mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 0.11->trunk

Browse source
This commit is contained in:
Matthew Wild 2020-09-30 09:50:33 +01:00
commit 785c20f6ee
246 changed files with 14824 additions and 5598 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.busted
View file

@ -2,7 +2,7 @@ return {
_all = {
},
default = {
["exclude-tags"] = "mod_bosh,storage";
["exclude-tags"] = "mod_bosh,storage,SLOW";
};
bosh = {
tags = "mod_bosh";

66
.luacheckrc
View file

@ -1,7 +1,8 @@
cache = true
codes = true
ignore = { "411/err", "421/err", "411/ok", "421/ok", "211/_ENV", "431/log", "143/table", "113/unpack" }
ignore = { "411/err", "421/err", "411/ok", "421/ok", "211/_ENV", "431/log", }
std = "lua53c"
max_line_length = 150
read_globals = {
@ -33,7 +34,6 @@ files["plugins/"] = {
"module.name",
"module.host",
"module._log",
"module.log",
"module.event_handlers",
"module.reloading",
"module.saved_state",
@ -64,12 +64,15 @@ files["plugins/"] = {
"module.get_option_scalar",
"module.get_option_set",
"module.get_option_string",
"module.get_status",
"module.handle_items",
"module.hook",
"module.hook_global",
"module.hook_object_event",
"module.hook_tag",
"module.load_resource",
"module.log",
"module.log_status",
"module.measure",
"module.measure_event",
"module.measure_global_event",
@ -79,7 +82,9 @@ files["plugins/"] = {
"module.remove_item",
"module.require",
"module.send",
"module.send_iq",
"module.set_global",
"module.set_status",
"module.shared",
"module.unhook",
"module.unhook_object_event",
@ -123,46 +128,37 @@ files["prosody.cfg.lua"] = {
if os.getenv("PROSODY_STRICT_LINT") ~= "1" then
-- These files have not yet been brought up to standard
-- Do not add more files here, but do help us fix these!
unused_secondaries = false
local exclude_files = {
"doc/net.server.lua";
"doc/net.server.lua";
"fallbacks/bit.lua";
"fallbacks/lxp.lua";
"fallbacks/bit.lua";
"fallbacks/lxp.lua";
"net/adns.lua";
"net/cqueues.lua";
"net/dns.lua";
"net/server_select.lua";
"net/dns.lua";
"net/server_select.lua";
"plugins/mod_storage_sql1.lua";
"plugins/mod_storage_sql1.lua";
"spec/core_configmanager_spec.lua";
"spec/core_moduleapi_spec.lua";
"spec/net_http_parser_spec.lua";
"spec/util_events_spec.lua";
"spec/util_http_spec.lua";
"spec/util_ip_spec.lua";
"spec/util_multitable_spec.lua";
"spec/util_rfc6724_spec.lua";
"spec/util_throttle_spec.lua";
"spec/util_xmppstream_spec.lua";
"spec/core_moduleapi_spec.lua";
"spec/util_http_spec.lua";
"spec/util_ip_spec.lua";
"spec/util_multitable_spec.lua";
"spec/util_rfc6724_spec.lua";
"spec/util_throttle_spec.lua";
"tools/ejabberd2prosody.lua";
"tools/ejabberdsql2prosody.lua";
"tools/erlparse.lua";
"tools/jabberd14sql2prosody.lua";
"tools/migration/migrator.cfg.lua";
"tools/migration/migrator/jabberd14.lua";
"tools/migration/migrator/mtools.lua";
"tools/migration/migrator/prosody_files.lua";
"tools/migration/migrator/prosody_sql.lua";
"tools/migration/prosody-migrator.lua";
"tools/openfire2prosody.lua";
"tools/xep227toprosody.lua";
"util/sasl/digest-md5.lua";
"tools/ejabberd2prosody.lua";
"tools/ejabberdsql2prosody.lua";
"tools/erlparse.lua";
"tools/jabberd14sql2prosody.lua";
"tools/migration/migrator.cfg.lua";
"tools/migration/migrator/jabberd14.lua";
"tools/migration/migrator/mtools.lua";
"tools/migration/migrator/prosody_files.lua";
"tools/migration/migrator/prosody_sql.lua";
"tools/migration/prosody-migrator.lua";
"tools/openfire2prosody.lua";
"tools/xep227toprosody.lua";
}
for _, file in ipairs(exclude_files) do
files[file] = { only = {} }

22
CHANGES
View file

@ -1,3 +1,25 @@
TRUNK
=====
- Module statuses
- SNI support (not completely finished)
- CORS handling now provided by mod\_http
- CSI improvements
- mod\_limits: Exempted JIDs
- Archive quotas
- mod\_mimicking
- Rewritten migrator
- SCRAM-SHA-256
- Bi-directional server-to-server (XEP-0288)
- Built-in HTTP server now handles HEAD requests
- MUC presence broadcast controls
- ALPN support in mod\_net\_multiplex
- `daemonize` option deprecated
- SASL DIGEST-MD5 removed
- Switch to libunbound for DNS queries
- mod_external_services (XEP-0215)
- util.error for encapsulating errors
0.11.0
======

9
CONTRIBUTING Normal file
View file

@ -0,0 +1,9 @@
Thanks for your interest in contributing to the project!
There are many ways to contribute, such as helping improve the
documentation, reporting bugs, spreading the word or testing the latest
development version.
You can find more information on how to contribute at <https://prosody.im/doc/contributing>
See also the HACKERS and README files.

15
GNUmakefile
View file

@ -21,6 +21,7 @@ MKDIR_PRIVATE=$(MKDIR) -m750
LUACHECK=luacheck
BUSTED=busted
SCANSION=scansion
.PHONY: all test coverage clean install
@ -48,9 +49,12 @@ install: prosody.install prosodyctl.install prosody.cfg.lua.install util/encodin
$(INSTALL_DATA) util/*.so $(SOURCE)/util
$(MKDIR) $(SOURCE)/util/sasl
$(INSTALL_DATA) util/sasl/*.lua $(SOURCE)/util/sasl
$(MKDIR) $(MODULES)/mod_s2s $(MODULES)/mod_pubsub $(MODULES)/adhoc $(MODULES)/muc $(MODULES)/mod_mam
$(MKDIR) $(SOURCE)/util/human
$(INSTALL_DATA) util/human/*.lua $(SOURCE)/util/human
$(MKDIR) $(SOURCE)/util/prosodyctl
$(INSTALL_DATA) util/prosodyctl/*.lua $(SOURCE)/util/prosodyctl
$(MKDIR) $(MODULES)/mod_pubsub $(MODULES)/adhoc $(MODULES)/muc $(MODULES)/mod_mam
$(INSTALL_DATA) plugins/*.lua $(MODULES)
$(INSTALL_DATA) plugins/mod_s2s/*.lua $(MODULES)/mod_s2s
$(INSTALL_DATA) plugins/mod_pubsub/*.lua $(MODULES)/mod_pubsub
$(INSTALL_DATA) plugins/adhoc/*.lua $(MODULES)/adhoc
$(INSTALL_DATA) plugins/muc/*.lua $(MODULES)/muc
@ -71,6 +75,13 @@ clean:
test:
$(BUSTED) --lua=$(RUNWITH)
integration-test: all
$(MKDIR) data
$(RUNWITH) prosodyctl --config ./spec/scansion/prosody.cfg.lua start
$(SCANSION) -d ./spec/scansion; R=$$? \
$(RUNWITH) prosodyctl --config ./spec/scansion/prosody.cfg.lua stop \
exit $$R
coverage:
-rm -- luacov.*
$(BUSTED) --lua=$(RUNWITH) -c

2
HACKERS
View file

@ -5,7 +5,7 @@ involved you can join us on our mailing list and discussion rooms. More
information on these at https://prosody.im/discuss
Patches are welcome, though before sending we would appreciate if you read
docs/coding_style.txt for guidelines on how to format your code, and other tips.
docs/coding_style.md for guidelines on how to format your code, and other tips.
Documentation for developers can be found at https://prosody.im/doc/developers

6
README
View file

@ -12,12 +12,13 @@ rapidly prototype new protocols.
Homepage: https://prosody.im/
Download: https://prosody.im/download
Documentation: https://prosody.im/doc/
Issue tracker: https://issues.prosody.im/
Jabber/XMPP Chat:
Address:
prosody@conference.prosody.im
Web interface:
https://prosody.im/webchat
https://chat.prosody.im/
Mailing lists:
User support and discussion:
@ -26,9 +27,6 @@ Mailing lists:
Development discussion:
https://groups.google.com/group/prosody-dev
Issue tracker changes:
https://groups.google.com/group/prosody-issues
## Installation
See the accompanying INSTALL file for help on building Prosody from source. Alternatively

1
TODO
View file

@ -1,5 +1,4 @@
== 1.0 ==
- Roster providers
- Statistics
- Clustering
- World domination

