Merge 0.10->trunk

configure

@@ -73,14 +73,18 @@ Configure $APP_NAME prior to building.
                             Default is to use /dev/urandom
 --cflags=FLAGS              Flags to pass to the compiler
                             Default is $CFLAGS
+--add-cflags=FLAGS          Adds additional CFLAGS, preserving defaults.
+                            Can be repeated.
 --ldflags=FLAGS             Flags to pass to the linker
                             Default is $LDFLAGS
+--add-ldflags=FLAGS         Adds additional linker flags, preserving defaults.
+                            Can be repeated.
 --c-compiler=CC             The C compiler to use when building modules.
                             Default is $CC
+--compiler-wrapper=WRAPPER  Adds a prefix to compiler and linker calls,
+                            usable for eg distcc or ccache.
 --linker=CC                 The linker to use when building modules.
                             Default is $LD
---require-config            Will cause $APP_NAME to refuse to run when
-                            it fails to find a configuration file
 --no-example-certs          Disables generation of example certificates.
 EOF
 }
@@ -172,6 +176,10 @@ do
             LUA_SUFFIX="5.1";
             LUA_SUFFIX_SET=yes
          fi
+         if [ "$RUNWITH_SET" != "yes" ]; then
+            RUNWITH="lua$LUA_SUFFIX";
+            RUNWITH_SET=yes
+         fi
          LUA_INCDIR="/usr/include/lua$LUA_SUFFIX"
          LUA_INCDIR_SET=yes
          CFLAGS="$CFLAGS -ggdb"
@@ -238,9 +246,6 @@ do
       DATADIR="$value"
       DATADIR_SET=yes
       ;;
-   --require-config)
-      REQUIRE_CONFIG=yes
-      ;;
    --lua-suffix)
       [ -n "$value" ] || die "Missing value in flag $key."
       LUA_SUFFIX="$value"
@@ -501,34 +506,6 @@ then
    fi
 fi
 
-echo_n "Configuring for system... "
-if uname -s
-then
-   UNAME_S=`uname -s`
-else
-   die "Could not determine operating system. 'uname -s' failed."
-fi
-echo_n "Configuring for architecture... "
-if uname -m
-then
-   UNAME_M=`uname -m`
-else
-   die "Could not determine processor architecture. 'uname -m' failed."
-fi
-
-if [ "$UNAME_S" = Linux ]
-then
-   GCC_ARCH=`gcc -print-multiarch 2>/dev/null`
-   if [ -n "$GCC_ARCH" -a -d "/usr/lib/$GCC_ARCH" ]
-   then
-      MULTIARCH_SUBDIR="lib/$GCC_ARCH"
-   elif [ -d "/usr/lib64" ]
-   then
-      # Useful for Fedora systems
-      MULTIARCH_SUBDIR="lib64"
-   fi
-fi
-
 if [ "$IDN_LIBRARY" = "icu" ]
 then
    IDNA_LIBS="$ICU_FLAGS"
@@ -574,8 +551,6 @@ LUA_DIR_SET=$LUA_DIR_SET
 LUA_INCDIR=$LUA_INCDIR
 LUA_LIBDIR=$LUA_LIBDIR
 LUA_BINDIR=$LUA_BINDIR
-MULTIARCH_SUBDIR=$MULTIARCH_SUBDIR
-REQUIRE_CONFIG=$REQUIRE_CONFIG
 IDN_LIB=$IDN_LIB
 IDNA_LIBS=$IDNA_LIBS
 OPENSSL_LIBS=$OPENSSL_LIBS

core/certmanager.lua

@@ -107,6 +107,12 @@ local core_defaults = {
 	};
 	verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 	curve = "secp384r1";
+	curveslist = {
+		"X25519",
+		"P-384",
+		"P-256",
+		"P-521",
+	};
 	ciphers = {      -- Enabled ciphers in order of preference:
 		"HIGH+kEDH",   -- Ephemeral Diffie-Hellman key exchange, if a 'dhparam' file is set
 		"HIGH+kEECDH", -- Ephemeral Elliptic curve Diffie-Hellman key exchange
@@ -231,4 +237,5 @@ prosody.events.add_handler("config-reloaded", reload_ssl_config);
 return {
 	create_context = create_context;
 	reload_ssl_config = reload_ssl_config;
+	find_cert = find_cert;
 };

net/adns.lua

@@ -12,6 +12,7 @@ local new_resolver = require "net.dns".resolver;
 local log = require "util.logger".init("adns");
 
 local coroutine, tostring, pcall = coroutine, tostring, pcall;
+local setmetatable = setmetatable;
 
 local function dummy_send(sock, data, i, j) return (j-i)+1; end
 

plugins/mod_blocklist.lua

@@ -22,6 +22,7 @@ local jid_split = require"util.jid".split;
 
 local storage = module:open_store();
 local sessions = prosody.hosts[module.host].sessions;
+local full_sessions = prosody.full_sessions;
 
