From 193ed93b1c8c8bd4024baa2697cbb8efe7ec3bc1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 17 Apr 2017 03:26:21 +0200 Subject: util.datamanager: Use already known index instead of measuring length each iteration --- util/datamanager.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/datamanager.lua b/util/datamanager.lua index 6edf7ac0..bd8fb7bb 100644 --- a/util/datamanager.lua +++ b/util/datamanager.lua @@ -268,8 +268,8 @@ local function list_store(username, host, datastore, data) if callback(username, host, datastore) == false then return true; end -- save the datastore local d = {}; - for _, item in ipairs(data) do - d[#d+1] = "item(" .. serialize(item) .. ");\n"; + for i, item in ipairs(data) do + d[i] = "item(" .. serialize(item) .. ");\n"; end local ok, msg = atomic_store(getpath(username, host, datastore, "list", true), t_concat(d)); if not ok then -- cgit v1.2.3 From ac8f0e795fc916aa91a41d9f90a10396a737651c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 17 Apr 2017 21:40:06 +0200 Subject: mod_bosh: Update session.conn to point to the current connection (fixes #890) --- plugins/mod_bosh.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index d9c8defd..1eb95e90 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -247,7 +247,7 @@ function stream_callbacks.streamopened(context, attr) -- New session sid = new_uuid(); local session = { - type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to, + type = "c2s_unauthed", conn = request.conn, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to, bosh_version = attr.ver, bosh_wait = math_min(attr.wait, bosh_max_wait), streamid = sid, bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY, requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, @@ -316,6 +316,8 @@ function stream_callbacks.streamopened(context, attr) context.notopen = nil; return; end + + session.conn = request.conn; if session.rid then local rid = tonumber(attr.rid); -- cgit v1.2.3 From 91a21b8f754027ff4b401a93c6be0c9d89d00183 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 19 Apr 2017 12:40:03 +0100 Subject: prosodyctl: Don't switch user if we are root and run_as_root is enabled --- prosodyctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosodyctl b/prosodyctl index efdc214c..c8accd82 100755 --- a/prosodyctl +++ b/prosodyctl @@ -141,7 +141,7 @@ local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end current_uid = pposix.getuid(); - if current_uid == 0 then + if current_uid == 0 and config.get("*", "run_as_root") ~= true then -- We haz root! local desired_user = config.get("*", "prosody_user") or "prosody"; local desired_group = config.get("*", "prosody_group") or desired_user; -- cgit v1.2.3 From 84ac4b6752c50fbbfb198a5fd83194839a52989c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Apr 2017 06:47:02 +0200 Subject: util.sasl.plain,scram: Record username in sasl state earlier --- util/sasl/plain.lua | 3 ++- util/sasl/scram.lua | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 26e65335..cd59b1ac 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -63,6 +63,8 @@ local function plain(self, message) end end + self.username = authentication + local correct, state = false, false; if self.profile.plain then local correct_password; @@ -72,7 +74,6 @@ local function plain(self, message) correct, state = self.profile.plain_test(self, authentication, password, self.realm); end - self.username = authentication if state == false then return "failure", "account-disabled"; elseif state == nil or not correct then diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index d2b2abde..4e20dbb9 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -146,6 +146,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) log("debug", "Username violates either SASLprep or contains forbidden character sequences.") return "failure", "malformed-request", "Invalid username."; end + self.username = username; -- retreive credentials local stored_key, server_key, salt, iteration_count; @@ -225,7 +226,6 @@ local function scram_gen(hash_name, H_f, HMAC_f) if StoredKey == H_f(ClientKey) then local server_final_message = "v="..base64.encode(ServerSignature); - self["username"] = state.username; return "success", server_final_message; else return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."; -- cgit v1.2.3 From 358ede93a7e8acea77b84d2d6434fe7300aba448 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Apr 2017 19:31:46 +0200 Subject: prosodyctl: Allow continuing to run as root (fixes #893) --- prosodyctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosodyctl b/prosodyctl index c8accd82..90e59991 100755 --- a/prosodyctl +++ b/prosodyctl @@ -141,7 +141,7 @@ local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end current_uid = pposix.getuid(); - if current_uid == 0 and config.get("*", "run_as_root") ~= true then + if current_uid == 0 and config.get("*", "run_as_root") ~= true and arg[1] ~= "--root" then -- We haz root! local desired_user = config.get("*", "prosody_user") or "prosody"; local desired_group = config.get("*", "prosody_group") or desired_user; -- cgit v1.2.3 From ca280495d6abedc2616ee7de78796c400991837f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Apr 2017 20:26:09 +0200 Subject: prosodyctl: Remove --root from arg array --- prosodyctl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/prosodyctl b/prosodyctl index 90e59991..63fd6485 100755 --- a/prosodyctl +++ b/prosodyctl @@ -141,7 +141,9 @@ local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end current_uid = pposix.getuid(); - if current_uid == 0 and config.get("*", "run_as_root") ~= true and arg[1] ~= "--root" then + local arg_root = arg[1] == "--root"; + if arg_root then table.remove(arg, 1); end + if current_uid == 0 and config.get("*", "run_as_root") ~= true and not arg_root then -- We haz root! local desired_user = config.get("*", "prosody_user") or "prosody"; local desired_group = config.get("*", "prosody_group") or desired_user; -- cgit v1.2.3 From b8928f74008d28dea5b0947b39ec5d65c9c7daed Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Apr 2017 20:38:55 +0200 Subject: prosodyctl: Rename variable for soft-require success to improve readability --- prosodyctl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prosodyctl b/prosodyctl index 63fd6485..1949edcc 100755 --- a/prosodyctl +++ b/prosodyctl @@ -136,9 +136,9 @@ dependencies.log_warnings(); local switched_user, current_uid; local want_pposix_version = "0.4.0"; -local ok, pposix = pcall(require, "util.pposix"); +local have_pposix, pposix = pcall(require, "util.pposix"); -if ok and pposix then +if have_pposix and pposix then if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end current_uid = pposix.getuid(); local arg_root = arg[1] == "--root"; -- cgit v1.2.3 From 8a5beb28d90e4e5eda00fd7728e2fbfd50c0f142 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Apr 2017 20:39:47 +0200 Subject: prosodyctl cert: If running as root, write certificate files to config directory (fixes #530) --- prosodyctl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/prosodyctl b/prosodyctl index 1949edcc..219c3522 100755 --- a/prosodyctl +++ b/prosodyctl @@ -697,9 +697,16 @@ local function use_existing(filename) end end +local cert_basedir = CFG_DATADIR or "./certs"; +if have_pposix and pposix.getuid() == 0 then + -- FIXME should be enough to check if this directory is writable + local cert_dir = config.get("*", "certificates") or "certs"; + cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir); +end + function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then - local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; + local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf"; if use_existing(conf_filename) then return nil, conf_filename; end @@ -760,7 +767,7 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then - local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; + local key_filename = cert_basedir .. "/" .. arg[1] .. ".key"; if use_existing(key_filename) then return nil, key_filename; end @@ -782,7 +789,7 @@ end function cert_commands.request(arg) if #arg >= 1 and arg[1] ~= "--help" then - local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; + local req_filename = cert_basedir .. "/" .. arg[1] .. ".req"; if use_existing(req_filename) then return nil, req_filename; end @@ -800,7 +807,7 @@ end function cert_commands.generate(arg) if #arg >= 1 and arg[1] ~= "--help" then - local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; + local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt"; if use_existing(cert_filename) then return nil, cert_filename; end -- cgit v1.2.3