Merge 0.10->trunk

2025-04-03 21:27:38 +03:00 · 2017-03-01 02:38:05 +01:00 · 2017-03-01 02:38:05 +01:00 · 55ba289bed
commit 55ba289bed
parent da6eaea135 9e586ac1df
9 changed files with 90 additions and 72 deletions
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@ -1167,6 +1167,12 @@ function def_env.http:list()
 	return true;
 end

+module:hook("server-stopping", function(event)
+	for conn, session in pairs(sessions) do
+		session.print("Shutting down: "..(event.reason or "unknown reason"));
+	end
+end);
+
 -------------

 function printbanner(session)
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@ -21,6 +21,7 @@ local new_cache = require "util.cache".new;
 local compat = module:get_option_boolean("registration_compat", true);
 local allow_registration = module:get_option_boolean("allow_registration", false);
 local additional_fields = module:get_option("additional_registration_fields", {});
+local require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");

 local account_details = module:open_store("account_details");

@ -83,7 +84,7 @@ module:hook("stream-features", function(event)
 	local session, features = event.origin, event.features;

 	-- Advertise registration to unauthorized clients only.
-	if not(allow_registration) or session.type ~= "c2s_unauthed" then
+	if not(allow_registration) or session.type ~= "c2s_unauthed" or (require_encryption and not session.secure) then
 		return
 	end

@ -213,6 +214,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
 	if not(allow_registration) or session.type ~= "c2s_unauthed" then
 		log("debug", "Attempted registration when disabled or already authenticated");
 		session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
+	elseif require_encryption and not session.secure then
+		session.send(st.error_reply(stanza, "modify", "policy-violation", "Encryption is required"));
 	else
 		local query = stanza.tags[1];
 		if stanza.attr.type == "get" then
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@ -63,7 +63,9 @@ end

 local function can_do_tls(session)
 	if not session.conn.starttls then
-		session.log("debug", "Underlying connection does not support STARTTLS");
+		if not session.secure then
+			session.log("debug", "Underlying connection does not support STARTTLS");
+		end
 		return false;
 	elseif session.ssl_ctx ~= nil then
 		return session.ssl_ctx;
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@ -136,6 +136,8 @@ function handle_request(event)
 	local request, response = event.request, event.response;
 	local conn = response.conn;

+	conn.starttls = false; -- Prevent mod_tls from believing starttls can be done
+
 	if not request.headers.sec_websocket_key then
 		response.headers.content_type = "text/html";
 		return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body>
--- a/126
+++ b/126
@ -2,7 +2,7 @@
 -- Prosody IM
 -- Copyright (C) 2008-2010 Matthew Wild
 -- Copyright (C) 2008-2010 Waqas Hussain
-- 
+--
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
 --
@ -65,7 +65,7 @@ config = require "core.configmanager"
 local ENV_CONFIG;
 do
 	local filenames = {};
-	
+
 	local filename;
 	if arg[1] == "--config" and arg[2] then
 		table.insert(filenames, arg[2]);
@ -120,7 +120,7 @@ if custom_plugin_paths then
 	-- path1;path2;path3;defaultpath...
 	CFG_PLUGINDIR = table.concat(custom_plugin_paths, path_sep)..path_sep..(CFG_PLUGINDIR or "plugins");
 end
-prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR, 
+prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR,
 	          plugins = CFG_PLUGINDIR or "plugins", data = data_path };

 if prosody.installed then
@ -161,7 +161,7 @@ if ok and pposix then
 			print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
 		end
 	end
-	
+
 	-- Set our umask to protect data files
 	pposix.umask(config.get("*", "umask") or "027");
 	pposix.setenv("HOME", data_path);
@ -212,7 +212,7 @@ if #unwriteable_files > 0 then
 end


