Changeset

5554:e91db0aac408

Merge 0.9->trunk
author Matthew Wild <mwild1@gmail.com>
date Wed, 01 May 2013 13:45:42 +0100 (2013-05-01)
parents 5543:d3f5165c4113 (current diff) 5553:7baf59444b31 (diff)
children 5557:b0288fe8226f
files prosodyctl util/rfc3484.lua
diffstat 9 files changed, 212 insertions(+), 157 deletions(-) [+]
line wrap: on
line diff
--- a/core/portmanager.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/core/portmanager.lua	Wed May 01 13:45:42 2013 +0100
@@ -112,6 +112,7 @@
 	bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports );
 
 	local mode, ssl = listener.default_mode or "*a";
+	local hooked_ports = {};
 	
 	for interface in bind_interfaces do
 		for port in bind_ports do
@@ -152,6 +153,7 @@
 					if not handler then
 						log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err));
 					else
+						table.insert(hooked_ports, "["..interface.."]:"..port_number);
 						log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port_number);
 						active_services:add(service_name, interface, port_number, {
 							server = handler;
@@ -162,7 +164,7 @@
 			end
 		end
 	end
-	log("info", "Activated service '%s'", service_name);
+	log("info", "Activated service '%s' on %s", service_name, #hooked_ports == 0 and "no ports" or table.concat(hooked_ports, ", "));
 	return true;
 end
 
--- a/net/server_select.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/net/server_select.lua	Wed May 01 13:45:42 2013 +0100
@@ -149,7 +149,8 @@
 _sendtimeout = 60000 -- allowed send idle time in secs
 _readtimeout = 6 * 60 * 60 -- allowed read idle time in secs
 
-_maxfd = luasocket._SETSIZE or 1024 -- We should ignore this on Windows.  Perhaps by simply setting it to math.huge or something.
+local is_windows = package.config:sub(1,1) == "\\" -- check the directory separator, to detemine whether this is Windows
+_maxfd = luasocket._SETSIZE or (is_windows and math.huge) or 1024 -- max fd number, limit to 1024 by default to prevent glibc buffer overflow, but not on Windows
 _maxselectlen = luasocket._SETSIZE or 1024 -- But this still applies on Windows
 
 _maxsslhandshake = 30 -- max handshake round-trips
--- a/plugins/mod_s2s/s2sout.lib.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/plugins/mod_s2s/s2sout.lib.lua	Wed May 01 13:45:42 2013 +0100
@@ -13,7 +13,7 @@
 local initialize_filters = require "util.filters".initialize;
 local idna_to_ascii = require "util.encodings".idna.to_ascii;
 local new_ip = require "util.ip".new_ip;
-local rfc3484_dest = require "util.rfc3484".destination;
+local rfc6724_dest = require "util.rfc6724".destination;
 local socket = require "socket";
 local adns = require "net.adns";
 local dns = require "net.dns";
@@ -191,7 +191,7 @@
 
 				if have_other_result then
 					if #IPs > 0 then
-						rfc3484_dest(host_session.ip_hosts, sources);
+						rfc6724_dest(host_session.ip_hosts, sources);
 						for i = 1, #IPs do
 							IPs[i] = {ip = IPs[i], port = connect_port};
 						end
@@ -227,7 +227,7 @@
 