190
configure vendored
View file

@ -23,7 +23,8 @@ EXCERTS="yes"
PRNG=
PRNGLIBS=
CFLAGS="-fPIC -Wall -pedantic -std=c99"
CFLAGS="-fPIC -std=c99"
CFLAGS="$CFLAGS -Wall -pedantic -Wextra -Wshadow -Wformat=2"
LDFLAGS="-shared"
IDN_LIBRARY="idn"
@ -152,74 +153,8 @@ do
SYSCONFDIR_SET=yes
;;
--ostype)
# TODO make this a switch?
OSPRESET="$value"
if [ "$OSPRESET" = "debian" ]; then
if [ "$LUA_SUFFIX_SET" != "yes" ]; then
LUA_SUFFIX="5.1";
LUA_SUFFIX_SET=yes
fi
if [ "$RUNWITH_SET" != "yes" ]; then
RUNWITH="lua$LUA_SUFFIX";
RUNWITH_SET=yes
fi
LUA_INCDIR="/usr/include/lua$LUA_SUFFIX"
LUA_INCDIR_SET=yes
CFLAGS="$CFLAGS -ggdb"
fi
if [ "$OSPRESET" = "macosx" ]; then
LUA_INCDIR=/usr/local/include;
LUA_INCDIR_SET=yes
LUA_LIBDIR=/usr/local/lib
LUA_LIBDIR_SET=yes
CFLAGS="$CFLAGS -mmacosx-version-min=10.3"
LDFLAGS="-bundle -undefined dynamic_lookup"
fi
if [ "$OSPRESET" = "linux" ]; then
LUA_INCDIR=/usr/local/include;
LUA_INCDIR_SET=yes
LUA_LIBDIR=/usr/local/lib
LUA_LIBDIR_SET=yes
CFLAGS="$CFLAGS -ggdb"
fi
if [ "$OSPRESET" = "freebsd" ] || [ "$OSPRESET" = "openbsd" ]; then
LUA_INCDIR="/usr/local/include/lua51"
LUA_INCDIR_SET=yes
CFLAGS="-Wall -fPIC -I/usr/local/include"
LDFLAGS="-I/usr/local/include -L/usr/local/lib -shared"
LUA_SUFFIX="51"
LUA_SUFFIX_SET=yes
LUA_DIR=/usr/local
LUA_DIR_SET=yes
CC=cc
LD=ld
fi
if [ "$OSPRESET" = "openbsd" ]; then
LUA_INCDIR="/usr/local/include";
LUA_INCDIR_SET="yes"
fi
if [ "$OSPRESET" = "netbsd" ]; then
LUA_INCDIR="/usr/pkg/include/lua-5.1"
LUA_INCDIR_SET=yes
LUA_LIBDIR="/usr/pkg/lib/lua/5.1"
LUA_LIBDIR_SET=yes
CFLAGS="-Wall -fPIC -I/usr/pkg/include"
LDFLAGS="-L/usr/pkg/lib -Wl,-rpath,/usr/pkg/lib -shared"
fi
if [ "$OSPRESET" = "pkg-config" ]; then
if [ "$LUA_SUFFIX_SET" != "yes" ]; then
LUA_SUFFIX="5.1";
LUA_SUFFIX_SET=yes
fi
LUA_CF="$(pkg-config --cflags-only-I lua$LUA_SUFFIX)"
LUA_CF="${LUA_CF#*-I}"
LUA_CF="${LUA_CF%% *}"
if [ "$LUA_CF" != "" ]; then
LUA_INCDIR="$LUA_CF"
LUA_INCDIR_SET=yes
fi
CFLAGS="$CFLAGS"
fi
OSPRESET_SET="yes"
;;
--libdir)
LIBDIR="$value"
@ -237,7 +172,7 @@ do
--lua-version|--with-lua-version)
[ -n "$value" ] || die "Missing value in flag $key."
LUA_VERSION="$value"
[ "$LUA_VERSION" = "5.1" ] || [ "$LUA_VERSION" = "5.2" ] || [ "$LUA_VERSION" = "5.3" ] || die "Invalid Lua version in flag $key."
[ "$LUA_VERSION" = "5.1" ] || [ "$LUA_VERSION" = "5.2" ] || [ "$LUA_VERSION" = "5.3" ] || [ "$LUA_VERSION" = "5.4" ] || die "Invalid Lua version in flag $key."
LUA_VERSION_SET=yes
;;
--with-lua)
@ -318,6 +253,66 @@ do
shift
done
if [ "$OSPRESET_SET" = "yes" ]; then
# TODO make this a switch?
if [ "$OSPRESET" = "debian" ]; then
CFLAGS="$CFLAGS -ggdb"
fi
if [ "$OSPRESET" = "macosx" ]; then
if [ "$LUA_INCDIR_SET" != "yes" ]; then
LUA_INCDIR=/usr/local/include;
LUA_INCDIR_SET=yes
fi
if [ "$LUA_LIBDIR_SET" != "yes" ]; then
LUA_LIBDIR=/usr/local/lib
LUA_LIBDIR_SET=yes
fi
CFLAGS="$CFLAGS -mmacosx-version-min=10.3"
LDFLAGS="-bundle -undefined dynamic_lookup"
fi
if [ "$OSPRESET" = "linux" ]; then
CFLAGS="$CFLAGS -ggdb"
fi
if [ "$OSPRESET" = "freebsd" ] || [ "$OSPRESET" = "openbsd" ]; then
LUA_INCDIR="/usr/local/include/lua51"
LUA_INCDIR_SET=yes
CFLAGS="-Wall -fPIC -I/usr/local/include"
LDFLAGS="-I/usr/local/include -L/usr/local/lib -shared"
LUA_SUFFIX="51"
LUA_SUFFIX_SET=yes
LUA_DIR=/usr/local
LUA_DIR_SET=yes
CC=cc
LD=ld
fi
if [ "$OSPRESET" = "openbsd" ]; then
LUA_INCDIR="/usr/local/include";
LUA_INCDIR_SET="yes"
fi
if [ "$OSPRESET" = "netbsd" ]; then
LUA_INCDIR="/usr/pkg/include/lua-5.1"
LUA_INCDIR_SET=yes
LUA_LIBDIR="/usr/pkg/lib/lua/5.1"
LUA_LIBDIR_SET=yes
CFLAGS="-Wall -fPIC -I/usr/pkg/include"
LDFLAGS="-L/usr/pkg/lib -Wl,-rpath,/usr/pkg/lib -shared"
fi
if [ "$OSPRESET" = "pkg-config" ]; then
if [ "$LUA_SUFFIX_SET" != "yes" ]; then
LUA_SUFFIX="5.1";
LUA_SUFFIX_SET=yes
fi
LUA_CF="$(pkg-config --cflags-only-I lua$LUA_SUFFIX)"
LUA_CF="${LUA_CF#*-I}"
LUA_CF="${LUA_CF%% *}"
if [ "$LUA_CF" != "" ]; then
LUA_INCDIR="$LUA_CF"
LUA_INCDIR_SET=yes
fi
CFLAGS="$CFLAGS"
fi
fi
if [ "$PREFIX_SET" = "yes" ] && [ ! "$SYSCONFDIR_SET" = "yes" ]
then
if [ "$PREFIX" = "/usr" ]
@ -340,7 +335,7 @@ then
fi
detect_lua_version() {
detected_lua=$("$1" -e 'print(_VERSION:match(" (5%.[123])$"))' 2> /dev/null)
detected_lua=$("$1" -e 'print(_VERSION:match(" (5%.[1234])$"))' 2> /dev/null)
if [ "$detected_lua" != "nil" ]
then
if [ "$LUA_VERSION_SET" != "yes" ]
@ -403,8 +398,14 @@ then
elif [ "$LUA_VERSION_SET" = "yes" ] && [ "$LUA_VERSION" = "5.3" ]
then
suffixes="5.3 53 -5.3 -53"
elif [ "$LUA_VERSION_SET" = "yes" ] && [ "$LUA_VERSION" = "5.4" ]
then
suffixes="5.4 54 -5.4 -54"
else
suffixes="5.1 51 -5.1 -51 5.2 52 -5.2 -52 5.3 53 -5.3 -53"
suffixes="5.1 51 -5.1 -51"
suffixes="$suffixes 5.2 52 -5.2 -52"
suffixes="$suffixes 5.3 53 -5.3 -53"
suffixes="$suffixes 5.4 54 -5.4 -54"
fi
for suffix in "" $suffixes
do
@ -464,30 +465,46 @@ then
LUA_LIBDIR="$LUA_DIR/lib"
fi
echo_n "Checking Lua includes... "
lua_h="$LUA_INCDIR/lua.h"
echo_n "Looking for lua.h at $lua_h..."
if [ -f "$lua_h" ]
then
echo "lua.h found in $lua_h"
echo found
else
v_dir="$LUA_INCDIR/lua/$LUA_VERSION"
lua_h="$v_dir/lua.h"
if [ -f "$lua_h" ]
then
echo "lua.h found in $lua_h"
echo "not found"
for postfix in "$LUA_VERSION" "$LUA_SUFFIX"; do
if ! [ "$postfix" = "" ]; then
v_dir="$LUA_INCDIR/lua/$postfix";
else
v_dir="$LUA_INCDIR/lua";
fi
lua_h="$v_dir/lua.h"
echo_n "Looking for lua.h at $lua_h..."
if [ -f "$lua_h" ]
then
LUA_INCDIR="$v_dir"
else
d_dir="$LUA_INCDIR/lua$LUA_VERSION"
echo found
break;
else
echo "not found"
d_dir="$LUA_INCDIR/lua$postfix"
lua_h="$d_dir/lua.h"
echo_n "Looking for lua.h at $lua_h..."
if [ -f "$lua_h" ]
then
echo "lua.h found in $lua_h (Debian/Ubuntu)"
LUA_INCDIR="$d_dir"
echo found
LUA_INCDIR="$d_dir"
break;
else
echo "lua.h not found (looked in $LUA_INCDIR, $v_dir, $d_dir)"
die "You may want to use the flag --with-lua or --with-lua-include. See --help."
echo "not found"
fi
fi
fi
done
if [ ! -f "$lua_h" ]; then
echo "lua.h not found."
echo
die "You may want to use the flag --with-lua or --with-lua-include. See --help."
fi
fi
if [ "$lua_interp_found" = "yes" ]
@ -507,7 +524,7 @@ fi
if [ "$IDN_LIBRARY" = "icu" ]
then
IDNA_LIBS="$ICU_FLAGS"
CFLAGS="$CFLAGS -DUSE_STRINGPREP_ICU"
IDNA_FLAGS="-DUSE_STRINGPREP_ICU"
fi
if [ "$IDN_LIBRARY" = "idn" ]
then
@ -552,6 +569,7 @@ LUA_INCDIR=$LUA_INCDIR
LUA_LIBDIR=$LUA_LIBDIR
LUA_BINDIR=$LUA_BINDIR
IDN_LIB=$IDN_LIB
IDNA_FLAGS=$IDNA_FLAGS
IDNA_LIBS=$IDNA_LIBS
OPENSSL_LIBS=$OPENSSL_LIBS
CFLAGS=$CFLAGS

