Commit graph

12512 commits

Author SHA1 Message Date
Matthew Wild
a6265e45a0 net.stun: Add tests for serialization/deserialization 2022-03-04 16:13:05 +00:00
Kim Alvefur
7579bee6bb net.stun: Use util.bitcompat to deal with bit module variances across Lua versions 2022-03-04 16:58:28 +01:00
Kim Alvefur
1f257ecbb4 net.stun: Use util.strbitop
Improves performance since the whole procedure is done in C
2022-03-04 16:55:32 +01:00
Matthew Wild
b6bf4788aa prosodyctl: check dns: Allow admin to specify undiscoverable external IPs in config 2022-03-02 16:12:28 +00:00
Matthew Wild
79d9ce56ac prosodyctl: check dns: List discovered addresses for diagnostic purposes
It is very common to get the "unknown address" warning with this command, but
people do not always understand it, or know how to debug it. Now we clearly
show the addresses that prosodyctl discovered.
2022-03-02 16:02:42 +00:00
Matthew Wild
7198c65a15 util.prosodyctl: check: warn about unreferenced components, suggest disco_items 2022-03-02 15:45:24 +00:00
Matthew Wild
0fe2f4a527 util.prosodyctl: Warn about enabled public registration in 'check config' 2022-03-02 15:22:12 +00:00
Kim Alvefur
af95bb77e6 util.poll: Add support for the poll() API
Might be better than select(), more portable than epoll.
2022-02-23 20:31:03 +01:00
Kim Alvefur
04aa101da3 util.poll: Expose API (epoll or select) used
Could he handy to know for debugging or decisions
2022-02-27 14:36:43 +01:00
Kim Alvefur
22d734e305 util.poll: Restructure to make adding additional system APIs easier 2022-02-23 20:30:22 +01:00
Kim Alvefur
7f254b0e72 make: Split up install targets to allow different subset
The prosody-trunk nightly packages currently use the Debian dh-lua
framework to install core/, net/ and util/ into Lua-versioned directory
trees, while plugins and executables should still be installed like
before.
2022-02-13 16:53:56 +01:00
Kim Alvefur
c460117e3c core.portmanager: Fix traceback on attempt to get non-existent service
If there's no such interface:port then `data` is nil and `data.service`
errors.
2022-02-22 13:41:05 +01:00
Kim Alvefur
36512eca29 mod_c2s,mod_s2s: Fix error on shutdown (Thanks Martin)
Since there are two calls to done() that can happen, if the timing is
right (or wrong) both can happen, which previously triggered an error.
2022-02-22 14:17:27 +01:00
Kim Alvefur
ac06985604 util.async: Optionally allow too many 'done' callbacks
Sometimes, like in mod_c2s and mod_s2s during shutdown, all you want is
to wait for the first done() and not complicate things.
2022-02-22 14:17:10 +01:00
Kim Alvefur
1d20ec63e6 mod_c2s,mod_s2s: Wrap callback to improve tracebacks
Should make traces point here instead of timer dispatch, making
debugging easier
2022-02-22 12:35:31 +01:00
Kim Alvefur
e725335ed3 mod_carbons: Allow plugging into decision of whether to carbon-copy
Similar procedure as mod_csi_simple and mod_mam
2022-02-21 11:24:58 +01:00
Matthew Wild
6bd9bed561 Added tag 0.11.13 for changeset ebeb4d959fb3 2022-01-24 13:58:04 +00:00
Kim Alvefur
785d327308 util.xml: Deduplicate handlers for restricted XML
Makes the code more like util.xmppstream, allowing easier comparisons if
we ever need to apply fixes in the future.
2022-01-20 10:51:46 +01:00
Kim Alvefur
d17619344d util.xml: Break reference to help the GC (fix #1711)
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.

Code for checking:

	local xml_parse = require"util.xml".parse;
	for i = 1, 10000 do xml_parse("<root/>") end
	collectgarbage(); collectgarbage();
	print(collectgarbage("count"), "KiB");

A future release of LuaExpat may fix the underlying issue there.
2022-01-20 09:57:20 +01:00
Matthew Wild
695fb9b8fb Added tag 0.11.12 for changeset 783056b4e448 2022-01-13 12:18:49 +00:00
Jonas Schäfer
23a43df6fb util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.

In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.

This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.

This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
2022-01-10 18:23:54 +01:00
Kim Alvefur
e812ce9b4a Tag 0.11.11 2021-12-20 16:24:52 +01:00
Kim Alvefur
58b97fd7af mod_mam: Fix a comment
This is the noop that gets replaced later
2021-12-11 18:01:04 +01:00
Kim Alvefur
84ef8a73eb mod_mam: Allow plugging into archive decision
Similar procedure as mod_csi_simple
2021-12-10 22:37:32 +01:00
Kim Alvefur
dd1e42f499 core.certmanager: Ensure key exists for fullchain
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.

Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
2022-02-21 08:54:39 +01:00
Kim Alvefur
0e6391e736 mod_admin_shell: Use a table to show help sections
Because tables make everything better and more readable!
2022-02-20 00:24:18 +01:00
Kim Alvefur
6207ed871c CHANGES: Mention graceful shutdown 2022-02-18 23:20:24 +01:00
Kim Alvefur
b70a61be4c mod_c2s: Ignore unused event payload [luacheck] 2022-02-18 23:13:01 +01:00
Kim Alvefur
a8f4892fe3 mod_c2s,mod_s2s: Wait for sessions to close before proceeding with shutdown steps
Ensures unavailable presence and other outgoing stanzas are sent.

