GNU bug report logs - #69731
[PATCH 0/2] Fix prosody system test

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 69731 in the body.
You can then email your comments to 69731 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: guix-patches <at> gnu.org
Cc: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Subject: [PATCH 0/2] Fix prosody system test
Date: Mon, 11 Mar 2024 22:57:02 +1100

In a previous patch[1], Liliana found that the prosody system test was
failing. I did some investigation, and found that this was because the
saslauth module doesn't allow PLAIN or LOGIN authentication on insecure
connections.

There is a configuration item for this, but we didn't have it as a part of the
Guix prosody-configuration objects, so I added it and then used it to make the
test pass.

[1]: https://issues.guix.gnu.org/69272#10

Carlo Zancanaro (2):
  gnu: services: Add insecure-sasl-mechanisms to prosody configuration.
  gnu: tests: Fix prosody system test.

 doc/guix.texi              | 12 +++++++++---
 gnu/services/messaging.scm |  6 ++++++
 gnu/tests/messaging.scm    |  2 +-
 3 files changed, 16 insertions(+), 4 deletions(-)


base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267
-- 
2.41.0

Message #8 received at 69731 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: 69731 <at> debbugs.gnu.org
Cc: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Subject: [PATCH 1/2] gnu: services: Add insecure-sasl-mechanisms to prosody
 configuration.
Date: Mon, 11 Mar 2024 22:59:52 +1100

* gnu/services/messaging.scm (prosody-configuration): Add
insecure-sasl-mechanisms configuration option.
* doc/guix.texi (Messaging Services): Document it.

Change-Id: I8d9e42476ea8ad2f89b143ed4a66b4798e418586
---
 doc/guix.texi              | 12 +++++++++---
 gnu/services/messaging.scm |  6 ++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 858d5751bf..d9b55b3c1f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -28551,6 +28551,12 @@ Messaging Services
 Defaults to @samp{'("DIGEST-MD5")}.
 @end deftypevr
 
+@deftypevr {@code{prosody-configuration} parameter} string-list insecure-sasl-mechanisms
+Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}.
+Defaults to @samp{'("PLAIN" "LOGIN")}.
+@end deftypevr
+
 @deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
 Whether to force all server-to-server connections to be encrypted or not.
 See @url{https://prosody.im/doc/modules/mod_tls}.
@@ -28630,7 +28636,7 @@ Messaging Services
 
 Available @code{virtualhost-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{virtualhost-configuration} parameter} string domain
 Domain you wish Prosody to serve.
 @end deftypevr
@@ -28652,7 +28658,7 @@ Messaging Services
 
 Available @code{int-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{int-component-configuration} parameter} string hostname
 Hostname of the component.
 @end deftypevr
@@ -28705,7 +28711,7 @@ Messaging Services
 
 Available @code{ext-component-configuration} fields are:
 
-all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
+all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, @code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, @code{insecure-sasl-mechanisms}, @code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, @code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:
 @deftypevr {@code{ext-component-configuration} parameter} string component-secret
 Password which the component will use to log in.
 @end deftypevr
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 9702170b3e..a914d0f89e 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -427,6 +427,12 @@ (define %default-modules-enabled
 @url{https://prosody.im/doc/modules/mod_saslauth}."
      common)
 
+    (insecure-sasl-mechanisms
+     (string-list '("PLAIN" "LOGIN"))
+     "Set of mechanisms that will not be offered on unencrypted connections.
+See @url{https://prosody.im/doc/modules/mod_saslauth}."
+     common)
+
     (s2s-require-encryption?
      (boolean #f)
      "Whether to force all server-to-server connections to be encrypted or not.
-- 
2.41.0

Message #11 received at 69731 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: 69731 <at> debbugs.gnu.org
Cc: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Subject: [PATCH 2/2] gnu: tests: Fix prosody system test.
Date: Mon, 11 Mar 2024 22:59:53 +1100

The test was failing because the sasl module no longer accepts PLAIN auth on
insecure connections.

