From 4923ba82551161cc0cb46af8ff248c378645ec55 Mon Sep 17 00:00:00 2001 From: Florian Zeitz Date: Sun, 5 Jan 2014 22:21:50 +0100 Subject: mod_s2s: Include IP in log messages, if host is unavailable --- plugins/mod_s2s/mod_s2s.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index bb46cd2f..aa517bbd 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -356,7 +356,7 @@ function stream_callbacks.streamopened(session, attr) if to then hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features }); else - (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or "unknown host"); + (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); end log("debug", "Sending stream features: %s", tostring(features)); @@ -457,7 +457,7 @@ local function session_close(session, reason, remote_reason) end if reason then -- nil == no err, initiated by us, false == initiated by remote if type(reason) == "string" then -- assume stream error - log("debug", "Disconnecting %s[%s], is: %s", session.host or "(unknown host)", session.type, reason); + log("debug", "Disconnecting %s[%s], is: %s", session.host or session.ip or "(unknown host)", session.type, reason); session.sends2s(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' })); elseif type(reason) == "table" then if reason.condition then @@ -468,7 +468,7 @@ local function session_close(session, reason, remote_reason) if reason.extra then stanza:add_child(reason.extra); end - log("debug", "Disconnecting %s[%s], is: %s", session.host or "(unknown host)", session.type, tostring(stanza)); + log("debug", "Disconnecting %s[%s], is: %s", session.host or session.ip or "(unknown host)", session.type, tostring(stanza)); session.sends2s(stanza); elseif reason.name then -- a stanza log("debug", "Disconnecting %s->%s[%s], is: %s", session.from_host or "(unknown host)", session.to_host or "(unknown host)", session.type, tostring(reason)); @@ -643,7 +643,7 @@ function check_auth_policy(event) end if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then - module:log("warn", "Forbidding insecure connection to/from %s", host); + module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); if session.direction == "incoming" then session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); else -- Close outgoing connections without warning -- cgit v1.2.3 From 01f7ef6c9159fae3b9f0f8a1cd9eeb39e05d206e Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 12 Jan 2014 06:16:49 -0500 Subject: mod_tls: Log error when TLS initialization fails --- plugins/mod_tls.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 80b56abb..54c69873 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -91,14 +91,21 @@ module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) return true; end); +local function assert_log(ret, err) + if not ret then + module:log("error", "Unable to initialize TLS: %s", err); + end + return ret; +end + function module.load() local ssl_config = config.rawget(module.host, "ssl"); if not ssl_config then local base_host = module.host:match("%.(.*)"); ssl_config = config.get(base_host, "ssl"); end - host.ssl_ctx = create_context(host.host, "client", ssl_config); -- for outgoing connections - host.ssl_ctx_in = create_context(host.host, "server", ssl_config); -- for incoming connections + host.ssl_ctx = assert_log(create_context(host.host, "client", ssl_config)); -- for outgoing connections + host.ssl_ctx_in = assert_log(create_context(host.host, "server", ssl_config)); -- for incoming connections end function module.unload() -- cgit v1.2.3 From adc050b555c7a8910344617fcedfc504b6dab0c8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 15 Jan 2014 21:57:15 +0100 Subject: mod_tls: Rename variables to be less confusing --- plugins/mod_tls.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 54c69873..6db02c2c 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -10,8 +10,8 @@ local config = require "core.configmanager"; local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; -local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); -local secure_s2s_only = module:get_option("s2s_require_encryption"); +local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; @@ -20,8 +20,8 @@ local starttls_proceed = st.stanza("proceed", starttls_attr); local starttls_failure = st.stanza("failure", starttls_attr); local c2s_feature = st.stanza("starttls", starttls_attr); local s2s_feature = st.stanza("starttls", starttls_attr); -if secure_auth_only then c2s_feature:tag("required"):up(); end -if secure_s2s_only then s2s_feature:tag("required"):up(); end +if c2s_require_encryption then c2s_feature:tag("required"):up(); end +if s2s_require_encryption then s2s_feature:tag("required"):up(); end local global_ssl_ctx = prosody.global_ssl_ctx; -- cgit v1.2.3 From ad7e898be12b8592c20b0ee92f614c23f97de2b9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 15 Jan 2014 22:47:50 +0100 Subject: mod_tls: Let s2s_secure_auth override s2s_require_encryption and warn if they differ --- plugins/mod_tls.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 6db02c2c..2741b8d4 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -13,6 +13,12 @@ local st = require "util.stanza"; local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; +local s2s_secure_auth = module:get_option("s2s_secure_auth"); + +if s2s_secure_auth and s2s_require_encryption == false then + module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); + s2s_require_encryption = true; +end local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local starttls_attr = { xmlns = xmlns_starttls }; -- cgit v1.2.3 From a5f500f63dbbd0e4fc4be5ce440ba8b282b43dc5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 18 Jan 2014 20:14:05 +0100 Subject: MUC: Fire muc-room-destroyed event when the last participant leaves a non-persistent room --- plugins/muc/mod_muc.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index edebf070..6e86ab73 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -163,6 +163,7 @@ function stanza_handler(event) if room then room:handle_stanza(origin, stanza); if not next(room._occupants) and not persistent_rooms[room.jid] then -- empty, non-persistent room + module:fire_event("muc-room-destroyed", { room = room }); rooms[bare] = nil; -- discard room end else -- cgit v1.2.3 From b3971532af8c7cee385bd5b2bf3efc61332a43b8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 6 Feb 2014 10:44:21 +0100 Subject: mod_motd: Strip indentation only, leave multiple newlines --- plugins/mod_motd.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_motd.lua b/plugins/mod_motd.lua index ed78294b..3dd6b816 100644 --- a/plugins/mod_motd.lua +++ b/plugins/mod_motd.lua @@ -15,7 +15,7 @@ if not motd_text then return; end local st = require "util.stanza"; -motd_text = motd_text:gsub("^%s*(.-)%s*$", "%1"):gsub("\n%s+", "\n"); -- Strip indentation from the config +motd_text = motd_text:gsub("^%s*(.