* [bug#69731] [PATCH 0/2] Fix prosody system test @ 2024-03-11 11:57 Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration Carlo Zancanaro ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Carlo Zancanaro @ 2024-03-11 11:57 UTC (permalink / raw) To: 69731; +Cc: Liliana Marie Prikler In a previous patch[1], Liliana found that the prosody system test was failing. I did some investigation, and found that this was because the saslauth module doesn't allow PLAIN or LOGIN authentication on insecure connections. There is a configuration item for this, but we didn't have it as a part of the Guix prosody-configuration objects, so I added it and then used it to make the test pass. [1]: https://issues.guix.gnu.org/69272#10 Carlo Zancanaro (2): gnu: services: Add insecure-sasl-mechanisms to prosody configuration. gnu: tests: Fix prosody system test. doc/guix.texi | 12 +++++++++--- gnu/services/messaging.scm | 6 ++++++ gnu/tests/messaging.scm | 2 +- 3 files changed, 16 insertions(+), 4 deletions(-) base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267 -- 2.41.0 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration. 2024-03-11 11:57 [bug#69731] [PATCH 0/2] Fix prosody system test Carlo Zancanaro @ 2024-03-11 11:59 ` Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 2/2] gnu: tests: Fix prosody system test Carlo Zancanaro 2024-03-11 17:24 ` [bug#69731] [PATCH 0/2] " Liliana Marie Prikler 2 siblings, 0 replies; 6+ messages in thread From: Carlo Zancanaro @ 2024-03-11 11:59 UTC (permalink / raw) To: 69731; +Cc: Liliana Marie Prikler * gnu/services/messaging.scm (prosody-configuration): Add insecure-sasl-mechanisms configuration option. * doc/guix.texi (Messaging Services): Document it. Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586 --- doc/guix.texi | 12 +++++++++--- gnu/services/messaging.scm | 6 ++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 858d5751bf..d9b55b3c1f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -28551,6 +28551,12 @@ Messaging Services Defaults to @samp{'("DIGEST-MD5")}. @end deftypevr +@deftypevr {@code{prosody-configuration} parameter} string-list insecure-sasl-mechanisms +Set of mechanisms that will not be offered on unencrypted connections. +See @url{https://prosody.im/doc/modules/mod_saslauth}. +Defaults to @samp{'("PLAIN" "LOGIN")}. +@end deftypevr + @deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption? Whether to force all server-to-server connections to be encrypted or not. See @url{https://prosody.im/doc/modules/mod_tls}. @@ -28630,7 +28636,7 @@ Messaging Services Available @code{virtualhost-configuration} fields are: -all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: @deftypevr {@code{virtualhost-configuration} parameter} string domain Domain you wish Prosody to serve. @end deftypevr @@ -28652,7 +28658,7 @@ Messaging Services Available @code{int-component-configuration} fields are: -all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: @deftypevr {@code{int-component-configuration} parameter} string hostname Hostname of the component. @end deftypevr @@ -28705,7 +28711,7 @@ Messaging Services Available @code{ext-component-configuration} fields are: -all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: +all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus: @deftypevr {@code{ext-component-configuration} parameter} string component-secret Password which the component will use to log in. @end deftypevr diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 9702170b3e..a914d0f89e 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -427,6 +427,12 @@ (define %default-modules-enabled @url{https://prosody.im/doc/modules/mod_saslauth}." common) + (insecure-sasl-mechanisms + (string-list '("PLAIN" "LOGIN")) + "Set of mechanisms that will not be offered on unencrypted connections. +See @url{https://prosody.im/doc/modules/mod_saslauth}." + common) + (s2s-require-encryption? (boolean #f) "Whether to force all server-to-server connections to be encrypted or not. -- 2.41.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#69731] [PATCH 2/2] gnu: tests: Fix prosody system test. 2024-03-11 11:57 [bug#69731] [PATCH 0/2] Fix prosody system test Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration Carlo Zancanaro @ 2024-03-11 11:59 ` Carlo Zancanaro 2024-03-11 17:24 ` [bug#69731] [PATCH 0/2] " Liliana Marie Prikler 2 siblings, 0 replies; 6+ messages in thread From: Carlo Zancanaro @ 2024-03-11 11:59 UTC (permalink / raw) To: 69731; +Cc: Liliana Marie Prikler The test was failing because the sasl module no longer accepts PLAIN auth on insecure connections. * gnu/tests/messaging.scm (%test-prosody): Configure test prosody to allow all auth types on insecure connections. Change-Id: I142f3b6ccbdde4bdde86ce0698fea7d5509fc200 --- gnu/tests/messaging.