 				if have_other_result then
 					if #IPs > 0 then
-						rfc3484_dest(host_session.ip_hosts, sources);
+						rfc6724_dest(host_session.ip_hosts, sources);
 						for i = 1, #IPs do
 							IPs[i] = {ip = IPs[i], port = connect_port};
 						end
--- a/prosodyctl	Mon Apr 29 11:27:17 2013 +0100
+++ b/prosodyctl	Wed May 01 13:45:42 2013 +0100
@@ -660,19 +660,29 @@
 		end
 		local conf = openssl.config.new();
 		conf:from_prosody(hosts, config, arg);
-		for k, v in pairs(conf.distinguished_name) do
-			local nv;
-			if k == "commonName" then 
-				v = arg[1]
-			elseif k == "emailAddress" then
-				v = "xmpp@" .. arg[1];
+		show_message("Please provide details to include in the certificate config file.");
+		show_message("Leave the field empty to use the default value or '.' to exclude the field.")
+		for i, k in ipairs(openssl._DN_order) do
+			local v = conf.distinguished_name[k];
+			if v then
+				local nv;
+				if k == "commonName" then
+					v = arg[1]
+				elseif k == "emailAddress" then
+					v = "xmpp@" .. arg[1];
+				elseif k == "countryName" then
+					local tld = arg[1]:match"%.([a-z]+)$";
+					if tld and #tld == 2 and tld ~= "uk" then
+						v = tld:upper();
+					end
+				end
+				nv = show_prompt(("%s (%s):"):format(k, nv or v));
+				nv = (not nv or nv == "") and v or nv;
+				if nv:find"[\192-\252][\128-\191]+" then
+					conf.req.string_mask = "utf8only"
+				end
+				conf.distinguished_name[k] = nv ~= "." and nv or nil;
 			end
-			nv = show_prompt(("%s (%s):"):format(k, nv or v));
-			nv = (not nv or nv == "") and v or nv;
-			if nv:find"[\192-\252][\128-\191]+" then
-				conf.req.string_mask = "utf8only"
-			end
-			conf.distinguished_name[k] = nv ~= "." and nv or nil;
 		end
 		local conf_file = io.open(conf_filename, "w");
 		conf_file:write(conf:serialize());
--- a/util/dataforms.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/util/dataforms.lua	Wed May 01 13:45:42 2013 +0100
@@ -53,7 +53,7 @@
 			elseif field_type == "boolean" then
 				form:tag("value"):text((value and "1") or "0"):up();
 			elseif field_type == "fixed" then
-				
+				form:tag("value"):text(value):up();
 			elseif field_type == "jid-multi" then
 				for _, jid in ipairs(value) do
 					form:tag("value"):text(jid):up();
--- a/util/ip.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/util/ip.lua	Wed May 01 13:45:42 2013 +0100
@@ -64,9 +64,6 @@
 	-- Link-local unicast:
 	elseif fields[1] == 169 and fields[2] == 254 then
 		return 0x2;
-	-- Site-local unicast:
-	elseif (fields[1] == 10) or (fields[1] == 192 and fields[2] == 168) or (fields[1] == 172 and (fields[2] >= 16 and fields[2] < 32)) then
-		return 0x5;
 	-- Global unicast:
 	else
 		return 0xE;
@@ -97,6 +94,14 @@
 		return 0;
 	elseif commonPrefixLength(ip, new_ip("2002::", "IPv6")) >= 16 then
 		return 2;
+	elseif commonPrefixLength(ip, new_ip("2001::", "IPv6")) >= 32 then
+		return 5;
+	elseif commonPrefixLength(ip, new_ip("fc00::", "IPv6")) >= 7 then
+		return 13;
+	elseif commonPrefixLength(ip, new_ip("fec0::", "IPv6")) >= 10 then
+		return 11;
+	elseif commonPrefixLength(ip, new_ip("3ffe::", "IPv6")) >= 16 then
+		return 12;
 	elseif commonPrefixLength(ip, new_ip("::", "IPv6")) >= 96 then
 		return 3;
 	elseif commonPrefixLength(ip, new_ip("::ffff:0:0", "IPv6")) >= 96 then
@@ -111,10 +116,18 @@
 		return 50;
 	elseif commonPrefixLength(ip, new_ip("2002::", "IPv6")) >= 16 then
 		return 30;
+	elseif commonPrefixLength(ip, new_ip("2001::", "IPv6")) >= 32 then
+		return 5;
+	elseif commonPrefixLength(ip, new_ip("fc00::", "IPv6")) >= 7 then
+		return 3;
+	elseif commonPrefixLength(ip, new_ip("fec0::", "IPv6")) >= 10 then
+		return 1;
+	elseif commonPrefixLength(ip, new_ip("3ffe::", "IPv6")) >= 16 then
+		return 1;
 	elseif commonPrefixLength(ip, new_ip("::", "IPv6")) >= 96 then
-		return 20;
+		return 1;
 	elseif commonPrefixLength(ip, new_ip("::ffff:0:0", "IPv6")) >= 96 then
-		return 10;
+		return 35;
 	else
 		return 40;
 	end
--- a/util/openssl.lua	Mon Apr 29 11:27:17 2013 +0100
+++ b/util/openssl.lua	Wed May 01 13:45:42 2013 +0100
@@ -23,11 +23,12 @@
 			prompt = "no",
 		},
 		distinguished_name = {
-			commonName = "example.com",
 			countryName = "GB",
+			-- stateOrProvinceName = "",
 			localityName = "The Internet",
 			organizationName = "Your Organisation",
 			organizationalUnitName = "XMPP Department",
+			commonName = "example.com",
 			emailAddress = "xmpp@example.com",
 		},
 		v3_extensions = {
@@ -43,6 +44,17 @@
 	}, ssl_config_mt);
 end
 