-)%s*$", "%1"):gsub("\n[ \t]+", "\n"); -- Strip indentation from the config module:hook("presence/bare", function (event) local session, stanza = event.origin, event.stanza; -- cgit v1.2.3 From 5eca01ae59084dd115e47bb8067657a0d82a9594 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 9 Feb 2014 15:13:46 +0100 Subject: mod_s2s: Log a warning if no local addresses are found, as this breaks s2sout --- plugins/mod_s2s/s2sout.lib.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 575d37ac..b24faf85 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -347,6 +347,9 @@ module:hook_global("service-added", function (event) has_ipv4 = true; end end + if not (has_ipv4 or has_ipv6) then + module:log("warn", "No local IPv4 or IPv6 addresses detected, outgoing connections may fail"); + end end); return s2sout; -- cgit v1.2.3 From b40e5a8cbc99069980cf4a0422f5027bf85f4f46 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 9 Feb 2014 15:17:01 +0100 Subject: mod_admin_telnet: Prep jids for user:create() etc. --- plugins/mod_admin_telnet.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 131689c5..2572e982 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -23,8 +23,7 @@ local console_listener = { default_port = 5582; default_mode = "*a"; interface = local iterators = require "util.iterators"; local keys, values = iterators.keys, iterators.values; -local jid = require "util.jid"; -local jid_bare, jid_split = jid.bare, jid.split; +local jid_bare, jid_split = import("util.jid", "bare", "prepped_split"); local set, array = require "util.set", require "util.array"; local cert_verify_identity = require "util.x509".verify_identity; local envload = require "util.envload".envload; -- cgit v1.2.3 From 72fd4f9f67821523290a90486665de70ba059ef8 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Mon, 17 Feb 2014 16:00:41 -0500 Subject: mod_auth_anonymous: Fixed a traceback in listing all users (issue#396). --- plugins/mod_auth_anonymous.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua index c877d532..8de46f8c 100644 --- a/plugins/mod_auth_anonymous.lua +++ b/plugins/mod_auth_anonymous.lua @@ -43,7 +43,7 @@ function provider.get_sasl_handler() end function provider.users() - return next, hosts[host].sessions, nil; + return next, hosts[module.host].sessions, nil; end -- datamanager callback to disable writes -- cgit v1.2.3 From cb9212005995667177efc44b191682320a5872a2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 18 Feb 2014 20:03:12 +0100 Subject: mod_compression: Only allow compression on authenticated streams --- plugins/mod_compression.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua index 92856099..531ea8ea 100644 --- a/plugins/mod_compression.lua +++ b/plugins/mod_compression.lua @@ -126,7 +126,7 @@ end module:hook("stanza/http://jabber.org/protocol/compress:compressed", function(event) local session = event.origin; - if session.type == "s2sout_unauthed" or session.type == "s2sout" then + if session.type == "s2sout" then session.log("debug", "Activating compression...") -- create deflate and inflate streams local deflate_stream = get_deflate_stream(session); @@ -150,7 +150,7 @@ end); module:hook("stanza/http://jabber.org/protocol/compress:compress", function(event) local session, stanza = event.origin, event.stanza; - if session.type == "c2s" or session.type == "s2sin" or session.type == "c2s_unauthed" or session.type == "s2sin_unauthed" then + if session.type == "c2s" or session.type == "s2sin" then -- fail if we are already compressed if session.compressed then local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); -- cgit v1.2.3 From 33973cf0ddebe3da6c0849ff4cc7104f8e8554f8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 20 Feb 2014 19:08:55 +0100 Subject: mod_http: Use hostname from the correct context (thanks gryffus) --- plugins/mod_http.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 0689634e..afcec069 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -42,7 +42,7 @@ local function get_base_path(host_module, app_name, default_app_path) return (normalize_path(host_module:get_option("http_paths", {})[app_name] -- Host or module:get_option("http_paths", {})[app_name] -- Global or default_app_path)) -- Default - :gsub("%$(%w+)", { host = module.host }); + :gsub("%$(%w+)", { host = host_module.host }); end local ports_by_scheme = { http = 80, https = 443, }; -- cgit v1.2.3 From 2581518210994e410d8163d6aeb32b010a8f1cde Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 26 Feb 2014 22:19:58 +0100 Subject: mod_http: Fix http_external_url setting without an explicit port --- plugins/mod_http.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index afcec069..86689aff 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -51,6 +51,9 @@ local ports_by_scheme = { http = 80, https = 443, }; function moduleapi.http_url(module, app_name, default_path) app_name = app_name or (module.name:gsub("^http_", "")); local external_url = url_parse(module:get_option_string("http_external_url")) or {}; + if external_url.scheme and external_url.port == nil then + external_url.port = ports_by_scheme[external_url.scheme]; + end local services = portmanager.get_active_services(); local http_services = services:get("https") or services:get("http") or {}; for interface, ports in pairs(http_services) do -- cgit v1.2.3 From 69351d5d2a2a1045278cc2f2069698eba470057c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 9 Mar 2014 22:16:44 +0100 Subject: mod_http_files: Strip path separator from end of paths, was broken on Windows (thanks Junne) --- plugins/mod_http_files.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 6ab295ac..3a9368b9 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -14,6 +14,7 @@ local os_date = os.date; local open = io.open; local stat = lfs.attributes; local build_path = require"socket.url".build_path; +local path_sep = package.config:sub(1,1); local base_path = module:get_option_string("http_files_dir", module:get_option_string("http_path")); local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" }); @@ -61,7 +62,7 @@ function serve(opts) local request, response = event.request, event.response; local orig_path = request.path; local full_path = base_path .. (path and "/"..path or ""); - local attr = stat(full_path); + local attr = stat((full_path:gsub('%'..path_sep..'