From 94d4efbee4125616a34be53259dbf8298f39a70a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 28 Mar 2013 09:50:21 -0400 Subject: mod_muc/muc.lib: Don't add messages without a body (such as chat state notifications) to the room history (thanks louiz?, Link Mauve, poezio and all its users) --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 91b4792d..b6167a19 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -892,7 +892,7 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha origin.send(st.error_reply(stanza, "auth", "forbidden")); end else - self:broadcast_message(stanza, self:get_historylength() > 0); + self:broadcast_message(stanza, self:get_historylength() > 0 and stanza:get_child("body")); end stanza.attr.from = from; end -- cgit v1.2.3 From 4a4f2e8b4be13b33ece64f1d33050cc56349397e Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Apr 2013 14:45:59 +0100 Subject: mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate --- plugins/mod_s2s/mod_s2s.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6893d184..639f464b 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -632,7 +632,11 @@ function check_auth_policy(event) if must_secure and not session.cert_identity_status then module:log("warn", "Forbidding insecure connection to/from %s", host); - session:close(false); + if session.direction == "incoming" then + session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host }); + else -- Close outgoing connections without warning + session:close(false); + end return false; end end -- cgit v1.2.3 From a9744cfc9999f5459021d741932018f20f53ffc9 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 3 Apr 2013 13:39:41 +0100 Subject: mod_presence: Remove some unused variables --- plugins/mod_presence.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index b6e3fc18..8dac2d35 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -9,7 +9,7 @@ local log = module._log; local require = require; -local pairs, ipairs = pairs, ipairs; +local pairs = pairs; local t_concat, t_insert = table.concat, table.insert; local s_find = string.find; local tonumber = tonumber; @@ -346,7 +346,7 @@ module:hook("presence/full", function(data) end); module:hook("presence/host", function(data) -- inbound presence to the host - local origin, stanza = data.origin, data.stanza; + local stanza = data.stanza; local from_bare = jid_bare(stanza.attr.from); local t = stanza.attr.type; -- cgit v1.2.3 From 505b635f61d0d71d30d1e05ed67d5292e2cc57ce Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 3 Apr 2013 13:40:29 +0100 Subject: mod_groups: Add a public function other modules can use to determine if a JID belongs to a given group --- plugins/mod_groups.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua index 199925f9..9b39b16b 100644 --- a/plugins/mod_groups.lua +++ b/plugins/mod_groups.lua @@ -121,3 +121,8 @@ end function module.unload() datamanager.remove_callback(remove_virtual_contacts); end + +-- Public for other modules to access +function group_contains(group_name, jid) + return groups[group_name][jid]; +end -- cgit v1.2.3 From a84fbd90b35ec282a0864a16e20887bff32af8ce Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 3 Apr 2013 13:40:40 +0100 Subject: mod_groups: Remove unused import --- plugins/mod_groups.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua index 9b39b16b..f7f632c2 100644 --- a/plugins/mod_groups.lua +++ b/plugins/mod_groups.lua @@ -13,7 +13,7 @@ local members; local groups_file; local jid, datamanager = require "util.jid", require "util.datamanager"; -local jid_bare, jid_prep = jid.bare, jid.prep; +local jid_prep = jid.prep; local module_host = module:get_host(); -- cgit v1.2.3 From 1728207c6bb7f3955535ba4a2c1c6fde8e624ed8 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 3 Apr 2013 13:51:59 +0100 Subject: mod_pubsub: Don't send current items to new subscribers (I don't know why we did) --- plugins/mod_pubsub.lua | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub.lua b/plugins/mod_pubsub.lua index fe6c0b0a..5ff3a029 100644 --- a/plugins/mod_pubsub.lua +++ b/plugins/mod_pubsub.lua @@ -164,16 +164,6 @@ function handlers.set_subscribe(origin, stanza, subscribe) reply = pubsub_error_reply(stanza, ret); end origin.send(reply); - if ok then - -- Send all current items - local ok, items = service:get_items(node, stanza.attr.from); - if items then - local jids = { [jid] = options or true }; - for id, item in pairs(items) do - service.config.broadcaster("items", node, jids, item); - end - end - end end function handlers.set_unsubscribe(origin, stanza, unsubscribe) -- cgit v1.2.3 From 52fe78c768f8098aedc87a6242dd31f6e49e188f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Apr 2013 19:21:47 +0200 Subject: mod_s2s: Add COMPAT cahin verification code for older LuaSec versions --- plugins/mod_s2s/mod_s2s.lua | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 639f464b..1547345d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -15,6 +15,7 @@ local core_process_stanza = prosody.core_process_stanza; local tostring, type = tostring, type; local t_insert = table.insert; local xpcall, traceback = xpcall, debug.traceback; +local NULL = {}; local add_task = require "util.timer".add_task; local st = require "util.stanza"; @@ -226,11 +227,19 @@ local function check_cert_status(session) end if cert then - local chain_valid, errors = conn:getpeerverification() + local chain_valid, errors; + if conn.getpeerverification then + chain_valid, errors = conn:getpeerverification(); + elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg + chain_valid, errors = conn:getpeerchainvalid(); + errors = (not chain_valid) and { { errors } } or nil; + else + chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; + end -- Is there any interest in printing out all/the number of errors here? if not chain_valid then (session.log or log)("debug", "certificate chain validation result: invalid"); - for depth, t in ipairs(errors) do + for depth, t in ipairs(errors or NULL) do (session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; -- cgit v1.2.3 From d6f7def73cfade7d179a6eb6f3d53229d0ef741a Mon Sep 17 00:00:00 2001 From: Marco Cirillo Date: Thu, 4 Apr 2013 23:41:36 +0000 Subject: mod_http: disable ssl peer verification by default. --- plugins/mod_http.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 2fa87421..0689634e 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -139,6 +139,7 @@ module:provides("net", { listener = server.listener; default_port = 5281; encryption = "ssl"; + ssl_config = { verify = "none" }; multiplex = { pattern = "^[A-Z]"; }; -- cgit v1.2.3