prosody
8fed6ea12098

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

6502:8fed6ea12098

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Sun, 26 Oct 2014 20:58:02 +0100
parents 6485:4224abbf0fdd (current diff) 6501:71b6e8b48a12 (diff)
children 6511:5f9389af5115
files net/http.lua
diffstat 8 files changed, 28 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Wed Oct 22 16:00:40 2014 -0400
+++ b/.hgtags	Sun Oct 26 20:58:02 2014 +0100
@@ -53,3 +53,5 @@
 872ff4851c9b6cd662aac4b1a056ac2a97c85ce5 0.9.3
 5d73412aa1ba39081683ab922575eae93e4e867a 0.9.4
 8dee696c33cc5f7463c8b9e9fe806b9abd24c115 0.9.5
+e4b998ffc92249ea96716ab878f961f03769339d 0.9.6
+9030b056bd4a5b8402c9b1e1cd65dd35f046032f 0.9.7
--- a/net/http.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/net/http.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -165,7 +165,7 @@
 
 	local sslctx = false;
 	if using_https then
-		sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2" } };
+		sslctx = ex and ex.sslctx or { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } };
 	end
 
 	local handler, conn = server.addclient(host, port_number, listener, "*a", sslctx)
--- a/plugins/mod_blocklist.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/plugins/mod_blocklist.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -43,7 +43,6 @@
 -- Migrates from the old mod_privacy storage
 local function migrate_privacy_list(username)
 	local migrated_data = { [false] = "not empty" };
-	module:log("info", "Migrating blocklist from mod_privacy storage for user '%s'", username);
 	local legacy_data = module:open_store("privacy"):get(username);
 	if legacy_data and legacy_data.lists and legacy_data.default then
 		legacy_data = legacy_data.lists[legacy_data.default];
@@ -52,6 +51,7 @@
 		return migrated_data;
 	end
 	if legacy_data then
+		module:log("info", "Migrating blocklist from mod_privacy storage for user '%s'", username);
 		local item, jid;
 		for i = 1, #legacy_data do
 			item = legacy_data[i];
@@ -149,7 +149,9 @@
 		for jid, in_roster in pairs(new) do
 			if not blocklist[jid] and in_roster and sessions[username] then
 				for _, session in pairs(sessions[username].sessions) do
-					module:send(st.presence({ type = "unavailable", to = jid, from = session.full_jid }));
+					if session.presence then
+						module:send(st.presence({ type = "unavailable", to = jid, from = session.full_jid }));
+					end
 				end
 			end
 		end
--- a/plugins/mod_legacyauth.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/plugins/mod_legacyauth.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -11,8 +11,8 @@
 local st = require "util.stanza";
 local t_concat = table.concat;
 
-local secure_auth_only = module:get_option("c2s_require_encryption")
-	or module:get_option("require_encryption")
+local secure_auth_only = module:get_option("c2s_require_encryption",
+	module:get_option("require_encryption"))
 	or not(module:get_option("allow_unencrypted_plain_auth"));
 
 local sessionmanager = require "core.sessionmanager";
--- a/plugins/mod_saslauth.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/plugins/mod_saslauth.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -16,8 +16,10 @@
 local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
 local tostring = tostring;
 
-local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
-local allow_unencrypted_plain_auth = module:get_option("allow_unencrypted_plain_auth")
+local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
+local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
+local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
+local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", {});
 
 local log = module._log;
 
@@ -183,9 +185,12 @@
 		session.sasl_handler = usermanager_get_sasl_handler(module.host, session);
 	end
 	local mechanism = stanza.attr.mechanism;
-	if not session.secure and (secure_auth_only or (mechanism == "PLAIN" and not allow_unencrypted_plain_auth)) then
+	if not session.secure and (secure_auth_only or insecure_mechanisms:contains(mechanism)) then
 		session.send(build_reply("failure", "encryption-required"));
 		return true;
+	elseif disabled_mechanisms:contains(mechanism) then
+		session.send(build_reply("failure", "invalid-mechanism"));
+		return true;
 	end
 	local valid_mechanism = session.sasl_handler:select(mechanism);
 	if not valid_mechanism then
@@ -231,11 +236,15 @@
 		end
 		local mechanisms = st.stanza("mechanisms", mechanisms_attr);
 		for mechanism in pairs(origin.sasl_handler:mechanisms()) do
-			if mechanism ~= "PLAIN" or origin.secure or allow_unencrypted_plain_auth then
+			if (not disabled_mechanisms:contains(mechanism)) and (origin.secure or not insecure_mechanisms:contains(mechanism)) then
 				mechanisms:tag("mechanism"):text(mechanism):up();
 			end
 		end
-		if mechanisms[1] then features:add_child(mechanisms); end
+		if mechanisms[1] then
+			features:add_child(mechanisms);
+		else
+			(origin.log or log)("warn", "No SASL mechanisms to offer");
+		end
 	else
 		features:tag("bind", bind_attr):tag("required"):up():up();
 		features:tag("session", xmpp_session_attr):tag("optional"):up():up();
--- a/plugins/mod_tls.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/plugins/mod_tls.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -9,7 +9,7 @@
 local create_context = require "core.certmanager".create_context;
 local st = require "util.stanza";
 
-local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
+local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption"));
 local s2s_require_encryption = module:get_option("s2s_require_encryption");
 local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
 local s2s_secure_auth = module:get_option("s2s_secure_auth");
--- a/prosodyctl	Wed Oct 22 16:00:40 2014 -0400
+++ b/prosodyctl	Sun Oct 26 20:58:02 2014 +0100
@@ -552,7 +552,7 @@
 		print("  "..path);
 	end
 	print("");
-	local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(luarocks.cfg.program_version or "2.x+")..")")
+	local luarocks_status = (pcall(require, "luarocks.loader") and "Installed ("..(package.loaded["luarocks.cfg"].program_version or "2.x+")..")")
 		or (pcall(require, "luarocks.require") and "Installed (1.x)")
 		or "Not installed";
 	print("LuaRocks:        ", luarocks_status);
@@ -816,7 +816,7 @@
 	if not what or what == "config" then
 		print("Checking config...");
 		local deprecated = set.new({
-			"bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login",
+			"bosh_ports", "disallow_s2s", "no_daemonize", "anonymous_login", "require_encryption",
 		});
 		local known_global_options = set.new({
 			"pidfile", "log", "plugin_paths", "prosody_user", "prosody_group", "daemonize",
--- a/util/stanza.lua	Wed Oct 22 16:00:40 2014 -0400
+++ b/util/stanza.lua	Sun Oct 26 20:58:02 2014 +0100
@@ -202,19 +202,8 @@
 
 local xml_escape
 do
-	local escape_table = {
-		["'"] = "&apos;";
-		['"'] = "&quot;";
-		["<"] = "&lt;";
-		[">"] = "&gt;";
-		["&"] = "&amp;";
-		-- escape this whitespace because [\r\n\t] change into spaces in attributes
-		-- and \r\n changes into \n in text, and we want to preserve original bytes
-		["\t"] = "&#x9;";
-		["\n"] = "&#xA;";
-		["\r"] = "&#xD;";
-	};
-	function xml_escape(str) return (s_gsub(str, "['&<>\"\t\n\r]", escape_table)); end
+	local escape_table = { ["'"] = "&apos;", ["\""] = "&quot;", ["<"] = "&lt;", [">"] = "&gt;", ["&"] = "&amp;" };
+	function xml_escape(str) return (s_gsub(str, "['&<>\"]", escape_table)); end
 	_M.xml_escape = xml_escape;
 end