From 22bbc4ab0e15200b58b5fab4ed365f1fb8d87ad5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 Mar 2013 07:01:57 +0100 Subject: hostmanager: Import core_post_stanza from the global prosody table --- core/hostmanager.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/core/hostmanager.lua b/core/hostmanager.lua index cee4a1d6..7c9298cd 100644 --- a/core/hostmanager.lua +++ b/core/hostmanager.lua @@ -23,6 +23,7 @@ if not _G.prosody.incoming_s2s then require "core.s2smanager"; end local incoming_s2s = _G.prosody.incoming_s2s; +local core_route_stanza = _G.prosody.core_route_stanza; local pairs, select = pairs, select; local tostring, type = tostring, type; -- cgit v1.2.3 From 245a924290ab84941cd35cd3203e36b7148339ed Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 Mar 2013 07:03:34 +0100 Subject: rostermanager: Remove unused imports --- core/rostermanager.lua | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/core/rostermanager.lua b/core/rostermanager.lua index fdb890f9..f14bb435 100644 --- a/core/rostermanager.lua +++ b/core/rostermanager.lua @@ -11,10 +11,7 @@ local log = require "util.logger".init("rostermanager"); -local setmetatable = setmetatable; -local format = string.format; -local pcall = pcall; -local pairs, ipairs = pairs, ipairs; +local pairs = pairs; local tostring = tostring; local hosts = hosts; -- cgit v1.2.3 From 7a17622969e31f94ee0341689404ff59fed7cc44 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 Mar 2013 07:33:36 +0100 Subject: s2smanager: Use unused local, reduce table indexing --- core/s2smanager.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 6049e12e..86389d8d 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -12,7 +12,6 @@ local hosts = hosts; local tostring, pairs, ipairs, getmetatable, newproxy, setmetatable = tostring, pairs, ipairs, getmetatable, newproxy, setmetatable; -local fire_event = prosody.events.fire_event; local logger_init = require "util.logger".init; local log = logger_init("s2smanager"); @@ -23,6 +22,7 @@ local prosody = _G.prosody; incoming_s2s = {}; prosody.incoming_s2s = incoming_s2s; local incoming_s2s = incoming_s2s; +local fire_event = prosody.events.fire_event; module "s2smanager" @@ -91,7 +91,7 @@ function mark_connected(session) local event_data = { session = session }; if session.type == "s2sout" then - prosody.events.fire_event("s2sout-established", event_data); + fire_event("s2sout-established", event_data); hosts[from].events.fire_event("s2sout-established", event_data); else local host_session = hosts[to]; @@ -99,7 +99,7 @@ function mark_connected(session) return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); end; - prosody.events.fire_event("s2sin-established", event_data); + fire_event("s2sin-established", event_data); hosts[to].events.fire_event("s2sin-established", event_data); end @@ -158,12 +158,12 @@ function destroy_session(session, reason) local event_data = { session = session, reason = reason }; if session.type == "s2sout" then - prosody.events.fire_event("s2sout-destroyed", event_data); + fire_event("s2sout-destroyed", event_data); if hosts[session.from_host] then hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data); end elseif session.type == "s2sin" then - prosody.events.fire_event("s2sin-destroyed", event_data); + fire_event("s2sin-destroyed", event_data); if hosts[session.to_host] then hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data); end -- cgit v1.2.3 From b9f2e3dcb6fc429b3bea97948bf723fb3f31d1de Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 15 Mar 2013 09:51:43 +0100 Subject: certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication --- certs/openssl.cnf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certs/openssl.cnf b/certs/openssl.cnf index db1640b9..091409c4 100644 --- a/certs/openssl.cnf +++ b/certs/openssl.cnf @@ -2,7 +2,7 @@ oid_section = new_oids [ new_oids ] -# RFC 3920 section 5.1.1 defines this OID +# RFC 6120 section 13.7.1.4. defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 # RFC 4985 defines this OID @@ -40,7 +40,7 @@ subjectAltName = @subject_alternative_name [ subject_alternative_name ] -# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info. +# See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info. DNS.0 = example.com otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com -- cgit v1.2.3 From 04b647a6e847fa6ace495f3c8c7a2e9a5425fb1a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 16 Mar 2013 17:46:43 +0100 Subject: mod_s2s, mod_saslauth, mod_compression: Refactor to have common code for opening streams --- plugins/mod_compression.lua | 5 +---- plugins/mod_s2s/mod_s2s.lua | 31 +++++++++++++++++++++++++------ plugins/mod_s2s/s2sout.lib.lua | 8 +------- plugins/mod_saslauth.lua | 6 +----- 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua index 67a88eb9..44bc05fe 100644 --- a/plugins/mod_compression.lua +++ b/plugins/mod_compression.lua @@ -141,10 +141,7 @@ module:hook("stanza/http://jabber.org/protocol/compress:compressed", function(ev -- setup decompression for session.data setup_decompression(session, inflate_stream); session:reset_stream(); - local default_stream_attr = {xmlns = "jabber:server", ["xmlns:stream"] = "http://etherx.jabber.org/streams", - ["xmlns:db"] = 'jabber:server:dialback', version = "1.0", to = session.to_host, from = session.from_host}; - session.sends2s(""); - session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + session:open_stream(); session.compressed = true; return