20
core/certmanager.lua
View file

@ -20,7 +20,6 @@ end
local configmanager = require "core.configmanager";
local log = require "util.logger".init("certmanager");
local ssl_context = ssl.context or softreq"ssl.context";
local ssl_x509 = ssl.x509 or softreq"ssl.x509";
local ssl_newcontext = ssl.newcontext;
local new_config = require"util.sslconfig".new;
local stat = require "lfs".attributes;
@ -38,6 +37,9 @@ local config_path = prosody.paths.config or ".";
local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
-- TODO Use ssl.config instead of require here once we are sure that the fix
-- in LuaSec has been widely distributed
-- https://github.com/brunoos/luasec/issues/149
local luasec_has = softreq"ssl.config" or {
algorithms = {
ec = luasec_version >= 5;
@ -108,7 +110,7 @@ local core_defaults = {
capath = "/etc/ssl/certs";
depth = 9;
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
verify = "none";
options = {
cipher_server_preference = luasec_has.options.cipher_server_preference;
no_ticket = luasec_has.options.no_ticket;
@ -150,13 +152,6 @@ local path_options = { -- These we pass through resolve_path()
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}
if luasec_version < 5 and ssl_x509 then
-- COMPAT mw/luasec-hg
for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);
end
end
local function create_context(host, mode, ...)
local cfg = new_config();
cfg:apply(core_defaults);
@ -179,8 +174,10 @@ local function create_context(host, mode, ...)
local user_ssl_config = cfg:final();
if mode == "server" then
if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end
if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end
if not user_ssl_config.certificate then
log("info", "No certificate present in SSL/TLS configuration for %s. SNI will be required.", host);
end
if user_ssl_config.certificate and not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end
end
for option in pairs(path_options) do
@ -260,4 +257,5 @@ return {
create_context = create_context;
reload_ssl_config = reload_ssl_config;
find_cert = find_cert;
find_host_cert = find_host_cert;
};

48
core/configmanager.lua
View file

@ -7,15 +7,16 @@
--
local _G = _G;
local setmetatable, rawget, rawset, io, os, error, dofile, type, pairs =
setmetatable, rawget, rawset, io, os, error, dofile, type, pairs;
local format, math_max = string.format, math.max;
local setmetatable, rawget, rawset, io, os, error, dofile, type, pairs, ipairs =
setmetatable, rawget, rawset, io, os, error, dofile, type, pairs, ipairs;
local format, math_max, t_insert = string.format, math.max, table.insert;
local envload = require"util.envload".envload;
local deps = require"util.dependencies";
local resolve_relative_path = require"util.paths".resolve_relative_path;
local glob_to_pattern = require"util.paths".glob_to_pattern;
local path_sep = package.config:sub(1,1);
local get_traceback_table = require "util.debug".get_traceback_table;
local encodings = deps.softreq"util.encodings";
local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end
@ -100,8 +101,18 @@ end
-- Built-in Lua parser
do
local pcall = _G.pcall;
local function get_line_number(config_file)
local tb = get_traceback_table(nil, 2);
for i = 1, #tb do
if tb[i].info.short_src == config_file then
return tb[i].info.currentline;
end
end
end
parser = {};
function parser.load(data, config_file, config_table)
local set_options = {}; -- set_options[host.."/"..option_name] = true (when the option has been set already in this file)
local warnings = {};
local env;
-- The ' = true' are needed so as not to set off __newindex when we assign the functions below
env = setmetatable({
@ -115,13 +126,26 @@ do
return rawget(_G, k);
end,
__newindex = function (_, k, v)
local host = env.__currenthost or "*";
local option_path = host.."/"..k;
if set_options[option_path] then
t_insert(warnings, ("%s:%d: Duplicate option '%s'"):format(config_file, get_line_number(config_file), k));
end
set_options[option_path] = true;
set(config_table, env.__currenthost or "*", k, v);
end
});
rawset(env, "__currenthost", "*") -- Default is global
function env.VirtualHost(name)
name = nameprep(name);
if not name then
error("Host must have a name", 2);
end
local prepped_name = nameprep(name);
if not prepped_name then
error(format("Name of Host %q contains forbidden characters", name), 0);
end
name = prepped_name;
if rawget(config_table, name) and rawget(config_table[name], "component_module") then
error(format("Host %q clashes with previously defined %s Component %q, for services use a sub-domain like conference.%s",
name, config_table[name].component_module:gsub("^%a+$", { component = "external", muc = "MUC"}), name, name), 0);
@ -139,7 +163,14 @@ do
env.Host, env.host = env.VirtualHost, env.VirtualHost;
function env.Component(name)
name = nameprep(name);
if not name then
error("Component must have a name", 2);
end
local prepped_name = nameprep(name);
if not prepped_name then
error(format("Name of Component %q contains forbidden characters", name), 0);
end
name = prepped_name;
if rawget(config_table, name) and rawget(config_table[name], "defined")
and not rawget(config_table[name], "component_module") then
error(format("Component %q clashes with previously defined Host %q, for services use a sub-domain like conference.%s",
@ -195,6 +226,11 @@ do
if f then
local ret, err = parser.load(f:read("*a"), file, config_table);
if not ret then error(err:gsub("%[string.-%]", file), 0); end
if err then
for _, warning in ipairs(err) do
t_insert(warnings, warning);
end
end
end
if not f then error("Error loading included "..file..": "..err, 0); end
return f, err;
@ -217,7 +253,7 @@ do
return nil, err;
end
return true;
return true, warnings;
end
end

19
core/loggingmanager.lua
View file

@ -18,6 +18,9 @@ local getstyle, getstring = require "util.termcolours".getstyle, require "util.t
local config = require "core.configmanager";
local logger = require "util.logger";
local have_pposix, pposix = pcall(require, "util.pposix");
have_pposix = have_pposix and pposix._VERSION == "0.4.0";
local _ENV = nil;
-- luacheck: std none
@ -232,6 +235,22 @@ local function log_to_console(sink_config)
end
log_sink_types.console = log_to_console;
if have_pposix then
local syslog_opened;
local function log_to_syslog(sink_config) -- luacheck: ignore 212/sink_config
if not syslog_opened then
local facility = sink_config.syslog_facility or config.get("*", "syslog_facility");
pposix.syslog_open(sink_config.syslog_name or "prosody", facility);
syslog_opened = true;
end
local syslog = pposix.syslog_log;
return function (name, level, message, ...)
syslog(level, name, format(message, ...));
end;
end
log_sink_types.syslog = log_to_syslog;
end
local function register_sink_type(name, sink_maker)
local old_sink_maker = log_sink_types[name];
log_sink_types[name] = sink_maker;

