# HG changeset patch # User Kim Alvefur # Date 1414353482 -3600 # Node ID 8fed6ea12098499e44f3ea44ca47a2911ed1ac5f # Parent 4224abbf0fddc8d469ab842c43766064f2a2c3be# Parent 71b6e8b48a1288f8f4e30b503eb0df5268c8b8b5 Merge 0.10->trunk diff -r 4224abbf0fdd -r 8fed6ea12098 .hgtags --- a/.hgtags Wed Oct 22 16:00:40 2014 -0400 +++ b/.hgtags Sun Oct 26 20:58:02 2014 +0100 @@ -53,3 +53,5 @@ 872ff4851c9b6cd662aac4b1a056ac2a97c85ce5 0.9.3 5d73412aa1ba39081683ab922575eae93e4e867a 0.9.4 8dee696c33cc5f7463c8b9e9fe806b9abd24c115 0.9.5 +e4b998ffc92249ea96716ab878f961f03769339d 0.9.6 +9030b056bd4a5b8402c9b1e1cd65dd35f046032f 0.9.7 diff -r 4224abbf0fdd -r 8fed6ea12098 core/certmanager.lua diff -r 4224abbf0fdd -r 8fed6ea12098 net/http.lua --- a/net/http.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/net/http.lua Sun Oct 26 20:58:02 2014 +0100 @@ -165,7 +165,7 @@ local sslctx = false; if using_https then - sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } }; + sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } }; end local handler, conn = server.addclient(host, port_number, listener, "*a", sslctx) diff -r 4224abbf0fdd -r 8fed6ea12098 plugins/mod_blocklist.lua --- a/plugins/mod_blocklist.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/plugins/mod_blocklist.lua Sun Oct 26 20:58:02 2014 +0100 @@ -43,7 +43,6 @@ -- Migrates from the old mod_privacy storage local function migrate_privacy_list(username) local migrated_data = { [false] = "not empty" }; - module:log("info", "Migrating blocklist from mod_privacy storage for user '%s'", username); local legacy_data = module:open_store("privacy"):get(username); if legacy_data and legacy_data.lists and legacy_data.default then legacy_data = legacy_data.lists[legacy_data.default]; @@ -52,6 +51,7 @@ return migrated_data; end if legacy_data then + module:log("info", "Migrating blocklist from mod_privacy storage for user '%s'", username); local item, jid; for i = 1, #legacy_data do item = legacy_data[i]; @@ -149,7 +149,9 @@ for jid, in_roster in pairs(new) do if not blocklist[jid] and in_roster and sessions[username] then for _, session in pairs(sessions[username].sessions) do - module:send(st.presence({ type = "unavailable", to = jid, from = session.full_jid })); + if session.presence then + module:send(st.presence({ type = "unavailable", to = jid, from = session.full_jid })); + end end end end diff -r 4224abbf0fdd -r 8fed6ea12098 plugins/mod_legacyauth.lua --- a/plugins/mod_legacyauth.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/plugins/mod_legacyauth.lua Sun Oct 26 20:58:02 2014 +0100 @@ -11,8 +11,8 @@ local st = require "util.stanza"; local t_concat = table.concat; -local secure_auth_only = module:get_option("c2s_require_encryption") - or module:get_option("require_encryption") +local secure_auth_only = module:get_option("c2s_require_encryption", + module:get_option("require_encryption")) or not(module:get_option("allow_unencrypted_plain_auth")); local sessionmanager = require "core.sessionmanager"; diff -r 4224abbf0fdd -r 8fed6ea12098 plugins/mod_saslauth.lua --- a/plugins/mod_saslauth.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/plugins/mod_saslauth.lua Sun Oct 26 20:58:02 2014 +0100 @@ -16,8 +16,10 @@ local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; local tostring = tostring; -local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); -local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth") +local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); +local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) +local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"}); +local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", {}); local log = module._log; @@ -183,9 +185,12 @@ session.sasl_handler = usermanager_get_sasl_handler(module.host, session); end local mechanism = stanza.attr.mechanism; - if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then + if not session.secure and (secure_auth_only or insecure_mechanisms:contains(mechanism)) then session.send(build_reply("failure", "encryption-required")); return true; + elseif disabled_mechanisms:contains(mechanism) then + session.send(build_reply("failure", "invalid-mechanism")); + return true; end local valid_mechanism = session.sasl_handler:select(mechanism); if not valid_mechanism then @@ -231,11 +236,15 @@ end local mechanisms = st.stanza("mechanisms", mechanisms_attr); for mechanism in pairs(origin.sasl_handler:mechanisms()) do - if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then + if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then mechanisms:tag("mechanism"):text(mechanism):up(); end end - if mechanisms[1] then features:add_child(mechanisms); end + if mechanisms[1] then + features:add_child(mechanisms); + else + (origin.log or log)("warn", "No SASL mechanisms to offer"); + end else features:tag("bind", bind_attr):tag("required"):up():up(); features:tag("session", xmpp_session_attr):tag("optional"):up():up(); diff -r 4224abbf0fdd -r 8fed6ea12098 plugins/mod_tls.lua --- a/plugins/mod_tls.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/plugins/mod_tls.lua Sun Oct 26 20:58:02 2014 +0100 @@ -9,7 +9,7 @@ local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; -local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption")); local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; local s2s_secure_auth = module:get_option("s2s_secure_auth"); diff -r 4224abbf0fdd -r 8fed6ea12098 prosodyctl --- a/prosodyctl Wed Oct 22 16:00:40 2014 -0400 +++ b/prosodyctl Sun Oct 26 20:58:02 2014 +0100 @@ -552,7 +552,7 @@ print(" "..path); end print(""); - local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(luarocks.cfg.program_version or "2.x+")..")") + local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")") or (pcall(require, "luarocks.require") and "Installed (1.x)") or "Not installed"; print("LuaRocks: ", luarocks_status); @@ -816,7 +816,7 @@ if not what or what == "config" then print("Checking config..."); local deprecated = set.new({ - "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", + "bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption", }); local known_global_options = set.new({ "pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize", diff -r 4224abbf0fdd -r 8fed6ea12098 util/stanza.lua --- a/util/stanza.lua Wed Oct 22 16:00:40 2014 -0400 +++ b/util/stanza.lua Sun Oct 26 20:58:02 2014 +0100 @@ -202,19 +202,8 @@ local xml_escape do - local escape_table = { - ["'"] = "'"; - ['"'] = """; - ["<"] = "<"; - [">"] = ">"; - ["&"] = "&"; - -- escape this whitespace because [\r\n\t] change into spaces in attributes - -- and \r\n changes into \n in text, and we want to preserve original bytes - ["\t"] = " "; - ["\n"] = " "; - ["\r"] = " "; - }; - function xml_escape(str) return (s_gsub(str, "['&<>\"\t\n\r]", escape_table)); end + local escape_table = { ["'"] = "'", ["\""] = """, ["<"] = "<", [">"] = ">", ["&"] = "&" }; + function xml_escape(str) return (s_gsub(str, "['&<>\"]", escape_table)); end _M.xml_escape = xml_escape; end