From 5a14e3f755752b5652cb147a13ab670ccbab0fa1 Mon Sep 17 00:00:00 2001 From: John Livingston Date: Mon, 27 May 2024 16:32:40 +0200 Subject: [PATCH] New setting to listen C2S connection on non-localhost interfaces (#377). --- CHANGELOG.md | 6 ++++++ client/admin-plugin-client-plugin.ts | 1 + languages/en.yml | 15 +++++++++++++++ server/lib/prosody/config.ts | 14 +++++++++++++- server/lib/prosody/config/content.ts | 3 ++- server/lib/settings.ts | 9 +++++++++ .../content/en/documentation/admin/settings.md | 4 ++++ 7 files changed, 50 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 214fde9c..82a304a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ SPDX-License-Identifier: AGPL-3.0-only # Changelog +## ??? (Not Released Yet) + +### New features + +* #377: new setting to listen C2S connection on non-localhost interfaces. + ## 10.0.2 ### Minor changes and fixes diff --git a/client/admin-plugin-client-plugin.ts b/client/admin-plugin-client-plugin.ts index 6bc93c20..140df048 100644 --- a/client/admin-plugin-client-plugin.ts +++ b/client/admin-plugin-client-plugin.ts @@ -254,6 +254,7 @@ function register (clientOptions: RegisterClientOptions): void { const name = options.setting.name switch (name) { case 'prosody-c2s-port': + case 'prosody-c2s-interfaces': return options.formValues['prosody-c2s'] !== true case 'prosody-s2s-port': case 'prosody-s2s-interfaces': diff --git a/languages/en.yml b/languages/en.yml index 49010469..063f309f 100644 --- a/languages/en.yml +++ b/languages/en.yml @@ -301,6 +301,21 @@ prosody_c2s_port_description: | You can keep this port closed on your firewall for now, it will not be accessed from the outer world.
Note: this might change in a near future, as it is planned to add a feature to activate external connections. + +prosody_c2s_interfaces_label: "Client to server network interfaces" +prosody_c2s_interfaces_description: | + The network interfaces to listen on for client to server connections.
+ This settings is provided for advanced users. Don't change this settings if you don't fully understand what it means.
+ List of IP to listen on, coma separated (spaces will be stripped).
+ You can use «*» to listen on all IPv4 interfaces, and «::» for all IPv6.
+ Examples: + + prosody_components_label: "Enable custom Prosody external components" prosody_components_description: | Enable the use of external XMPP components.
diff --git a/server/lib/prosody/config.ts b/server/lib/prosody/config.ts index 13cba4cd..90e00c0b 100644 --- a/server/lib/prosody/config.ts +++ b/server/lib/prosody/config.ts @@ -161,6 +161,7 @@ async function getProsodyConfig (options: RegisterServerOptionsV5): Promise s.trim()) + // Check that there is no invalid values (to avoid injections): + c2sInterfaces.forEach(networkInterface => { + if (networkInterface === '*') return + if (networkInterface === '::') return + if (networkInterface.match(/^\d+\.\d+\.\d+\.\d+$/)) return + if (networkInterface.match(/^[a-f0-9:]+$/)) return + throw new Error('Invalid c2s interfaces') + }) + config.useC2S(c2sPort, c2sInterfaces) } if (enableComponents) { diff --git a/server/lib/prosody/config/content.ts b/server/lib/prosody/config/content.ts index b4e092d6..1d639a96 100644 --- a/server/lib/prosody/config/content.ts +++ b/server/lib/prosody/config/content.ts @@ -337,8 +337,9 @@ class ProsodyConfigContent { } } - useC2S (c2sPort: string): void { + useC2S (c2sPort: string, c2sInterfaces: string[]): void { this.global.set('c2s_ports', [c2sPort]) + this.global.set('c2s_interfaces', c2sInterfaces) } useS2S ( diff --git a/server/lib/settings.ts b/server/lib/settings.ts index 35012861..50d86280 100644 --- a/server/lib/settings.ts +++ b/server/lib/settings.ts @@ -632,6 +632,15 @@ function initChatServerAdvancedSettings ({ registerSetting }: RegisterServerOpti descriptionHTML: loc('prosody_c2s_port_description') }) + registerSetting({ + name: 'prosody-c2s-interfaces', + label: loc('prosody_c2s_interfaces_label'), + type: 'input', + default: '127.0.0.1, ::1', + private: true, + descriptionHTML: loc('prosody_c2s_interfaces_description') + }) + registerSetting({ name: 'prosody-components', label: loc('prosody_components_label'), diff --git a/support/documentation/content/en/documentation/admin/settings.md b/support/documentation/content/en/documentation/admin/settings.md index 4a23a01e..39d97e57 100644 --- a/support/documentation/content/en/documentation/admin/settings.md +++ b/support/documentation/content/en/documentation/admin/settings.md @@ -209,6 +209,10 @@ As example, this option can allow an instance of Matterbridge (once it could use {{% livechat_label prosody_c2s_port_description %}} +### {{% livechat_label prosody_c2s_interfaces_label %}} + +{{% livechat_label prosody_c2s_interfaces_description %}} + ### {{% livechat_label prosody_components_label %}} This settings enable XMPP external components to connect to the server.