true; end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6d4900fa..8d99b855 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -248,10 +248,7 @@ function stream_callbacks.streamopened(session, attr) if session.secure and not session.cert_chain_status then check_cert_status(session); end - send(""); - send(st.stanza("stream:stream", { xmlns='jabber:server', - ["xmlns:db"]= hosts[to].modules.dialback and 'jabber:server:dialback' or nil, - ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=to, to=from, version=(session.version > 0 and "1.0" or nil) }):top_tag()); + session:open_stream() if session.version >= 1.0 then local features = st.stanza("stream:features"); @@ -348,8 +345,7 @@ local function session_close(session, reason, remote_reason) local log = session.log or log; if session.conn then if session.notopen then - session.sends2s(""); - session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + session:open_stream() end if reason then -- nil == no err, initiated by us, false == initiated by remote if type(reason) == "string" then -- assume stream error @@ -396,6 +392,27 @@ local function session_close(session, reason, remote_reason) end end +function session_open_stream(session, from, to) + local from = from or session.from_host; + local to = to or session.to_host; + local attr = { + ["xmlns:stream"] = 'http://etherx.jabber.org/streams', + xmlns = 'jabber:server', + version = session.version and (session.version > 0 and "1.0" or nil), + ["xml:lang"] = 'en', + id = session.streamid, + from = from, to = to, + } + local local_host = session.direction == "outgoing" and from or to; + if not local_host or hosts[local_host].modules.dialback then + attr["xmlns:db"] = 'jabber:server:dialback'; + end + + session.sends2s(""); + session.sends2s(st.stanza("stream:stream", attr):top_tag()); + return true; +end + -- Session initialization logic shared by incoming and outgoing local function initialize_session(session) local stream = new_xmpp_stream(session, stream_callbacks); @@ -407,6 +424,8 @@ local function initialize_session(session) session.notopen = true; session.stream:reset(); end + + session.open_stream = session_open_stream; local filter = session.filter; function session.data(data) diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 07623968..5ebbee8e 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -44,15 +44,9 @@ local function compare_srv_priorities(a,b) return a.priority < b.priority or (a.priority == b.priority and a.weight > b.weight); end -local function session_open_stream(session, from, to) - session.sends2s(st.stanza("stream:stream", { - xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', - ["xmlns:stream"]='http://etherx.jabber.org/streams', - from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag()); -end - function s2sout.initiate_connection(host_session) initialize_filters(host_session); + host_session.version = 1; host_session.open_stream = session_open_stream; -- Kick the connection attempting machine into life diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index f6abd3b8..264ee967 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -88,11 +88,7 @@ module:hook_stanza(xmlns_sasl, "success", function (session, stanza) module:log("debug", "SASL EXTERNAL with %s succeeded", session.to_host); session.external_auth = "succeeded" session:reset_stream(); - - local default_stream_attr = {xmlns = "jabber:server", ["xmlns:stream"] = "http://etherx.jabber.org/streams", - ["xmlns:db"] = 'jabber:server:dialback', version = "1.0", to = session.to_host, from = session.from_host}; - session.sends2s(""); - session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + session:open_stream(); s2s_make_authenticated(session, session.to_host); return true; -- cgit v1.2.3 From f7e05e902acb3b0b5950d2ffcf68f4e8778f7d48 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 20 Mar 2013 20:31:02 +0000 Subject: net.http: Allow passing an SSL context or options table to be used for HTTPS requests (thanks daurnimator) --- net/http.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/http.lua b/net/http.lua index 273eee09..9ed837e2 100644 --- a/net/http.lua +++ b/net/http.lua @@ -188,7 +188,12 @@ function request(u, ex, callback) return nil, err; end - req.handler, req.conn = server.wrapclient(conn, req.host, port, listener, "*a", using_https and { mode = "client", protocol = "sslv23" }); + local sslctx = false; + if using_https then + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23" }; + end + + req.handler, req.conn = server.wrapclient(conn, req.host, port, listener, "*a", sslctx); req.write = function (...) return req.handler:write(...); end req.callback = function (content, code, request, response) log("debug", "Calling callback, status %s", code or "---"); return select(2, xpcall(function () return callback(content, code, request, response) end, handleerr)); end -- cgit v1.2.3 From c237eea8303441bc4cf5cd4f05eeb1d91d512b59 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 20 Mar 2013 20:31:52 +0000 Subject: net.http: Disable SSLv2 support for HTTPS connections --- net/http.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/http.lua b/net/http.lua index 9ed837e2..a1e4e523 100644 --- a/net/http.lua +++ b/net/http.lua @@ -190,7 +190,7 @@ function request(u, ex, callback) local sslctx = false; if using_https then - sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23" }; + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } }; end req.handler, req.conn = server.wrapclient(conn, req.host, port, listener, "*a", sslctx); -- cgit v1.2.3