Waiting for c2s sessions to close first before proceeding to disable and
close s2s ensures that unavailable presence can go out, even if it
requires dialback to complete first.
2022-02-17 03:49:47 +01:00
Kim Alvefur
13dc49d1a7 mod_c2s: Close ports in a separate, earlier event from closing sessions
Lets other things step in and do things while c2s ports are closed, e.g.
mod_smacks, or other modules with port handlers that forward to c2s.
2022-02-18 14:25:22 +01:00
Kim Alvefur
14a7fdb2a8 mod_s2s: Disable creation of new outgoing connections during shutdown 2022-02-11 21:41:04 +01:00
Kim Alvefur
f56aaf1ba1 mod_c2s,mod_s2s: Disable and close port listeners before closing sessions
This ensures no new clients can start connecting during shutdown
2022-02-11 21:36:53 +01:00
Kim Alvefur
ca08584d74 mod_pep: Wipe pubsub service on user deletion
Data is already wiped from storage, but this ensures everything is
properly unsubscribed, possibly with notifications etc.

Clears recipient cache as well, since it is no longer relevant.
2021-11-04 01:00:06 +01:00
Kim Alvefur
db0e630ad7 mod_pep: Prevent creation of services for non-existent users
Using a dedicated service should give identical behavior, except for a
possible timing difference in the user existence lookup.
2021-11-04 00:55:59 +01:00
Kim Alvefur
4a89e829d4 mod_pep: Limit possible growth of node subscription info 2021-11-04 00:36:41 +01:00
Kim Alvefur
cc03265206 mod_pep: Limit possible growth of number of pubsub services 2021-11-04 00:35:44 +01:00
Kim Alvefur
a4491e8bd9 mod_pep: Don't pass pubsub services across reloads
Ensures configuration is refreshed, releases some memory.
2021-11-04 00:33:58 +01:00
Kim Alvefur
577c21a269 net.server_epoll: Process all queued events from epoll before timers
Should call timers less frequently when many sockets are waiting for
processing. May help under heavy load.

Requested by Ge0rG

Backport of 2bcd84123eba requested by Roi
2021-10-21 15:59:16 +02:00
Kim Alvefur
7ba9ee013c util.startup: Correctly point out unknown short param (fixes #1691) 2021-10-12 14:53:45 +02:00
Kim Alvefur
89f110bbf2 mod_posix: Run signal handlers in the startup thread 2021-10-06 14:50:47 +02:00
Kim Alvefur
aa20355fa2 prosody: Expose main thread on the 'prosody' global
To allow running things in it.
2021-10-06 14:49:26 +02:00
Kim Alvefur
cdea694e0d Merge wayward 0.11.10 tag commit 2021-10-01 00:21:49 +02:00
Kim Alvefur
24111569bb net.server_epoll: Add a hard deadline on shutdown to extra-fix #1670
Should ensure shutdown even if sockets somehow take a very long to get closed.
2021-09-20 14:38:08 +02:00
Kim Alvefur
6d5ff6d2be net.server_epoll: Close sockets added after shutdown signal (fixes #1670)
This should ensure that sockets get closed even if they are added after
the quit signal. Otherwise they may keep the server alive.
2021-09-20 14:42:18 +02:00
Kim Alvefur
8fe336b4a1 prosodyctl: Fix later import of LuaFileSystem
lfs or WHAT

How did this even happen?
2021-09-11 22:26:50 +02:00
Kim Alvefur
6be7cf935f net.server_epoll: Fix to preserve ids of readded timers
Likely affected rescheduling but have no reports of this.

After readding a timer, it would have been issued a new id. Rescheduling
would use the previous id, thus not working.
2021-08-31 12:58:38 +02:00
Lucas
5f69d4a129 makefile: fix prosody.version target
POSIX is quite explicit regarding the precedence of AND-OR lists [0]:

> The operators "&&" and "||" shall have equal precedence and shall be
> evaluated with left associativity. For example, both of the following
> commands write solely `bar` to standard output:
>       false && echo foo || echo bar
>       true || echo foo && echo bar

Given that, `prosody.version` target behaves as

	((((((test -f prosody.release && cp ...) ||
	    test -f ...) &&
	    sed ...) ||
	    test -f ...) &&
	    hexdump ...) ||
	    echo unknown > $@)

In the case of release tarballs, `prosody.release` does exist, so the
first AND pair is executed. Given that it's successful, then the first
`test -f` in the OR pair is ignored, and instead the `sed` in the AND
pair is executed. `sed` success, as `.hg_archival.txt` exists, making
the second `test -f` in the OR pair ignored, and `hexdump` in the AND
pair is executed. Now, given that `.hg` doesn't exist, it fails, so the
last `echo` is run, overwriting `prosody.version` with `unknown`.

This can be worked around placing `()` around the AND pairs. Decided to use
conditionals instead, as I think they better communicate the intention
of the block.

[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_09_03
2021-08-15 04:10:36 +00:00
Kim Alvefur
5ec33a42c1 Tag 0.11.10 2021-08-03 11:44:31 +02:00
Kim Alvefur
00735e4759 MUC: Fix logic for access to affiliation lists
Fixes https://prosody.im/security/advisory_20210722/

Backs out 4d7b925652d9
2021-07-22 17:18:39 +02:00
Matthew Wild
6367311519 mod_c2s: Indicate stream secure state in error text when no stream features to offer 2021-07-06 08:18:28 +01:00