+$',''))); if not attr then return 404; end -- cgit v1.2.3 From 264d863f310678f89d54540f68de57dd542dfe61 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 22 Mar 2014 12:41:38 +0100 Subject: mod_saslauth: Only do c2s SASL on normal VirtualHosts --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 201cc477..c5d3dc91 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -197,7 +197,7 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event) return s2s_external_auth(session, stanza) end - if session.type ~= "c2s_unauthed" then return; end + if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end if session.sasl_handler and session.sasl_handler.selected then session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one -- cgit v1.2.3 From 0c8605386437a149e30f5e23633e227607386da6 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Tue, 1 Apr 2014 10:02:58 -0400 Subject: MUC: Fixed traceback when a JID not in a room requested a role change for an occupant. --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 0dbe81fa..8028f5ae 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1060,7 +1060,7 @@ function room_mt:can_set_role(actor_jid, occupant_jid, role) if actor_jid == true then return true; end local actor = self._occupants[self._jid_nick[actor_jid]]; - if actor.role == "moderator" then + if actor and actor.role == "moderator" then if occupant.affiliation ~= "owner" and occupant.affiliation ~= "admin" then if actor.affiliation == "owner" or actor.affiliation == "admin" then return true; -- cgit v1.2.3 From 3f442f66f5c72e354c8e8ddd98e3695f4206ec7b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 5 Apr 2014 15:05:40 +0100 Subject: mod_admin_telnet: muc:*: Fix nil index error when a room JID is passed with a non-existent host --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 2572e982..6f02f030 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -942,6 +942,9 @@ end function def_env.muc:create(room_jid) local room, host = check_muc(room_jid); + if not room_name then + return room_name, host; + end if not room then return nil, host end if hosts[host].modules.muc.rooms[room_jid] then return nil, "Room exists already" end return hosts[host].modules.muc.create_room(room_jid); @@ -949,6 +952,9 @@ end function def_env.muc:room(room_jid) local room_name, host = check_muc(room_jid); + if not room_name then + return room_name, host; + end local room_obj = hosts[host].modules.muc.rooms[room_jid]; if not room_obj then return nil, "No such room: "..room_jid; -- cgit v1.2.3 From 2e1c23fdc14e1369114d71677f872173e4783598 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 10 May 2014 02:12:51 +0200 Subject: mod_c2s: Fix traceback if c2s stream sent to component --- plugins/mod_c2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index b2a81592..5feb1f2c 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -50,7 +50,7 @@ function stream_callbacks.streamopened(session, attr) session.streamid = uuid_generate(); (session.log or session)("debug", "Client sent opening to %s", session.host); - if not hosts[session.host] then + if not hosts[session.host] or not hosts[session.host].users then -- We don't serve this host... session:close{ condition = "host-unknown", text = "This server does not serve "..tostring(session.host)}; return; -- cgit v1.2.3 From 806a93a534621f8214089ba32c455019e5298bd2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jul 2014 17:53:24 +0200 Subject: mod_register: get_child_text! (thanks Lloyd) --- plugins/mod_register.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 141a4997..3d7a068c 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -115,8 +115,8 @@ local function handle_registration_stanza(event) module:log("info", "User removed their account: %s@%s", username, host); module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session }); else - local username = nodeprep(query:get_child("username"):get_text()); - local password = query:get_child("password"):get_text(); + local username = nodeprep(query:get_child_text("username")); + local password = query:get_child_text("password"); if username and password then if username == session.username then if usermanager_set_password(username, password, session.host) then -- cgit v1.2.3 From 7de3834a31f0a2150cbdbb43a49ea1f84dba4e94 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 25 Jul 2014 13:59:17 +0200 Subject: mod_admin_telnet: Fix dns:(add,set)nameservers() --- plugins/mod_admin_telnet.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 6f02f030..671b6d89 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1058,12 +1058,12 @@ function def_env.dns:lookup(name, typ, class) end function def_env.dns:addnameserver(...) - dns.addnameserver(...) + dns._resolver:addnameserver(...) return true end function def_env.dns:setnameserver(...) - dns.setnameserver(...) + dns._resolver:setnameserver(...) return true end -- cgit v1.2.3 From bdcf8cd9da18672454dd03c625f01ede579d8cd2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Aug 2014 12:02:41 +0200 Subject: mod_posix: Make sure that 'pidfile' is a string --- plugins/mod_posix.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 28fd7f38..b289fa44 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -80,7 +80,7 @@ local function write_pidfile() if pidfile_handle then remove_pidfile(); end - pidfile = module:get_option("pidfile"); + pidfile = module:get_option_string("pidfile"); if pidfile then local err; local mode = stat(pidfile) and "r+" or "w+"; -- cgit v1.2.3 From 1f1971f1264664ef6efec8e9ebd474e1406447c8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Aug 2014 12:19:27 +0200 Subject: mod_compression: Handle compression setup errors by logging a warning about it (fixes #408) --- plugins/mod_compression.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua index 531ea8ea..1ec4c85a 100644 --- a/plugins/mod_compression.lua +++ b/plugins/mod_compression.lua @@ -147,6 +147,12 @@ module:hook("stanza/http://jabber.org/protocol/compress:compressed", function(ev end end); +module:hook("stanza/http://jabber.org/protocol/compress:failure", function(event) + local err = event.stanza:get_child(); + (event.origin.log or module._log)("warn", "Compression setup failed (%s)", err and err.name or "unknown reason"); + return true; +end); + module:hook("stanza/http://jabber.org/protocol/compress:compress", function(event) local session, stanza = event.origin, event.stanza; -- cgit v1.2.3 From 005b4aa6567836dad3da3d5ef3f357b10da9699f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Aug 2014 21:50:08 +0200 Subject: mod_s2s: Mark stream as opened earlier for outgoing connections, fixes double stream headers on policy failures --- plugins/mod_s2s/mod_s2s.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index aa517bbd..d4864a38 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -362,7 +362,9 @@ function stream_callbacks.streamopened(session, attr) log("debug", "Sending stream features: %s", tostring(features)); send(features); end + session.notopen = nil; elseif session.direction == "outgoing" then + session.notopen = nil; -- If we are just using the connection for verifying dialback keys, we won't try and auth it if not attr.id then error("stream response did not give us a streamid!!!"); end session.streamid = attr.id; @@ -396,7 +398,6 @@ function stream_callbacks.streamopened(session, attr) end end end - session.notopen = nil; end function stream_callbacks.streamclosed(session) -- cgit v1.2.3 From f1e1b7b337884c764657245a3e42b8a438ad2c1c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Aug 2014 13:20:08 +0200 Subject: mod_s2s: Reset stream ID when resetting stream [compliance] --- plugins/mod_s2s/mod_s2s.