+local DN_order = {
+	"countryName";
+	"stateOrProvinceName";
+	"localityName";
+	"streetAddress";
+	"organizationName";
+	"organizationalUnitName";
+	"commonName";
+	"emailAddress";
+}
+_M._DN_order = DN_order;
 function ssl_config:serialize()
 	local s = "";
 	for k, t in pairs(self) do
@@ -53,6 +65,14 @@
 					s = s .. s_format("%s.%d = %s\n", san, i -1, n[i]);
 				end
 			end
+		elseif k == "distinguished_name" then
+			for i=1,#DN_order do
+				local k = DN_order[i]
+				local v = t[k];
+				if v then
+					s = s .. ("%s = %s\n"):format(k, v);
+				end
+			end
 		else
 			for k, v in pairs(t) do
 				s = s .. ("%s = %s\n"):format(k, v);
--- a/util/rfc3484.lua	Mon Apr 29 11:27:17 2013 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,133 +0,0 @@
--- Prosody IM
--- Copyright (C) 2008-2011 Florian Zeitz
---
--- This project is MIT/X11 licensed. Please see the
--- COPYING file in the source package for more information.
---
-
-local commonPrefixLength = require"util.ip".commonPrefixLength
-local new_ip = require"util.ip".new_ip;
-
-local function t_sort(t, comp)
-	for i = 1, (#t - 1) do
-		for j = (i + 1), #t do
-			local a, b = t[i], t[j];
-			if not comp(a,b) then
-				t[i], t[j] = b, a;
-			end
-		end
-	end
-end
-
-local function source(dest, candidates)
-	local function comp(ipA, ipB)
-		-- Rule 1: Prefer same address
-		if dest == ipA then
-			return true;
-		elseif dest == ipB then
-			return false;
-		end
-
-		-- Rule 2: Prefer appropriate scope
-		if ipA.scope < ipB.scope then
-			if ipA.scope < dest.scope then
-				return false;
-			else
-				return true;
-			end
-		elseif ipA.scope > ipB.scope then
-			if ipB.scope < dest.scope then
-				return true;
-			else
-				return false;
-			end
-		end
-
-		-- Rule 3: Avoid deprecated addresses
-		-- XXX: No way to determine this
-		-- Rule 4: Prefer home addresses
-		-- XXX: Mobility Address related, no way to determine this
-		-- Rule 5: Prefer outgoing interface
-		-- XXX: Interface to address relation. No way to determine this
-		-- Rule 6: Prefer matching label
-		if ipA.label == dest.label and ipB.label ~= dest.label then
-			return true;
-		elseif ipB.label == dest.label and ipA.label ~= dest.label then
-			return false;
-		end
-
-		-- Rule 7: Prefer public addresses (over temporary ones)
-		-- XXX: No way to determine this
-		-- Rule 8: Use longest matching prefix
-		if commonPrefixLength(ipA, dest) > commonPrefixLength(ipB, dest) then
-			return true;
-		else
-			return false;
-		end
-	end
-
-	t_sort(candidates, comp);
-	return candidates[1];
-end
-
-local function destination(candidates, sources)
-	local sourceAddrs = {};
-	local function comp(ipA, ipB)
-		local ipAsource = sourceAddrs[ipA];
-		local ipBsource = sourceAddrs[ipB];
-		-- Rule 1: Avoid unusable destinations
-		-- XXX: No such information
-		-- Rule 2: Prefer matching scope
-		if ipA.scope == ipAsource.scope and ipB.scope ~= ipBsource.scope then
-			return true;
-		elseif ipA.scope ~= ipAsource.scope and ipB.scope == ipBsource.scope then
-			return false;
-		end
-
-		-- Rule 3: Avoid deprecated addresses
-		-- XXX: No way to determine this
-		-- Rule 4: Prefer home addresses
-		-- XXX: Mobility Address related, no way to determine this
-		-- Rule 5: Prefer matching label
-		if ipAsource.label == ipA.label and ipBsource.label ~= ipB.label then
-			return true;
-		elseif ipBsource.label == ipB.label and ipAsource.label ~= ipA.label then
-			return false;
-		end
-
-		-- Rule 6: Prefer higher precedence
-		if ipA.precedence > ipB.precedence then
-			return true;
-		elseif ipA.precedence < ipB.precedence then
-			return false;
-		end
-
-		-- Rule 7: Prefer native transport
-		-- XXX: No way to determine this
-		-- Rule 8: Prefer smaller scope
-		if ipA.scope < ipB.scope then
-			return true;
-		elseif ipA.scope > ipB.scope then
-			return false;
-		end
-
-		-- Rule 9: Use longest matching prefix
-		if commonPrefixLength(ipA, ipAsource) > commonPrefixLength(ipB, ipBsource) then
-			return true;
-		elseif commonPrefixLength(ipA, ipAsource) < commonPrefixLength(ipB, ipBsource) then
-			return false;
-		end
-
-		-- Rule 10: Otherwise, leave order unchanged
