From 3836d03c37dbd7f3dcd07eb68dab3ca5f0290329 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 1 Dec 2018 22:13:24 +0000 Subject: rostermanager, mod_presence: Store stanza for incoming subscription requests (fixes #689) (thanks Zash, Ge0rG) --- core/rostermanager.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/rostermanager.lua b/core/rostermanager.lua index 61b08002..2d616e4b 100644 --- a/core/rostermanager.lua +++ b/core/rostermanager.lua @@ -263,15 +263,15 @@ end function is_contact_pending_in(username, host, jid) local roster = load_roster(username, host); - return roster[false].pending[jid]; + return roster[false].pending[jid] ~= nil; end -local function set_contact_pending_in(username, host, jid) +local function set_contact_pending_in(username, host, jid, stanza) local roster = load_roster(username, host); local item = roster[jid]; if item and (item.subscription == "from" or item.subscription == "both") then return; -- false end - roster[false].pending[jid] = true; + roster[false].pending[jid] = st.is_stanza(stanza) and st.preserialize(stanza) or true; return save_roster(username, host, roster, jid); end function is_contact_pending_out(username, host, jid) -- cgit v1.2.3 From c899c8d357a046e72d4e88c2e05a893c34af2650 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 8 Dec 2018 16:35:00 +0100 Subject: moduleapi: Use pack from util.table --- core/moduleapi.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 10f9f04d..d2aa1e8c 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -20,7 +20,7 @@ local error, setmetatable, type = error, setmetatable, type; local ipairs, pairs, select = ipairs, pairs, select; local tonumber, tostring = tonumber, tostring; local require = require; -local pack = table.pack or function(...) return {n=select("#",...), ...}; end -- table.pack is only in 5.2 +local pack = table.pack or require "util.table".pack; -- table.pack is only in 5.2 local unpack = table.unpack or unpack; --luacheck: ignore 113 -- renamed in 5.2 local prosody = prosody; -- cgit v1.2.3 From 149e748141ceef12a3fff9ba985a880b7e09c568 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 16 Dec 2018 02:56:11 +0100 Subject: core.rostermanager: Cache rosters of offline users for faster access (fixes #1233) --- core/rostermanager.lua | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'core') diff --git a/core/rostermanager.lua b/core/rostermanager.lua index 2d616e4b..d551a1b1 100644 --- a/core/rostermanager.lua +++ b/core/rostermanager.lua @@ -12,6 +12,7 @@ local log = require "util.logger".init("rostermanager"); local new_id = require "util.id".short; +local new_cache = require "util.cache".new; local pairs = pairs; local tostring = tostring; @@ -111,6 +112,23 @@ local function load_roster(username, host) else -- Attempt to load roster for non-loaded user log("debug", "load_roster: loading for offline user: %s", jid); end + local roster_cache = hosts[host] and hosts[host].roster_cache; + if not roster_cache then + if hosts[host] then + roster_cache = new_cache(1024); + hosts[host].roster_cache = roster_cache; + end + else + roster = roster_cache:get(jid); + if roster then + log("debug", "load_roster: cache hit"); + roster_cache:set(jid, roster); + if user then user.roster = roster; end + return roster; + else + log("debug", "load_roster: cache miss, loading from storage"); + end + end local roster_store = storagemanager.open(host, "roster", "keyval"); local data, err = roster_store:get(username); roster = data or {}; @@ -134,6 +152,10 @@ local function load_roster(username, host) if not err then hosts[host].events.fire_event("roster-load", { username = username, host = host, roster = roster }); end + if roster_cache and not user then + log("debug", "load_roster: caching loaded roster"); + roster_cache:set(jid, roster); + end return roster, err; end -- cgit v1.2.3 From f017415defc1a3764412a1edc0759e1a4b9aeea5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Dec 2018 20:51:31 +0100 Subject: core.moduleapi: Add a promise-based API for tracking IQ stanzas (fixes #714) --- core/moduleapi.lua | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index d2aa1e8c..f7aa7216 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -361,6 +361,71 @@ function api:send(stanza, origin) return core_post_stanza(origin or hosts[self.host], stanza); end +function api:send_iq(stanza, origin, timeout) + local iq_cache = self._iq_cache; + if not iq_cache then + iq_cache = require "util.cache".new(256, function (_, iq) + iq.reject("evicted"); + self:unhook(iq.result_event, iq.result_handler); + self:unhook(iq.error_event, iq.error_handler); + end); + self._iq_cache = iq_cache; + end + return require "util.promise".new(function (resolve, reject) + local event_type; + if stanza.attr.from == self.host then + event_type = "host"; + else -- assume bare since we can't hook full jids + event_type = "bare"; + end + local result_event = "iq-result/"..event_type.."/"..stanza.attr.id; + local error_event = "iq-error/"..event_type.."/"..stanza.attr.id; + local cache_key = event_type.."/"..stanza.attr.id; + + local function result_handler(event) + if event.stanza.attr.from == stanza.attr.to then + resolve(event); + return true; + end + end + + local function error_handler(event) + if event.stanza.attr.from == stanza.attr.to then + reject(event); + return true; + end + end + + if iq_cache:get(cache_key) then + error("choose another iq stanza id attribute") + end + + self:hook(result_event, result_handler); + self:hook(error_event, error_handler); + + local timeout_handle = self:add_timer(timeout or 120, function () + reject("timeout"); + self:unhook(result_event, result_handler); + self:unhook(error_event, error_handler); + iq_cache:set(cache_key, nil); + end); + + local ok = iq_cache:set(cache_key, { + reject = reject, resolve = resolve, + timeout_handle = timeout_handle, + result_event = result_event, error_event = error_event, + result_handler = result_handler, error_handler = error_handler; + }); + + if not ok then + reject("cache insertion failure"); + return; + end + + self:send(stanza, origin); + end); +end + function api:broadcast(jids, stanza, iter) for jid in (iter or it.values)(jids) do local new_stanza = st.clone(stanza); -- cgit v1.2.3 From 0fe56344ca10575746f969992b63b4173395eed2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 30 Dec 2018 14:26:58 +0100 Subject: core.moduleapi: Move util imports to top --- core/moduleapi.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index f7aa7216..c7fff11f 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -14,6 +14,8 @@ local pluginloader = require "util.pluginloader"; local timer = require "util.timer"; local resolve_relative_path = require"util.paths".resolve_relative_path; local st = require "util.stanza"; +local cache = require "util.cache"; +local promise = require "util.promise"; local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local error, setmetatable, type = error, setmetatable, type; @@ -364,14 +366,14 @@ end function api:send_iq(stanza, origin, timeout) local iq_cache = self._iq_cache; if not iq_cache then - iq_cache = require "util.cache".new(256, function (_, iq) + iq_cache = cache.new(256, function (_, iq) iq.reject("evicted"); self:unhook(iq.result_event, iq.result_handler); self:unhook(iq.error_event, iq.error_handler); end); self._iq_cache = iq_cache; end - return require "util.promise".new(function (resolve, reject) + return promise.new(function (resolve, reject) local event_type; if stanza.attr.from == self.host then event_type = "host"; -- cgit v1.2.3 From f102941562aa2228e1949261c91045ecbf71c18d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 30 Dec 2018 16:03:15 +0100 Subject: core.moduleapi: Use util.error for :send_iq errors --- core/moduleapi.lua | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index c7fff11f..57aa4e9f 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -15,6 +15,7 @@ local timer = require "util.timer"; local resolve_relative_path = require"util.paths".resolve_relative_path; local st = require "util.stanza"; local cache = require "util.cache"; +local errutil = require "util.error"; local promise = require "util.promise"; local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; @@ -367,7 +368,10 @@ function api:send_iq(stanza, origin, timeout) local iq_cache = self._iq_cache; if not iq_cache then iq_cache = cache.new(256, function (_, iq) - iq.reject("evicted"); + iq.reject(errutil.new({ + type = "wait", condition = "resource-constraint", + text = "evicted from iq tracking cache" + })); self:unhook(iq.result_event, iq.result_handler); self:unhook(iq.error_event, iq.error_handler); end); @@ -393,20 +397,29 @@ function api:send_iq(stanza, origin, timeout) local function error_handler(event) if event.stanza.attr.from == stanza.attr.to then - reject(event); + local error_type, condition, text = event.stanza:get_error(); + local err = errutil.new({ type = error_type, condition = condition, text = text }, event); + reject(err); return true; end end if iq_cache:get(cache_key) then - error("choose another iq stanza id attribute") + reject(errutil.new({ + type = "modify", condition = "conflict", + text = "iq stanza id attribute already used", + })); + return; end self:hook(result_event, result_handler); self:hook(error_event, error_handler); local timeout_handle = self:add_timer(timeout or 120, function () - reject("timeout"); + reject(errutil.new({ + type = "wait", condition = "remote-server-timeout", + text = "IQ stanza timed out", + })); self:unhook(result_event, result_handler); self:unhook(error_event, error_handler); iq_cache:set(cache_key, nil); @@ -420,7 +433,10 @@ function api:send_iq(stanza, origin, timeout) }); if not ok then - reject("cache insertion failure"); + reject(errutil.new({ + type = "wait", condition = "internal-server-error", + text = "Could not store IQ tracking data" + })); return; end -- cgit v1.2.3 From a89dd30b7e9e04e3b4fb89efc45245970353608f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 30 Dec 2018 20:35:20 +0100 Subject: core.moduleapi: Use convenience function for creating error object from stanza --- core/moduleapi.lua | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 57aa4e9f..c6193cfd 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -397,9 +397,7 @@ function api:send_iq(stanza, origin, timeout) local function error_handler(event) if event.stanza.attr.from == stanza.attr.to then - local error_type, condition, text = event.stanza:get_error(); - local err = errutil.new({ type = error_type, condition = condition, text = text }, event); - reject(err); + reject(errutil.from_stanza(event.stanza), event); return true; end end -- cgit v1.2.3 From 5268b2c180c1bce00117232541a979a909ff2eb3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 16 Jan 2019 20:01:38 +0100 Subject: core.s2smanager: Add stub reset_stream method to destroyed sessions Fixes traceback if connection is closed from the 's2s-authenticated' event --- core/s2smanager.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 58269c49..0ba5e7c6 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -50,6 +50,9 @@ local resting_session = { -- Resting, not dead close = function (session) session.log("debug", "Attempt to close already-closed session"); end; + reset_stream = function (session) + session.log("debug", "Attempt to reset stream of already-closed session"); + end; filter = function (type, data) return data; end; --luacheck: ignore 212/type }; resting_session.__index = resting_session; -- cgit v1.2.3 From 54bfc5180fd94c731b4f021ed1ea142079fc1511 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 22 Jan 2019 09:21:23 +0100 Subject: core.statsmanager: Do a final collection on shutdown --- core/statsmanager.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'core') diff --git a/core/statsmanager.lua b/core/statsmanager.lua index 237b1dd5..50798ad0 100644 --- a/core/statsmanager.lua +++ b/core/statsmanager.lua @@ -97,6 +97,7 @@ if stats then end timer.add_task(stats_interval, collect); prosody.events.add_handler("server-started", function () collect() end, -1); + prosody.events.add_handler("server-stopped", function () collect() end, -1); else log("debug", "Statistics enabled using %s provider, collection is disabled", stats_provider_name); end -- cgit v1.2.3 From 781d8a4868990c95aca244c18335555fabaec85b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 13 Sep 2018 21:17:37 +0200 Subject: core.portmanager: Use server.listen API --- core/portmanager.