -129,7 +129,7 @@ local function new_digest_md5(realm, credentials_handler) end local function parse(data) local message = {} - for k, v in gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder + for k, v in gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder message[k] = v; end return message; -- cgit v1.2.3 From 09a6ddbe28ac8c1a174003d0395df1dff43cfb3e Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Wed, 18 Nov 2009 06:22:52 +0500 Subject: mod_bosh: Set session.ip for BOSH sessions. --- plugins/mod_bosh.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index af13bde9..3e41ef7b 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -254,6 +254,7 @@ function stream_callbacks.handlestanza(request, stanza) if stanza.attr.xmlns == xmlns_bosh then stanza.attr.xmlns = "jabber:client"; end + session.ip = request.handler.ip(); core_process_stanza(session, stanza); end end -- cgit v1.2.3 From a0dc6018da763be5c2f4a97e89e2ef504c63811a Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Wed, 18 Nov 2009 06:23:41 +0500 Subject: mod_register: Log a debug message when a session's IP is not available. --- plugins/mod_register.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 22724130..2ae01fed 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -117,7 +117,9 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s local password = query:child_with_name("password"); if username and password then -- Check that the user is not blacklisted or registering too often - if blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then + if not session.ip then + module:log("debug", "User's IP not known; can't apply blacklist/whitelist"); + elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); return; elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then -- cgit v1.2.3 From 8fa56f4bcfc98f7c040288375bbf4ad25dbd4172 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Wed, 18 Nov 2009 08:26:43 +0500 Subject: prosody.net_activate_ports: Slightly refactored and definition moved to before modules are loaded. --- prosody | 71 +++++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/prosody b/prosody index e22e5945..3a1dafb2 100755 --- a/prosody +++ b/prosody @@ -153,6 +153,40 @@ function init_global_state() prosody.events.fire_event("server-stopping", {reason = reason}); server.setquitting(true); end + + -- Load SSL settings from config, and create a ctx table + local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); + if global_ssl_ctx then + local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; + setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); + end + + local cl = require "net.connlisteners"; + function prosody.net_activate_ports(option, listener, default, conntype) + conntype = conntype or (global_ssl_ctx and "tls") or "tcp"; + if not cl.get(listener) then return; end + local ports = config.get("*", "core", option.."_ports") or default; + if type(ports) == "number" then ports = {ports} end; + + if type(ports) ~= "table" then + log("error", "core."..option.." is not a table"); + else + for _, port in ipairs(ports) do + if type(port) ~= "number" then + log("error", "Non-numeric "..option.."_ports: "..tostring(port)); + else + cl.start(listener, { + ssl = conntype ~= "tcp" and global_ssl_ctx, + port = port, + interface = config.get("*", "core", option.."_interface") + or cl.get(listener).default_interface + or config.get("*", "core", "interface"), + type = conntype + }); + end + end + end + end end function read_version() @@ -220,42 +254,9 @@ function prepare_to_start() eventmanager.fire_event("server-starting"); prosody.events.fire_event("server-starting"); - -- Load SSL settings from config, and create a ctx table - local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); - if global_ssl_ctx then - local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; - setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); - end - - local cl = require "net.connlisteners"; -- start listening on sockets - function prosody.net_activate_ports(option, listener, default, conntype) - if not cl.get(listener) then return; end - local ports = config.get("*", "core", option.."_ports") or default; - if type(ports) == "number" then ports = {ports} end; - - if type(ports) ~= "table" then - log("error", "core."..option.." is not a table"); - else - for _, port in ipairs(ports) do - if type(port) ~= "number" then - log("error", "Non-numeric "..option.."_ports: "..tostring(port)); - else - cl.start(listener, { - ssl = conntype ~= "tcp" and global_ssl_ctx, - port = port, - interface = config.get("*", "core", option.."_interface") - or cl.get(listener).default_interface - or config.get("*", "core", "interface"), - type = conntype - }); - end - end - end - end - - prosody.net_activate_ports("c2s", "xmppclient", {5222}, (global_ssl_ctx and "tls") or "tcp"); - prosody.net_activate_ports("s2s", "xmppserver", {5269}, (global_ssl_ctx and "tls") or "tcp"); + prosody.net_activate_ports("c2s", "xmppclient", {5222}); + prosody.net_activate_ports("s2s", "xmppserver", {5269}); prosody.net_activate_ports("component", "xmppcomponent", {}, "tcp"); prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); prosody.net_activate_ports("console", "console", {5582}, "tcp"); -- cgit v1.2.3 From 57af671e2b8242091cca9cadf73c89a028e421ec Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Wed, 18 Nov 2009 08:30:03 +0500 Subject: mod_console: Moved activation of the console port from the main file to mod_console. --- plugins/mod_console.lua | 2 ++ prosody | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/mod_console.lua b/plugins/mod_console.lua index 5a092298..82045232 100644 --- a/plugins/mod_console.lua +++ b/plugins/mod_console.lua @@ -650,3 +650,5 @@ if option and option ~= "short" and option ~= "full" and option ~= "graphic" the end end end + +prosody.net_activate_ports("console", "console", {5582}, "tcp"); diff --git a/prosody b/prosody index 3a1dafb2..ae9cd2fc 100755 --- a/prosody +++ b/prosody @@ -259,7 +259,6 @@ function prepare_to_start() prosody.net_activate_ports("s2s", "xmppserver", {5269}); prosody.net_activate_ports("component", "xmppcomponent", {}, "tcp"); prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); - prosody.net_activate_ports("console", "console", {5582}, "tcp"); prosody.start_time = os.time(); end -- cgit v1.2.3 From 4cac67d580f99530cd401f4b9b7e7f2036697ada Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 18 Nov 2009 03:35:42 +0000 Subject: util.sasl: Add COMPAT comment --- util/sasl.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/util/sasl.lua b/util/sasl.lua index 91ce768c..402f05b4 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -129,6 +129,7 @@ local function new_digest_md5(realm, credentials_handler) end local function parse(data) local message = {} + -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") for k, v in gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder message[k] = v; end -- cgit v1.2.3