From 930f0ab0834bc01022e243533c1b414cbaec07f7 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Tue, 22 Sep 2009 22:21:15 +0500 Subject: util.encodings: Fixed an issue with cross-module memory deallocation (crashes on some windows versions). --- util-src/encodings.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/util-src/encodings.c b/util-src/encodings.c index d7aabc14..65d7d501 100644 --- a/util-src/encodings.c +++ b/util-src/encodings.c @@ -172,11 +172,11 @@ static int Lidna_to_ascii(lua_State *L) /** idna.to_ascii(s) */ int ret = idna_to_ascii_8z(s, &output, 0); if (ret == IDNA_SUCCESS) { lua_pushstring(L, output); - if (output) free(output); + idn_free(output); return 1; } else { lua_pushnil(L); - if (output) free(output); + idn_free(output); return 1; // TODO return error message } } @@ -189,11 +189,11 @@ static int Lidna_to_unicode(lua_State *L) /** idna.to_unicode(s) */ int ret = idna_to_unicode_8z8z(s, &output, 0); if (ret == IDNA_SUCCESS) { lua_pushstring(L, output); - if (output) free(output); + idn_free(output); return 1; } else { lua_pushnil(L); - if (output) free(output); + idn_free(output); return 1; // TODO return error message } } -- cgit v1.2.3 From c7b6a85abba02b66e9c5a202a575b4b88a8a9348 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Tue, 22 Sep 2009 22:31:41 +0500 Subject: Makefile.win: Updated the windows Makefile with more appropriate paths. --- util-src/Makefile.win | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util-src/Makefile.win b/util-src/Makefile.win index d76aaccb..00b3f6fc 100644 --- a/util-src/Makefile.win +++ b/util-src/Makefile.win @@ -1,7 +1,7 @@ LUA_PATH=$(LUA_DEV) -IDN_PATH=.\libidn-1.9 -OPENSSL_PATH=.\openssl-0.9.8i +IDN_PATH=..\..\libidn-1.15 +OPENSSL_PATH=..\..\openssl-0.9.8k LUA_INCLUDE=$(LUA_PATH)\include LUA_LIB=$(LUA_PATH)\lib\lua5.1.lib -- cgit v1.2.3 From 4248f6078f66b450a2e9dc5e310ef10c3ed87bb0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 25 Sep 2009 01:35:46 +0100 Subject: net.dns: Even better parsing of nameservers from resolv.conf --- net/dns.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/dns.lua b/net/dns.lua index d6462031..e793c397 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -510,7 +510,7 @@ function resolver:adddefaultnameservers () -- - - - - adddefaultnameservers local resolv_conf = io.open("/etc/resolv.conf"); if resolv_conf then for line in resolv_conf:lines() do - local address = string.match (line, '^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$') + local address = line:gsub("#.*$", ""):match('^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$') if address then self:addnameserver (address) end end elseif os.getenv("WINDIR") then -- cgit v1.2.3 From fba5b67403ef2ff8290d8b3068aa3740e6259209 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 27 Sep 2009 15:21:08 +0500 Subject: mod_legacyauth: Added node and resource prepping. --- plugins/mod_legacyauth.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index de94411e..23f1043c 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -16,6 +16,8 @@ local secure_auth_only = config.get(module:get_host(), "core", "require_encrypti local sessionmanager = require "core.sessionmanager"; local usermanager = require "core.usermanager"; +local nodeprep = require "util.encodings".stringprep.nodeprep; +local resourceprep = require "util.encodings".stringprep.resourceprep; module:add_feature("jabber:iq:auth"); module:add_event_hook("stream-features", function (session, features) @@ -46,9 +48,11 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", return true; else username, password, resource = t_concat(username), t_concat(password), t_concat(resource); + username = nodeprep(username); + resource = resourceprep(resource) local reply = st.reply(stanza); require "core.usermanager" - if usermanager.validate_credentials(session.host, username, password) then + if username and usermanager.validate_credentials(session.host, username, password) then -- Authentication successful! local success, err = sessionmanager.make_authenticated(session, username); if success then -- cgit v1.2.3 From aa65ea57bd188ba7360e62a3b77298b136ffd0d7 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 27 Sep 2009 15:30:01 +0500 Subject: mod_legacyauth: Undo auth on bind fail. Legacy auth is atomic. --- plugins/mod_legacyauth.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 23f1043c..0e0170df 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -60,6 +60,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", success, err_type, err, err_msg = sessionmanager.bind_resource(session, resource); if not success then session.send(st.error_reply(stanza, err_type, err, err_msg)); + session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager? return true; end end -- cgit v1.2.3 From be102693fa0d29f5b09635a36ef34083bb7c74d3 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Sun, 27 Sep 2009 15:50:41 +0500 Subject: mod_legacyauth: Don't allow server-generated resource identifiers, as these are not support by legacy auth. --- plugins/mod_legacyauth.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 0e0170df..25967b33 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -52,7 +52,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", resource = resourceprep(resource) local reply = st.reply(stanza); require "core.usermanager" - if username and usermanager.validate_credentials(session.host, username, password) then + if username and resource and usermanager.validate_credentials(session.host, username, password) then -- Authentication successful! local success, err = sessionmanager.make_authenticated(session, username); if success then @@ -62,6 +62,10 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:auth", session.send(st.error_reply(stanza, err_type, err, err_msg)); session.username, session.type = nil, "c2s_unauthed"; -- FIXME should this be placed in sessionmanager? return true; + elseif resource ~= session.resource then -- server changed resource, not supported by legacy auth + session.send(st.error_reply(stanza, "cancel", "conflict", "The requested resource could not be assigned to this session.")); + session:close(); -- FIXME undo resource bind and auth instead of closing the session? + return true; end end session.send(st.reply(stanza)); -- cgit v1.2.3 From f647dddfc8b571ac27de3917c7f38f014e2a2096 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 27 Sep 2009 11:59:11 +0100 Subject: core.s2smanager: Always use last record in the DNS cache --- core/s2smanager.lua | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/core/s2smanager.lua b/core/s2smanager.lua index ce8da1e6..e11b305a 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -254,20 +254,20 @@ function try_connect(host_session, connect_host, connect_port) host_session.connecting = nil; -- COMPAT: This is a compromise for all you CNAME-(ab)users :) - if not (reply and reply[1] and reply[1].a) then + if not (reply and reply[#reply] and reply[#reply].a) then local count = max_dns_depth; reply = dns.peek(connect_host, "CNAME", "IN"); - while count > 0 and reply and reply[1] and not reply[1].a and reply[1].cname do - log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[1].cname), count); - reply = dns.peek(reply[1].cname, "A", "IN") or dns.peek(reply[1].cname, "CNAME", "IN"); + while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do + log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count); + reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN"); count = count - 1; end end -- end of CNAME resolving - if reply and reply[1] and reply[1].a then - log("debug", "DNS reply for %s gives us %s", connect_host, reply[1].a); - return make_connect(host_session, reply[1].a, connect_port); + if reply and reply[#reply] and reply[#reply].a then + log("debug", "DNS reply for %s gives us %s", connect_host, reply[#reply].a); + return make_connect(host_session, reply[#reply].a, connect_port); else log("debug", "DNS lookup failed to get a response for %s", connect_host); if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can -- cgit v1.2.3