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 1ed37da0..cf836634 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -126,7 +126,11 @@ local function activate(service_name) end if not err then -- Start listening on interface+port - local handler, err = server.addserver(interface, port_number, listener, mode, ssl); + local handler, err = server.listen(interface, port_number, listener, { + read_size = mode, + tls_ctx = ssl, + tls_direct = service_info.encryption == "ssl"; + }); if not handler then log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err)); -- cgit v1.2.3 From 59f517457b5542d8533d43734f99036451d16d8b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 10 Oct 2018 17:22:08 +0200 Subject: core.portmanager: Reduce scope of variable Not sure why it was all the way out there, seems like there would have been unexpected behaviour from that --- core/portmanager.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index cf836634..db41e1ea 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -95,7 +95,7 @@ local function activate(service_name) } bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports ); - local mode, ssl = listener.default_mode or default_mode; + local mode = listener.default_mode or default_mode; local hooked_ports = {}; for interface in bind_interfaces do @@ -107,7 +107,7 @@ local function activate(service_name) log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "", service_name or ""); else - local err; + local ssl, err; -- Create SSL context for this service/port if service_info.encryption == "ssl" then local global_ssl_config = config.get("*", "ssl") or {}; -- cgit v1.2.3 From 5313a0c5c608dccdee0b663f2072be05203980c0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 10 Oct 2018 17:23:03 +0200 Subject: core.portmanager: Record TLS config for each port --- core/portmanager.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index db41e1ea..17758a36 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -107,12 +107,12 @@ local function activate(service_name) log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "", service_name or ""); else - local ssl, err; + local ssl, cfg, err; -- Create SSL context for this service/port if service_info.encryption == "ssl" then local global_ssl_config = config.get("*", "ssl") or {}; local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; - ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", + ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server", prefix_ssl_config[interface], prefix_ssl_config[port], prefix_ssl_config, @@ -130,6 +130,7 @@ local function activate(service_name) read_size = mode, tls_ctx = ssl, tls_direct = service_info.encryption == "ssl"; + sni_hosts = {}, }); if not handler then log("error", "Failed to open server port %d on %s, %s", port_number, interface, @@ -140,6 +141,7 @@ local function activate(service_name) active_services:add(service_name, interface, port_number, { server = handler; service = service_info; + tls_cfg = cfg; }); end end -- cgit v1.2.3 From 2878ed99a5780d3de6714f1f8141fa6f1661f2cb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 14 Sep 2018 01:30:56 +0200 Subject: core.portmanager: Collect per-host certificates for SNI --- core/portmanager.lua | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 17758a36..5aef07d7 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -10,6 +10,7 @@ local set = require "util.set"; local table = table; local setmetatable, rawset, rawget = setmetatable, rawset, rawget; local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs; +local pairs = pairs; local prosody = prosody; local fire_event = prosody.events.fire_event; @@ -227,15 +228,55 @@ end -- Event handlers +local function add_sni_host(host, service) + -- local global_ssl_config = config.get(host, "ssl") or {}; + for name, interface, port, n, active_service --luacheck: ignore 213 + in active_services:iter(service, nil, nil, nil) do + if active_service.server.hosts and active_service.tls_cfg then + -- local config_prefix = (active_service.config_prefix or name).."_"; + -- if config_prefix == "_" then + -- config_prefix = ""; + -- end + -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config; + -- FIXME only global 'ssl' settings are mixed in here + -- TODO per host and per service settings should be merged in, + -- without overriding the per-host certificate + local ssl, err, cfg = certmanager.create_context(host, "server"); + if ssl then + active_service.server.hosts[host] = ssl; + if not active_service.tls_cfg.certificate then + active_service.server.tls_ctx = ssl; + active_service.tls_cfg = cfg; + end + else + log("error", "err = %q", err); + end + end + end +end + prosody.events.add_handler("item-added/net-provider", function (event) local item = event.item; register_service(item.name, item); + for host in pairs(prosody.hosts) do + add_sni_host(host, item.name); + end end); prosody.events.add_handler("item-removed/net-provider", function (event) local item = event.item; unregister_service(item.name, item); end); +prosody.events.add_handler("host-activated", add_sni_host); +prosody.events.add_handler("host-deactivated", function (host) + for name, interface, port, n, active_service --luacheck: ignore 213 + in active_services:iter(nil, nil, nil, nil) do + if active_service.tls_cfg then + active_service.server.hosts[host] = nil; + end + end +end); + return { activate = activate; deactivate = deactivate; -- cgit v1.2.3 From 9f65ce71893ef10485442ee209472a38865da081 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 10 Mar 2019 19:58:28 +0100 Subject: core.certmanager: Do not ask for client certificates by default Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it. --- core/certmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 5282a6f5..63f314f8 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -106,7 +106,7 @@ local core_defaults = { capath = "/etc/ssl/certs"; depth = 9; protocol = "tlsv1+"; - verify = (ssl_x509 and { "peer", "client_once", }) or "none"; + verify = "none"; options = { cipher_server_preference = luasec_has.options.cipher_server_preference; no_ticket = luasec_has.options.no_ticket; -- cgit v1.2.3 From 23577330fd9826da26a2ab0a6a3f1d6b82e5dfb8 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:04:40 +0000 Subject: moduleapi: New API for modules to set a status --- core/moduleapi.lua | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index c6193cfd..2db7433a 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -17,6 +17,8 @@ local st = require "util.stanza"; local cache = require "util.cache"; local errutil = require "util.error"; local promise = require "util.promise"; +local time_now = require "util.time".now; +local format = require "util.format".format; local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local error, setmetatable, type = error, setmetatable, type; @@ -513,4 +515,33 @@ function api:measure_global_event(event_name, stat_name) return self:measure_object_event(prosody.events.wrappers, event_name, stat_name); end +local status_priorities = { error = 3, warn = 2, info = 1, core = 0 }; + +function api:set_status(status_type, status_message, override) + local priority = status_priorities[status_type]; + if not priority then + self:log("error", "set_status: Invalid status type '%s', assuming 'info'"); + status_type, priority = "info", status_priorities.info; + end + local current_priority = status_priorities[self.status_type] or 0; + -- By default an 'error' status can only be overwritten by another 'error' status + if (current_priority >= status_priorities.error and priority < current_priority and override ~= true) + or (override == false and current_priority > priority) then + self:log("debug", "Ignoring status"); + return; + end + self.status_type, self.status_message, self.status_time = status_type, status_message, time_now(); + self:log("debug", "New status: %s", status_type); + self:fire_event("module-status/updated", { name = self.name }); +end + +function api:log_status(level, msg, ...) + self:set_status(level, format(msg, ...)); + return self:log(level, msg, ...); +end + +function api:get_status() + return self.status_type, self.status_message, self.status_time; +end + return api; -- cgit v1.2.3 From cf15c2a1e0ddada23688ad289a5b407a334d61e1 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:05:15 +0000 Subject: modulemanager: Set module status on successful or failed module load --- core/modulemanager.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'core') diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 17602459..0d24381a 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -169,6 +169,7 @@ local function do_load_module(host, module_name, state) local mod, err = pluginloader.load_code(module_name, nil, pluginenv); if not mod then log("error", "Unable to load module '%s': %s", module_name or "nil", err or "nil"); + api_instance:set_status("error", "Failed to load (see log)"); return nil, err; end @@ -182,6 +183,7 @@ local function do_load_module(host, module_name, state) ok, err = call_module_method(pluginenv, "load"); if not ok then log("warn", "Error loading module '%s' on '%s': %s", module_name, host, err or "nil"); + api_instance:set_status("warn", "Error during load (see log)"); end end api_instance.reloading, api_instance.saved_state = nil, nil; @@ -204,6 +206,9 @@ local function do_load_module(host, module_name, state) if not ok then modulemap[api_instance.host][module_name] = nil; log("error", "Error initializing module '%s' on '%s': %s", module_name, host, err or "nil"); + api_instance:set_status("warn", "Error during load (see log)"); + else + api_instance:set_status("core", "Loaded", false); end return ok and pluginenv, err; end -- cgit v1.2.3 From 76ebc7778e97a310ebd456c4da884496f8b428a0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 20 Mar 2019 12:19:43 +0000 Subject: configmanager: Add support for returning warnings --- core/configmanager.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/configmanager.lua b/core/configmanager.lua index 1e67da9b..579db3b0 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -9,7 +9,7 @@ local _G = _G; local setmetatable, rawget, rawset, io, os, error, dofile, type, pairs = setmetatable, rawget, rawset, io, os, error, dofile, type, pairs; -local format, math_max = string.format, math.max; +local format, math_max, t_insert = string.format, math.max, table.insert; local envload = require"util.envload".envload; local deps = require"util.dependencies"; @@ -102,6 +102,7 @@ do local pcall = _G.pcall; parser = {}; function parser.load(data, config_file, config_table) + local warnings = {}; local env; -- The ' = true' are needed so as not to set off __newindex when we assign the functions below env = setmetatable({ @@ -217,7 +218,7 @@ do return nil, err; end - return true; + return true, warnings; end end -- cgit v1.2.3 From 1e6c93ec05b5aba14b05c01a3a8cac39722a9849 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 20 Mar 2019 12:20:51 +0000 Subject: configmanager: Emit warning for duplicated config options --- core/configmanager.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'core') diff --git a/core/configmanager.lua b/core/configmanager.lua index 579db3b0..41034df8 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -16,6 +16,7 @@ local deps = require"util.dependencies"; local resolve_relative_path = require"util.paths".resolve_relative_path; local glob_to_pattern = require"util.paths".glob_to_pattern; local path_sep = package.config:sub(1,1); +local get_traceback_table = require "util.debug".get_traceback_table; local encodings = deps.softreq"util.encodings"; local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end @@ -100,8 +101,17 @@ end -- Built-in Lua parser do local pcall = _G.pcall; + local function get_line_number(config_file) + local tb = get_traceback_table(nil, 2); + for i = 1, #tb do + if tb[i].info.short_src == config_file then + return tb[i].info.currentline; + end + end + end parser = {}; function parser.load(data, config_file, config_table) + local set_options = {}; -- set_options[host.."/"..option_name] = true (when the option has been set already in this file) local warnings = {}; local env; -- The ' = true' are needed so as not to set off __newindex when we assign the functions below @@ -116,6 +126,12 @@ do return rawget(_G, k); end, __newindex = function (_, k, v) + local host = env.__currenthost or "*"; + local option_path = host.."