From a99a96f48ac1ca1fcd9a113afd40330f477a5691 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Sep 2017 18:30:34 +0100 Subject: util.throttle: Remove unused import of floor() [luacheck] --- util/throttle.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/util/throttle.lua b/util/throttle.lua index a8191886..1012f78a 100644 --- a/util/throttle.lua +++ b/util/throttle.lua @@ -1,7 +1,6 @@ local gettime = require "util.time".now local setmetatable = setmetatable; -local floor = math.floor; local _ENV = nil; -- cgit v1.2.3 From dd09329efa034663518ca605849363e3e677e9f1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 05:27:22 +0200 Subject: prosody.cfg.lua.dist: Correct mod_websockets to mod_websocket --- prosody.cfg.lua.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index bd897f74..a0fc6c9e 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -65,7 +65,7 @@ modules_enabled = { -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websockets"; -- XMPP over WebSockets + --"websocket"; -- XMPP over WebSockets --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality -- cgit v1.2.3 From dc6396df0d9a765102bb429cef987aa2cb686769 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:21:20 +0200 Subject: prosodyctl: cert import: Reuse function from certmanager for locating certificates and keys --- core/certmanager.lua | 1 + prosodyctl | 14 +++++--------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index 288836ce..73b346c3 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -231,4 +231,5 @@ prosody.events.add_handler("config-reloaded", reload_ssl_config); return { create_context = create_context; reload_ssl_config = reload_ssl_config; + find_cert = find_cert; }; diff --git a/prosodyctl b/prosodyctl index 311f251e..3323b169 100755 --- a/prosodyctl +++ b/prosodyctl @@ -894,18 +894,14 @@ function cert_commands.import(arg) owner = config.get("*", "prosody_user") or "prosody"; group = config.get("*", "prosody_group") or owner; end + local cm = require "core.certmanager"; local imported = {}; for _, host in ipairs(hostnames) do for _, dir in ipairs(arg) do - if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem") - and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then - copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); - table.insert(imported, host); - elseif lfs.attributes(dir .. "/" .. host .. ".crt") - and lfs.attributes(dir .. "/" .. host .. ".key") then - copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group); - copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group); + local paths = cm.find_cert(dir, host); + if paths then + copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group); + copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group); table.insert(imported, host); else -- TODO Say where we looked -- cgit v1.2.3 From a36a90a22578a1114d4b6ae42e43a184dc314537 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:27:29 +0200 Subject: mod_blocklist: Drop messages to existing full JIDs in order to prevent issues with MUC PMs, fixes #690 --- plugins/mod_blocklist.lua | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua index ae24a2fc..e10ac27d 100644 --- a/plugins/mod_blocklist.lua +++ b/plugins/mod_blocklist.lua @@ -22,6 +22,7 @@ local jid_split = require"util.jid".split; local storage = module:open_store(); local sessions = prosody.hosts[module.host].sessions; +local full_sessions = prosody.full_sessions; -- First level cache of blocklists by username. -- Weak table so may randomly expire at any time. @@ -271,8 +272,13 @@ local function bounce_iq(event) end local function bounce_message(event) - local type = event.stanza.attr.type; + local stanza = event.stanza; + local type = stanza.attr.type; if type == "chat" or not type or type == "normal" then + if full_sessions[stanza.attr.to] then + -- See #690 + return drop_stanza(event); + end return bounce_stanza(event); end return drop_stanza(event); -- drop headlines, groupchats etc @@ -305,7 +311,6 @@ local prio_in, prio_out = 100, 100; module:hook("presence/bare", drop_stanza, prio_in); module:hook("presence/full", drop_stanza, prio_in); --- FIXME See #690 module:hook("message/bare", bounce_message, prio_in); module:hook("message/full", bounce_message, prio_in); -- cgit v1.2.3 From 28746d6a2e125fd821489923bd95e399c19c6e78 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:33:29 +0200 