From d76ff8e08e19c49cc6a3f76e3800d712356df9c0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Feb 2017 17:34:01 +0100 Subject: mod_admin_telnet: Print a message to open sessions when shutting down, including the reason --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index c73870f3..b24adcf9 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1130,6 +1130,12 @@ function def_env.http:list() return true; end +module:hook("server-stopping", function(event) + for conn, session in pairs(sessions) do + session.print("Shutting down: "..(event.reason or "unknown reason")); + end +end); + ------------- function printbanner(session) -- cgit v1.2.3 From 41c35464f7c214d30365f4c26619a82bad1e0b48 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Feb 2017 18:54:44 +0100 Subject: mod_register: Require encryption before registration if c2s_require_encryption is set (fixes #595) --- plugins/mod_register.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 3d7a068c..63d0b077 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -20,6 +20,7 @@ local jid_bare = require "util.jid".bare; local compat = module:get_option_boolean("registration_compat", true); local allow_registration = module:get_option_boolean("allow_registration", false); local additional_fields = module:get_option("additional_registration_fields", {}); +local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local account_details = module:open_store("account_details"); @@ -75,7 +76,7 @@ module:hook("stream-features", function(event) local session, features = event.origin, event.features; -- Advertise registration to unauthorized clients only. - if not(allow_registration) or session.type ~= "c2s_unauthed" then + if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then return end @@ -183,6 +184,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) if not(allow_registration) or session.type ~= "c2s_unauthed" then session.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif require_encryption and not session.secure then + session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required")); else local query = stanza.tags[1]; if stanza.attr.type == "get" then -- cgit v1.2.3 From 3405d89baaf305a5b0c06005f29fd61616d55349 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 01:16:31 +0100 Subject: mod_tls: Suppress debug message if already using encryption --- plugins/mod_tls.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 3903a760..fbeb344b 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -63,7 +63,9 @@ end local function can_do_tls(session) if not session.conn.starttls then - session.log("debug", "Underlying connection does not support STARTTLS"); + if not session.secure then + session.log("debug", "Underlying connection does not support STARTTLS"); + end return false; elseif session.ssl_ctx ~= nil then return session.ssl_ctx; -- cgit v1.2.3 From 013b8292abda642906ca3ad4f3dc9300cd46954f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Feb 2017 02:15:15 +0100 Subject: mod_websocket: Set connections starttls method to false to prevent mod_tls from offering starttls (fixes #837) --- plugins/mod_websocket.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c19ad566..47d170a1 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,6 +136,8 @@ function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; + conn.starttls = false; -- Prevent mod_tls from believing starttls can be done + if not request.headers.sec_websocket_key then response.headers.content_type = "text/html"; return [[Websocket -- cgit v1.2.3