134
core/moduleapi.lua
View file

@ -14,13 +14,19 @@ local pluginloader = require "util.pluginloader";
local timer = require "util.timer";
local resolve_relative_path = require"util.paths".resolve_relative_path;
local st = require "util.stanza";
local cache = require "util.cache";
local errors = require "util.error";
local promise = require "util.promise";
local time_now = require "util.time".now;
local format = require "util.format".format;
local jid_node = require "util.jid".node;
local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
local error, setmetatable, type = error, setmetatable, type;
local ipairs, pairs, select = ipairs, pairs, select;
local tonumber, tostring = tonumber, tostring;
local require = require;
local pack = table.pack or function(...) return {n=select("#",...), ...}; end -- table.pack is only in 5.2
local pack = table.pack or require "util.table".pack; -- table.pack is only in 5.2
local unpack = table.unpack or unpack; --luacheck: ignore 113 -- renamed in 5.2
local prosody = prosody;
@ -361,6 +367,100 @@ function api:send(stanza, origin)
return core_post_stanza(origin or hosts[self.host], stanza);
end
function api:send_iq(stanza, origin, timeout)
local iq_cache = self._iq_cache;
if not iq_cache then
iq_cache = cache.new(256, function (_, iq)
iq.reject(errors.new({
type = "wait", condition = "resource-constraint",
text = "evicted from iq tracking cache"
}));
end);
self._iq_cache = iq_cache;
end
local event_type;
if not jid_node(stanza.attr.from) then
event_type = "host";
else -- assume bare since we can't hook full jids
event_type = "bare";
end
local result_event = "iq-result/"..event_type.."/"..stanza.attr.id;
local error_event = "iq-error/"..event_type.."/"..stanza.attr.id;
local cache_key = event_type.."/"..stanza.attr.id;
local p = promise.new(function (resolve, reject)
local function result_handler(event)
if event.stanza.attr.from == stanza.attr.to then
resolve(event);
return true;
end
end
local function error_handler(event)
if event.stanza.attr.from == stanza.attr.to then
reject(errors.from_stanza(event.stanza, event));
return true;
end
end
if iq_cache:get(cache_key) then
reject(errors.new({
type = "modify", condition = "conflict",
text = "IQ stanza id attribute already used",
}));
return;
end
self:hook(result_event, result_handler);
self:hook(error_event, error_handler);
local timeout_handle = self:add_timer(timeout or 120, function ()
reject(errors.new({
type = "wait", condition = "remote-server-timeout",
text = "IQ stanza timed out",
}));
end);
local ok = iq_cache:set(cache_key, {
reject = reject, resolve = resolve,
timeout_handle = timeout_handle,
result_handler = result_handler, error_handler = error_handler;
});
if not ok then
reject(errors.new({
type = "wait", condition = "internal-server-error",
text = "Could not store IQ tracking data"
}));
return;
end
local wrapped_origin = setmetatable({
-- XXX Needed in some cases for replies to work correctly when sending queries internally.
send = function (reply)
resolve({ stanza = reply });
end;
}, {
__index = origin or hosts[self.host];
});
self:send(stanza, wrapped_origin);
end);
p:finally(function ()
local iq = iq_cache:get(cache_key);
if iq then
self:unhook(result_event, iq.result_handler);
self:unhook(error_event, iq.error_handler);
iq.timeout_handle:stop();
iq_cache:set(cache_key, nil);
end
end);
return p;
end
function api:broadcast(jids, stanza, iter)
for jid in (iter or it.values)(jids) do
local new_stanza = st.clone(stanza);
@ -408,9 +508,9 @@ function api:open_store(name, store_type)
return require"core.storagemanager".open(self.host, name or self.name, store_type);
end
function api:measure(name, stat_type)
function api:measure(name, stat_type, conf)
local measure = require "core.statsmanager".measure;
return measure(stat_type, "/"..self.host.."/mod_"..self.name.."/"..name);
return measure(stat_type, "/"..self.host.."/mod_"..self.name.."/"..name, conf);
end
function api:measure_object_event(events_object, event_name, stat_name)
@ -432,4 +532,32 @@ function api:measure_global_event(event_name, stat_name)
return self:measure_object_event(prosody.events.wrappers, event_name, stat_name);
end
local status_priorities = { error = 3, warn = 2, info = 1, core = 0 };
function api:set_status(status_type, status_message, override)
local priority = status_priorities[status_type];
if not priority then
self:log("error", "set_status: Invalid status type '%s', assuming 'info'");
status_type, priority = "info", status_priorities.info;
end
local current_priority = status_priorities[self.status_type] or 0;
-- By default an 'error' status can only be overwritten by another 'error' status
if (current_priority >= status_priorities.error and priority < current_priority and override ~= true)
or (override == false and current_priority > priority) then
self:log("debug", "moduleapi: ignoring status [prio %d override %s]: %s", priority, override, status_message);
return;
end
self.status_type, self.status_message, self.status_time = status_type, status_message, time_now();
self:fire_event("module-status/updated", { name = self.name });
end
function api:log_status(level, msg, ...)
self:set_status(level, format(msg, ...));
return self:log(level, msg, ...);
end
function api:get_status()
return self.status_type, self.status_message, self.status_time;
end
return api;

28
core/modulemanager.lua
View file

@ -23,8 +23,24 @@ local debug_traceback = debug.traceback;
local setmetatable, rawget = setmetatable, rawget;
local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert;
local autoload_modules = {prosody.platform, "presence", "message", "iq", "offline", "c2s", "s2s", "s2s_auth_certs"};
local component_inheritable_modules = {"tls", "saslauth", "dialback", "iq", "s2s"};
local autoload_modules = {
prosody.platform,
"presence",
"message",
"iq",
"offline",
"c2s",
"s2s",
"s2s_auth_certs",
};
local component_inheritable_modules = {
"tls",
"saslauth",
"dialback",
"iq",
"s2s",
"s2s_bidi",
};
-- We need this to let modules access the real global namespace
local _G = _G;
@ -174,6 +190,7 @@ local function do_load_module(host, module_name, state)
local mod, err = pluginloader.load_code(module_name, nil, pluginenv);
if not mod then
log("error", "Unable to load module '%s': %s", module_name or "nil", err or "nil");
api_instance:set_status("error", "Failed to load (see log)");
return nil, err;
end
@ -187,6 +204,7 @@ local function do_load_module(host, module_name, state)
ok, err = call_module_method(pluginenv, "load");
if not ok then
log("warn", "Error loading module '%s' on '%s': %s", module_name, host, err or "nil");
api_instance:set_status("warn", "Error during load (see log)");
end
end
api_instance.reloading, api_instance.saved_state = nil, nil;
@ -209,6 +227,9 @@ local function do_load_module(host, module_name, state)
if not ok then
modulemap[api_instance.host][module_name] = nil;
log("error", "Error initializing module '%s' on '%s': %s", module_name, host, err or "nil");
api_instance:set_status("warn", "Error during load (see log)");
else
api_instance:set_status("core", "Loaded", false);
end
return ok and pluginenv, err;
end
@ -225,7 +246,8 @@ local function do_reload_module(host, name)
local saved;
if module_has_method(mod, "save") then
local ok, ret, err = call_module_method(mod, "save");
-- FIXME What goes in 'err' here?
local ok, ret, err = call_module_method(mod, "save"); -- luacheck: ignore 211/err
if ok then
saved = ret;
else

52
core/portmanager.lua
View file

@ -9,7 +9,8 @@ local set = require "util.set";
local table = table;
local setmetatable, rawset, rawget = setmetatable, rawset, rawget;
local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs;
local type, tonumber, ipairs = type, tonumber, ipairs;
local pairs = pairs;
local prosody = prosody;
local fire_event = prosody.events.fire_event;
@ -95,25 +96,25 @@ local function activate(service_name)
}
bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports );
local mode, ssl = listener.default_mode or default_mode;
local mode = listener.default_mode or default_mode;
local hooked_ports = {};
for interface in bind_interfaces do
for port in bind_ports do
local port_number = tonumber(port);
if not port_number then
log("error", "Invalid port number specified for service '%s': %s", service_info.name, tostring(port));
log("error", "Invalid port number specified for service '%s': %s", service_info.name, port);
elseif #active_services:search(nil, interface, port_number) > 0 then
log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port,
active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");
else
local err;
local ssl, cfg, err;
-- Create SSL context for this service/port
if service_info.encryption == "ssl" then
local global_ssl_config = config.get("*", "ssl") or {};
local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config;
log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port);
ssl, err = certmanager.create_context(service_info.name.." port "..port, "server",
ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server",
prefix_ssl_config[interface],
prefix_ssl_config[port],
prefix_ssl_config,
@ -127,7 +128,12 @@ local function activate(service_name)
end
if not err then
-- Start listening on interface+port
local handler, err = server.addserver(interface, port_number, listener, mode, ssl);
local handler, err = server.listen(interface, port_number, listener, {
read_size = mode,
tls_ctx = ssl,
tls_direct = service_info.encryption == "ssl";
sni_hosts = {},
});
if not handler then
log("error", "Failed to open server port %d on %s, %s", port_number, interface,
error_to_friendly_message(service_name, port_number, err));
@ -137,6 +143,7 @@ local function activate(service_name)
active_services:add(service_name, interface, port_number, {
server = handler;
service = service_info;
tls_cfg = cfg;
});
end
end
@ -163,7 +170,7 @@ end
local function register_service(service_name, service_info)
table.insert(services[service_name], service_info);
if not active_services:get(service_name) then
if not active_services:get(service_name) and prosody.process_type == "prosody" then
log("debug", "No active service for %s, activating...", service_name);
local ok, err = activate(service_name);
if not ok then
@ -222,15 +229,46 @@ end
-- Event handlers
local function add_sni_host(host, service)
for name, interface, port, n, active_service --luacheck: ignore 213
in active_services:iter(service, nil, nil, nil) do
if active_service.server.hosts and active_service.tls_cfg then
local config_prefix = (active_service.config_prefix or name).."_";
if config_prefix == "_" then config_prefix = ""; end
local prefix_ssl_config = config.get(host, config_prefix.."ssl");
local autocert = certmanager.find_host_cert(host);
-- luacheck: ignore 211/cfg
local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg);
if ssl then
active_service.server.hosts[host] = ssl;
else
log("error", "Error creating TLS context for SNI host %s: %s", host, err);
end
end
end
end
prosody.events.add_handler("item-added/net-provider", function (event)
local item = event.item;
register_service(item.name, item);
for host in pairs(prosody.hosts) do
add_sni_host(host, item.name);
end
end);
prosody.events.add_handler("item-removed/net-provider", function (event)
local item = event.item;
unregister_service(item.name, item);
end);
prosody.events.add_handler("host-activated", add_sni_host);
prosody.events.add_handler("host-deactivated", function (host)
for name, interface, port, n, active_service --luacheck: ignore 213
in active_services:iter(nil, nil, nil, nil) do
if active_service.tls_cfg then
active_service.server.hosts[host] = nil;
end
end
end);
return {
activate = activate;
deactivate = deactivate;