Subject: prosody, prosodyctl: Print the actual config file name used when a problem loading it was encountered (see #990) --- prosody | 4 ++-- prosodyctl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/prosody b/prosody index da204214..635ec5f3 100755 --- a/prosody +++ b/prosody @@ -95,7 +95,7 @@ function read_config() print("\n"); print("**************************"); if level == "parser" then - print("A problem occurred while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"..":"); + print("A problem occured while reading the config file "..filename); print(""); local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)"); if err:match("chunk has too many syntax levels$") then @@ -107,7 +107,7 @@ function read_config() print(""); elseif level == "file" then print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("We looked for: "..filename); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end diff --git a/prosodyctl b/prosodyctl index 3323b169..379ccf46 100755 --- a/prosodyctl +++ b/prosodyctl @@ -93,13 +93,13 @@ do print("\n"); print("**************************"); if level == "parser" then - print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("A problem occured while reading the config file "..filename); local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)"); print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err))); print(""); elseif level == "file" then print("Prosody was unable to find the configuration file."); - print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + print("We looked for: "..filename); print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist"); print("Copy or rename it to prosody.cfg.lua and edit as necessary."); end -- cgit v1.2.3 From 942b98607121833680f9e17ee824d0daafd0a7e6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:37:10 +0200 Subject: prosodyctl: Abort and warn if the config can't be opened after dropping root privileges (fixes #990) --- prosodyctl | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/prosodyctl b/prosodyctl index 379ccf46..eaccf1d9 100755 --- a/prosodyctl +++ b/prosodyctl @@ -164,6 +164,17 @@ if have_pposix and pposix then if not switched_user then -- Boo! print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); + else + -- Make sure the Prosody user can read the config + local conf, err, errno = io.open(ENV_CONFIG); + if conf then + conf:close(); + else + print("The config file is not readable by the '"..desired_user.."' user."); + print("Prosody will not be able to read it."); + print("Error was "..err); + os.exit(1); + end end end -- cgit v1.2.3 From 0f253b261ff167836c813d3f3ae50629c44960e8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:38:46 +0200 Subject: util.sslconfig: Treat 'curveslist', added in LuaSec 0.7, as a colon-separated list, like ciphers (see #879, #943, #951) --- util/sslconfig.lua | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/sslconfig.lua b/util/sslconfig.lua index 931502b9..4c4e1d48 100644 --- a/util/sslconfig.lua +++ b/util/sslconfig.lua @@ -63,6 +63,9 @@ function finalisers.ciphers(cipherlist) return cipherlist; end +-- Curve list too +finalisers.curveslist = finalisers.ciphers; + -- protocol = "x" should enable only that protocol -- protocol = "x+" should enable x and later versions -- cgit v1.2.3 From 0e2e10c17d047a57840239eeca05f7b37a121849 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 15:45:07 +0200 Subject: core.certmanager: Set a default curveslist [sic], fixes #879, #943, #951 if used along with luasec 0.7 and openssl 1.1 --- core/certmanager.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/certmanager.lua b/core/certmanager.lua index 73b346c3..2be66a21 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -107,6 +107,12 @@ local core_defaults = { }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; + curveslist = { + "X25519", + "P-384", + "P-256", + "P-521", + }; ciphers = { -- Enabled ciphers in order of preference: "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange -- cgit v1.2.3 From e39c5a5316f64071984acf80699eeb770f76362f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Sep 2017 17:34:54 +0200 Subject: net.adns: Import setmetatable into a local (fixes traceback on Lua 5.2) --- net/adns.