File

mod_saslauth, mod_c2s: Disable tls-server-end-point channel binding by default This channel binding method is now enabled when a hash is manually set in the config, or it attempts to discover the hash automatically if the value is the special string "auto". A related change to mod_c2s prevents complicated certificate lookups in the client connection hot path - this work now happens only when this channel binding method is used. I'm not aware of anything else that uses ssl_cfg (vs ssl_ctx). Rationale for disabling by default: - Minor performance impact in automatic cert detection - This method is weak against a leaked/stolen private key (other methods such as 'tls-exporter' would not be compromised in such a case) Rationale for keeping the implementation: - For some deployments, this may be the only method available (e.g. due to TLS offloading in another process/server).

-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
-- Copyright (C) 2010 Jeff Mitchell
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--

local host = module:get_host();
local motd_text = module:get_option_string("motd_text");
local motd_jid = module:get_option_string("motd_jid", host);

if not motd_text then return; end

local st = require "prosody.util.stanza";

motd_text = motd_text:gsub("^%s*(.-)%s*$", "%1"):gsub("\n[ \t]+", "\n"); -- Strip indentation from the config

module:hook("presence/initial", function (event)
	local session = event.origin;
	local motd_stanza =
		st.message({ to = session.full_jid, from = motd_jid })
			:tag("body"):text(motd_text);
	module:send(motd_stanza);
	module:log("debug", "MOTD send to user %s", session.full_jid);
end, 1);