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index d4864a38..c288d858 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -528,6 +528,7 @@ local function initialize_session(session) function session.reset_stream() session.notopen = true; + session.streamid = nil; session.stream:reset(); end -- cgit v1.2.3 From 67e061cab521ceb6c22f3b91c57f78727701732a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 23 Aug 2014 09:29:17 +0100 Subject: mod_c2s, mod_s2s: Log received invalid stream headers --- plugins/mod_c2s.lua | 2 +- plugins/mod_s2s/mod_s2s.lua | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 5feb1f2c..b6895f4b 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -91,7 +91,7 @@ end function stream_callbacks.error(session, error, data) if error == "no-stream" then - session.log("debug", "Invalid opening stream header"); + session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); session:close("invalid-namespace"); elseif error == "parse-error" then (session.log or log)("debug", "Client XML parse error: %s", tostring(data)); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index c288d858..44334428 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -407,6 +407,7 @@ end function stream_callbacks.error(session, error, data) if error == "no-stream" then + session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); session:close("invalid-namespace"); elseif error == "parse-error" then session.log("debug", "Server-to-server XML parse error: %s", tostring(error)); -- cgit v1.2.3 From 18972a28d852a6fa6a2e8b47f4fbcaac61ff6254 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 28 Aug 2014 09:17:07 +0100 Subject: mod_privacy: Fix to correctly sort privacy list rules by order (thanks Flow) --- plugins/mod_privacy.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua index 31ace9f9..49c9427f 100644 --- a/plugins/mod_privacy.lua +++ b/plugins/mod_privacy.lua @@ -157,7 +157,7 @@ function createOrReplaceList (privacy_lists, origin, stanza, name, entries) list.items[#list.items + 1] = tmp; end - table.sort(list, function(a, b) return a.order < b.order; end); + table.sort(list.items, function(a, b) return a.order < b.order; end); origin.send(st.reply(stanza)); if bare_sessions[bare_jid] ~= nil then -- cgit v1.2.3 From f7fb69e5e53ce95d14f60d9e51d12fb09d15479c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Sep 2014 17:24:25 +0200 Subject: mod_s2s: Close offending s2s streams missing an 'id' attribute with a stream error instead of throwing an unhandled error --- plugins/mod_s2s/mod_s2s.lua | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 44334428..834e6a1c 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -365,8 +365,11 @@ function stream_callbacks.streamopened(session, attr) session.notopen = nil; elseif session.direction == "outgoing" then session.notopen = nil; - -- If we are just using the connection for verifying dialback keys, we won't try and auth it - if not attr.id then error("stream response did not give us a streamid!!!"); end + if not attr.id then + log("error", "Stream response did not give us a stream id!"); + session:close({ condition = "undefined-condition", text = "Missing stream ID" }); + return; + end session.streamid = attr.id; if session.secure and not session.cert_chain_status then -- cgit v1.2.3 From a76091c611089e18bf72d13e306a798d16c35645 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 29 Aug 2014 11:54:34 +0100 Subject: net.http, net.http.server, mod_c2s, mod_s2s, mod_component, mod_admin_telnet, mod_net_multiplex: Add ondetach to release connection from 'sessions' table (or equivalent) --- plugins/mod_admin_telnet.lua | 4 ++++ plugins/mod_c2s.lua | 4 ++++ plugins/mod_component.lua | 4 ++++ plugins/mod_net_multiplex.lua | 3 ++- plugins/mod_s2s/mod_s2s.lua | 4 ++++ 5 files changed, 18 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 671b6d89..e4b5a045 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -163,6 +163,10 @@ function console_listener.ondisconnect(conn, err) end end +function console_listener.ondetach(conn) + sessions[conn] = nil; +end + -- Console commands -- -- These are simple commands, not valid standalone in Lua diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index b6895f4b..3d6487c9 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -266,6 +266,10 @@ function listener.associate_session(conn, session) sessions[conn] = session; end +function listener.ondetach(conn) + sessions[conn] = nil; +end + module:hook("server-stopping", function(event) local reason = event.reason; for _, session in pairs(sessions) do diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index c5a1da81..7bc0f5b7 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -319,6 +319,10 @@ function listener.ondisconnect(conn, err) end end +function listener.ondetach(conn) + sessions[conn] = nil; +end + module:provides("net", { name = "component"; private = true; diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index d666b907..0dd3dc67 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -34,7 +34,6 @@ end function listener.onincoming(conn, data) if not data then return; end local buf = buffers[conn]; - buffers[conn] = nil; buf = buf and buf..data or data; for service, multiplex_pattern in pairs(available_services) do if buf:match(multiplex_pattern) then @@ -57,6 +56,8 @@ function listener.ondisconnect(conn, err) buffers[conn] = nil; -- warn if no buffer? end +listener.ondetach = listener.ondisconnect; + module:provides("net", { name = "multiplex"; config_prefix = ""; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 834e6a1c..ee03987d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -638,6 +638,10 @@ function listener.register_outgoing(conn, session) initialize_session(session); end +function listener.ondetach(conn) + sessions[conn] = nil; +end + function check_auth_policy(event) local host, session = event.host, event.session; local must_secure = secure_auth; -- cgit v1.2.3 From 82b33b4906f7219dc19e2895ff5d1a30a68207bc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Sep 2014 11:02:06 +0200 Subject: mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions' command (thanks Lloyd) --- plugins/mod_admin_adhoc.