* gnu/tests/messaging.scm (%test-prosody): Configure test prosody to allow all
auth types on insecure connections.

Change-Id: I142f3b6ccbdde4bdde86ce0698fea7d5509fc200
---
 gnu/tests/messaging.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/tests/messaging.scm b/gnu/tests/messaging.scm
index 1e26c0ddea..dfcc92f7ed 100644
--- a/gnu/tests/messaging.scm
+++ b/gnu/tests/messaging.scm
@@ -145,7 +145,7 @@ (define %create-prosody-account
 
 (define %test-prosody
   (let* ((config (prosody-configuration
-                  (disable-sasl-mechanisms '())
+                  (insecure-sasl-mechanisms '())
                   (virtualhosts
                    (list
                     (virtualhost-configuration
-- 
2.41.0

Message #14 received at 69731 <at> debbugs.gnu.org (full text, mbox):

From: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
To: Carlo Zancanaro <carlo <at> zancanaro.id.au>, 69731 <at> debbugs.gnu.org
Subject: Re: [PATCH 0/2] Fix prosody system test
Date: Mon, 11 Mar 2024 18:24:14 +0100

Am Montag, dem 11.03.2024 um 22:57 +1100 schrieb Carlo Zancanaro:
> In a previous patch[1], Liliana found that the prosody system test
> was failing. I did some investigation, and found that this was
> because the saslauth module doesn't allow PLAIN or LOGIN
> authentication on insecure connections.
> 
> There is a configuration item for this, but we didn't have it as a
> part of the Guix prosody-configuration objects, so I added it and
> then used it to make the test pass.
> 
> [1]: https://issues.guix.gnu.org/69272#10
> 
> Carlo Zancanaro (2):
>   gnu: services: Add insecure-sasl-mechanisms to prosody
> configuration.
>   gnu: tests: Fix prosody system test.
> 
>  doc/guix.texi              | 12 +++++++++---
>  gnu/services/messaging.scm |  6 ++++++
>  gnu/tests/messaging.scm    |  2 +-
>  3 files changed, 16 insertions(+), 4 deletions(-)
> 
> 
> base-commit: 2a8018e42c0d9b81de56cf322043c797e443c267
Nice catch.  Would you also like to submit tests for the modules in
69272?

Cheers

Message #17 received at 69731 <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Cc: 69731 <at> debbugs.gnu.org
Subject: Re: [bug#69731] [PATCH 0/2] Fix prosody system test
Date: Tue, 12 Mar 2024 12:01:06 +1100

On Mon, Mar 11 2024, Liliana Marie Prikler wrote:
> Nice catch.  Would you also like to submit tests for the modules in
> 69272?

I'm not sure how to test them. I had a look at the Freetalk API, but it
doesn't seem like it supports any of the XMPP features that those extra
modules add. We'd need to use a different client (or send raw XML
stanzas) to poke prosody in the right ways.

I'm not prepared to do that amount of exploratory work right now.

Carlo

Message #22 received at 69731-done <at> debbugs.gnu.org (full text, mbox):

From: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
To: Carlo Zancanaro <carlo <at> zancanaro.id.au>
Cc: 69731-done <at> debbugs.gnu.org
Subject: Re: [bug#69731] [PATCH 0/2] Fix prosody system test
Date: Sun, 17 Mar 2024 13:29:27 +0100

Am Dienstag, dem 12.03.2024 um 12:01 +1100 schrieb Carlo Zancanaro:
> On Mon, Mar 11 2024, Liliana Marie Prikler wrote:
> > Nice catch.  Would you also like to submit tests for the modules in
> > 69272?
> 
> I'm not sure how to test them. I had a look at the Freetalk API, but
> it doesn't seem like it supports any of the XMPP features that those
> extra modules add. We'd need to use a different client (or send raw
> XML stanzas) to poke prosody in the right ways.
> 
> I'm not prepared to do that amount of exploratory work right now.
Fair enough, I pushed what you already have.

Cheers

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.