This enables granting regular users permission to create nodes via the
new roles framework. Previously this required either making everyone an
admin or writing a custom mod_pubsub variant with different permission
details.
Previous default behavior of only allowing creation by admin is kept as
to not give out unexpected permissions on upgrade, but could be
reevaluated at a later time.
Fixes#1324
This is the time after liveness checks are performed via the respective
read-timeout event, which by default involves sending a space character
but could be overridden e.g. as is done by mod_smacks.
Only advertised, unsure what we would do with it.
This removes one manual (yet undocumented) step that was supposed to be
done to get a complete 'intermediate' configuration.
This file can be found on the Internet by searching for "ffdhe2048" and
can be verified by comparing the hexadecimal representation of p from
the RFC with the output of `openssl asn1parse`.
Given the preference and prevalence of ECDHE, it seems likely that few
would have noticed this.
This enables accepting admin stream socket (UNIX) connections trough the
same procedures as any other (TCP) socket, which avoids problems caused
by using the wrapclient API, which ends up discarding early data due to
only expecting early connection failure.
Fixes#1867
This change has various technical and social benefits. If ownership of a MUC
is really needed, it can be gained using the 'Set affiliation' ad-hoc command
or prosodyctl shell.
Example client incompatibility with the old behaviour:
- https://github.com/monal-im/Monal/issues/1085
Previously, prosodyctl only waits for the pidfile to appear, which does
not necessarily mean that Prosody is fully ready to receive traffic.
By waiting until Prosody says it's ready via the systemd notify socket
we know for sure that Prosody is really ready.
Notably this should ensure that when running `make integration-test`
Prosody is really ready when Scansion starts running tests.
Not sure if this timeout handling is optimal.
Allows creating listening sockets and accepting client connections
before Prosody starts.
This is unlike normal Prosody dynamic resource management, where ports
may added and removed at any time, and the ports defined by the config.
Weird things happen if these are closed (e.g. due to reload) so here we
prevent closing and ensure sockets are reused when opened again.
Allows e.g. restricting your vcard4 to only family or similar.
Notes: This does not include roster groups in the configuration form,
so the client will have to get them from the actual roster.
The code correctly inserted the ',' when there was already a "%q" in the
format string, but then the next argument would fail to match because it
inserted ", %q" instead of "%q". The code now matches both, ensuring the
generated code will not produce a syntax error with multiple arguments.
libunbound does not tell us the whole chain of CNAMEs, only the final
canonical name.
This is to aid in debugging since it will only be shown in the shell.