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua index 2c6047da..704b2685 100644 --- a/plugins/mod_admin_adhoc.lua +++ b/plugins/mod_admin_adhoc.lua @@ -162,7 +162,7 @@ local end_user_session_layout = dataforms_new{ instructions = "Fill out this form to end a user's session."; { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" }; - { name = "accountjids", type = "jid-multi", label = "The Jabber ID(s) for which to end sessions" }; + { name = "accountjids", type = "jid-multi", label = "The Jabber ID(s) for which to end sessions", required = true }; }; local end_user_session_handler = adhoc_simple(end_user_session_layout, function(fields, err) -- cgit v1.2.3 From 0ccb1f50b0a19d478470156eec62f2fa1767ed0d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Sep 2014 11:18:04 +0200 Subject: mod_admin_adhoc: Add required to field in user deletion form too --- plugins/mod_admin_adhoc.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua index 704b2685..232fa5f7 100644 --- a/plugins/mod_admin_adhoc.lua +++ b/plugins/mod_admin_adhoc.lua @@ -118,7 +118,7 @@ local delete_user_layout = dataforms_new{ instructions = "Fill out this form to delete a user."; { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" }; - { name = "accountjids", type = "jid-multi", label = "The Jabber ID(s) to delete" }; + { name = "accountjids", type = "jid-multi", required = true, label = "The Jabber ID(s) to delete" }; }; local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fields, err) -- cgit v1.2.3 From 00661df08d750b8486ca5bb64c38aa5359073ee7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 10 Oct 2014 00:56:53 +0200 Subject: mod_s2s: Capitalize log message --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ee03987d..d8846a6f 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -49,7 +49,7 @@ local bouncy_stanzas = { message = true, presence = true, iq = true }; local function bounce_sendq(session, reason) local sendq = session.sendq; if not sendq then return; end - session.log("info", "sending error replies for "..#sendq.." queued stanzas because of failed outgoing connection to "..tostring(session.to_host)); + session.log("info", "Sending error replies for "..#sendq.." queued stanzas because of failed outgoing connection to "..tostring(session.to_host)); local dummy = { type = "s2sin"; send = function(s) -- cgit v1.2.3 From dbfcafeb754aa055d6017feff5659cbdc4c173bd Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 14 Oct 2014 10:58:11 +0100 Subject: mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth') --- plugins/mod_pubsub.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub.lua b/plugins/mod_pubsub.lua index 926ed4f2..04f2b615 100644 --- a/plugins/mod_pubsub.lua +++ b/plugins/mod_pubsub.lua @@ -39,7 +39,7 @@ local pubsub_errors = { ["nodeid-required"] = { "modify", "bad-request", nil, "nodeid-required" }; ["item-not-found"] = { "cancel", "item-not-found" }; ["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" }; - ["forbidden"] = { "cancel", "forbidden" }; + ["forbidden"] = { "auth", "forbidden" }; }; function pubsub_error_reply(stanza, error) local e = pubsub_errors[error]; -- cgit v1.2.3 From 5bab5b528ace033b7bedd900e18ee05d3c51c59a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 20 Feb 2015 22:53:12 +0000 Subject: mod_admin_telnet: Require util.pposix (fixes #471) --- plugins/mod_admin_telnet.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index e4b5a045..437ded01 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -313,6 +313,7 @@ local function human(kb) end function def_env.server:memory() + local pposix = require("util.pposix"); if not pposix.meminfo then return true, "Lua is using "..collectgarbage("count"); end -- cgit v1.2.3 From 553a587fe3768241f5c8641a09c989e63423d4d5 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 14 Mar 2015 22:39:23 +0000 Subject: mod_http: Log event name when adding a HTTP app's hooks --- plugins/mod_http.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 86689aff..610ae0ae 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -102,6 +102,7 @@ function module.add_host(module) end if not app_handlers[event_name] then app_handlers[event_name] = handler; + module:log("debug", "Adding app '%s' to handle %s", app_name, event_name); module:hook_object_event(server, event_name, handler); else module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); -- cgit v1.2.3 From a676aa5e4504b14062e5afa091d815911a779dd6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Mar 2015 18:40:12 +0100 Subject: Backout 7726b627c3ea --- plugins/mod_http.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 610ae0ae..86689aff 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -102,7 +102,6 @@ function module.add_host(module) end if not app_handlers[event_name] then app_handlers[event_name] = handler; - module:log("debug", "Adding app '%s' to handle %s", app_name, event_name); module:hook_object_event(server, event_name, handler); else module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); -- cgit v1.2.3 From 72f36b47688449a69477bece51919426b95d17bf Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Mar 2015 18:44:12 +0100 Subject: mod_http: Log a debug message when adding new http apps and warn if no http ports are enabled --- plugins/mod_http.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 86689aff..9ff3af74 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -110,6 +110,12 @@ function module.add_host(module) module:log("error", "Invalid route in %s, %q. See http://prosody.im/doc/developers/http#routes", app_name, key); end end + local services = portmanager.get_active_services(); + if services:get("https") or services:get("http") then + module:log("debug", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); + else + module:log("warn", "Not listening on any ports, '%s' will be unreachable", app_name); + end end local function http_app_removed(event) -- cgit v1.2.3 From e9801c774da19f9d0722685973352a524f00f1af Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Mar 2015 18:45:02 +0100 Subject: mod_http: Return a static string from module:http_url() when no ports are enabled and log a warning --- plugins/mod_http.