local config = require "core.configmanager";
local certmanager = require "core.certmanager";
local server = require "net.server";
+local socket = require "socket";
local log = require "util.logger".init("portmanager");
local multitable = require "util.multitable";
--- Config
-local default_interfaces = { "*" };
-local default_local_interfaces = { "127.0.0.1" };
-if config.get("*", "use_ipv6") then
+local default_interfaces = { };
+local default_local_interfaces = { };
+if config.get("*", "use_ipv4") ~= false then
+ table.insert(default_interfaces, "*");
+ table.insert(default_local_interfaces, "127.0.0.1");
+end
+if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
table.insert(default_interfaces, "::");
table.insert(default_local_interfaces, "::1");
end
-- COPYING file in the source package for more information.
--
-local use_luaevent = prosody and require "core.configmanager".get("*", "core", "use_libevent");
+local use_luaevent = prosody and require "core.configmanager".get("*", "use_libevent");
if use_luaevent then
use_luaevent = pcall(require, "luaevent.core");
if prosody then
local config_get = require "core.configmanager".get;
+ local defaults = {};
+ for k,v in pairs(server.cfg or server.getsettings()) do
+ defaults[k] = v;
+ end
local function load_config()
- local settings = config_get("*", "core", "network_settings") or {};
+ local settings = config_get("*", "network_settings") or {};
if use_luaevent then
local event_settings = {
ACCEPT_DELAY = settings.event_accept_retry_interval;
WRITE_TIMEOUT = settings.send_timeout;
};
- for k, v in pairs(event_settings) do
- server.cfg[k] = v;
+ for k,default in pairs(defaults) do
+ server.cfg[k] = event_settings[k] or default;
end
else
- server.changesettings(settings);
+ local select_settings = {};
+ for k,default in pairs(defaults) do
+ select_settings[k] = settings[k] or default;
+ end
+ server.changesettings(select_settings);
end
end
load_config();
end
getsettings = function( )
- return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, nil, _maxselectlen, _maxsslhandshake, _maxfd
+ return {
+ select_timeout = _selecttimeout;
+ select_sleep_time = _sleeptime;
+ max_send_buffer_size = _maxsendlen;
+ max_receive_buffer_size = _maxreadlen;
+ select_idle_check_interval = _checkinterval;
+ send_timeout = _sendtimeout;
+ read_timeout = _readtimeout;
+ max_connections = _maxselectlen;
+ max_ssl_handshake_roundtrips = _maxsslhandshake;
+ highest_allowed_fd = _maxfd;
+ }
end
changesettings = function( new )
log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host);
return false;
end
+ if hosts[to_host] then
+ log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host);
+ return false;
+ end
local host = hosts[from_host].s2sout[to_host];
if host then
-- We have a connection to this host already
});
end
end
+ if hosts[host] then
+ session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
+ end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then
--- Helper to check that a session peer's certificate is valid
local function check_cert_status(session)
- local host = session.direction == "incoming" and session.from_host or session.to_host
+ local host = session.direction == "outgoing" and session.to_host or session.from_host
local conn = session.conn:socket()
local cert
if conn.getpeercertificate then
end
end
+ if hosts[from] then
+ session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" });
+ return;
+ end
+
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;
from = from, to = to,
}
local local_host = session.direction == "outgoing" and from or to;
- if not local_host or hosts[local_host].modules.dialback then
+ if not local_host or (hosts[local_host] and hosts[local_host].modules.dialback) then
attr["xmlns:db"] = 'jabber:server:dialback';
end
host_session.connecting = nil;
if answer and #answer > 0 then
log("debug", "%s has SRV records, handling...", to_host);
- local srv_hosts = {};
+ local srv_hosts = { answer = answer };
host_session.srv_hosts = srv_hosts;
for _, record in ipairs(answer) do
t_insert(srv_hosts, record.srv);
local from_host, to_host = host_session.from_host, host_session.to_host;
+ -- Reset secure flag in case this is another
+ -- connection attempt after a failed STARTTLS
+ host_session.secure = nil;
+
local conn, handler;
if connect_host.proto == "IPv4" then
conn, handler = socket.tcp();
prosody.full_sessions = full_sessions;
prosody.hosts = hosts;
- local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
- local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+ local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+ local custom_plugin_paths = config.get("*", "plugin_paths");
if custom_plugin_paths then
local path_sep = package.config:sub(3,3);
-- path1;path2;path3;defaultpath...
os.exit(1);
end
end
-local original_logging_config = config.get("*", "core", "log");
-config.set("*", "core", "log", { { levels = { min="info" }, to = "console" } });
+local original_logging_config = config.get("*", "log");
+config.set("*", "log", { { levels = { min="info" }, to = "console" } });
-local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data";
-local custom_plugin_paths = config.get("*", "core", "plugin_paths");
+local data_path = config.get("*", "data_path") or CFG_DATADIR or "data";
+local custom_plugin_paths = config.get("*", "plugin_paths");
if custom_plugin_paths then
local path_sep = package.config:sub(3,3);
-- path1;path2;path3;defaultpath...
current_uid = pposix.getuid();
if current_uid == 0 then
-- We haz root!
- local desired_user = config.get("*", "core", "prosody_user") or "prosody";
- local desired_group = config.get("*", "core", "prosody_group") or desired_user;
+ local desired_user = config.get("*", "prosody_user") or "prosody";
+ local desired_group = config.get("*", "prosody_group") or desired_user;
local ok, err = pposix.setgid(desired_group);
if ok then
ok, err = pposix.initgroups(desired_user);
end
-- Set our umask to protect data files
- pposix.umask(config.get("*", "core", "umask") or "027");
+ pposix.umask(config.get("*", "umask") or "027");
pposix.setenv("HOME", data_path);
pposix.setenv("PROSODY_CONFIG", ENV_CONFIG);
else
local show_prompt = prosodyctl.show_prompt;
local read_password = prosodyctl.read_password;
-local prosodyctl_timeout = (config.get("*", "core", "prosodyctl_timeout") or 5) * 2;
+local prosodyctl_timeout = (config.get("*", "prosodyctl_timeout") or 5) * 2;
-----------------------
local commands = {};
local command = arg[1];
local ok, ret = prosodyctl.start();
if ok then
- if config.get("*", "core", "daemonize") ~= false then
+ if config.get("*", "daemonize") ~= false then
local i=1;
while true do
local ok, running = prosodyctl.isrunning();