/"..k; + if set_options[option_path] then + t_insert(warnings, ("%s:%d: Duplicate option '%s'"):format(config_file, get_line_number(config_file), k)); + end + set_options[option_path] = true; set(config_table, env.__currenthost or "*", k, v); end }); -- cgit v1.2.3 From 7dfdcd5e09abe4165e13e6a741f8e04cf3e6082d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 20 Mar 2019 12:45:08 +0000 Subject: configmanager: Pass through warnings from included files --- core/configmanager.lua | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/configmanager.lua b/core/configmanager.lua index 41034df8..090a6a0a 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -7,8 +7,8 @@ -- local _G = _G; -local setmetatable, rawget, rawset, io, os, error, dofile, type, pairs = - setmetatable, rawget, rawset, io, os, error, dofile, type, pairs; +local setmetatable, rawget, rawset, io, os, error, dofile, type, pairs, ipairs = + setmetatable, rawget, rawset, io, os, error, dofile, type, pairs, ipairs; local format, math_max, t_insert = string.format, math.max, table.insert; local envload = require"util.envload".envload; @@ -212,6 +212,11 @@ do if f then local ret, err = parser.load(f:read("*a"), file, config_table); if not ret then error(err:gsub("%[string.-%]", file), 0); end + if err then + for _, warning in ipairs(err) do + t_insert(warnings, warning); + end + end end if not f then error("Error loading included "..file..": "..err, 0); end return f, err; -- cgit v1.2.3 From 3c50aa4902aada8eccbdd32f359a0cd6a52aceae Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 23 Mar 2019 08:52:57 +0000 Subject: util.queue: Update :items() to consistently use private data directly It will perform better this way, and we were accessing private variables already within the iterator. --- core/loggingmanager.lua | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua index cfa8246a..b510617f 100644 --- a/core/loggingmanager.lua +++ b/core/loggingmanager.lua @@ -18,6 +18,9 @@ local getstyle, getstring = require "util.termcolours".getstyle, require "util.t local config = require "core.configmanager"; local logger = require "util.logger"; +local have_pposix, pposix = pcall(require, "util.pposix"); +have_pposix = have_pposix and pposix._VERSION == "0.4.4"; + local _ENV = nil; -- luacheck: std none @@ -45,7 +48,8 @@ local function add_rule(sink_config) local sink = sink_maker(sink_config); -- Set sink for all chosen levels - for level in pairs(get_levels(sink_config.levels or logging_levels)) do + local levels = get_levels(sink_config.levels or logging_levels); + for level in pairs(levels) do logger.add_level_sink(level, sink); end end @@ -232,6 +236,21 @@ local function log_to_console(sink_config) end log_sink_types.console = log_to_console; +if have_pposix then + local syslog_opened; + local function log_to_syslog(sink_config) -- luacheck: ignore 212/sink_config + if not syslog_opened then + pposix.syslog_open(sink_config.syslog_name or "prosody", sink_config.syslog_facility or config.get("*", "syslog_facility")); + syslog_opened = true; + end + local syslog = pposix.syslog_log; + return function (name, level, message, ...) + syslog(level, name, format(message, ...)); + end; + end + log_sink_types.syslog = log_to_syslog; +end + local function register_sink_type(name, sink_maker) local old_sink_maker = log_sink_types[name]; log_sink_types[name] = sink_maker; -- cgit v1.2.3 From ee0fd8f1d90b736597baff3d7e1fd7dd1d28240b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 08:18:19 +0000 Subject: sessionmanager: Split byte-level sending into separate session.rawsend --- core/sessionmanager.lua | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 2843001a..9a2456f2 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -32,20 +32,26 @@ local function new_session(conn) local session = { conn = conn, type = "c2s_unauthed", conntime = gettime() }; local filter = initialize_filters(session); local w = conn.write; + + function session.rawsend(t) + t = filter("bytes/out", tostring(t)); + if t then + local ret, err = w(conn, t); + if not ret then + session.log("debug", "Error writing to connection: %s", tostring(err)); + return false, err; + end + end + return true; + end + session.send = function (t) session.log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?")); if t.name then t = filter("stanzas/out", t); end if t then - t = filter("bytes/out", tostring(t)); - if t then - local ret, err = w(conn, t); - if not ret then - session.log("debug", "Error writing to connection: %s", tostring(err)); - return false, err; - end - end + return session.rawsend(t); end return true; end -- cgit v1.2.3 From de724221378ba5772c9cfdb2d40c43619da8166f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 13:51:06 +0000 Subject: Backed out changeset 3eea63a68e0f Commit included intended changes to loggingmanager --- core/loggingmanager.lua | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'core') diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua index b510617f..cfa8246a 100644 --- a/core/loggingmanager.lua +++ b/core/loggingmanager.lua @@ -18,9 +18,6 @@ local getstyle, getstring = require "util.termcolours".getstyle, require "util.t local config = require "core.configmanager"; local logger = require "util.logger"; -local have_pposix, pposix = pcall(require, "util.pposix"); -have_pposix = have_pposix and pposix._VERSION == "0.4.4"; - local _ENV = nil; -- luacheck: std none @@ -48,8 +45,7 @@ local function add_rule(sink_config) local sink = sink_maker(sink_config); -- Set sink for all chosen levels - local levels = get_levels(sink_config.levels or logging_levels); - for level in pairs(levels) do + for level in pairs(get_levels(sink_config.levels or logging_levels)) do logger.add_level_sink(level, sink); end end @@ -236,21 +232,6 @@ local function log_to_console(sink_config) end log_sink_types.console = log_to_console; -if have_pposix then - local syslog_opened; - local function log_to_syslog(sink_config) -- luacheck: ignore 212/sink_config - if not syslog_opened then - pposix.syslog_open(sink_config.syslog_name or "prosody", sink_config.syslog_facility or config.get("*", "syslog_facility")); - syslog_opened = true; - end - local syslog = pposix.syslog_log; - return function (name, level, message, ...) - syslog(level, name, format(message, ...)); - end; - end - log_sink_types.syslog = log_to_syslog; -end - local function register_sink_type(name, sink_maker) local old_sink_maker = log_sink_types[name]; log_sink_types[name] = sink_maker; -- cgit v1.2.3 From 2ab785fd9fc6d669b6bd0c24333dc27af86153af Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 14:48:21 +0000 Subject: loggingmanager, mod_posix: Move syslog to core, fixes #541 (in a way) --- core/loggingmanager.lua | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'core') diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua index cfa8246a..85a6380b 100644 --- a/core/loggingmanager.lua +++ b/core/loggingmanager.lua @@ -18,6 +18,9 @@ local getstyle, getstring = require "util.termcolours".getstyle, require "util.t local config = require "core.configmanager"; local logger = require "util.logger"; +local have_pposix, pposix = pcall(require, "util.pposix"); +have_pposix = have_pposix and pposix._VERSION == "0.4.0"; + local _ENV = nil; -- luacheck: std none @@ -232,6 +235,22 @@ local function log_to_console(sink_config) end log_sink_types.console = log_to_console; +if have_pposix then + local syslog_opened; + local function log_to_syslog(sink_config) -- luacheck: ignore 212/sink_config + if not syslog_opened then + local facility = sink_config.syslog_facility or config.get("*", "syslog_facility"); + pposix.syslog_open(sink_config.syslog_name or "prosody", facility); + syslog_opened = true; + end + local syslog = pposix.syslog_log; + return function (name, level, message, ...) + syslog(level, name, format(message, ...)); + end; + end + log_sink_types.syslog = log_to_syslog; +end + local function register_sink_type(name, sink_maker) local old_sink_maker = log_sink_types[name]; log_sink_types[name] = sink_maker; -- cgit v1.2.3 From 3616d69edbd95a27b6edc042fb4fc512b584b71b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 17:22:25 +0000 Subject: moduleapi: Remove overly-verbose debug logging on module status change --- core/moduleapi.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 2db7433a..e9e4c6d3 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -531,7 +531,6 @@ function api:set_status(status_type, status_message, override) return; end self.status_type, self.status_message, self.status_time = status_type, status_message, time_now(); - self:log("debug", "New status: %s", status_type); self:fire_event("module-status/updated", { name = self.name }); end -- cgit v1.2.3 From 36ad587977a55c0042e6aae283b10acbb50a87df Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 17:22:56 +0000 Subject: moduleapi: Log suppressed status priority and message when not overriding --- core/moduleapi.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index e9e4c6d3..b81bbeb2 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -527,7 +527,7 @@ function api:set_status(status_type, status_message, override) -- By default an 'error' status can only be overwritten by another 'error' status if (current_priority >= status_priorities.error and priority < current_priority and override ~= true) or (override == false and current_priority > priority) then - self:log("debug", "Ignoring status"); + self:log("debug", "moduleapi: ignoring status [prio %d override %s]: %s", priority, override, status_message); return; end self.status_type, self.status_message, self.status_time = status_type, status_message, time_now(); -- cgit v1.2.3 From cb800a7c5d2517ef0bae478fb6a4990a72b04d37 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Mar 2019 22:45:54 +0100 Subject: core.s2smanager: Rename variable to be same in two functions --- core/s2smanager.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 0ba5e7c6..fbe0458b 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -26,10 +26,10 @@ local _ENV = nil; -- luacheck: std none local function new_incoming(conn) - local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; - session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$")); - incoming_s2s[session] = true; - return session; + local host_session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; + host_session.log = logger_init("s2sin"..tostring(host_session):match("[a-f0-9]+$")); + incoming_s2s[host_session] = true; + return host_session; end local function new_outgoing(from_host, to_host) -- cgit v1.2.3 From 281c3a42c832e7f61b33cc7492cdd5b23d46a8c6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Mar 2019 22:37:12 +0100 Subject: core.s2smanager: Spread out session tables over multiple lines Improves readability --- core/s2smanager.lua | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index fbe0458b..e5540e1d 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -26,15 +26,26 @@ local _ENV = nil; -- luacheck: std none local function new_incoming(conn) - local host_session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; + local host_session = { + conn = conn, + type = "s2sin_unauthed", + direction = "incoming", + hosts = {}, + }; host_session.log = logger_init("s2sin"..tostring(host_session):match("[a-f0-9]+$")); incoming_s2s[host_session] = true; return host_session; end local function new_outgoing(from_host, to_host) - local host_session = { to_host = to_host, from_host = from_host, host = from_host, - notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; + local host_session = { + to_host = to_host, + from_host = from_host, + host = from_host, + notopen = true, + type = "s2sout_unauthed", + direction = "outgoing", + }; hosts[from_host].s2sout[to_host] = host_session; local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); host_session.log = logger_init(conn_name); -- cgit v1.2.3 From 1ec8b4510430479da2cb404f03fd1067dae45c82 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Mar 2019 22:40:53 +0100 Subject: core.s2smanager: Use util.session to create sessions --- core/s2smanager.lua | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index e5540e1d..46dcd108 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -13,6 +13,7 @@ local tostring, pairs, setmetatable = tostring, pairs, setmetatable; local logger_init = require "util.logger".init; +local sessionlib = require "util.session"; local log = logger_init("s2smanager"); @@ -26,29 +27,26 @@ local _ENV = nil; -- luacheck: std none local function new_incoming(conn) - local host_session = { - conn = conn, - type = "s2sin_unauthed", - direction = "incoming", - hosts = {}, - }; - host_session.log = logger_init("s2sin"..tostring(host_session):match("[a-f0-9]+$")); + local host_session = sessionlib.new("s2sin"); + sessionlib.set_id(host_session); + sessionlib.set_logger(host_session); + sessionlib.set_conn(host_session, conn); + host_session.direction = "incoming"; + host_session.session.hosts = {}; incoming_s2s[host_session] = true; return host_session; end local function new_outgoing(from_host, to_host) - local host_session = { - to_host = to_host, - from_host = from_host, - host = from_host, - notopen = true, - type = "s2sout_unauthed", - direction = "outgoing", - }; + local host_session = sessionlib.new("s2sout"); + sessionlib.set_id(host_session); + sessionlib.set_logger(host_session); + host_session.to_host = to_host; + host_session.from_host = from_host; + host_session.host = from_host; + host_session.notopen = true; + host_session.direction = "outgoing"; hosts[from_host].s2sout[to_host] = host_session; - local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); - host_session.log = logger_init(conn_name); return host_session; end -- cgit v1.2.3 From ae1009d110d6abd42ba1f8c1698811ff947e99f1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Mar 2019 23:05:08 +0100 Subject: core.sessionmanager: Use util.session to create sessions --- core/sessionmanager.