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 9ff3af74..9b574bc8 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -69,6 +69,8 @@ function moduleapi.http_url(module, app_name, default_path) return url_build(url); end end + module:log("warn", "No http ports enabled, can't generate an external URL"); + return "http://disabled.invalid/"; end function module.add_host(module) -- cgit v1.2.3 From 85221efee2aa267f19ece529b56b2f94ce4df243 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 24 Mar 2015 16:03:37 +0000 Subject: mod_s2s: to/from attributes are required on s2s stream headers. Set them to '' when not available. Fixes #468. --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index d8846a6f..f5297efe 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -512,7 +512,7 @@ function session_open_stream(session, from, to) version = session.version and (session.version > 0 and "1.0" or nil), ["xml:lang"] = 'en', id = session.streamid, - from = from, to = to, + from = from or "", to = to or "", } if not from or (hosts[from] and hosts[from].modules.dialback) then attr["xmlns:db"] = 'jabber:server:dialback'; -- cgit v1.2.3 From 1626e0537bc7823f6f3521e9cdfcce4f2ffc017a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 24 Apr 2015 14:14:01 +0200 Subject: net.dns, mod_s2s: Add chasing of CNAMEs to net.dns and remove it from mod_s2s --- plugins/mod_s2s/s2sout.lib.lua | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index b24faf85..67b8fd0f 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -169,18 +169,6 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) handle4 = adns.lookup(function (reply, err) handle4 = nil; - -- COMPAT: This is a compromise for all you CNAME-(ab)users :) - if not (reply and reply[#reply] and reply[#reply].a) then - local count = max_dns_depth; - reply = dns.peek(connect_host, "CNAME", "IN"); - while count > 0 and reply and reply[#reply] and not reply[#reply].a and reply[#reply].cname do - log("debug", "Looking up %s (DNS depth is %d)", tostring(reply[#reply].cname), count); - reply = dns.peek(reply[#reply].cname, "A", "IN") or dns.peek(reply[#reply].cname, "CNAME", "IN"); - count = count - 1; - end - end - -- end of CNAME resolving - if reply and reply[#reply] and reply[#reply].a then for _, ip in ipairs(reply) do log("debug", "DNS reply for %s gives us %s", connect_host, ip.a); -- cgit v1.2.3 From c22dec3f1c5a28dcb7d71ecf16b48b545d1e5423 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 May 2015 21:43:05 +0200 Subject: mod_s2s/s2sout: Remove now unused config option dns_max_depth --- plugins/mod_s2s/s2sout.lib.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 67b8fd0f..dc122af7 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -29,7 +29,6 @@ local has_ipv4, has_ipv6; local dns_timeout = module:get_option_number("dns_timeout", 15); dns.settimeout(dns_timeout); -local max_dns_depth = module:get_option_number("dns_max_depth", 3); local s2sout = {}; -- cgit v1.2.3 From 3391b867193c3c1c772d4b1b0a5a0940948b63f1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 May 2015 21:47:39 +0200 Subject: mod_s2s/s2sout: Use the local address assigned to UDP sockets instead of util.net to enumerate possible source addresses --- plugins/mod_s2s/s2sout.lib.lua | 46 ++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 22 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index dc122af7..5728f67b 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -18,13 +18,31 @@ local socket = require "socket"; local adns = require "net.adns"; local dns = require "net.dns"; local t_insert, t_sort, ipairs = table.insert, table.sort, ipairs; -local local_addresses = require "util.net".local_addresses; local s2s_destroy_session = require "core.s2smanager".destroy_session; local log = module._log; -local sources = {}; +local anysource = { IPv4 = "0.0.0.0", IPv6 = "::" }; +local function get_sources(addrs) + local sources = {}; + for _, IP in ipairs(addrs) do + local sock; + if IP.proto == "IPv4" then + sock = socket.udp(); + elseif IP.proto == "IPv6" then + sock = socket.udp6(); + end + sock:setpeername(IP.addr, 9); + local localaddr = sock:getsockname() or anysource[IP.proto]; + sock:close(); + if not sources[localaddr] then + sources[localaddr] = true; + t_insert(sources, new_ip(localaddr, IP.proto)); + end + end + return sources; +end local has_ipv4, has_ipv6; local dns_timeout = module:get_option_number("dns_timeout", 15); @@ -177,7 +195,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) if have_other_result then if #IPs > 0 then - rfc6724_dest(host_session.ip_hosts, sources); + rfc6724_dest(host_session.ip_hosts, get_sources(host_session.ip_hosts)); for i = 1, #IPs do IPs[i] = {ip = IPs[i], port = connect_port}; end @@ -213,7 +231,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) if have_other_result then if #IPs > 0 then - rfc6724_dest(host_session.ip_hosts, sources); + rfc6724_dest(host_session.ip_hosts, get_sources(host_session.ip_hosts)); for i = 1, #IPs do IPs[i] = {ip = IPs[i], port = connect_port}; end @@ -315,28 +333,12 @@ module:hook_global("service-added", function (event) return; end for source, _ in pairs(s2s_sources) do - if source == "*" or source == "0.0.0.0" then - for _, addr in ipairs(local_addresses("ipv4", true)) do - sources[#sources + 1] = new_ip(addr, "IPv4"); - end - elseif source == "::" then - for _, addr in ipairs(local_addresses("ipv6", true)) do - sources[#sources + 1] = new_ip(addr, "IPv6"); - end - else - sources[#sources + 1] = new_ip(source, (source:find(":") and "IPv6") or "IPv4"); - end - end - for i = 1,#sources do - if sources[i].proto == "IPv6" then + if source:find(":") then has_ipv6 = true; - elseif sources[i].proto == "IPv4" then + else has_ipv4 = true; end end - if not (has_ipv4 or has_ipv6) then - module:log("warn", "No local IPv4 or IPv6 addresses detected, outgoing connections may fail"); - end end); return s2sout; -- cgit v1.2.3 From cb22f32f7f348216f5da45a95e4c87f77a7c1b4d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 May 2015 21:55:08 +0200 Subject: mod_s2s: Don't cache session.sends2s (or do it later), prevents sending data after session was closed --- plugins/mod_s2s/mod_s2s.lua | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index f5297efe..1408fd5e 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -147,7 +147,7 @@ end -- Stream is authorised, and ready for normal stanzas function mark_connected(session) - local sendq, send = session.sendq, session.sends2s; + local sendq = session.sendq; local from, to = session.from_host, session.to_host; @@ -170,6 +170,7 @@ function mark_connected(session) if session.direction == "outgoing" then if sendq then session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); + local send = session.sends2s; for i, data in ipairs(sendq) do send(data[1]); sendq[i] = nil; @@ -269,8 +270,6 @@ local stream_callbacks = { default_ns = "jabber:server", handlestanza = core_pr local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; function stream_callbacks.streamopened(session, attr) - local send = session.sends2s; - session.version = tonumber(attr.version) or 0; -- TODO: Rename session.secure to session.encrypted @@ -360,7 +359,7 @@ function stream_callbacks.streamopened(session, attr) end log("debug", "Sending stream features: %s", tostring(features)); - send(features); + session.sends2s(features); end session.notopen = nil; elseif session.direction == "outgoing" then -- cgit v1.2.3 From ddc9a47072862ea93645917a23755935b7607690 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 13 May 2015 21:56:22 +0200 Subject: mod_s2s: Mark stream as opened directly after opening stream, prevents session.close opening it again --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 1408fd5e..ee539a2a 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -349,6 +349,7 @@ function stream_callbacks.streamopened(session, attr) end session:open_stream(session.to_host, session.from_host) + session.notopen = nil; if session.version >= 1.0 then local features = st.stanza("stream:features"); @@ -361,7 +362,6 @@ function stream_callbacks.streamopened(session, attr) log("debug", "Sending stream features: %s", tostring(features)); session.sends2s(features); end - session.notopen = nil; elseif session.direction == "outgoing" then session.notopen = nil; if not attr.id then -- cgit v1.2.3 From e1fae3ac4a25cc0919874fd01a42bc4f1f58e52d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 16 Jun 2015 15:13:47 +0200 Subject: MUC: Remove half of monkeypatch that was supposed to make admins always be room owners, fixes #458 --- plugins/muc/mod_muc.lua | 5 ----- 1 file changed, 5 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 6e86ab73..c932b0a4 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -44,16 +44,11 @@ local function is_admin(jid) return um_is_admin(jid, module.host); end -local _set_affiliation = muc_new_room.room_mt.set_affiliation; local _get_affiliation = muc_new_room.room_mt.get_affiliation; function muclib.room_mt:get_affiliation(jid) if is_admin(jid) then return "owner"; end return _get_affiliation(self, jid); end -function muclib.room_mt:set_affiliation(actor, jid, affiliation, callback, reason) - if is_admin(jid) then return nil, "modify", "not-acceptable"; end - return _set_affiliation(self, actor, jid, affiliation, callback, reason); -end local function room_route_stanza(room, stanza) module:send(stanza); end local function room_save(room, forced) -- cgit v1.2.3 From ff6a3b3aded5efed20e3fb42cd76a3c59460874d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Jun 2015 17:54:19 +0200 Subject: Backed out changeset bea3862b6bde in favor of a different approach --- plugins/muc/mod_muc.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index c932b0a4..6e86ab73 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -44,11 +44,16 @@ local function is_admin(jid) return um_is_admin(jid, module.host); end +local _set_affiliation = muc_new_room.room_mt.set_affiliation; local _get_affiliation = muc_new_room.room_mt.get_affiliation; function muclib.room_mt:get_affiliation(jid) if is_admin(jid) then return "owner"; end return _get_affiliation(self, jid); end +function muclib.room_mt:set_affiliation(actor, jid, affiliation, callback, reason) + if is_admin(jid) then return nil, "modify", "not-acceptable"; end + return _set_affiliation(self, actor, jid, affiliation, callback, reason); +end local function room_route_stanza(room, stanza) module:send(stanza); end local function room_save(room, forced) -- cgit v1.2.3 From d3ff677ce8be30231ee116bdde22633fe89c3bd3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Jun 2015 17:58:24 +0200 Subject: MUC: Prevent admins from being given affiliatons other than owner --- plugins/muc/mod_muc.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 6e86ab73..acc2da0d 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -51,7 +51,7 @@ function muclib.room_mt:get_affiliation(jid) return _get_affiliation(self, jid); end function muclib.room_mt:set_affiliation(actor, jid, affiliation, callback, reason) - if is_admin(jid) then return nil, "modify", "not-acceptable"; end + if affiliation ~= "owner" and is_admin(jid) then return nil, "modify", "not-acceptable"; end return _set_affiliation(self, actor, jid, affiliation, callback, reason); end -- cgit v1.2.3 From 051811cd38e05d63bd9c043e466ac744c0c58feb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 10 Aug 2015 22:13:02 +0200 Subject: mod_component: Fire an event on successful component authentication (For Goffi) --- plugins/mod_component.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index 7bc0f5b7..11abab79 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -85,6 +85,7 @@ function module.add_host(module) session.type = "component"; module:log("info", "External component successfully authenticated"); session.send(st.stanza("handshake")); + module:fire_event("component-authenticated", { session = session }); return true; end -- cgit v1.2.3 From f2f24a13e074898e269169cbeb599cf3cb598dcc Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 4 Sep 2015 11:26:51 +0100 Subject: mod_pep: Document data structures, so I don't have to spend time remembering every time I work on this module --- plugins/mod_pep.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index bdb742e3..7b4c5ddc 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -17,9 +17,13 @@ local type = type; local calculate_hash = require "util.caps".calculate_hash; local core_post_stanza = prosody.core_post_stanza; +-- Used as canonical 'empty table' local NULL = {}; +-- data[user_bare_jid][node] = item_stanza local data = {}; +--- recipients[user_bare_jid][contact_full_jid][subscribed_node] = true local recipients = {}; +-- hash_map[hash][subscribed_nodes] = true local hash_map = {}; module.save = function() -- cgit v1.2.3 From 853f18a9cbbc25b6830f7edabdf135f3165c60ec Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 25 Sep 2015 16:48:25 +0100 Subject: mod_pep: Don't store contacts' subscriptions to a user's nodes when that user is offline --- plugins/mod_pep.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 7b4c5ddc..22790869 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -16,6 +16,7 @@ local next = next; local type = type; local calculate_hash = require "util.caps".calculate_hash; local core_post_stanza = prosody.core_post_stanza; +local bare_sessions = prosody.bare_sessions; -- Used as canonical 'empty table' local NULL = {}; @@ -122,6 +123,9 @@ module:hook("presence/bare", function(event) local t = stanza.attr.type; local self = not stanza.attr.to; + -- Only cache subscriptions if user is online + if not bare_sessions[user] then return; end + if not t then -- available presence if self or subscription_presence(user, stanza.attr.from) then local recipient = stanza.attr.from; @@ -283,3 +287,11 @@ module:hook("account-disco-items", function(event) end end end); + +module:hook("resource-unbind", function (event) + local user_bare_jid = event.session.username.."@"..event.session.host; + if not bare_sessions[user_bare_jid] then -- User went offline + -- We don't need this info cached anymore, clear it. + recipients[user_bare_jid] = nil; + end +end); -- cgit v1.2.3 From c6d0454e0f3c4b47ae37903727d8bec8926cacae Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 26 Sep 2015 19:34:58 +0200 Subject: mod_http_files: Strip trailing directory separator regardless of directionality of the slash (fixes #545) --- plugins/mod_http_files.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 3a9368b9..9d81f540 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -62,7 +62,7 @@ function serve(opts) local request, response = event.request, event.response; local orig_path = request.path; local full_path = base_path .. (path and "/"..path or ""); - local attr = stat((full_path:gsub('%'..path_sep..'