-local error_messages = setmetatable({ 
+local error_messages = setmetatable({
 		["invalid-username"] = "The given username is invalid in a Jabber ID";
 		["invalid-hostname"] = "The given hostname is invalid";
 		["no-password"] = "No password was supplied";
@ -241,7 +241,7 @@ end
 for hostname, config in pairs(config.getconfig()) do
 	hosts[hostname] = make_host(hostname);
 end
-	
+
 local modulemanager = require "core.modulemanager"

 local prosodyctl = require "util.prosodyctl"
@ -290,30 +290,30 @@ function commands.adduser(arg)
 		show_usage [[adduser user@host]]
 		return 1;
 	end
-	
+
 	if not host then
 		show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
 		return 1;
 	end
-	
+
 	if not hosts[host] then
 		show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
 		show_warning("The user will not be able to log in until this is changed.");
 		hosts[host] = make_host(host);
 	end
-	
+
 	if prosodyctl.user_exists{ user = user, host = host } then
 		show_message [[That user already exists]];
 		return 1;
 	end
-	
+
 	local password = read_password();
 	if not password then return 1; end
-	
+
 	local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
-	
+
 	if ok then return 0; end
-	
+
 	show_message(msg)
 	return 1;
 end
@ -329,30 +329,30 @@ function commands.passwd(arg)
 		show_usage [[passwd user@host]]
 		return 1;
 	end
-	
+
 	if not host then
 		show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
 		return 1;
 	end
-	
+
 	if not hosts[host] then
 		show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
 		show_warning("The user will not be able to log in until this is changed.");
 		hosts[host] = make_host(host);
 	end
-	
+
 	if not prosodyctl.user_exists { user = user, host = host } then
 		show_message [[That user does not exist, use prosodyctl adduser to create a new user]]
 		return 1;
 	end
-	
+
 	local password = read_password();
 	if not password then return 1; end
-	
+
 	local ok, msg = prosodyctl.passwd { user = user, host = host, password = password };
-	
+
 	if ok then return 0; end
-	
+
 	show_message(error_messages[msg])
 	return 1;
 end
@ -368,12 +368,12 @@ function commands.deluser(arg)
 		show_usage [[deluser user@host]]
 		return 1;
 	end
-	
+
 	if not host then
 		show_message [[Please specify a JID, including a host. e.g. alice@example.com]];
 		return 1;
 	end
-	
+
 	if not hosts[host] then
 		show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host)
 		hosts[host] = make_host(host);
@ -383,11 +383,11 @@ function commands.deluser(arg)
 		show_message [[That user does not exist on this server]]
 		return 1;
 	end
-	
+
 	local ok, msg = prosodyctl.deluser { user = user, host = host };
-	
+
 	if ok then return 0; end
-	
+
 	show_message(error_messages[msg])
 	return 1;
 end
@ -402,7 +402,7 @@ function commands.start(arg)
 		show_message(error_messages[ret]);
 		return 1;
 	end
-	
+
 	if ret then
 		local ok, ret = prosodyctl.getpid();
 		if not ok then
@ -413,7 +413,7 @@ function commands.start(arg)
 		show_message("Prosody is already running with PID %s", ret or "(unknown)");
 		return 1;
 	end
-	
+
 	local ok, ret = prosodyctl.start();
 	if ok then
 		local daemonize = config.get("*", "daemonize");
@ -441,8 +441,8 @@ function commands.start(arg)
 	end

 	show_message("Failed to start Prosody");
-	show_message(error_messages[ret])	
-	return 1;	
+	show_message(error_messages[ret])
+	return 1;
 end

 function commands.status(arg)
@ -456,7 +456,7 @@ function commands.status(arg)
 		show_message(error_messages[ret]);
 		return 1;
 	end
-	
+
 	if ret then
 		local ok, ret = prosodyctl.getpid();
 		if not ok then
@ -489,7 +489,7 @@ function commands.stop(arg)
 		show_message("Prosody is not running");
 		return 1;
 	end
-	
+
 	local ok, ret = prosodyctl.stop();
 	if ok then
 		local i=1;
@ -519,7 +519,7 @@ function commands.restart(arg)
 		show_usage([[restart]], [[Restart a running Prosody server]]);
 		return 1;
 	end
-	
+
 	commands.stop(arg);
 	return commands.start(arg);
 end
@ -530,14 +530,14 @@ function commands.about(arg)
 		show_usage([[about]], [[Show information about this Prosody installation]]);
 		return 1;
 	end
-	
+
 	local pwd = ".";
 	local lfs = require "lfs";
 	local array = require "util.array";
 	local keys = require "util.iterators".keys;
 	local hg = require"util.mercurial";
 	local relpath = config.resolve_relative_path;
-	
+
 	print("Prosody "..(prosody.version or "(unknown version)"));
 	print("");
 	print("# Prosody directories");
@ -608,10 +608,10 @@ function commands.reload(arg)
 		show_message("Prosody is not running");
 		return 1;
 	end
-	
+
 	local ok, ret = prosodyctl.reload();
 	if ok then
-		
+
 		show_message("Prosody log files re-opened and config file reloaded. You may need to reload modules for some changes to take effect.");
 		return 0;
 	end
@ -621,6 +621,8 @@ function commands.reload(arg)
 end
 -- ejabberdctl compatibility