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 9a2456f2..f5af1185 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -21,6 +21,7 @@ local config_get = require "core.configmanager".get; local resourceprep = require "util.encodings".stringprep.resourceprep; local nodeprep = require "util.encodings".stringprep.nodeprep; local generate_identifier = require "util.id".short; +local sessionlib = require "util.session"; local initialize_filters = require "util.filters".initialize; local gettime = require "socket".gettime; @@ -29,7 +30,12 @@ local _ENV = nil; -- luacheck: std none local function new_session(conn) - local session = { conn = conn, type = "c2s_unauthed", conntime = gettime() }; + local session = sessionlib.new("c2s"); + sessionlib.set_id(session); + sessionlib.set_logger(session); + sessionlib.set_conn(session, conn); + + session.conntime = gettime(); local filter = initialize_filters(session); local w = conn.write; -- cgit v1.2.3 From e7fce52802163ca1c042bd1a369b81c775a72980 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Mar 2019 09:04:33 +0100 Subject: core.s2smanager: Fix previous commit (Thanks Martin) --- core/s2smanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 46dcd108..684bb94e 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -32,7 +32,7 @@ local function new_incoming(conn) sessionlib.set_logger(host_session); sessionlib.set_conn(host_session, conn); host_session.direction = "incoming"; - host_session.session.hosts = {}; + host_session.hosts = {}; incoming_s2s[host_session] = true; return host_session; end -- cgit v1.2.3 From 331336cd83ae38f8f963abd61951912127a3c250 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Sat, 1 Jun 2019 15:00:35 +0200 Subject: core/sessionmanager: Remove unnecessary fallback in make_authenticated --- core/sessionmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index f5af1185..55f096b9 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -129,7 +129,7 @@ local function make_authenticated(session, username) if session.type == "c2s_unauthed" then session.type = "c2s_unbound"; end - session.log("info", "Authenticated as %s@%s", username or "(unknown)", session.host or "(unknown)"); + session.log("info", "Authenticated as %s@%s", username, session.host or "(unknown)"); return true; end -- cgit v1.2.3 From cc653ef0d999ba46ad59cdd80be633a9f0d15557 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Jul 2019 23:15:30 +0200 Subject: core.s2smanager: Remove use of tostring in logging This is now performed by loggingmanager --- core/s2smanager.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 684bb94e..48bf0544 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -75,8 +75,8 @@ local function retire_session(session, reason) session.destruction_reason = reason; - function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end - function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end + function session.send(data) log("debug", "Discarding data sent to resting session: %s", data); end + function session.data(data) log("debug", "Discarding data received from resting session: %s", data); end session.thread = { run = function (_, data) return session.data(data) end }; session.sends2s = session.send; return setmetatable(session, resting_session); -- cgit v1.2.3 From 7bce7c9fbe91d12069da3821f732114eabeb1814 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:14:50 +0200 Subject: core.s2smanager: Rewrite log line to use formatting instead of concatenation Makes it more in line with logging elsewhere. Potentially avoids or at least delays creation of new string. --- core/s2smanager.lua | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 48bf0544..ccdf4932 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -9,8 +9,7 @@ local hosts = prosody.hosts; -local tostring, pairs, setmetatable - = tostring, pairs, setmetatable; +local pairs, setmetatable = pairs, setmetatable; local logger_init = require "util.logger".init; local sessionlib = require "util.session"; @@ -84,9 +83,8 @@ end local function destroy_session(session, reason) if session.destroyed then return; end - (session.log or log)("debug", "Destroying "..tostring(session.direction) - .." session "..tostring(session.from_host).."->"..tostring(session.to_host) - ..(reason and (": "..reason) or "")); + local log = session.log or log; + log("debug", "Destroying %s session %s->%s%s%s", session.direction, session.from_host, session.to_host, reason and ": " or "", reason or ""); if session.direction == "outgoing" then hosts[session.from_host].s2sout[session.to_host] = nil; -- cgit v1.2.3 From d7770bba849e88e4ece97c65ebaabadbb78c8755 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:18:59 +0200 Subject: core.stanza_router: Remove tostring call from logging Taken care of by loggingmanager now --- core/stanza_router.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index f5a34f59..d3caeb5d 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -199,7 +199,7 @@ function core_route_stanza(origin, stanza) else local host_session = hosts[from_host]; if not host_session then - log("error", "No hosts[from_host] (please report): %s", tostring(stanza)); + log("error", "No hosts[from_host] (please report): %s", stanza); else local xmlns = stanza.attr.xmlns; stanza.attr.xmlns = nil; -- cgit v1.2.3 From 8a87b70092c75b6fac191cf9f79787f7235bf60d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:19:27 +0200 Subject: core.sessionmanager: Remove tostring call from logging Taken care of by loggingmanager now --- core/sessionmanager.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 55f096b9..29779c3c 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -44,7 +44,7 @@ local function new_session(conn) if t then local ret, err = w(conn, t); if not ret then - session.log("debug", "Error writing to connection: %s", tostring(err)); + session.log("debug", "Error writing to connection: %s", err); return false, err; end end @@ -85,8 +85,8 @@ local function retire_session(session) end end - function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); return false; end - function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end + function session.send(data) log("debug", "Discarding data sent to resting session: %s", data); return false; end + function session.data(data) log("debug", "Discarding data received from resting session: %s", data); end session.thread = { run = function (_, data) return session.data(data) end }; return setmetatable(session, resting_session); end -- cgit v1.2.3 From 73beabd065c7cc08b1da06938e7df166c1f35c69 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:19:54 +0200 Subject: core.portmanager: Remove tostring call from logging Taken care of by loggingmanager now --- core/portmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 9eb40abf..7ba13dfd 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -103,7 +103,7 @@ local function activate(service_name) for port in bind_ports do local port_number = tonumber(port); if not port_number then - log("error", "Invalid port number specified for service '%s': %s", service_info.name, tostring(port)); + log("error", "Invalid port number specified for service '%s': %s", service_info.name, port); elseif #active_services:search(nil, interface, port_number) > 0 then log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "", service_name or ""); -- cgit v1.2.3 From e3276738b31e4afc377b3a8991b9cf771b7d5309 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:20:27 +0200 Subject: core.portmanager: Remove unused local [luacheck] --- core/portmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 7ba13dfd..55868c34 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -9,7 +9,7 @@ local set = require "util.set"; local table = table; local setmetatable, rawset, rawget = setmetatable, rawset, rawget; -local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs; +local type, tonumber, ipairs = type, tonumber, ipairs; local pairs = pairs; local prosody = prosody; -- cgit v1.2.3 From 2dd7b5717587d249dbda1335be3b5975a1c96e59 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 21 Aug 2019 23:15:05 +0200 Subject: core.moduleapi: Uppercase "IQ stanza" for consistency It's written like that elsewhere in the send_iq method --- core/moduleapi.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index b81bbeb2..dcdc41a4 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -407,7 +407,7 @@ function api:send_iq(stanza, origin, timeout) if iq_cache:get(cache_key) then reject(errutil.new({ type = "modify", condition = "conflict", - text = "iq stanza id attribute already used", + text = "IQ stanza id attribute already used", })); return; end -- cgit v1.2.3 From e0125bcb4c3a1c0f58d6fc291580ca4d54d8f331 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 21 Aug 2019 23:18:08 +0200 Subject: core.moduleapi: Restructure send_iq method for more atomic cleanup All cleanup in one spot instead of two, and at the end which fits with cleanup happening afterwards. --- core/moduleapi.lua | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index dcdc41a4..0a8adc36 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -374,22 +374,21 @@ function api:send_iq(stanza, origin, timeout) type = "wait", condition = "resource-constraint", text = "evicted from iq tracking cache" })); - self:unhook(iq.result_event, iq.result_handler); - self:unhook(iq.error_event, iq.error_handler); end); self._iq_cache = iq_cache; end - return promise.new(function (resolve, reject) - local event_type; - if stanza.attr.from == self.host then - event_type = "host"; - else -- assume bare since we can't hook full jids - event_type = "bare"; - end - local result_event = "iq-result/"..event_type.."/"..stanza.attr.id; - local error_event = "iq-error/"..event_type.."/"..stanza.attr.id; - local cache_key = event_type.."/"..stanza.attr.id; + local event_type; + if stanza.attr.from == self.host then + event_type = "host"; + else -- assume bare since we can't hook full jids + event_type = "bare"; + end + local result_event = "iq-result/"..event_type.."/"..stanza.attr.id; + local error_event = "iq-error/"..event_type.."/"..stanza.attr.id; + local cache_key = event_type.."