+$',''))); + local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows if not attr then return 404; end -- cgit v1.2.3 From 8caf3cf4120e361e27c4eff6c9ad93a59589425c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 26 Sep 2015 19:35:56 +0200 Subject: mod_http_files: Translate forward slashes to local directory separators --- plugins/mod_http_files.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 9d81f540..9839fed9 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -61,7 +61,7 @@ function serve(opts) local function serve_file(event, path) local request, response = event.request, event.response; local orig_path = request.path; - local full_path = base_path .. (path and "/"..path or ""); + local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep); local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows if not attr then return 404; -- cgit v1.2.3 From 6c57db9f1cf00482f5a788c33ca485b241cc5989 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 17 Nov 2015 17:01:25 +0000 Subject: muc.lib: Fix pattern so that it doesn't match hashes containing null bytes, causing dropped stanzas (thanks Jitsi folk!) --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 8028f5ae..d42fb2eb 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -361,7 +361,7 @@ local function construct_stanza_id(room, stanza) end local function deconstruct_stanza_id(room, stanza) local from_jid_possiblybare, to_nick = stanza.attr.from, stanza.attr.to; - local from_jid, id, to_jid_hash = (base64.decode(stanza.attr.id) or ""):match("^(.+)%z(.*)%z(.+)$"); + local from_jid, id, to_jid_hash = (base64.decode(stanza.attr.id) or ""):match("^(%Z+)%z(%Z*)%z(.+)$"); local from_nick = room._jid_nick[from_jid]; if not(from_nick) then return; end -- cgit v1.2.3 From 6ca624cf7f05603cd1330241634e3f15842b6a65 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 16 Dec 2015 16:41:48 +0000 Subject: MUC: Fix incorrect nesting of status codes when room config changes (fixes #579) --- plugins/muc/muc.lib.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index d42fb2eb..5879c256 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -736,7 +736,7 @@ function room_mt:process_form(origin, stanza) if dirty or whois_changed then local msg = st.message({type='groupchat', from=self.jid}) - :tag('x', {xmlns='http://jabber.org/protocol/muc#user'}):up() + :tag('x', {xmlns='http://jabber.org/protocol/muc#user'}); if dirty then msg.tags[1]:tag('status', {code = '104'}):up(); @@ -745,6 +745,7 @@ function room_mt:process_form(origin, stanza) local code = (whois == 'moderators') and "173" or "172"; msg.tags[1]:tag('status', {code = code}):up(); end + msg:up(); self:broadcast_message(msg, false) end -- cgit v1.2.3 From 03af283f59f517c47b613bff1e49691df3960e1b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 22 Dec 2015 14:15:09 +0000 Subject: mod_admin_telnet: Backport 06696882d972 from 0.10 (this command greatly helps with debugging HTTP issues) --- plugins/mod_admin_telnet.lua | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 437ded01..86403606 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1081,6 +1081,33 @@ function def_env.dns:cache() return true, "Cache:\n"..tostring(dns.cache()) end +def_env.http = {}; + +function def_env.http:list() + local print = self.session.print; + + for host in pairs(prosody.hosts) do + local http_apps = modulemanager.get_items("http-provider", host); + if #http_apps > 0 then + local http_host = module:context(host):get_option("http_host"); + print("HTTP endpoints on "..host..(http_host and (" (using "..http_host.."):") or ":")); + for _, provider in ipairs(http_apps) do + local url = module:context(host):http_url(provider.name); + print("", url); + end + print(""); + end + end + + local default_host = module:get_option("http_default_host"); + if not default_host then + print("HTTP requests to unknown hosts will return 404 Not Found"); + else + print("HTTP requests to unknown hosts will be handled by "..default_host); + end + return true; +end + ------------- function printbanner(session) -- cgit v1.2.3 From 78d296cfe9cc363e74aa33c21b38e6764377f9f6 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 7 Jan 2016 15:37:47 +0000 Subject: mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability --- plugins/mod_http_files.lua | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 9839fed9..6275cca5 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -49,6 +49,34 @@ if not mime_map then end end +local forbidden_chars_pattern = "[/%z]"; +if prosody.platform == "windows" then + forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]" +end + +local urldecode = require "util.http".urldecode; +function sanitize_path(path) + local out = {}; + + local c = 0; + for component in path:gmatch("([^/]+)") do + component = urldecode(component); + if component:find(forbidden_chars_pattern) then + return nil; + elseif component == ".." then + if c <= 0 then + return nil; + end + out[c] = nil; + c = c - 1; + elseif component ~= "." then + c = c + 1; + out[c] = component; + end + end + return "/"..table.concat(out, "/"); +end + local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to. function serve(opts) @@ -60,7 +88,11 @@ function serve(opts) local directory_index = opts.directory_index; local function serve_file(event, path) local request, response = event.request, event.response; - local orig_path = request.path; + path = sanitize_path(path); + if not path then + return 400; + end + local orig_path = sanitize_path(request.path); local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep); local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows if not attr then -- cgit v1.2.3 From 375bc82d743c305d2b714bd96c453826dbce2a9a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Jan 2016 21:31:02 +0100 Subject: mod_dialback: Follow XEP-0185 and use HMAC --- plugins/mod_dialback.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index 9dcb0ed5..dc3c3f10 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -12,6 +12,7 @@ local log = module._log; local st = require "util.stanza"; local sha256_hash = require "util.hashes".sha256; +local sha256_hmac = require "util.hashes".hmac_sha256; local nameprep = require "util.encodings".stringprep.nameprep; local xmlns_stream = "http://etherx.jabber.org/streams"; @@ -19,7 +20,7 @@ local xmlns_stream = "http://etherx.jabber.org/streams"; local dialback_requests = setmetatable({}, { __mode = 'v' }); function generate_dialback(id, to, from) - return sha256_hash(id..to..from..hosts[from].dialback_secret, true); + return sha256_hmac(sha256_hash(hosts[from].dialback_secret), to .. ' ' .. from .. ' ' .. id, true); end function initiate_dialback(session) -- cgit v1.2.3