+local unpack = table.unpack or unpack; -- luacheck: ignore 113
+
 function commands.register(arg)
 	local user, host, password = unpack(arg);
 	if (not (user and host)) or arg[1] == "--help" then
@ -641,11 +643,11 @@ function commands.register(arg)
 			return 1;
 		end
 	end
-	
+
 	local ok, msg = prosodyctl.adduser { user = user, host = host, password = password };
-	
+
 	if ok then return 0; end
-	
+
 	show_message(error_messages[msg])
 	return 1;
 end
@ -665,9 +667,9 @@ function commands.unregister(arg)
 	end

 	local ok, msg = prosodyctl.deluser { user = user, host = host };
-	
+
 	if ok then return 0; end
-	
+
 	show_message(error_messages[msg])
 	return 1;
 end
@ -1010,7 +1012,7 @@ function commands.check(arg)
 			print("    Connections will fail.");
 			ok = false;
 		end
-		
+
 		print("Done.\n");
 	end
 	if not what or what == "dns" then
@ -1019,7 +1021,7 @@ function commands.check(arg)
 		local ip = require "util.ip";
 		local c2s_ports = set.new(config.get("*", "c2s_ports") or {5222});
 		local s2s_ports = set.new(config.get("*", "s2s_ports") or {5269});
-		
+
 		local c2s_srv_required, s2s_srv_required;
 		if not c2s_ports:contains(5222) then
 			c2s_srv_required = true;
@ -1027,11 +1029,11 @@ function commands.check(arg)
 		if not s2s_ports:contains(5269) then
 			s2s_srv_required = true;
 		end
-		
+
 		local problem_hosts = set.new();
-		
+
 		local external_addresses, internal_addresses = set.new(), set.new();
-		
+
 		local fqdn = socket.dns.tohostname(socket.dns.gethostname());
 		if fqdn then
 			local res = dns.lookup(idna.to_ascii(fqdn), "A");
@ -1047,9 +1049,9 @@ function commands.check(arg)
 				end
 			end
 		end
-		
+
 		local local_addresses = require"util.net".local_addresses() or {};
-		
+
 		for addr in it.values(local_addresses) do
 			if not ip.new_ip(addr).private then
 				external_addresses:add(addr);
@ -1057,19 +1059,19 @@ function commands.check(arg)
 				internal_addresses:add(addr);
 			end
 		end
-		
+
 		if external_addresses:empty() then
 			print("");
 			print("   Failed to determine the external addresses of this server. Checks may be inaccurate.");
 			c2s_srv_required, s2s_srv_required = true, true;
 		end
-		
+
 		local v6_supported = not not socket.tcp6;
-		
+
 		for jid, host_options in enabled_hosts() do
 			local all_targets_ok, some_targets_ok = true, false;
 			local node, host = jid_split(jid);
-			
+
 			local is_component = not not host_options.component_module;
 			print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
 			if node then
@ -1113,12 +1115,12 @@ function commands.check(arg)
 			if target_hosts:empty() then
 				target_hosts:add(host);
 			end
-			
+
 			if target_hosts:contains("localhost") then
 				print("    Target 'localhost' cannot be accessed from other servers");
 				target_hosts:remove("localhost");
 			end
-			
+
 			local modules = set.new(it.to_array(it.values(host_options.modules_enabled or {})))
 			                + set.new(it.to_array(it.values(config.get("*", "modules_enabled") or {})))
 			                + set.new({ config.get(host, "component_module") });
@ -1137,7 +1139,7 @@ function commands.check(arg)
 					print("    File transfer proxy "..proxy65_target.." has no "..table.concat(prob, "/").." record. Create one or set 'proxy65_address' to the correct host/IP.");
 				end
 			end
-			
+
 			for host in target_hosts do
 				local host_ok_v4, host_ok_v6;
 				local res = dns.lookup(idna.to_ascii(host), "A");
@ -1172,7 +1174,7 @@ function commands.check(arg)
 						end
 					end
 				end
-				
+
 				local bad_protos = {}
 				if not host_ok_v4 then
 					table.insert(bad_protos, "IPv4");
@ -1301,20 +1303,20 @@ if command and command:match("^mod_") then -- Is a command in a module
 		show_message("Failed to load module '"..module_name.."': "..err);
 		os.exit(1);
 	end
-	
+
 	table.remove(arg, 1);
-	
+
 	local module = modulemanager.get_module("*", module_name);
 	if not module then
 		show_message("Failed to load module '"..module_name.."': Unknown error");
 		os.exit(1);
 	end
-	
+
 	if not modulemanager.module_has_method(module, "command") then
 		show_message("Fail: mod_"..module_name.." does not support any commands");
 		os.exit(1);
 	end
-	
+
 	local ok, ret = modulemanager.call_module_method(module, "command", arg);
 	if ok then
 		if type(ret) == "number" then
@ -1362,8 +1364,8 @@ if not commands[command] then -- Show help for all commands
 			done[command_name] = true;
 		end
 	end
-	
-	
+
+
 	os.exit(0);
 end