/"..stanza.attr.id; + + local p = promise.new(function (resolve, reject) local function result_handler(event) if event.stanza.attr.from == stanza.attr.to then resolve(event); @@ -420,15 +419,11 @@ function api:send_iq(stanza, origin, timeout) type = "wait", condition = "remote-server-timeout", text = "IQ stanza timed out", })); - self:unhook(result_event, result_handler); - self:unhook(error_event, error_handler); - iq_cache:set(cache_key, nil); end); local ok = iq_cache:set(cache_key, { reject = reject, resolve = resolve, timeout_handle = timeout_handle, - result_event = result_event, error_event = error_event, result_handler = result_handler, error_handler = error_handler; }); @@ -442,6 +437,18 @@ function api:send_iq(stanza, origin, timeout) self:send(stanza, origin); end); + + p:finally(function () + local iq = iq_cache:get(cache_key); + if iq then + self:unhook(result_event, iq.result_handler); + self:unhook(error_event, iq.error_handler); + iq.timeout_handle:stop(); + iq_cache:set(cache_key, nil); + end + end); + + return p; end function api:broadcast(jids, stanza, iter) -- cgit v1.2.3 From df3f84ce546ea55074a11a69aab473012369af8f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Aug 2019 20:22:35 +0200 Subject: core.certmanager: Move EECDH ciphers before EDH in default cipherstring The original intent of having kEDH before kEECDH was that if a `dhparam` file was specified, this would be interpreted as a preference by the admin for old and well-tested Diffie-Hellman key agreement over newer elliptic curve ones. Otherwise the faster elliptic curve ciphersuites would be preferred. This didn't really work as intended since this affects the ClientHello on outgoing s2s connections, leading to some servers using poorly configured kEDH. With Debian shipping OpenSSL settings that enforce a higher security level, this caused interoperability problems with servers that use DH params smaller than 2048 bits. E.g. jabber.org at the time of this writing has 1024 bit DH params. MattJ says > Curves have won, and OpenSSL is less weird about them now --- core/certmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 63f314f8..5d3cc2c1 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -123,8 +123,8 @@ local core_defaults = { "P-521", }; ciphers = { -- Enabled ciphers in order of preference: - "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange + "HIGH+kEDH", -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set "HIGH", -- Other "High strength" ciphers -- Disabled cipher suites: "!PSK", -- Pre-Shared Key - not used for XMPP -- cgit v1.2.3 From b16782257d441196d7fbab2823ba8fa878c4c056 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Aug 2019 23:12:55 +0200 Subject: Remove COMPAT with temporary luasec fork The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014. --- core/certmanager.lua | 7 ------- 1 file changed, 7 deletions(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 5d3cc2c1..f81429ee 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -148,13 +148,6 @@ local path_options = { -- These we pass through resolve_path() key = true, certificate = true, cafile = true, capath = true, dhparam = true } -if luasec_version < 5 and ssl_x509 then - -- COMPAT mw/luasec-hg - for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix - core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6); - end -end - local function create_context(host, mode, ...) local cfg = new_config(); cfg:apply(core_defaults); -- cgit v1.2.3 From f39535cfd039d481457c27cee5154bdfb1ff3621 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Aug 2019 23:25:42 +0200 Subject: core.certmanager: Remove unused import [luacheck] --- core/certmanager.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index f81429ee..64528c34 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -20,7 +20,6 @@ end local configmanager = require "core.configmanager"; local log = require "util.logger".init("certmanager"); local ssl_context = ssl.context or softreq"ssl.context"; -local ssl_x509 = ssl.x509 or softreq"ssl.x509"; local ssl_newcontext = ssl.newcontext; local new_config = require"util.sslconfig".new; local stat = require "lfs".attributes; -- cgit v1.2.3 From 5bba716be9cf3b7e345164023dc89b84e7542ea1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 00:00:40 +0200 Subject: core.certmanager: Lower severity for tls config not having cert This is needed for SNI where certificates are in separate per-hostname contexts, not the main one. If there is a cert, it will still require a corresponding key. --- core/certmanager.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 64528c34..b20a0cdb 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -169,8 +169,10 @@ local function create_context(host, mode, ...) local user_ssl_config = cfg:final(); if mode == "server" then - if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end - if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end + if not user_ssl_config.certificate then + log("info", "No certificate present in SSL/TLS configuration for %s. SNI will be required.", host); + end + if user_ssl_config.certificate and not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end end for option in pairs(path_options) do -- cgit v1.2.3 From 1cebbe481be0dbce23f8c7288e091cfb557225d2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 17:31:26 +0200 Subject: core.s2smanager: Add [direction] boolean flags to s2s connections This will allow representing connections that go both directions --- core/s2smanager.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index ccdf4932..45993fd2 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -31,6 +31,7 @@ local function new_incoming(conn) sessionlib.set_logger(host_session); sessionlib.set_conn(host_session, conn); host_session.direction = "incoming"; + host_session.incoming = true; host_session.hosts = {}; incoming_s2s[host_session] = true; return host_session; @@ -45,6 +46,7 @@ local function new_outgoing(from_host, to_host) host_session.host = from_host; host_session.notopen = true; host_session.direction = "outgoing"; + host_session.outgoing = true; hosts[from_host].s2sout[to_host] = host_session; return host_session; end -- cgit v1.2.3 From 2398f3813579f0f95a14008e1e9f217f60d67bde Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 17:32:55 +0200 Subject: core.s2smanager: Add map of names authenticate for remote on s2sout for parity with s2sin Making s2sin and -out look more alike in preparation for bidi support --- core/s2smanager.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 45993fd2..971ccc5c 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -47,6 +47,7 @@ local function new_outgoing(from_host, to_host) host_session.notopen = true; host_session.direction = "outgoing"; host_session.outgoing = true; + host_session.hosts = {}; hosts[from_host].s2sout[to_host] = host_session; return host_session; end -- cgit v1.2.3 From 6f213da0a0d3c6c292f2ba6baebf1238ef4ea13d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 17:34:56 +0200 Subject: core.stanza_router: Handle s2s in more direction-agnostic way --- core/stanza_router.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index d3caeb5d..a74f3b6f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -111,8 +111,8 @@ function core_process_stanza(origin, stanza) stanza.attr.from = from; end - if (origin.type == "s2sin" or origin.type == "c2s" or origin.type == "component") and xmlns == nil then - if origin.type == "s2sin" and not origin.dummy then + if (origin.type == "s2sin" or origin.type == "s2sout" or origin.type == "c2s" or origin.type == "component") and xmlns == nil then + if (origin.type == "s2sin" or origin.type == "s2sout") and not origin.dummy then local host_status = origin.hosts[from_host]; if not host_status or not host_status.authed then -- remote server trying to impersonate some other server? log("warn", "Received a stanza claiming to be from %s, over a stream authed for %s!", from_host, origin.from_host); -- cgit v1.2.3 From ef38f2d0622260df46a86ca4a6d000c57e197823 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 8 Sep 2019 19:45:39 +0200 Subject: mod_s2s_bidi: Enables bi-directional streams via XEP-0288 --- core/modulemanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 0d24381a..df6ae787 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -24,7 +24,7 @@ local setmetatable, rawget = setmetatable, rawget; local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; local autoload_modules = {prosody.platform, "presence", "message", "iq", "offline", "c2s", "s2s", "s2s_auth_certs"}; -local component_inheritable_modules = {"tls", "saslauth", "dialback", "iq", "s2s"}; +local component_inheritable_modules = {"tls", "saslauth", "dialback", "iq", "s2s", "s2s_bidi"}; -- We need this to let modules access the real global namespace local _G = _G; -- cgit v1.2.3 From 2ad505a81f7dbb9be487fd51481d4d82120c26e3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Sep 2019 17:07:39 +0200 Subject: core.modulemanager: Split lists across multiple lines for improved readability Patches will also be easier to read. --- core/modulemanager.lua | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/modulemanager.lua b/core/modulemanager.lua index df6ae787..5a45d6b6 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -23,8 +23,24 @@ local debug_traceback = debug.traceback; local setmetatable, rawget = setmetatable, rawget; local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; -local autoload_modules = {prosody.platform, "presence", "message", "iq", "offline", "c2s", "s2s", "s2s_auth_certs"}; -local component_inheritable_modules = {"tls", "saslauth", "dialback", "iq", "s2s", "s2s_bidi"}; +local autoload_modules = { + prosody.platform, + "presence", + "message", + "iq", + "offline", + "c2s", + "s2s", + "s2s_auth_certs", +}; +local component_inheritable_modules = { + "tls", + "saslauth", + "dialback", + "iq", + "s2s", + "s2s_bidi", +}; -- We need this to let modules access the real global namespace local _G = _G; -- cgit v1.2.3 From 72b4209cfb6968802358cf5556dfb7be6442e194 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 5 Oct 2019 16:21:41 +0200 Subject: core.s2smanager: Remove bidi-enabled s2sin from outgoing routing table Caused creation of new s2sout instead of proper bidi-enabled s2sin. --- core/s2smanager.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 971ccc5c..20b7ffea 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -93,6 +93,9 @@ local function destroy_session(session, reason) hosts[session.from_host].s2sout[session.to_host] = nil; session:bounce_sendq(reason); elseif session.direction == "incoming" then + if session.outgoing then + hosts[session.from_host].s2sout[session.to_host] = nil; + end incoming_s2s[session] = nil; end -- cgit v1.2.3 From fb13625e08b83f4c1886e90963aeda49137c04ab Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 5 Oct 2019 17:09:24 +0200 Subject: core.s2smanager: Fix traceback due to mixup with to/from Forgot to swap to and from in 3123a13cf577 --- core/s2smanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 20b7ffea..7471286c 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -94,7 +94,7 @@ local function destroy_session(session, reason) session:bounce_sendq(reason); elseif session.direction == "incoming" then if session.outgoing then - hosts[session.from_host].s2sout[session.to_host] = nil; + hosts[session.to_host].s2sout[session.from_host] = nil; end incoming_s2s[session] = nil; end -- cgit v1.2.3 From c09d6decbebbaec23defaed760dcfc63a3c9ec32 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 9 Sep 2019 22:32:01 +0200 Subject: core.stanza_router: Do strict jidprep on c2s Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed. --- core/stanza_router.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index a74f3b6f..9d3ab113 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -83,7 +83,7 @@ function core_process_stanza(origin, stanza) if full_sessions[to] or bare_sessions[to] or hosts[to] then node, host = jid_split(to); -- TODO only the host is needed, optimize else - node, host, resource = jid_prepped_split(to); + node, host, resource = jid_prepped_split(to, origin.type == "c2s"); if not host then log("warn", "Received stanza with invalid destination JID: %s", to); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then -- cgit v1.2.3 From cf05074f0e625bd001fb79c44efd787c0d8f333f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 30 Oct 2019 17:33:52 +0100 Subject: Backed out changeset 64ddcbc9a328 as it would prevent communicating with valid remote JIDs that aren't valid under STRINGPREP / Unicode 3.2 --- core/stanza_router.