29
core/rostermanager.lua
View file

@ -285,15 +285,15 @@ end
function is_contact_pending_in(username, host, jid)
local roster = load_roster(username, host);
return roster[false].pending[jid];
return roster[false].pending[jid] ~= nil;
end
local function set_contact_pending_in(username, host, jid)
local function set_contact_pending_in(username, host, jid, stanza)
local roster = load_roster(username, host);
local item = roster[jid];
if item and (item.subscription == "from" or item.subscription == "both") then
return; -- false
end
roster[false].pending[jid] = true;
roster[false].pending[jid] = st.is_stanza(stanza) and st.preserialize(stanza) or true;
return save_roster(username, host, roster, jid);
end
function is_contact_pending_out(username, host, jid)
@ -301,6 +301,11 @@ function is_contact_pending_out(username, host, jid)
local item = roster[jid];
return item and item.ask;
end
local function is_contact_preapproved(username, host, jid)
local roster = load_roster(username, host);
local item = roster[jid];
return item and (item.approved == "true");
end
local function set_contact_pending_out(username, host, jid) -- subscribe
local roster = load_roster(username, host);
local item = roster[jid];
@ -331,9 +336,10 @@ local function unsubscribe(username, host, jid)
return save_roster(username, host, roster, jid);
end
local function subscribed(username, host, jid)
local roster = load_roster(username, host);
local item = roster[jid];
if is_contact_pending_in(username, host, jid) then
local roster = load_roster(username, host);
local item = roster[jid];
if not item then -- FIXME should roster item be auto-created?
item = {subscription = "none", groups = {}};
roster[jid] = item;
@ -345,7 +351,17 @@ local function subscribed(username, host, jid)
end
roster[false].pending[jid] = nil;
return save_roster(username, host, roster, jid);
end -- TODO else implement optional feature pre-approval (ask = subscribed)
elseif not item or item.subscription == "none" or item.subscription == "to" then
-- Contact is not subscribed and has not sent a subscription request.
-- We store a pre-approval as per RFC6121 3.4
if not item then
item = {subscription = "none", groups = {}};
roster[jid] = item;
end
item.approved = "true";
log("debug", "Storing preapproval for %s", jid);
return save_roster(username, host, roster, jid);
end
end
local function unsubscribed(username, host, jid)
local roster = load_roster(username, host);
@ -403,6 +419,7 @@ return {
set_contact_pending_in = set_contact_pending_in;
is_contact_pending_out = is_contact_pending_out;
set_contact_pending_out = set_contact_pending_out;
is_contact_preapproved = is_contact_preapproved;
unsubscribe = unsubscribe;
subscribed = subscribed;
unsubscribed = unsubscribed;

50
core/s2smanager.lua
View file

@ -9,10 +9,10 @@
local hosts = prosody.hosts;
local tostring, pairs, setmetatable
= tostring, pairs, setmetatable;
local pairs, setmetatable = pairs, setmetatable;
local logger_init = require "util.logger".init;
local sessionlib = require "util.session";
local log = logger_init("s2smanager");
@ -26,18 +26,29 @@ local _ENV = nil;
-- luacheck: std none
local function new_incoming(conn)
local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$"));
incoming_s2s[session] = true;
return session;
local host_session = sessionlib.new("s2sin");
sessionlib.set_id(host_session);
sessionlib.set_logger(host_session);
sessionlib.set_conn(host_session, conn);
host_session.direction = "incoming";
host_session.incoming = true;
host_session.hosts = {};
incoming_s2s[host_session] = true;
return host_session;
end
local function new_outgoing(from_host, to_host)
local host_session = { to_host = to_host, from_host = from_host, host = from_host,
notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
local host_session = sessionlib.new("s2sout");
sessionlib.set_id(host_session);
sessionlib.set_logger(host_session);
host_session.to_host = to_host;
host_session.from_host = from_host;
host_session.host = from_host;
host_session.notopen = true;
host_session.direction = "outgoing";
host_session.outgoing = true;
host_session.hosts = {};
hosts[from_host].s2sout[to_host] = host_session;
local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$");
host_session.log = logger_init(conn_name);
return host_session;
end
@ -50,6 +61,9 @@ local resting_session = { -- Resting, not dead
close = function (session)
session.log("debug", "Attempt to close already-closed session");
end;
reset_stream = function (session)
session.log("debug", "Attempt to reset stream of already-closed session");
end;
filter = function (type, data) return data; end; --luacheck: ignore 212/type
}; resting_session.__index = resting_session;
@ -63,23 +77,25 @@ local function retire_session(session, reason)
session.destruction_reason = reason;
function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end
function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
function session.send(data) log("debug", "Discarding data sent to resting session: %s", data); end
function session.data(data) log("debug", "Discarding data received from resting session: %s", data); end
session.thread = { run = function (_, data) return session.data(data) end };
session.sends2s = session.send;
return setmetatable(session, resting_session);
end
local function destroy_session(session, reason)
local function destroy_session(session, reason, bounce_reason)
if session.destroyed then return; end
(session.log or log)("debug", "Destroying "..tostring(session.direction)
.." session "..tostring(session.from_host).."->"..tostring(session.to_host)
..(reason and (": "..reason) or ""));
local log = session.log or log;
log("debug", "Destroying %s session %s->%s%s%s", session.direction, session.from_host, session.to_host, reason and ": " or "", reason or "");
if session.direction == "outgoing" then
hosts[session.from_host].s2sout[session.to_host] = nil;
session:bounce_sendq(reason);
session:bounce_sendq(bounce_reason or reason);
elseif session.direction == "incoming" then
if session.outgoing then
hosts[session.to_host].s2sout[session.from_host] = nil;
end
incoming_s2s[session] = nil;
end

41
core/sessionmanager.lua
View file

@ -21,6 +21,7 @@ local config_get = require "core.configmanager".get;
local resourceprep = require "util.encodings".stringprep.resourceprep;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local generate_identifier = require "util.id".short;
local sessionlib = require "util.session";
local initialize_filters = require "util.filters".initialize;
local gettime = require "socket".gettime;
@ -29,23 +30,34 @@ local _ENV = nil;
-- luacheck: std none
local function new_session(conn)
local session = { conn = conn, type = "c2s_unauthed", conntime = gettime() };
local session = sessionlib.new("c2s");
sessionlib.set_id(session);
sessionlib.set_logger(session);
sessionlib.set_conn(session, conn);
session.conntime = gettime();
local filter = initialize_filters(session);
local w = conn.write;
function session.rawsend(t)
t = filter("bytes/out", tostring(t));
if t then
local ret, err = w(conn, t);
if not ret then
session.log("debug", "Error writing to connection: %s", err);
return false, err;
end
end
return true;
end
session.send = function (t)
session.log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
if t.name then
t = filter("stanzas/out", t);
end
if t then
t = filter("bytes/out", tostring(t));
if t then
local ret, err = w(conn, t);
if not ret then
session.log("debug", "Error writing to connection: %s", tostring(err));
return false, err;
end
end
return session.rawsend(t);
end
return true;
end
@ -73,8 +85,8 @@ local function retire_session(session)
end
end
function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); return false; end
function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end
function session.send(data) log("debug", "Discarding data sent to resting session: %s", data); return false; end
function session.data(data) log("debug", "Discarding data received from resting session: %s", data); end
session.thread = { run = function (_, data) return session.data(data) end };
return setmetatable(session, resting_session);
end
@ -110,14 +122,15 @@ local function destroy_session(session, err)
retire_session(session);
end
local function make_authenticated(session, username)
local function make_authenticated(session, username, scope)
username = nodeprep(username);
if not username or #username == 0 then return nil, "Invalid username"; end
session.username = username;
if session.type == "c2s_unauthed" then
session.type = "c2s_unbound";
end
session.log("info", "Authenticated as %s@%s", username or "(unknown)", session.host or "(unknown)");
session.auth_scope = scope;
session.log("info", "Authenticated as %s@%s", username, session.host or "(unknown)");
return true;
end
@ -138,7 +151,7 @@ local function bind_resource(session, resource)
resource = event_payload.resource;
end
resource = resourceprep(resource);
resource = resourceprep(resource or "", true);
resource = resource ~= "" and resource or generate_identifier();
--FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing