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/net/adns.lua b/net/adns.lua index f1196a6c..a19cbd59 100644 --- a/net/adns.lua +++ b/net/adns.lua @@ -12,6 +12,7 @@ local new_resolver = require "net.dns".resolver; local log = require "util.logger".init("adns"); local coroutine, tostring, pcall = coroutine, tostring, pcall; +local setmetatable = setmetatable; local function dummy_send(sock, data, i, j) return (j-i)+1; end -- cgit v1.2.3 From 17e7512c9f14d2388fd479e6d77240c285963c4c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Sep 2017 07:25:54 +0200 Subject: configure: Set runtime in debian preset to allow building without interperter installed --- configure | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure b/configure index 63403738..dd45e3a2 100755 --- a/configure +++ b/configure @@ -172,6 +172,10 @@ do LUA_SUFFIX="5.1"; LUA_SUFFIX_SET=yes fi + if [ "$RUNWITH_SET" != "yes" ]; then + RUNWITH="lua$LUA_SUFFIX"; + RUNWITH_SET=yes + fi LUA_INCDIR="/usr/include/lua$LUA_SUFFIX" LUA_INCDIR_SET=yes CFLAGS="$CFLAGS -ggdb" -- cgit v1.2.3 From 83407d056aa07923759b8ae6c950142cbcdfa35d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Sep 2017 12:11:56 +0200 Subject: configure: Add new but undocumented flags to --help --- configure | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configure b/configure index dd45e3a2..8136d63b 100755 --- a/configure +++ b/configure @@ -73,10 +73,16 @@ Configure $APP_NAME prior to building. Default is to use /dev/urandom --cflags=FLAGS Flags to pass to the compiler Default is $CFLAGS +--add-cflags=FLAGS Adds additional CFLAGS, preserving defaults. + Can be repeated. --ldflags=FLAGS Flags to pass to the linker Default is $LDFLAGS +--add-ldflags=FLAGS Adds additional linker flags, preserving defaults. + Can be repeated. --c-compiler=CC The C compiler to use when building modules. Default is $CC +--compiler-wrapper=WRAPPER Adds a prefix to compiler and linker calls, + usable for eg distcc or ccache. --linker=CC The linker to use when building modules. Default is $LD --require-config Will cause $APP_NAME to refuse to run when -- cgit v1.2.3 From 61f33a358862b05894e2c0c65b2f6daf3e802ad0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Sep 2017 12:15:26 +0200 Subject: configure: Remove unused "require config" option --- configure | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure b/configure index 8136d63b..0b021c92 100755 --- a/configure +++ b/configure @@ -85,8 +85,6 @@ Configure $APP_NAME prior to building. usable for eg distcc or ccache. --linker=CC The linker to use when building modules. Default is $LD ---require-config Will cause $APP_NAME to refuse to run when - it fails to find a configuration file --no-example-certs Disables generation of example certificates. EOF } @@ -248,9 +246,6 @@ do DATADIR="$value" DATADIR_SET=yes ;; - --require-config) - REQUIRE_CONFIG=yes - ;; --lua-suffix) [ -n "$value" ] || die "Missing value in flag $key." LUA_SUFFIX="$value" @@ -585,7 +580,6 @@ LUA_INCDIR=$LUA_INCDIR LUA_LIBDIR=$LUA_LIBDIR LUA_BINDIR=$LUA_BINDIR MULTIARCH_SUBDIR=$MULTIARCH_SUBDIR -REQUIRE_CONFIG=$REQUIRE_CONFIG IDN_LIB=$IDN_LIB IDNA_LIBS=$IDNA_LIBS OPENSSL_LIBS=$OPENSSL_LIBS -- cgit v1.2.3 From 7c0cd1c22e29c9e3e9db902815ca38d73260fd68 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Sep 2017 12:30:43 +0200 Subject: configure: Remove unused OS and architecture detection that would most likely fail on systems without gcc --- configure | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/configure b/configure index 0b021c92..c26f78ed 100755 --- a/configure +++ b/configure @@ -506,34 +506,6 @@ then fi fi -echo_n "Configuring for system... " -if uname -s -then - UNAME_S=`uname -s` -else - die "Could not determine operating system. 'uname -s' failed." -fi -echo_n "Configuring for architecture... " -if uname -m -then - UNAME_M=`uname -m` -else - die "Could not determine processor architecture. 'uname -m' failed." -fi - -if [ "$UNAME_S" = Linux ] -then - GCC_ARCH=`gcc -print-multiarch 2>/dev/null` - if [ -n "$GCC_ARCH" -a -d "/usr/lib/$GCC_ARCH" ] - then - MULTIARCH_SUBDIR="lib/$GCC_ARCH" - elif [ -d "/usr/lib64" ] - then - # Useful for Fedora systems - MULTIARCH_SUBDIR="lib64" - fi -fi - if [ "$IDN_LIBRARY" = "icu" ] then IDNA_LIBS="$ICU_FLAGS" @@ -579,7 +551,6 @@ LUA_DIR_SET=$LUA_DIR_SET LUA_INCDIR=$LUA_INCDIR LUA_LIBDIR=$LUA_LIBDIR LUA_BINDIR=$LUA_BINDIR -MULTIARCH_SUBDIR=$MULTIARCH_SUBDIR IDN_LIB=$IDN_LIB IDNA_LIBS=$IDNA_LIBS OPENSSL_LIBS=$OPENSSL_LIBS -- cgit v1.2.3