[bug#69731] [PATCH 0/2] Fix prosody system test

[bug#69731] [PATCH 0/2] Fix prosody system test

[Carlo Zancanaro]

In a previous patch[1], Liliana found that the prosody system test was
failing. I did some investigation, and found that this was because the
saslauth module doesn't allow PLAIN or LOGIN authentication on insecure
connections.

There is a configuration item for this, but we didn't have it as a part of the
Guix prosody-configuration objects, so I added it and then used it to make the
test pass.

[1]: https://issues.guix.gnu.org/69272#10

Carlo Zancanaro (2):
  gnu: services: Add insecure-sasl-mechanisms to prosody configuration.
  gnu: tests: Fix prosody system test.

 doc/guix.texi              | 12 +++++++++---
 gnu/services/messaging.scm |  6 ++++++
 gnu/tests/messaging.scm    |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)


base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267
-- 
2.41.0

[bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration.

[Carlo Zancanaro]

* gnu/services/messaging.scm (prosody-configuration): Add
insecure-sasl-mechanisms configuration option.
* doc/guix.texi (Messaging Services): Document it.

Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586
---
 doc/guix.texi              | 12 +++++++++---
 gnu/services/messaging.scm |  6 ++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 858d5751bf..d9b55b3c1f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -28551,6 +28551,12 @@ Messaging Services
 Defaults to @samp{'("DIGEST-MD5")}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} string-list insecure-sasl-mechanisms
+Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}.
+Defaults to @samp{'("PLAIN" "LOGIN")}.
+@end deftypevr
+
 @deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
 Whether to force all server-to-server connections to be encrypted or not.
 See @url{https://prosody.im/doc/modules/mod_tls}.
@@ -28630,7 +28636,7 @@ Messaging Services
 
 Available @code{virtualhost-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{virtualhost-configuration} parameter} string domain
 Domain you wish Prosody to serve.
 @end deftypevr
@@ -28652,7 +28658,7 @@ Messaging Services
 
 Available @code{int-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{int-component-configuration} parameter} string hostname
 Hostname of the component.
 @end deftypevr
@@ -28705,7 +28711,7 @@ Messaging Services
 
 Available @code{ext-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{ext-component-configuration} parameter} string component-secret
 Password which the component will use to log in.
 @end deftypevr
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 9702170b3e..a914d0f89e 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -427,6 +427,12 @@ (define %default-modules-enabled
 @url{https://prosody.im/doc/modules/mod_saslauth}."
      common)
 
+    (insecure-sasl-mechanisms
+     (string-list '("PLAIN" "LOGIN"))
+     "Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}."
+     common)
+
     (s2s-require-encryption?
      (boolean #f)
      "Whether to force all server-to-server connections to be encrypted or not.
-- 
2.41.0

[bug#69731] [PATCH 2/2] gnu: tests: Fix prosody system test.

[Carlo Zancanaro]

The test was failing because the sasl module no longer accepts PLAIN auth on
insecure connections.

* gnu/tests/messaging.scm (%test-prosody): Configure test prosody to allow all
auth types on insecure connections.

Change-Id: I142f3b6ccbdde4bdde86ce0698fea7d5509fc200
---
 gnu/tests/messaging.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index 1e26c0ddea..dfcc92f7ed 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -145,7 +145,7 @@ (define %create-prosody-account
 
 (define %test-prosody
   (let* ((config (prosody-configuration
-                  (disable-sasl-mechanisms '())
+                  (insecure-sasl-mechanisms '())
                   (virtualhosts
                    (list
                     (virtualhost-configuration
-- 
2.41.0

[bug#69731] [PATCH 0/2] Fix prosody system test

[Liliana Marie Prikler]

Am Montag, dem 11.03.2024 um 22:57 +1100 schrieb Carlo Zancanaro:
> In a previous patch[1], Liliana found that the prosody system test
> was failing. I did some investigation, and found that this was
> because the saslauth module doesn't allow PLAIN or LOGIN
> authentication on insecure connections.
> 
> There is a configuration item for this, but we didn't have it as a
> part of the Guix prosody-configuration objects, so I added it and
> then used it to make the test pass.
> 
> [1]: https://issues.guix.gnu.org/69272#10
> 
> Carlo Zancanaro (2):
>   gnu: services: Add insecure-sasl-mechanisms to prosody
> configuration.
>   gnu: tests: Fix prosody system test.
> 
>  doc/guix.texi              | 12 +++++++++---
>  gnu/services/messaging.scm |  6 ++++++
>  gnu/tests/messaging.scm    |  2 +-
>  3 files changed, 16 insertions(+), 4 deletions(-)
> 
> 
> base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267
Nice catch.  Would you also like to submit tests for the modules in
69272?

Cheers

[bug#69731] [PATCH 0/2] Fix prosody system test

[Carlo Zancanaro]

On Mon, Mar 11 2024, Liliana Marie Prikler wrote:
> Nice catch.  Would you also like to submit tests for the modules in
> 69272?

I'm not sure how to test them. I had a look at the Freetalk API, but it
doesn't seem like it supports any of the XMPP features that those extra
modules add. We'd need to use a different client (or send raw XML
stanzas) to poke prosody in the right ways.

I'm not prepared to do that amount of exploratory work right now.

Carlo

bug#69731: [PATCH 0/2] Fix prosody system test

[Liliana Marie Prikler]

Am Dienstag, dem 12.03.2024 um 12:01 +1100 schrieb Carlo Zancanaro:
> On Mon, Mar 11 2024, Liliana Marie Prikler wrote:
> > Nice catch.  Would you also like to submit tests for the modules in
> > 69272?
> 
> I'm not sure how to test them. I had a look at the Freetalk API, but
> it doesn't seem like it supports any of the XMPP features that those
> extra modules add. We'd need to use a different client (or send raw
> XML stanzas) to poke prosody in the right ways.
> 
> I'm not prepared to do that amount of exploratory work right now.
Fair enough, I pushed what you already have.

Cheers