24
core/stanza_router.lua
View file

@ -12,6 +12,7 @@ local hosts = _G.prosody.hosts;
local tostring = tostring;
local st = require "util.stanza";
local jid_split = require "util.jid".split;
local jid_host = require "util.jid".host;
local jid_prepped_split = require "util.jid".prepped_split;
local full_sessions = _G.prosody.full_sessions;
@ -27,7 +28,7 @@ local function handle_unhandled_stanza(host, origin, stanza) --luacheck: ignore
local st_type = stanza.attr.type;
if st_type == "error" or (name == "iq" and st_type == "result") then
if st_type == "error" then
local err_type, err_condition, err_message = stanza:get_error();
local err_type, err_condition, err_message = stanza:get_error(); -- luacheck: ignore 211/err_message
log("debug", "Discarding unhandled error %s (%s, %s) from %s: %s",
name, err_type, err_condition or "unknown condition", origin_type, stanza:top_tag());
else
@ -81,7 +82,7 @@ function core_process_stanza(origin, stanza)
local to_bare, from_bare;
if to then
if full_sessions[to] or bare_sessions[to] or hosts[to] then
node, host = jid_split(to); -- TODO only the host is needed, optimize
host = jid_host(to);
else
node, host, resource = jid_prepped_split(to);
if not host then
@ -111,8 +112,8 @@ function core_process_stanza(origin, stanza)
stanza.attr.from = from;
end
if (origin.type == "s2sin" or origin.type == "c2s" or origin.type == "component") and xmlns == nil then
if origin.type == "s2sin" and not origin.dummy then
if (origin.type == "s2sin" or origin.type == "s2sout" or origin.type == "c2s" or origin.type == "component") and xmlns == nil then
if (origin.type == "s2sin" or origin.type == "s2sout") and not origin.dummy then
local host_status = origin.hosts[from_host];
if not host_status or not host_status.authed then -- remote server trying to impersonate some other server?
log("warn", "Received a stanza claiming to be from %s, over a stream authed for %s!", from_host, origin.from_host);
@ -171,8 +172,15 @@ function core_post_stanza(origin, stanza, preevents)
end
end
local event_data = {origin=origin, stanza=stanza};
local event_data = {origin=origin, stanza=stanza, to_self=to_self};
if preevents then -- c2s connection
local result = hosts[origin.host].events.fire_event("pre-stanza", event_data);
if result ~= nil then
log("debug", "Stanza rejected by pre-stanza handler: %s", event_data.reason or "unknown reason");
return;
end
if hosts[origin.host].events.fire_event('pre-'..stanza.name..to_type, event_data) then return; end -- do preprocessing
end
local h = hosts[to_bare] or hosts[host or origin.host];
@ -186,8 +194,8 @@ function core_post_stanza(origin, stanza, preevents)
end
function core_route_stanza(origin, stanza)
local node, host, resource = jid_split(stanza.attr.to);
local from_node, from_host, from_resource = jid_split(stanza.attr.from);
local host = jid_host(stanza.attr.to);
local from_host = jid_host(stanza.attr.from);
-- Auto-detect origin if not specified
origin = origin or hosts[from_host];
@ -199,7 +207,7 @@ function core_route_stanza(origin, stanza)
else
local host_session = hosts[from_host];
if not host_session then
log("error", "No hosts[from_host] (please report): %s", tostring(stanza));
log("error", "No hosts[from_host] (please report): %s", stanza);
else
local xmlns = stanza.attr.xmlns;
stanza.attr.xmlns = nil;

6
core/statsmanager.lua
View file

@ -60,9 +60,9 @@ local changed_stats = {};
local stats_extra = {};
if stats then
function measure(type, name)
function measure(type, name, conf)
local f = assert(stats[type], "unknown stat type: "..type);
return f(name);
return f(name, conf);
end
if stats_interval then
@ -79,6 +79,7 @@ if stats then
if stats.get_stats then
changed_stats, stats_extra = {}, {};
for stat_name, getter in pairs(stats.get_stats()) do
-- luacheck: ignore 211/type
local type, value, extra = getter();
local old_value = latest_stats[stat_name];
latest_stats[stat_name] = value;
@ -97,6 +98,7 @@ if stats then
end
timer.add_task(stats_interval, collect);
prosody.events.add_handler("server-started", function () collect() end, -1);
prosody.events.add_handler("server-stopped", function () collect() end, -1);
else
log("debug", "Statistics enabled using %s provider, collection is disabled", stats_provider_name);
end

33
core/storagemanager.lua
View file

@ -167,6 +167,39 @@ local map_shim_mt = {
return self.keyval_store:set(username, current);
end;
remove = {};
get_all = function (self, key)
if type(key) ~= "string" or key == "" then
return nil, "get_all only supports non-empty string keys";
end
local ret;
for username in self.keyval_store:users() do
local key_data = self:get(username, key);
if key_data then
if not ret then
ret = {};
end
ret[username] = key_data;
end
end
return ret;
end;
delete_all = function (self, key)
if type(key) ~= "string" or key == "" then
return nil, "delete_all only supports non-empty string keys";
end
local data = { [key] = self.remove };
local last_err;
for username in self.keyval_store:users() do
local ok, err = self:set_keys(username, data);
if not ok then
last_err = err;
end
end
if last_err then
return nil, last_err;
end
return true;
end;
};
}

70
core/usermanager.lua
View file

@ -9,12 +9,13 @@
local modulemanager = require "core.modulemanager";
local log = require "util.logger".init("usermanager");
local type = type;
local ipairs = ipairs;
local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prep = require "util.jid".prep;
local config = require "core.configmanager";
local sasl_new = require "util.sasl".new;
local storagemanager = require "core.storagemanager";
local set = require "util.set";
local prosody = _G.prosody;
local hosts = prosody.hosts;
@ -34,10 +35,32 @@ local function new_null_provider()
});
end
local global_admins_config = config.get("*", "admins");
if type(global_admins_config) ~= "table" then
global_admins_config = nil; -- TODO: factor out moduleapi magic config handling and use it here
end
local global_admins = set.new(global_admins_config) / jid_prep;
local admin_role = { ["prosody:admin"] = true };
local global_authz_provider = {
get_user_roles = function (user) end; --luacheck: ignore 212/user
get_jid_roles = function (jid)
if global_admins:contains(jid) then
return admin_role;
end
end;
};
local provider_mt = { __index = new_null_provider() };
local function initialize_host(host)
local host_session = hosts[host];
local authz_provider_name = config.get(host, "authorization") or "internal";
local authz_mod = modulemanager.load(host, "authz_"..authz_provider_name);
host_session.authz = authz_mod or global_authz_provider;
if host_session.type ~= "local" then return; end
host_session.events.add_handler("item-added/auth-provider", function (event)
@ -66,6 +89,7 @@ local function initialize_host(host)
if auth_provider ~= "null" then
modulemanager.load(host, "auth_"..auth_provider);
end
end;
prosody.events.add_handler("host-activated", initialize_host, 100);
@ -113,45 +137,30 @@ local function get_provider(host)
return hosts[host].users;
end
local function is_admin(jid, host)
local function get_roles(jid, host)
if host and not hosts[host] then return false; end
if type(jid) ~= "string" then return false; end
jid = jid_bare(jid);
host = host or "*";
local host_admins = config.get(host, "admins");
local global_admins = config.get("*", "admins");
local actor_user, actor_host = jid_split(jid);
local roles;
if host_admins and host_admins ~= global_admins then
if type(host_admins) == "table" then
for _,admin in ipairs(host_admins) do
if jid_prep(admin) == jid then
return true;
end
end
elseif host_admins then
log("error", "Option 'admins' for host '%s' is not a list", host);
end
local authz_provider = (host ~= "*" and hosts[host].authz) or global_authz_provider;
if actor_user and actor_host == host then -- Local user
roles = authz_provider.get_user_roles(actor_user);
else -- Remote user/JID
roles = authz_provider.get_jid_roles(jid);
end
if global_admins then
if type(global_admins) == "table" then
for _,admin in ipairs(global_admins) do
if jid_prep(admin) == jid then
return true;
end
end
elseif global_admins then
log("error", "Global option 'admins' is not a list");
end
end
return roles;
end
-- Still not an admin, check with auth provider
if host ~= "*" and hosts[host].users and hosts[host].users.is_admin then
return hosts[host].users.is_admin(jid);
end
return false;
local function is_admin(jid, host)
local roles = get_roles(jid, host);
return roles and roles["prosody:admin"];
end
return {
@ -166,5 +175,6 @@ return {
users = users;
get_sasl_handler = get_sasl_handler;
get_provider = get_provider;
get_roles = get_roles;
is_admin = is_admin;
};

