prosody
3e25d96571d1

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

8101:3e25d96571d1

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Thu, 20 Apr 2017 00:41:49 +0200
parents 8091:acecf1413233 (current diff) 8100:1773559b03a8 (diff)
children 8103:a0b498ec0b22
files plugins/mod_bosh.lua prosodyctl
diffstat 5 files changed, 24 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_bosh.lua	Sun Apr 16 02:36:42 2017 +0200
+++ b/plugins/mod_bosh.lua	Thu Apr 20 00:41:49 2017 +0200
@@ -308,7 +308,7 @@
 		-- New session
 		sid = new_uuid();
 		local session = {
-			type = "c2s_unauthed", conn = {}, sid = sid, rid = rid, host = attr.to,
+			type = "c2s_unauthed", conn = request.conn, sid = sid, rid = rid, host = attr.to,
 			bosh_version = attr.ver, bosh_wait = wait, streamid = sid,
 			bosh_max_inactive = bosh_max_inactivity,
 			requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream,
@@ -384,6 +384,8 @@
 		return;
 	end
 
+	session.conn = request.conn;
+
 	if session.rid then
 		local rid = tonumber(attr.rid);
 		local diff = rid - session.rid;
--- a/prosodyctl	Sun Apr 16 02:36:42 2017 +0200
+++ b/prosodyctl	Thu Apr 20 00:41:49 2017 +0200
@@ -136,12 +136,14 @@
 local switched_user, current_uid;
 
 local want_pposix_version = "0.4.0";
-local ok, pposix = pcall(require, "util.pposix");
+local have_pposix, pposix = pcall(require, "util.pposix");
 
-if ok and pposix then
+if have_pposix and pposix then
 	if pposix._VERSION ~= want_pposix_version then print(string.format("Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version)); return; end
 	current_uid = pposix.getuid();
-	if current_uid == 0 then
+	local arg_root = arg[1] == "--root";
+	if arg_root then table.remove(arg, 1); end
+	if current_uid == 0 and config.get("*", "run_as_root") ~= true and not arg_root then
 		-- We haz root!
 		local desired_user = config.get("*", "prosody_user") or "prosody";
 		local desired_group = config.get("*", "prosody_group") or desired_user;
@@ -695,9 +697,16 @@
 	end
 end
 
+local cert_basedir = CFG_DATADIR or "./certs";
+if have_pposix and pposix.getuid() == 0 then
+	-- FIXME should be enough to check if this directory is writable
+	local cert_dir = config.get("*", "certificates") or "certs";
+	cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir);
+end
+
 function cert_commands.config(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
+		local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf";
 		if use_existing(conf_filename) then
 			return nil, conf_filename;
 		end
@@ -758,7 +767,7 @@
 
 function cert_commands.key(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
+		local key_filename = cert_basedir .. "/" .. arg[1] .. ".key";
 		if use_existing(key_filename) then
 			return nil, key_filename;
 		end
@@ -780,7 +789,7 @@
 
 function cert_commands.request(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
+		local req_filename = cert_basedir .. "/" .. arg[1] .. ".req";
 		if use_existing(req_filename) then
 			return nil, req_filename;
 		end
@@ -798,7 +807,7 @@
 
 function cert_commands.generate(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
+		local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt";
 		if use_existing(cert_filename) then
 			return nil, cert_filename;
 		end
--- a/util/datamanager.lua	Sun Apr 16 02:36:42 2017 +0200
+++ b/util/datamanager.lua	Thu Apr 20 00:41:49 2017 +0200
@@ -268,8 +268,8 @@
 	if callback(username, host, datastore) == false then return true; end
 	-- save the datastore
 	local d = {};
-	for _, item in ipairs(data) do
-		d[#d+1] = "item(" .. serialize(item) .. ");\n";
+	for i, item in ipairs(data) do
+		d[i] = "item(" .. serialize(item) .. ");\n";
 	end
 	local ok, msg = atomic_store(getpath(username, host, datastore, "list", true), t_concat(d));
 	if not ok then
--- a/util/sasl/plain.lua	Sun Apr 16 02:36:42 2017 +0200
+++ b/util/sasl/plain.lua	Thu Apr 20 00:41:49 2017 +0200
@@ -63,6 +63,8 @@
 		end
 	end
 
+	self.username = authentication
+
 	local correct, state = false, false;
 	if self.profile.plain then
 		local correct_password;
@@ -72,7 +74,6 @@
 		correct, state = self.profile.plain_test(self, authentication, password, self.realm);
 	end
 
-	self.username = authentication
 	if state == false then
 		return "failure", "account-disabled";
 	elseif state == nil or not correct then
--- a/util/sasl/scram.lua	Sun Apr 16 02:36:42 2017 +0200
+++ b/util/sasl/scram.lua	Thu Apr 20 00:41:49 2017 +0200
@@ -146,6 +146,7 @@
 				log("debug", "Username violates either SASLprep or contains forbidden character sequences.")
 				return "failure", "malformed-request", "Invalid username.";
 			end
+			self.username = username;
 
 			-- retreive credentials
 			local stored_key, server_key, salt, iteration_count;
@@ -225,7 +226,6 @@
 
 			if StoredKey == H_f(ClientKey) then
 				local server_final_message = "v="..base64.encode(ServerSignature);
-				self["username"] = state.username;
 				return "success", server_final_message;
 			else
 				return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated.";