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 9d3ab113..a74f3b6f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -83,7 +83,7 @@ function core_process_stanza(origin, stanza) if full_sessions[to] or bare_sessions[to] or hosts[to] then node, host = jid_split(to); -- TODO only the host is needed, optimize else - node, host, resource = jid_prepped_split(to, origin.type == "c2s"); + node, host, resource = jid_prepped_split(to); if not host then log("warn", "Received stanza with invalid destination JID: %s", to); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then -- cgit v1.2.3 From 522916d7c71c35d61d03ff25dc5d8e726f6bf9b3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 13:24:33 +0100 Subject: core.sessionmanager: Fix traceback from passing nil to resourceprep --- core/sessionmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 29779c3c..a62db906 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -150,7 +150,7 @@ local function bind_resource(session, resource) resource = event_payload.resource; end - resource = resourceprep(resource); + resource = resourceprep(resource or ""); resource = resource ~= "" and resource or generate_identifier(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing -- cgit v1.2.3 From 4b69a96d83465e0b04b4b07043f28516da0afc92 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 13:55:38 +0100 Subject: core.configmanager: Ensure Hosts are given names Prevents traceback from nameprep(nil) --- core/configmanager.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'core') diff --git a/core/configmanager.lua b/core/configmanager.lua index 090a6a0a..8ed74e3c 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -138,6 +138,9 @@ do rawset(env, "__currenthost", "*") -- Default is global function env.VirtualHost(name) + if not name then + error("Host must have a name", 2); + end name = nameprep(name); if rawget(config_table, name) and rawget(config_table[name], "component_module") then error(format("Host %q clashes with previously defined %s Component %q, for services use a sub-domain like conference.%s", @@ -156,6 +159,9 @@ do env.Host, env.host = env.VirtualHost, env.VirtualHost; function env.Component(name) + if not name then + error("Component must have a name", 2); + end name = nameprep(name); if rawget(config_table, name) and rawget(config_table[name], "defined") and not rawget(config_table[name], "component_module") then -- cgit v1.2.3 From f563584fca3f6dff5ee1c98c5679018645f10ac0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 13:56:13 +0100 Subject: core.configmanager: Handle nameprep validation errors --- core/configmanager.lua | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/configmanager.lua b/core/configmanager.lua index 8ed74e3c..ae0a274a 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -141,7 +141,11 @@ do if not name then error("Host must have a name", 2); end - name = nameprep(name); + local prepped_name = nameprep(name); + if not prepped_name then + error(format("Name of Host %q contains forbidden characters", name), 0); + end + name = prepped_name; if rawget(config_table, name) and rawget(config_table[name], "component_module") then error(format("Host %q clashes with previously defined %s Component %q, for services use a sub-domain like conference.%s", name, config_table[name].component_module:gsub("^%a+$", { component = "external", muc = "MUC"}), name, name), 0); @@ -162,7 +166,11 @@ do if not name then error("Component must have a name", 2); end - name = nameprep(name); + local prepped_name = nameprep(name); + if not prepped_name then + error(format("Name of Component %q contains forbidden characters", name), 0); + end + name = prepped_name; if rawget(config_table, name) and rawget(config_table[name], "defined") and not rawget(config_table[name], "component_module") then error(format("Component %q clashes with previously defined Host %q, for services use a sub-domain like conference.%s", -- cgit v1.2.3 From b1516ea8f0c1121b47eae70e9f18755298026a60 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:39:01 +0100 Subject: core.sessionmanager: Require that client-requested resources pass strict resourceprep --- core/sessionmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index a62db906..6c005fcd 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -150,7 +150,7 @@ local function bind_resource(session, resource) resource = event_payload.resource; end - resource = resourceprep(resource or ""); + resource = resourceprep(resource or "", true); resource = resource ~= "" and resource or generate_identifier(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing -- cgit v1.2.3 From 3aee8e24a6873fce6b7ab30f5b87d17089e0d5a6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Nov 2019 01:29:03 +0100 Subject: s2s: Allow passing a custom error for bouncing queued stanzas (#770) Since stream errors and stanza errors are different --- core/s2smanager.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 7471286c..7f156f12 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -84,14 +84,14 @@ local function retire_session(session, reason) return setmetatable(session, resting_session); end -local function destroy_session(session, reason) +local function destroy_session(session, reason, bounce_reason) if session.destroyed then return; end local log = session.log or log; log("debug", "Destroying %s session %s->%s%s%s", session.direction, session.from_host, session.to_host, reason and ": " or "", reason or ""); if session.direction == "outgoing" then hosts[session.from_host].s2sout[session.to_host] = nil; - session:bounce_sendq(reason); + session:bounce_sendq(bounce_reason or reason); elseif session.direction == "incoming" then if session.outgoing then hosts[session.to_host].s2sout[session.from_host] = nil; -- cgit v1.2.3 From b65b591c7a19f17f73097e3120f0d13c7dd49886 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 23:22:29 +0100 Subject: core.portmanager: Don't set the first TLS context with a cert as main context Don't think this works and it's apparently acceptable to require SNI these days. --- core/portmanager.lua | 4 ---- 1 file changed, 4 deletions(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 55868c34..e94720dd 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -245,10 +245,6 @@ local function add_sni_host(host, service) local ssl, err, cfg = certmanager.create_context(host, "server"); if ssl then active_service.server.hosts[host] = ssl; - if not active_service.tls_cfg.certificate then - active_service.server.tls_ctx = ssl; - active_service.tls_cfg = cfg; - end else log("error", "err = %q", err); end -- cgit v1.2.3 From 1f33d9c6bb1310ba153580cfdb8d1d36a838f2b7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 23:24:14 +0100 Subject: core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support) --- core/certmanager.lua | 1 + core/portmanager.lua | 15 +++++---------- 2 files changed, 6 insertions(+), 10 deletions(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index b20a0cdb..663cebb4 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -252,4 +252,5 @@ return { create_context = create_context; reload_ssl_config = reload_ssl_config; find_cert = find_cert; + find_host_cert = find_host_cert; }; diff --git a/core/portmanager.lua b/core/portmanager.lua index e94720dd..fced3f8f 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -230,19 +230,14 @@ end -- Event handlers local function add_sni_host(host, service) - -- local global_ssl_config = config.get(host, "ssl") or {}; for name, interface, port, n, active_service --luacheck: ignore 213 in active_services:iter(service, nil, nil, nil) do if active_service.server.hosts and active_service.tls_cfg then - -- local config_prefix = (active_service.config_prefix or name).."_"; - -- if config_prefix == "_" then - -- config_prefix = ""; - -- end - -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config; - -- FIXME only global 'ssl' settings are mixed in here - -- TODO per host and per service settings should be merged in, - -- without overriding the per-host certificate - local ssl, err, cfg = certmanager.create_context(host, "server"); + local config_prefix = (active_service.config_prefix or name).."_"; + if config_prefix == "_" then config_prefix = ""; end + local prefix_ssl_config = config.get(host, config_prefix.."ssl"); + local autocert = certmanager.find_host_cert(host); + local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); if ssl then active_service.server.hosts[host] = ssl; else -- cgit v1.2.3 From 46142132167a7d73193739ba7a832bec610223b0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Nov 2019 16:40:04 +0100 Subject: core.portmanager: Complete error message for SNI TLS context problems --- core/portmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index fced3f8f..99656e3e 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -241,7 +241,7 @@ local function add_sni_host(host, service) if ssl then active_service.server.hosts[host] = ssl; else - log("error", "err = %q", err); + log("error", "Error creating TLS context for SNI host %s: %s", host, err); end end end -- cgit v1.2.3 From 173990157fad6d4507e8ce2dc214e7bf35a17822 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 19 Dec 2019 10:03:16 +0000 Subject: rostermanager, mod_presence: Support for subscription preapproval (fixes #686) --- core/rostermanager.lua | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/rostermanager.lua b/core/rostermanager.lua index d551a1b1..7b104339 100644 --- a/core/rostermanager.lua +++ b/core/rostermanager.lua @@ -301,6 +301,11 @@ function is_contact_pending_out(username, host, jid) local item = roster[jid]; return item and item.ask; end +local function is_contact_preapproved(username, host, jid) + local roster = load_roster(username, host); + local item = roster[jid]; + return item and (item.approved == "true"); +end local function set_contact_pending_out(username, host, jid) -- subscribe local roster = load_roster(username, host); local item = roster[jid]; @@ -331,9 +336,10 @@ local function unsubscribe(username, host, jid) return save_roster(username, host, roster, jid); end local function subscribed(username, host, jid) + local roster = load_roster(username, host); + local item = roster[jid]; + if is_contact_pending_in(username, host, jid) then - local roster = load_roster(username, host); - local item = roster[jid]; if not item then -- FIXME should roster item be auto-created? item = {subscription = "none", groups = {}}; roster[jid] = item; @@ -345,7 +351,17 @@ local function subscribed(username, host, jid) end roster[false].pending[jid] = nil; return save_roster(username, host, roster, jid); - end -- TODO else implement optional feature pre-approval (ask = subscribed) + elseif not item or item.subscription == "none" or item.subscription == "to" then + -- Contact is not subscribed and has not sent a subscription request. + -- We store a pre-approval as per RFC6121 3.4 + if not item then + item = {subscription = "none", groups = {}}; + roster[jid] = item; + end + item.approved = "true"; + log("debug", "Storing preapproval for %s", jid); + return save_roster(username, host, roster, jid); + end end local function unsubscribed(username, host, jid) local roster = load_roster(username, host); @@ -403,6 +419,7 @@ return { set_contact_pending_in = set_contact_pending_in; is_contact_pending_out = is_contact_pending_out; set_contact_pending_out = set_contact_pending_out; + is_contact_preapproved = is_contact_preapproved; unsubscribe = unsubscribe; subscribed = subscribed; unsubscribed = unsubscribed; -- cgit v1.2.3 From 6d3006307dd0bd38861102dcd2d51cb75e100224 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 20 Dec 2019 22:31:27 +0100 Subject: core.stanza_router: Extract host part of JIDs directly [luacheck] Silences warning about unused return values --- core/stanza_router.lua | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index a74f3b6f..dab83803 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -12,6 +12,7 @@ local hosts = _G.prosody.hosts; local tostring = tostring; local st = require "util.stanza"; local jid_split = require "util.jid".split; +local jid_host = require "util.jid".host; local jid_prepped_split = require "util.jid".prepped_split; local full_sessions = _G.prosody.full_sessions; @@ -81,7 +82,7 @@ function core_process_stanza(origin, stanza) local to_bare, from_bare; if to then if full_sessions[to] or bare_sessions[to] or hosts[to] then - node, host = jid_split(to); -- TODO only the host is needed, optimize + host = jid_host(to); else node, host, resource = jid_prepped_split(to); if not host then @@ -186,8 +187,8 @@ function core_post_stanza(origin, stanza, preevents) end function core_route_stanza(origin, stanza) - local node, host, resource = jid_split(stanza.attr.to); - local from_node, from_host, from_resource = jid_split(stanza.attr.from); + local host = jid_host(stanza.attr.to); + local from_host = jid_host(stanza.attr.from); -- Auto-detect origin if not specified origin = origin or hosts[from_host]; -- cgit v1.2.3 From 5e83a19bc8899ee4282a8370596b3bc43b6e34cc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 20 Dec 2019 22:33:24 +0100 Subject: core.stanza_router: Silence warning about unused err_message [luacheck] --- core/stanza_router.