804
doc/coding_style.md Normal file
View file

@ -0,0 +1,804 @@
# Prosody Coding Style Guide
This style guides lists the coding conventions used in the
[Prosody](https://prosody.im/) project. It is based heavily on the [style guide used by the LuaRocks project](https://github.com/luarocks/lua-style-guide).
## Indentation and formatting
* Prosody code is indented with tabs at the start of the line, a single
tab per logical indent level:
```lua
for i, pkg in ipairs(packages) do
for name, version in pairs(pkg) do
if name == searched then
print(version);
end
end
end
```
Tab width is configurable in editors, so never assume a particular width.
Specically this means you should not mix tabs and spaces, or use tabs for
alignment of items at different indentation levels.
* Use LF (Unix) line endings.
## Comments
* Comments are encouraged where necessary to explain non-obvious code.
* In general comments should be used to explain 'why', not 'how'
### Comment tags
A comment may be prefixed with one of the following tags:
* **FIXME**: Indicates a serious problem with the code that should be addressed
* **TODO**: Indicates an open task, feature request or code restructuring that
is primarily of interest to developers (otherwise it should be in the
issue tracker).
* **COMPAT**: Must be used on all code that is present only for backwards-compatibility,
and may be removed one day. For example code that is added to support old
or buggy third-party software or dependencies.
**Example:**
```lua
-- TODO: implement method
local function something()
-- FIXME: check conditions
end
```
## Variable names
* Variable names with larger scope should be more descriptive than those with
smaller scope. One-letter variable names should be avoided except for very
small scopes (less than ten lines) or for iterators.
* `i` should be used only as a counter variable in for loops (either numeric for
or `ipairs`).
* Prefer more descriptive names than `k` and `v` when iterating with `pairs`,
unless you are writing a function that operates on generic tables.
* Use `_` for ignored variables (e.g. in for loops:)
```lua
for _, item in ipairs(items) do
do_something_with_item(item);
end
```
* Generally all identifiers (variables and function names) should use `snake_case`,
i.e. lowercase words joined by `_`.
```lua
-- bad
local OBJEcttsssss = {}
local thisIsMyObject = {}
local c = function()
-- ...stuff...
end
-- good
local this_is_my_object = {};
local function do_that_thing()
-- ...stuff...
end
```
> **Rationale:** The standard library uses lowercase APIs, with `joinedlowercase`
names, but this does not scale too well for more complex APIs. `snake_case`
tends to look good enough and not too out-of-place along side the standard
APIs.
```lua
for _, name in pairs(names) do
-- ...stuff...
end
```
* Prefer using `is_` when naming boolean functions:
```lua
-- bad
local function evil(alignment)
return alignment < 100
end
-- good
local function is_evil(alignment)
return alignment < 100;
end
```
* `UPPER_CASE` is to be used sparingly, with "constants" only.
> **Rationale:** "Sparingly", since Lua does not have real constants. This
notation is most useful in libraries that bind C libraries, when bringing over
constants from C.
* Do not use uppercase names starting with `_`, they are reserved by Lua.
## Tables
* When creating a table, prefer populating its fields all at once, if possible:
```lua
local player = { name = "Jack", class = "Rogue" };
```
* Items should be separated by commas. If there are many items, put each
key/value on a separate line and use a semi-colon after each item (including
the last one):
```lua
local player = {
name = "Jack";
class = "Rogue";
}
```
> **Rationale:** This makes the structure of your tables more evident at a glance.
Trailing semi-colons make it quicker to add new fields and produces shorter diffs.
* Use plain `key` syntax whenever possible, use `["key"]` syntax when using names
that can't be represented as identifiers and avoid mixing representations in
a declaration:
```lua
local mytable = {
["1394-E"] = val1;
["UTF-8"] = val2;
["and"] = val2;
}
```
## Strings
* Use `"double quotes"` for strings; use `'single quotes'` when writing strings
that contain double quotes.
```lua
local name = "Prosody";
local sentence = 'The name of the program is "Prosody"';
```
> **Rationale:** Double quotes are used as string delimiters in a larger number of
programming languages. Single quotes are useful for avoiding escaping when
using double quotes in literals.
## Line lengths
* There are no hard or soft limits on line lengths. Line lengths are naturally
limited by using one statement per line. If that still produces lines that are
too long (e.g. an expression that produces a line over 256-characters long,
for example), this means the expression is too complex and would do better
split into subexpressions with reasonable names.
> **Rationale:** No one works on VT100 terminals anymore. If line lengths are a proxy
for code complexity, we should address code complexity instead of using line
breaks to fit mind-bending statements over multiple lines.
## Function declaration syntax
* Prefer function syntax over variable syntax. This helps differentiate between
named and anonymous functions.
```lua
-- bad
local nope = function(name, options)
-- ...stuff...
end
-- good
local function yup(name, options)
-- ...stuff...
end
```
* Perform validation early and return as early as possible.
```lua
-- bad
local function is_good_name(name, options, arg)
local is_good = #name > 3
is_good = is_good and #name < 30
-- ...stuff...
return is_good
end
-- good
local function is_good_name(name, options, args)
if #name < 3 or #name > 30 then
return false;
end
-- ...stuff...
return true;
end
```
## Function calls
* Even though Lua allows it, generally you should not omit parentheses
for functions that take a unique string literal argument.
```lua
-- bad
local data = get_data"KRP"..tostring(area_number)
-- good
local data = get_data("KRP"..tostring(area_number));
local data = get_data("KRP")..tostring(area_number);
```
> **Rationale:** It is not obvious at a glace what the precedence rules are
when omitting the parentheses in a function call. Can you quickly tell which
of the two "good" examples in equivalent to the "bad" one? (It's the second
one).
* You should not omit parenthesis for functions that take a unique table
argument on a single line. You may do so for table arguments that span several
lines.
```lua
local an_instance = a_module.new {
a_parameter = 42;
another_parameter = "yay";
}
```
> **Rationale:** The use as in `a_module.new` above occurs alone in a statement,
so there are no precedence issues.
## Table attributes
* Use dot notation when accessing known properties.
```lua
local luke = {
jedi = true;
age = 28;
}
-- bad
local is_jedi = luke["jedi"]
-- good
local is_jedi = luke.jedi;
```
* Use subscript notation `[]` when accessing properties with a variable or if using a table as a list.
```lua
local vehicles = load_vehicles_from_disk("vehicles.dat")
if vehicles["Porsche"] then
porsche_handler(vehicles["Porsche"]);
vehicles["Porsche"] = nil;
end
for name, cars in pairs(vehicles) do
regular_handler(cars);
end
```
> **Rationale:** Using dot notation makes it clearer that the given key is meant
to be used as a record/object field.
## Functions in tables
* When declaring modules and classes, declare functions external to the table definition:
```lua
local my_module = {};
function my_module.a_function(x)
-- code
end
```
* When declaring metatables, declare function internal to the table definition.
```lua
local version_mt = {
__eq = function(a, b)
-- code
end;
__lt = function(a, b)
-- code
end;
}
```
> **Rationale:** Metatables contain special behavior that affect the tables
they're assigned (and are used implicitly at the call site), so it's good to
be able to get a view of the complete behavior of the metatable at a glance.
This is not as important for objects and modules, which usually have way more
code, and which don't fit in a single screen anyway, so nesting them inside
the table does not gain much: when scrolling a longer file, it is more evident
that `check_version` is a method of `Api` if it says `function Api:check_version()`
than if it says `check_version = function()` under some indentation level.
## Variable declaration
* Always use `local` to declare variables.
```lua
-- bad
superpower = get_superpower()
-- good
local superpower = get_superpower();
```
> **Rationale:** Not doing so will result in global variables to avoid polluting
the global namespace.
## Variable scope
* Assign variables with the smallest possible scope.
```lua
-- bad
local function good()
local name = get_name()
test()
print("doing stuff..")
--...other stuff...
if name == "test" then
return false
end
return name
end
-- good
local bad = function()
test();
print("doing stuff..");
--...other stuff...
local name = get_name();
if name == "test" then
return false;
end
return name;
end
```
> **Rationale:** Lua has proper lexical scoping. Declaring the function later means that its
scope is smaller, so this makes it easier to check for the effects of a variable.
## Conditional expressions
* False and nil are falsy in conditional expressions. Use shortcuts when you
can, unless you need to know the difference between false and nil.
```lua
-- bad
if name ~= nil then
-- ...stuff...
end
-- good
if name then
-- ...stuff...
end
```
* Avoid designing APIs which depend on the difference between `nil` and `false`.
* Use the `and`/`or` idiom for the pseudo-ternary operator when it results in
more straightforward code. When nesting expressions, use parentheses to make it
easier to scan visually:
```lua
local function default_name(name)
-- return the default "Waldo" if name is nil
return name or "Waldo";
end
local function brew_coffee(machine)
return (machine and machine.is_loaded) and "coffee brewing" or "fill your water";
end
```
Note that the `x and y or z` as a substitute for `x ? y : z` does not work if
`y` may be `nil` or `false` so avoid it altogether for returning booleans or
values which may be nil.
## Blocks
* Use single-line blocks only for `then return`, `then break` and `function return` (a.k.a "lambda") constructs:
```lua
-- good
if test then break end
-- good
if not ok then return nil, "this failed for this reason: " .. reason end
-- good
use_callback(x, function(k) return k.last end);
-- good
if test then
return false
end
-- bad
if test < 1 and do_complicated_function(test) == false or seven == 8 and nine == 10 then do_other_complicated_function() end
-- good
if test < 1 and do_complicated_function(test) == false or seven == 8 and nine == 10 then
do_other_complicated_function();
return false;
end
```
* Separate statements onto multiple lines. Use semicolons as statement terminators.
```lua
-- bad
local whatever = "sure"
a = 1 b = 2
-- good
local whatever = "sure";
a = 1;
b = 2;
```
## Spacing
* Use a space after `--`.
```lua
--bad
-- good
```
* Always put a space after commas and between operators and assignment signs:
```lua
-- bad
local x = y*9
local numbers={1,2,3}
numbers={1 , 2 , 3}
numbers={1 ,2 ,3}
local strings = { "hello"
, "Lua"
, "world"
}
dog.set( "attr",{
age="1 year",
breed="Bernese Mountain Dog"
})
-- good
local x = y * 9;
local numbers = {1, 2, 3};
local strings = {
"hello";
"Lua";
"world";
}
dog.set("attr", {
age = "1 year";
breed = "Bernese Mountain Dog";
});
```
* Indent tables and functions according to the start of the line, not the construct:
```lua
-- bad
local my_table = {
"hello",
"world",
}
using_a_callback(x, function(...)
print("hello")
end)
-- good
local my_table = {
"hello";
"world";
}
using_a_callback(x, function(...)
print("hello");
end)
```
> **Rationale:** This keep indentation levels aligned at predictable places. You don't
need to realign the entire block if something in the first line changes (such as
replacing `x` with `xy` in the `using_a_callback` example above).
* The concatenation operator gets a pass for avoiding spaces:
```lua
-- okay
local message = "Hello, "..user.."! This is your day # "..day.." in our platform!";
```
> **Rationale:** Being at the baseline, the dots already provide some visual spacing.
* No spaces after the name of a function in a declaration or in its arguments:
```lua
-- bad
local function hello ( name, language )
-- code
end
-- good
local function hello(name, language)
-- code
end
```
* Add blank lines between functions:
```lua
-- bad
local function foo()
-- code
end
local function bar()
-- code
end
-- good
local function foo()
-- code
end
local function bar()
-- code
end
```
* Avoid aligning variable declarations:
```lua
-- bad
local a = 1
local long_identifier = 2
-- good
local a = 1;
local long_identifier = 2;
```
> **Rationale:** This produces extra diffs which add noise to `hg annotate`.
* Alignment is occasionally useful when logical correspondence is to be highlighted:
```lua
-- okay
sys_command(form, UI_FORM_UPDATE_NODE, "a", FORM_NODE_HIDDEN, false);
sys_command(form, UI_FORM_UPDATE_NODE, "sample", FORM_NODE_VISIBLE, false);
```
## Typing
* In non-performance critical code, it can be useful to add type-checking assertions
for function arguments:
```lua
function manif.load_manifest(repo_url, lua_version)
assert(type(repo_url) == "string");
assert(type(lua_version) == "string" or not lua_version);
-- ...
end
```
* Use the standard functions for type conversion, avoid relying on coercion:
```lua
-- bad
local total_score = review_score .. ""
-- good
local total_score = tostring(review_score);
```
## Errors
* Functions that can fail for reasons that are expected (e.g. I/O) should
return `nil` and a (string) error message on error, possibly followed by other
return values such as an error code.
* On errors such as API misuse, an error should be thrown, either with `error()`
or `assert()`.
## Modules
Follow [these guidelines](http://hisham.hm/2014/01/02/how-to-write-lua-modules-in-a-post-module-world/) for writing modules. In short:
* Always require a module into a local variable named after the last component of the module’s full name.
```lua
local bar = require("foo.bar"); -- requiring the module
bar.say("hello"); -- using the module
```
* Don’t rename modules arbitrarily:
```lua
-- bad
local skt = require("socket")
```
> **Rationale:** Code is much harder to read if we have to keep going back to the top
to check how you chose to call a module.
* Start a module by declaring its table using the same all-lowercase local
name that will be used to require it. You may use an LDoc comment to identify
the whole module path.
```lua
--- @module foo.bar
local bar = {};
```
* Try to use names that won't clash with your local variables. For instance, don't
name your module something like “size”.
* Use `local function` to declare _local_ functions only: that is, functions
that won’t be accessible from outside the module.
That is, `local function helper_foo()` means that `helper_foo` is really local.
* Public functions are declared in the module table, with dot syntax:
```lua
function bar.say(greeting)
print(greeting);
end
```
> **Rationale:** Visibility rules are made explicit through syntax.
* Do not set any globals in your module and always return a table in the end.
* If you would like your module to be used as a function, you may set the
`__call` metamethod on the module table instead.
> **Rationale:** Modules should return tables in order to be amenable to have their
contents inspected via the Lua interactive interpreter or other tools.
* Requiring a module should cause no side-effect other than loading other
modules and returning the module table.
* A module should not have state. If a module needs configuration, turn
it into a factory. For example, do not make something like this:
```lua
-- bad
local mp = require "MessagePack"
mp.set_integer("unsigned")
```
and do something like this instead:
```lua
-- good
local messagepack = require("messagepack");
local mpack = messagepack.new({integer = "unsigned"});
```
* The invocation of require may omit parentheses around the module name:
```lua
local bla = require "bla";
```
## Metatables, classes and objects
If creating a new type of object that has a metatable and methods, the
metatable and methods table should be separate, and the metatable name
should end with `_mt`.
```lua
local mytype_methods = {};
local mytype_mt = { __index = mytype_methods };
function mytype_methods:add_new_thing(thing)
end
local function new()
return setmetatable({}, mytype_mt);
end
return { new = new };
```
* Use the method notation when invoking methods:
```
-- bad
my_object.my_method(my_object)
-- good
my_object:my_method();
```
> **Rationale:** This makes it explicit that the intent is to use the function as a method.
* Do not rely on the `__gc` metamethod to release resources other than memory.
If your object manage resources such as files, add a `close` method to their
APIs and do not auto-close via `__gc`. Auto-closing via `__gc` would entice
users of your module to not close resources as soon as possible. (Note that
the standard `io` library does not follow this recommendation, and users often
forget that not closing files immediately can lead to "too many open files"
errors when the program runs for a while.)
> **Rationale:** The garbage collector performs automatic *memory* management,
dealing with memory only. There is no guarantees as to when the garbage
collector will be invoked, and memory pressure does not correlate to pressure
on other resources.
## File structure
* Lua files should be named in all lowercase.
* Tests should be in a top-level `spec` directory. Prosody uses
[Busted](http://olivinelabs.com/busted/) for testing.
## Static checking
All code should pass [luacheck](https://github.com/mpeterv/luacheck) using
the `.luacheckrc` provided in the Prosody repository, and using miminal
inline exceptions.
* luacheck warnings of class 211, 212, 213 (unused variable, argument or loop
variable) may be ignored, if the unused variable was added explicitly: for
example, sometimes it is useful, for code understandability, to spell out what
the keys and values in a table are, even if you're only using one of them.
Another example is a function that needs to follow a given signature for API
reasons (e.g. a callback that follows a given format) but doesn't use some of
its arguments; it's better to spell out in the argument what the API the
function implements is, instead of adding `_` variables.
```
local foo, bar = some_function(); --luacheck: ignore 212/foo
print(bar);
```
* luacheck warning 542 (empty if branch) can also be ignored, when a sequence
of `if`/`elseif`/`else` blocks implements a "switch/case"-style list of cases,
and one of the cases is meant to mean "pass". For example:
```lua
if warning >= 600 and warning <= 699 then
print("no whitespace warnings");
elseif warning == 542 then --luacheck: ignore 542
-- pass
else
print("got a warning: "..warning);
end
```
> **Rationale:** This avoids writing negated conditions in the final fallback
case, and it's easy to add another case to the construct without having to
edit the fallback.