 -- First level cache of blocklists by username.
 -- Weak table so may randomly expire at any time.
@@ -271,8 +272,13 @@ local function bounce_iq(event)
 end
 
 local function bounce_message(event)
-	local type = event.stanza.attr.type;
+	local stanza = event.stanza;
+	local type = stanza.attr.type;
 	if type == "chat" or not type or type == "normal" then
+		if full_sessions[stanza.attr.to] then
+			-- See #690
+			return drop_stanza(event);
+		end
 		return bounce_stanza(event);
 	end
 	return drop_stanza(event); -- drop headlines, groupchats etc
@@ -305,7 +311,6 @@ local prio_in, prio_out = 100, 100;
 module:hook("presence/bare", drop_stanza, prio_in);
 module:hook("presence/full", drop_stanza, prio_in);
 
--- FIXME See #690
 module:hook("message/bare", bounce_message, prio_in);
 module:hook("message/full", bounce_message, prio_in);
 

prosody

@@ -93,7 +93,7 @@ function read_config()
 		print("\n");
 		print("**************************");
 		if level == "parser" then
-			print("A problem occurred while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua"..":");
+			print("A problem occured while reading the config file "..filename);
 			print("");
 			local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
 			if err:match("chunk has too many syntax levels$") then
@@ -105,7 +105,7 @@ function read_config()
 			print("");
 		elseif level == "file" then
 			print("Prosody was unable to find the configuration file.");
-			print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+			print("We looked for: "..filename);
 			print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
 			print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
 		end

prosody.cfg.lua.dist

@@ -65,7 +65,7 @@ modules_enabled = {
 
 	-- HTTP modules
 		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-		--"websockets"; -- XMPP over WebSockets
+		--"websocket"; -- XMPP over WebSockets
 		--"http_files"; -- Serve static files from a directory over HTTP
 
 	-- Other specific functionality

prosodyctl

@@ -91,13 +91,13 @@ do
 		print("\n");
 		print("**************************");
 		if level == "parser" then
-			print("A problem occured while reading the config file "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+			print("A problem occured while reading the config file "..filename);
 			local err_line, err_message = tostring(err):match("%[string .-%]:(%d*): (.*)");
 			print("Error"..(err_line and (" on line "..err_line) or "")..": "..(err_message or tostring(err)));
 			print("");
 		elseif level == "file" then
 			print("Prosody was unable to find the configuration file.");
-			print("We looked for: "..(CFG_CONFIGDIR or ".").."/prosody.cfg.lua");
+			print("We looked for: "..filename);
 			print("A sample config file is included in the Prosody download called prosody.cfg.lua.dist");
 			print("Copy or rename it to prosody.cfg.lua and edit as necessary.");
 		end
@@ -162,6 +162,17 @@ if have_pposix and pposix then
 		if not switched_user then
 			-- Boo!
 			print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err));
+		else
+			-- Make sure the Prosody user can read the config
+			local conf, err, errno = io.open(ENV_CONFIG);
+			if conf then
+				conf:close();
+			else
+				print("The config file is not readable by the '"..desired_user.."' user.");
+				print("Prosody will not be able to read it.");
+				print("Error was "..err);
+				os.exit(1);
+			end
 		end
 	end
 
@@ -892,18 +903,14 @@ function cert_commands.import(arg)
 		owner = config.get("*", "prosody_user") or "prosody";
 		group = config.get("*", "prosody_group") or owner;
 	end
+	local cm = require "core.certmanager";
 	local imported = {};
 	for _, host in ipairs(hostnames) do
 		for _, dir in ipairs(arg) do
-			if lfs.attributes(dir .. "/" .. host .. "/fullchain.pem")
-			and lfs.attributes(dir .. "/" .. host .. "/privkey.pem") then
-				copy(dir .. "/" .. host .. "/fullchain.pem", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
-				copy(dir .. "/" .. host .. "/privkey.pem", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
-				table.insert(imported, host);
-			elseif lfs.attributes(dir .. "/" .. host .. ".crt")
-			and lfs.attributes(dir .. "/" .. host .. ".key") then
-				copy(dir .. "/" .. host .. ".crt", cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
-				copy(dir .. "/" .. host .. ".key", cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
+			local paths = cm.find_cert(dir, host);
+			if paths then
+				copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
+				copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
 				table.insert(imported, host);
 			else
 				-- TODO Say where we looked

util/sslconfig.lua

@@ -63,6 +63,9 @@ function finalisers.ciphers(cipherlist)
 	return cipherlist;
 end
 
+-- Curve list too
+finalisers.curveslist = finalisers.ciphers;
+
 -- protocol = "x" should enable only that protocol
 -- protocol = "x+" should enable x and later versions
 

util/throttle.lua

@@ -1,7 +1,6 @@
 
 local gettime = require "util.time".now
 local setmetatable = setmetatable;
-local floor = math.floor;
 
 local _ENV = nil;