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index dab83803..1d8db3e7 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -28,7 +28,7 @@ local function handle_unhandled_stanza(host, origin, stanza) --luacheck: ignore local st_type = stanza.attr.type; if st_type == "error" or (name == "iq" and st_type == "result") then if st_type == "error" then - local err_type, err_condition, err_message = stanza:get_error(); + local err_type, err_condition, err_message = stanza:get_error(); -- luacheck: ignore 211/err_message log("debug", "Discarding unhandled error %s (%s, %s) from %s: %s", name, err_type, err_condition or "unknown condition", origin_type, stanza:top_tag()); else -- cgit v1.2.3 From 3f89e9373b5978f18bed6b62bc1dceb3887364d8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 20 Dec 2019 22:38:45 +0100 Subject: core.modulemanager: Silence warning about unused err variable [luacheck] --- core/modulemanager.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 456f09f6..e23f1e55 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -246,7 +246,8 @@ local function do_reload_module(host, name) local saved; if module_has_method(mod, "save") then - local ok, ret, err = call_module_method(mod, "save"); + -- FIXME What goes in 'err' here? + local ok, ret, err = call_module_method(mod, "save"); -- luacheck: ignore 211/err if ok then saved = ret; else -- cgit v1.2.3 From c4c6a44c3089cafa59bdea640e0a2e90951a9058 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:26:51 +0100 Subject: core.portmanager: Ignore unused return variable [luacheck] --- core/portmanager.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 99656e3e..0712f5ac 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -237,6 +237,7 @@ local function add_sni_host(host, service) if config_prefix == "_" then config_prefix = ""; end local prefix_ssl_config = config.get(host, config_prefix.."ssl"); local autocert = certmanager.find_host_cert(host); + -- luacheck: ignore 211/cfg local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); if ssl then active_service.server.hosts[host] = ssl; -- cgit v1.2.3 From 83c028be30d1467f255756c081c1261ff294a522 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:27:34 +0100 Subject: core.statsmanager: Ignore unused variable [luacheck] --- core/statsmanager.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'core') diff --git a/core/statsmanager.lua b/core/statsmanager.lua index 50798ad0..d3f1d4f5 100644 --- a/core/statsmanager.lua +++ b/core/statsmanager.lua @@ -79,6 +79,7 @@ if stats then if stats.get_stats then changed_stats, stats_extra = {}, {}; for stat_name, getter in pairs(stats.get_stats()) do + -- luacheck: ignore 211/type local type, value, extra = getter(); local old_value = latest_stats[stat_name]; latest_stats[stat_name] = value; -- cgit v1.2.3 From cdd6144dcc649f612c86f786c4e7fe8a12653582 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 30 Dec 2019 09:53:10 +0100 Subject: core.moduleapi: Fix error context in :send_iq API It got passed as argument to reject() instead of the util.error function and was lost. --- core/moduleapi.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 0a8adc36..dc1f899c 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -398,7 +398,7 @@ function api:send_iq(stanza, origin, timeout) local function error_handler(event) if event.stanza.attr.from == stanza.attr.to then - reject(errutil.from_stanza(event.stanza), event); + reject(errutil.from_stanza(event.stanza, event)); return true; end end -- cgit v1.2.3 From adc4440fd83a3b9124f91ad38eb8aa2c933284cc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 30 Dec 2019 09:54:49 +0100 Subject: core.moduleapi: Rename local name for util.error for consistency It's called 'errors' everywhere else except here. --- core/moduleapi.lua | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index dc1f899c..5e8438a8 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -15,7 +15,7 @@ local timer = require "util.timer"; local resolve_relative_path = require"util.paths".resolve_relative_path; local st = require "util.stanza"; local cache = require "util.cache"; -local errutil = require "util.error"; +local errors = require "util.error"; local promise = require "util.promise"; local time_now = require "util.time".now; local format = require "util.format".format; @@ -370,7 +370,7 @@ function api:send_iq(stanza, origin, timeout) local iq_cache = self._iq_cache; if not iq_cache then iq_cache = cache.new(256, function (_, iq) - iq.reject(errutil.new({ + iq.reject(errors.new({ type = "wait", condition = "resource-constraint", text = "evicted from iq tracking cache" })); @@ -398,13 +398,13 @@ function api:send_iq(stanza, origin, timeout) local function error_handler(event) if event.stanza.attr.from == stanza.attr.to then - reject(errutil.from_stanza(event.stanza, event)); + reject(errors.from_stanza(event.stanza, event)); return true; end end if iq_cache:get(cache_key) then - reject(errutil.new({ + reject(errors.new({ type = "modify", condition = "conflict", text = "IQ stanza id attribute already used", })); @@ -415,7 +415,7 @@ function api:send_iq(stanza, origin, timeout) self:hook(error_event, error_handler); local timeout_handle = self:add_timer(timeout or 120, function () - reject(errutil.new({ + reject(errors.new({ type = "wait", condition = "remote-server-timeout", text = "IQ stanza timed out", })); @@ -428,7 +428,7 @@ function api:send_iq(stanza, origin, timeout) }); if not ok then - reject(errutil.new({ + reject(errors.new({ type = "wait", condition = "internal-server-error", text = "Could not store IQ tracking data" })); -- cgit v1.2.3 From 3db27c369600393497d626c7b1a3e8c2c0365338 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 16 Jan 2020 16:30:26 +0100 Subject: core.moduleapi: Hook correct event type in some cases In rare cases, module.host can be a bare JID, in which case this test did the wrong thing. --- core/moduleapi.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 5e8438a8..87c337d6 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -19,6 +19,7 @@ local errors = require "util.error"; local promise = require "util.promise"; local time_now = require "util.time".now; local format = require "util.format".format; +local jid_node = require "util.jid".node; local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local error, setmetatable, type = error, setmetatable, type; @@ -379,7 +380,7 @@ function api:send_iq(stanza, origin, timeout) end local event_type; - if stanza.attr.from == self.host then + if not jid_node(stanza.attr.from) then event_type = "host"; else -- assume bare since we can't hook full jids event_type = "bare"; -- cgit v1.2.3 From 1f437623ad987328bcd6ca34b551f14415985b32 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 21:54:59 +0000 Subject: usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish). Note: Removes the ability for mod_auth_* providers to determine user admin status. Such modules will need to have their is_admin methods ported to be a mod_authz_* provider. --- core/usermanager.lua | 62 +++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index bb5669cf..ec98d12f 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -9,12 +9,13 @@ local modulemanager = require "core.modulemanager"; local log = require "util.logger".init("usermanager"); local type = type; -local ipairs = ipairs; local jid_bare = require "util.jid".bare; +local jid_split = require "util.jid".split; local jid_prep = require "util.jid".prep; local config = require "core.configmanager"; local sasl_new = require "util.sasl".new; local storagemanager = require "core.storagemanager"; +local set = require "util.set"; local prosody = _G.prosody; local hosts = prosody.hosts; @@ -34,6 +35,22 @@ local function new_null_provider() }); end +local global_admins_config = config.get("*", "admins"); +if type(global_admins_config) ~= "table" then + global_admins_config = nil; -- TODO: factor out moduleapi magic config handling and use it here +end +local global_admins = set.new(global_admins_config) / jid_prep; + +local admin_role = { ["prosody:admin"] = true }; +local global_authz_provider = { + get_user_roles = function (user) end; --luacheck: ignore 212/user + get_jid_roles = function (jid) + if global_admins:contains(jid) then + return admin_role; + end + end; +}; + local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) @@ -66,6 +83,11 @@ local function initialize_host(host) if auth_provider ~= "null" then modulemanager.load(host, "auth_"..auth_provider); end + + local authz_provider_name = config.get(host, "authorization") or "internal"; + + local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); + host_session.authz = authz_mod or global_authz_provider; end; prosody.events.add_handler("host-activated", initialize_host, 100); @@ -120,38 +142,18 @@ local function is_admin(jid, host) jid = jid_bare(jid); host = host or "*"; - local host_admins = config.get(host, "admins"); - local global_admins = config.get("*", "admins"); - - if host_admins and host_admins ~= global_admins then - if type(host_admins) == "table" then - for _,admin in ipairs(host_admins) do - if jid_prep(admin) == jid then - return true; - end - end - elseif host_admins then - log("error", "Option 'admins' for host '%s' is not a list", host); - end - end + local actor_user, actor_host = jid_split(jid); + local roles; - if global_admins then - if type(global_admins) == "table" then - for _,admin in ipairs(global_admins) do - if jid_prep(admin) == jid then - return true; - end - end - elseif global_admins then - log("error", "Global option 'admins' is not a list"); - end - end + local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; - -- Still not an admin, check with auth provider - if host ~= "*" and hosts[host].users and hosts[host].users.is_admin then - return hosts[host].users.is_admin(jid); + if actor_host == host then -- Local user + roles = authz_provider.get_user_roles(actor_user); + else -- Remote user/JID + roles = authz_provider.get_jid_roles(jid); end - return false; + + return roles and roles["prosody:admin"]; end return { -- cgit v1.2.3 From b177628d3c336437b7098935b2e1040dc254e46a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 22:09:19 +0000 Subject: usermanager: Load authz providers on components also --- core/usermanager.lua | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index ec98d12f..47d157bf 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -55,6 +55,12 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; + + local authz_provider_name = config.get(host, "authorization") or "internal"; + + local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); + host_session.authz = authz_mod or global_authz_provider; + if host_session.type ~= "local" then return; end host_session.events.add_handler("item-added/auth-provider", function (event) @@ -84,10 +90,6 @@ local function initialize_host(host) modulemanager.load(host, "auth_"..auth_provider); end - local authz_provider_name = config.get(host, "authorization") or "internal"; - - local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); - host_session.authz = authz_mod or global_authz_provider; end; prosody.events.add_handler("host-activated", initialize_host, 100); -- cgit v1.2.3 From 34abcc8bd5da00be68279f31b747a341f23d1c11 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 22:28:52 +0000 Subject: mod_authz_internal, usermanager: Rename to mod_authz_config --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index 47d157bf..4a1e18f9 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -56,7 +56,7 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; - local authz_provider_name = config.get(host, "authorization") or "internal"; + local authz_provider_name = config.get(host, "authorization") or "config"; local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); host_session.authz = authz_mod or global_authz_provider; -- cgit v1.2.3 From fd3ee50a8c1aa3029d8edecf584bea8acda9edc7 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:40:50 +0000 Subject: stanza_router: Add once-per-routed-stanza event, pre-stanza --- core/stanza_router.lua | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 1d8db3e7..b2712b2f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -172,7 +172,14 @@ function core_post_stanza(origin, stanza, preevents) end end - local event_data = {origin=origin, stanza=stanza}; + local event_data = {origin=origin, stanza=stanza, to_self=to_self}; + + local result = hosts[origin.host].events.fire_event("pre-stanza", event_data); + if result ~= nil then + log("debug", "Stanza rejected by pre-stanza handler: %s", event_data.reason or "unknown reason"); + return; + end + if preevents then -- c2s connection if hosts[origin.host].events.fire_event('pre-'..stanza.name..to_type, event_data) then return; end -- do preprocessing end -- cgit v1.2.3 From 3fb671e0a3ebec083770b6ea0bf91b1489ebf833 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:41:14 +0000 Subject: usermanager: Add get_roles() function --- core/usermanager.