-		return true;
-	end
-	for _, ip in ipairs(candidates) do
-		sourceAddrs[ip] = source(ip, sources);
-	end
-
-	t_sort(candidates, comp);
-	return candidates;
-end
-
-return {source = source,
-	destination = destination};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/util/rfc6724.lua	Wed May 01 13:45:42 2013 +0100
@@ -0,0 +1,142 @@
+-- Prosody IM
+-- Copyright (C) 2011-2013 Florian Zeitz
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+-- This is used to sort destination addresses by preference
+-- during S2S connections.
+-- We can't hand this off to getaddrinfo, since it blocks
+
+local ip_commonPrefixLength = require"util.ip".commonPrefixLength
+local new_ip = require"util.ip".new_ip;
+
+local function commonPrefixLength(ipA, ipB)
+	local len = ip_commonPrefixLength(ipA, ipB);
+	return len < 64 and len or 64;
+end
+
+local function t_sort(t, comp)
+	for i = 1, (#t - 1) do
+		for j = (i + 1), #t do
+			local a, b = t[i], t[j];
+			if not comp(a,b) then
+				t[i], t[j] = b, a;
+			end
+		end
+	end
+end
+
+local function source(dest, candidates)
+	local function comp(ipA, ipB)
+		-- Rule 1: Prefer same address
+		if dest == ipA then
+			return true;
+		elseif dest == ipB then
+			return false;
+		end
+
+		-- Rule 2: Prefer appropriate scope
+		if ipA.scope < ipB.scope then
+			if ipA.scope < dest.scope then
+				return false;
+			else
+				return true;
+			end
+		elseif ipA.scope > ipB.scope then
+			if ipB.scope < dest.scope then
+				return true;
+			else
+				return false;
+			end
+		end
+
+		-- Rule 3: Avoid deprecated addresses
+		-- XXX: No way to determine this
+		-- Rule 4: Prefer home addresses
+		-- XXX: Mobility Address related, no way to determine this
+		-- Rule 5: Prefer outgoing interface
+		-- XXX: Interface to address relation. No way to determine this
+		-- Rule 6: Prefer matching label
+		if ipA.label == dest.label and ipB.label ~= dest.label then
+			return true;
+		elseif ipB.label == dest.label and ipA.label ~= dest.label then
+			return false;
+		end
+
+		-- Rule 7: Prefer temporary addresses (over public ones)
+		-- XXX: No way to determine this
+		-- Rule 8: Use longest matching prefix
+		if commonPrefixLength(ipA, dest) > commonPrefixLength(ipB, dest) then
+			return true;
+		else
+			return false;
+		end
+	end
+
+	t_sort(candidates, comp);
+	return candidates[1];
+end
+
+local function destination(candidates, sources)
+	local sourceAddrs = {};
+	local function comp(ipA, ipB)
+		local ipAsource = sourceAddrs[ipA];
+		local ipBsource = sourceAddrs[ipB];
+		-- Rule 1: Avoid unusable destinations
+		-- XXX: No such information
+		-- Rule 2: Prefer matching scope
+		if ipA.scope == ipAsource.scope and ipB.scope ~= ipBsource.scope then
+			return true;
+		elseif ipA.scope ~= ipAsource.scope and ipB.scope == ipBsource.scope then
+			return false;
+		end
+
+		-- Rule 3: Avoid deprecated addresses
+		-- XXX: No way to determine this
+		-- Rule 4: Prefer home addresses
+		-- XXX: Mobility Address related, no way to determine this
+		-- Rule 5: Prefer matching label
+		if ipAsource.label == ipA.label and ipBsource.label ~= ipB.label then
+			return true;
+		elseif ipBsource.label == ipB.label and ipAsource.label ~= ipA.label then
+			return false;
+		end
+
+		-- Rule 6: Prefer higher precedence
+		if ipA.precedence > ipB.precedence then
+			return true;
+		elseif ipA.precedence < ipB.precedence then
+			return false;
+		end
+
+		-- Rule 7: Prefer native transport
+		-- XXX: No way to determine this
+		-- Rule 8: Prefer smaller scope
+		if ipA.scope < ipB.scope then
+			return true;
+		elseif ipA.scope > ipB.scope then
+			return false;
+		end
+
+		-- Rule 9: Use longest matching prefix
+		if commonPrefixLength(ipA, ipAsource) > commonPrefixLength(ipB, ipBsource) then
+			return true;
+		elseif commonPrefixLength(ipA, ipAsource) < commonPrefixLength(ipB, ipBsource) then
+			return false;
+		end
+
+		-- Rule 10: Otherwise, leave order unchanged
+		return true;
+	end
+	for _, ip in ipairs(candidates) do
+		sourceAddrs[ip] = source(ip, sources);
+	end
+
+	t_sort(candidates, comp);
+	return candidates;
+end
+
+return {source = source,
+	destination = destination};