--- a/tests/util/logger.lua
+++ b/tests/util/logger.lua
@ -14,7 +14,8 @@ local tostring = tostring;
 local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring;
 local do_pretty_printing = not os.getenv("WINDIR");

-module "logger"
+local _ENV = nil
+local _M = {}

 local logstyles = {};

@ -25,7 +26,7 @@ if do_pretty_printing then
 	logstyles["error"] = getstyle("bold", "red");
 end

-function init(name)
+function _M.init(name)
 	--name = nil; -- While this line is not commented, will automatically fill in file/line number info
 	return 	function (level, message, ...)
 				if level == "debug" or level == "info" then return; end
--- a/util-src/crand.c
+++ b/util-src/crand.c
@ -67,6 +67,11 @@ int Lrandom(lua_State *L) {
 	arc4random_buf(buf, len);
 	ret = len;
 #elif defined(WITH_OPENSSL)
+	if(!RAND_status()) {
+		lua_pushliteral(L, "OpenSSL PRNG not seeded");
+		return lua_error(L);
+	}
+
 	ret = RAND_bytes(buf, len);

 	if(ret == 1) {
@ -87,6 +92,7 @@ int luaopen_util_crand(lua_State *L) {
 #if (LUA_VERSION_NUM > 501)
 	luaL_checkversion(L);
 #endif
+
 	lua_newtable(L);
 	lua_pushcfunction(L, Lrandom);
 	lua_setfield(L, -2, "bytes");
@ -100,10 +106,6 @@ int luaopen_util_crand(lua_State *L) {
 #endif
 	lua_setfield(L, -2, "_source");

-#if defined(WITH_OPENSSL) && defined(_WIN32)
-	/* TODO Do we need to seed this on Windows? */
-#endif
-
 	return 1;
 }

--- a/util-src/pposix.c
+++ b/util-src/pposix.c
@ -615,7 +615,7 @@ int lc_getrlimit(lua_State *L) {
 			return 2;
 		}
 	} else {
-		/* Unsupported resoucrce. Sorry I'm pretty limited by POSIX standard. */
+		/* Unsupported resource. Sorry I'm pretty limited by POSIX standard. */
 		lua_pushboolean(L, 0);
 		lua_pushstring(L, "invalid-resource");
 		return 2;
--- a/util/adhoc.lua
+++ b/util/adhoc.lua
@ -22,7 +22,7 @@ local function new_initial_data_form(form, initial_data, result_handler)
 			return result_handler(fields, err, data);
 		else
 			return { status = "executing", actions = {"next", "complete", default = "complete"},
-				 form = { layout = form, values = initial_data() } }, "executing";
+				 form = { layout = form, values = initial_data(data) } }, "executing";
 		end
 	end
 end