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index 4a1e18f9..acdc7909 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -137,7 +137,7 @@ local function get_provider(host) return hosts[host].users; end -local function is_admin(jid, host) +local function get_roles(jid, host) if host and not hosts[host] then return false; end if type(jid) ~= "string" then return false; end @@ -155,6 +155,11 @@ local function is_admin(jid, host) roles = authz_provider.get_jid_roles(jid); end + return roles; +end + +local function is_admin(jid, host) + local roles = get_roles(jid, host); return roles and roles["prosody:admin"]; end @@ -170,5 +175,6 @@ return { users = users; get_sasl_handler = get_sasl_handler; get_provider = get_provider; + get_roles = get_roles; is_admin = is_admin; }; -- cgit v1.2.3 From e4f830812fe66033ad1344795def93537d159d62 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:41:40 +0000 Subject: portmanager: Don't auto-start network services under prosodyctl --- core/portmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/portmanager.lua b/core/portmanager.lua index 0712f5ac..2f9aa8b2 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -170,7 +170,7 @@ end local function register_service(service_name, service_info) table.insert(services[service_name], service_info); - if not active_services:get(service_name) then + if not active_services:get(service_name) and prosody.process_type == "prosody" then log("debug", "No active service for %s, activating...", service_name); local ok, err = activate(service_name); if not ok then -- cgit v1.2.3 From 783af2135e96ad2af8325a32f7f06f7cf51642db Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:56:20 +0000 Subject: sessionmanager: Support passing an auth scope to make_authenticated --- core/sessionmanager.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 6c005fcd..eb515819 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -122,13 +122,14 @@ local function destroy_session(session, err) retire_session(session); end -local function make_authenticated(session, username) +local function make_authenticated(session, username, scope) username = nodeprep(username); if not username or #username == 0 then return nil, "Invalid username"; end session.username = username; if session.type == "c2s_unauthed" then session.type = "c2s_unbound"; end + session.auth_scope = scope; session.log("info", "Authenticated as %s@%s", username, session.host or "(unknown)"); return true; end -- cgit v1.2.3 From 428e4fa83263db49891c64389ba404d819902cb1 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 22:53:59 +0000 Subject: stanza_router: only fire pre-stanza if firing other preevents (e.g. for c2s sessions) --- core/stanza_router.lua | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'core') diff --git a/core/stanza_router.lua b/core/stanza_router.lua index b2712b2f..774c077e 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -174,13 +174,13 @@ function core_post_stanza(origin, stanza, preevents) local event_data = {origin=origin, stanza=stanza, to_self=to_self}; - local result = hosts[origin.host].events.fire_event("pre-stanza", event_data); - if result ~= nil then - log("debug", "Stanza rejected by pre-stanza handler: %s", event_data.reason or "unknown reason"); - return; - end - if preevents then -- c2s connection + local result = hosts[origin.host].events.fire_event("pre-stanza", event_data); + if result ~= nil then + log("debug", "Stanza rejected by pre-stanza handler: %s", event_data.reason or "unknown reason"); + return; + end + if hosts[origin.host].events.fire_event('pre-'..stanza.name..to_type, event_data) then return; end -- do preprocessing end local h = hosts[to_bare] or hosts[host or origin.host]; -- cgit v1.2.3 From 8d04879adfbe5d4039a14c5bd10e95ee4b051566 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 23 Feb 2020 12:38:43 +0000 Subject: usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index acdc7909..aced0379 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -56,7 +56,7 @@ local provider_mt = { __index = new_null_provider() }; local function initialize_host(host) local host_session = hosts[host]; - local authz_provider_name = config.get(host, "authorization") or "config"; + local authz_provider_name = config.get(host, "authorization") or "internal"; local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name); host_session.authz = authz_mod or global_authz_provider; -- cgit v1.2.3 From 81f5c3e319792bec5d53c30334f3f54537aeb32b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Mar 2020 16:29:57 +0000 Subject: storagemanager: Add support for :find_key() and :delete_key() to map store shim --- core/storagemanager.lua | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'core') diff --git a/core/storagemanager.lua b/core/storagemanager.lua index dea71733..14de1314 100644 --- a/core/storagemanager.lua +++ b/core/storagemanager.lua @@ -167,6 +167,39 @@ local map_shim_mt = { return self.keyval_store:set(username, current); end; remove = {}; + find_key = function (self, key) + if type(key) ~= "string" or key == "" then + return nil, "find_key only supports non-empty string keys"; + end + local ret; + for username in self.keyval_store:users() do + local key_data = self:get(username, key); + if key_data then + if not ret then + ret = {}; + end + ret[username] = key_data; + end + end + return ret; + end; + delete_key = function (self, key) + if type(key) ~= "string" or key == "" then + return nil, "delete_key only supports non-empty string keys"; + end + local data = { [key] = self.remove }; + local last_err; + for username in self.keyval_store:users() do + local ok, err = self:set_keys(username, data); + if not ok then + last_err = err; + end + end + if last_err then + return nil, last_err; + end + return true; + end; }; } -- cgit v1.2.3 From cb6148d155ea02a68e40b8afb5861451750499ad Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Mar 2020 16:32:41 +0000 Subject: storagemanager, mod_storage_sql: Rename methods to :get_all() and :delete_all() --- core/storagemanager.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'core') diff --git a/core/storagemanager.lua b/core/storagemanager.lua index 14de1314..856acad3 100644 --- a/core/storagemanager.lua +++ b/core/storagemanager.lua @@ -167,9 +167,9 @@ local map_shim_mt = { return self.keyval_store:set(username, current); end; remove = {}; - find_key = function (self, key) + get_all = function (self, key) if type(key) ~= "string" or key == "" then - return nil, "find_key only supports non-empty string keys"; + return nil, "get_all only supports non-empty string keys"; end local ret; for username in self.keyval_store:users() do @@ -183,9 +183,9 @@ local map_shim_mt = { end return ret; end; - delete_key = function (self, key) + delete_all = function (self, key) if type(key) ~= "string" or key == "" then - return nil, "delete_key only supports non-empty string keys"; + return nil, "delete_all only supports non-empty string keys"; end local data = { [key] = self.remove }; local last_err; -- cgit v1.2.3 From 8f5d92c15e9a26ca360454df6cab03f21c8eba39 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 19 Mar 2020 14:12:40 +0000 Subject: usermanager: Fix traceback when checking admin status of host-only JIDs (fixes #1508) --- core/usermanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core') diff --git a/core/usermanager.lua b/core/usermanager.lua index aced0379..11707450 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -149,7 +149,7 @@ local function get_roles(jid, host) local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider; - if actor_host == host then -- Local user + if actor_user and actor_host == host then -- Local user roles = authz_provider.get_user_roles(actor_user); else -- Remote user/JID roles = authz_provider.get_jid_roles(jid); -- cgit v1.2.3 From 7e181e31e0fdce18e0ce326f612edb2e9428fc13 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 22 Mar 2020 22:32:26 +0100 Subject: moduleapi: Fix handling of replies to :send_iq from internal modules Unclear exactly why, but replies to some queries to local modules would be discarded by stanza_router. This appears to fix it. --- core/moduleapi.lua | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 87c337d6..71239a0c 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -436,7 +436,16 @@ function api:send_iq(stanza, origin, timeout) return; end - self:send(stanza, origin); + local wrapped_origin = setmetatable({ + -- XXX Needed in some cases for replies to work correctly when sending queries internally. + send = function (stanza) + resolve({ stanza = stanza }); + end; + }, { + __index = origin or hosts[self.host]; + }); + + self:send(stanza, wrapped_origin); end); p:finally(function () -- cgit v1.2.3 From 38742f7b507df3687d7d068ff620611a84d874ca Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 1 Apr 2020 22:32:50 +0200 Subject: moduleapi: Rename argument to silence luacheck --- core/moduleapi.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 71239a0c..021db4c8 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -438,8 +438,8 @@ function api:send_iq(stanza, origin, timeout) local wrapped_origin = setmetatable({ -- XXX Needed in some cases for replies to work correctly when sending queries internally. - send = function (stanza) - resolve({ stanza = stanza }); + send = function (reply) + resolve({ stanza = reply }); end; }, { __index = origin or hosts[self.host]; -- cgit v1.2.3 From 401c48015c334a4664f369824f61f0c1a30d536b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 07:00:44 +0100 Subject: core.statsmanager: Allow passing a config table trough measure --- core/statsmanager.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/statsmanager.lua b/core/statsmanager.lua index d3f1d4f5..2297c959 100644 --- a/core/statsmanager.lua +++ b/core/statsmanager.lua @@ -60,9 +60,9 @@ local changed_stats = {}; local stats_extra = {}; if stats then - function measure(type, name) + function measure(type, name, conf) local f = assert(stats[type], "unknown stat type: "..type); - return f(name); + return f(name, conf); end if stats_interval then -- cgit v1.2.3 From 1f80e42aa5522074c5fa09333307a1c3ce50dc58 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 07:00:45 +0100 Subject: core.moduleapi: Allow passing a config table trough :measure --- core/moduleapi.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'core') diff --git a/core/moduleapi.lua b/core/moduleapi.lua index 021db4c8..1212db5a 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -508,9 +508,9 @@ function api:open_store(name, store_type) return require"core.storagemanager".open(self.host, name or self.name, store_type); end -function api:measure(name, stat_type) +function api:measure(name, stat_type, conf) local measure = require "core.statsmanager".measure; - return measure(stat_type, "/"..self.host.."/mod_"..self.name.."/"..name); + return measure(stat_type, "/"..self.host.."/mod_"..self.name.."/"..name, conf); end function api:measure_object_event(events_object, event_name, stat_name) -- cgit v1.2.3 From fb5e6faad6782d9b034e7b19656c944529d5d538 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 7 Jun 2020 02:12:50 +0200 Subject: core.certmanager: Add TODO about LuaSec issue --- core/certmanager.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 91475467..023218fa 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -37,6 +37,9 @@ local config_path = prosody.paths.config or "."; local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); +-- TODO Use ssl.config instead of require here once we are sure that the fix +-- in LuaSec has been widely distributed +-- https://github.com/brunoos/luasec/issues/149 local luasec_has = softreq"ssl.config" or { algorithms = { ec = luasec_version >= 5; -- cgit v1.2.3