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm index 1e26c0ddea..dfcc92f7ed 100644 --- a/gnu/tests/messaging.scm +++ b/gnu/tests/messaging.scm @@ -145,7 +145,7 @@ (define %create-prosody-account (define %test-prosody (let* ((config (prosody-configuration - (disable-sasl-mechanisms '()) + (insecure-sasl-mechanisms '()) (virtualhosts (list (virtualhost-configuration -- 2.41.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#69731] [PATCH 0/2] Fix prosody system test 2024-03-11 11:57 [bug#69731] [PATCH 0/2] Fix prosody system test Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 2/2] gnu: tests: Fix prosody system test Carlo Zancanaro @ 2024-03-11 17:24 ` Liliana Marie Prikler 2024-03-12 1:01 ` Carlo Zancanaro 2 siblings, 1 reply; 6+ messages in thread From: Liliana Marie Prikler @ 2024-03-11 17:24 UTC (permalink / raw) To: Carlo Zancanaro, 69731 Am Montag, dem 11.03.2024 um 22:57 +1100 schrieb Carlo Zancanaro: > In a previous patch[1], Liliana found that the prosody system test > was failing. I did some investigation, and found that this was > because the saslauth module doesn't allow PLAIN or LOGIN > authentication on insecure connections. > > There is a configuration item for this, but we didn't have it as a > part of the Guix prosody-configuration objects, so I added it and > then used it to make the test pass. > > [1]: https://issues.guix.gnu.org/69272#10 > > Carlo Zancanaro (2): > gnu: services: Add insecure-sasl-mechanisms to prosody > configuration. > gnu: tests: Fix prosody system test. > > doc/guix.texi | 12 +++++++++--- > gnu/services/messaging.scm | 6 ++++++ > gnu/tests/messaging.scm | 2 +- > 3 files changed, 16 insertions(+), 4 deletions(-) > > > base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267 Nice catch. Would you also like to submit tests for the modules in 69272? Cheers ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#69731] [PATCH 0/2] Fix prosody system test 2024-03-11 17:24 ` [bug#69731] [PATCH 0/2] " Liliana Marie Prikler @ 2024-03-12 1:01 ` Carlo Zancanaro 2024-03-17 12:29 ` bug#69731: " Liliana Marie Prikler 0 siblings, 1 reply; 6+ messages in thread From: Carlo Zancanaro @ 2024-03-12 1:01 UTC (permalink / raw) To: Liliana Marie Prikler; +Cc: 69731 On Mon, Mar 11 2024, Liliana Marie Prikler wrote: > Nice catch. Would you also like to submit tests for the modules in > 69272? I'm not sure how to test them. I had a look at the Freetalk API, but it doesn't seem like it supports any of the XMPP features that those extra modules add. We'd need to use a different client (or send raw XML stanzas) to poke prosody in the right ways. I'm not prepared to do that amount of exploratory work right now. Carlo ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#69731: [PATCH 0/2] Fix prosody system test 2024-03-12 1:01 ` Carlo Zancanaro @ 2024-03-17 12:29 ` Liliana Marie Prikler 0 siblings, 0 replies; 6+ messages in thread From: Liliana Marie Prikler @ 2024-03-17 12:29 UTC (permalink / raw) To: Carlo Zancanaro; +Cc: 69731-done Am Dienstag, dem 12.03.2024 um 12:01 +1100 schrieb Carlo Zancanaro: > On Mon, Mar 11 2024, Liliana Marie Prikler wrote: > > Nice catch. Would you also like to submit tests for the modules in > > 69272? > > I'm not sure how to test them. I had a look at the Freetalk API, but > it doesn't seem like it supports any of the XMPP features that those > extra modules add. We'd need to use a different client (or send raw > XML stanzas) to poke prosody in the right ways. > > I'm not prepared to do that amount of exploratory work right now. Fair enough, I pushed what you already have. Cheers ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-03-17 12:31 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-11 11:57 [bug#69731] [PATCH 0/2] Fix prosody system test Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody configuration Carlo Zancanaro 2024-03-11 11:59 ` [bug#69731] [PATCH 2/2] gnu: tests: Fix prosody system test Carlo Zancanaro 2024-03-11 17:24 ` [bug#69731] [PATCH 0/2] " Liliana Marie Prikler 2024-03-12 1:01 ` Carlo Zancanaro 2024-03-17 12:29 ` bug#69731: " Liliana Marie Prikler
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.