33
doc/coding_style.txt
View file

@ -1,33 +0,0 @@
This file describes some coding styles to try and adhere to when contributing to this project.
Please try to follow, and feel free to fix code you see not following this standard.
== Indentation ==
1 tab indentation for all blocks
== Spacing ==
No space between function names and parenthesis and parenthesis and parameters:
function foo(bar, baz)
Single space between braces and key/value pairs in table constructors:
{ foo = "bar", bar = "foo" }
== Local variable naming ==
In this project there are many places where use of globals is restricted, and locals used for faster access.
Local versions of standard functions should follow the below form:
math.random -> m_random
string.char -> s_char
== Miscellaneous ==
Single-statement blocks may be written on one line when short
if foo then bar(); end
'do' and 'then' keywords should be placed at the end of the line, and never on a line by themself.

592
doc/doap.xml Normal file
View file

@ -0,0 +1,592 @@
<?xml version="1.0" encoding="UTF-8"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:xmpp="https://linkmauve.fr/ns/xmpp-doap#" xml:lang="en">
<Project xmlns="http://usefulinc.com/ns/doap#">
<name>Prosody IM</name>
<shortdesc>Lightweight XMPP server</shortdesc>
<description>Prosody is a server for Jabber/XMPP written in Lua. It aims to be easy to use and light on resources. For developers, it aims to give a flexible system on which to rapidly develop added functionality or rapidly prototype new protocols.</description>
<created>2008-08-22</created>
<category rdf:resource="https://linkmauve.fr/ns/xmpp-doap#category-xmpp"/>
<category rdf:resource="https://linkmauve.fr/ns/xmpp-doap#category-jabber"/>
<category rdf:resource="https://linkmauve.fr/ns/xmpp-doap#category-server"/>
<homepage rdf:resource="https://prosody.im/"/>
<download-page rdf:resource="https://prosody.im/download/"/>
<license rdf:resource="https://hg.prosody.im/trunk/file/tip/COPYING"/>
<bug-database rdf:resource="https://issues.prosody.im/"/>
<support-forum rdf:resource="xmpp:prosody@conference.prosody.im?join"/>
<repository>
<HgRepository>
<location rdf:resource="https://hg.prosody.im/trunk/"/>
<browse rdf:location="https://hg.prosody.im/trunk/"/>
</HgRepository>
</repository>
<programming-langauge>Lua</programming-langauge>
<programming-langauge>C</programming-langauge>
<os>Linux</os>
<os>macOS</os>
<os>FreeBSD</os>
<os>OpenBSD</os>
<os>NetBSD</os>
<maintainer>
<foaf:Person>
<foaf:name>Matthew Wild</foaf:name>
<foaf:nick>MattJ</foaf:nick>
<foaf:homepage>https://matthewwild.co.uk/</foaf:homepage>
</foaf:Person>
</maintainer>
<maintainer>
<foaf:Person>
<foaf:name>Waqas Hussain</foaf:name>
<foaf:nick>waqas</foaf:nick>
</foaf:Person>
</maintainer>
<maintainer>
<foaf:Person>
<foaf:name>Kim Alvefur</foaf:name>
<foaf:nick>Zash</foaf:nick>
<foaf:homepage>https://www.zash.se/</foaf:homepage>
</foaf:Person>
</maintainer>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc5802"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc6120"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc6121"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc6122"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc6455"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc7301"/>
<implements rdf:resource="https://www.rfc-editor.org/info/rfc7395"/>
<!-- Added in hg:0bbbc9042361 released in 0.6.0 -->
<implements rdf:resource="https://datatracker.ietf.org/doc/draft-cridland-xmpp-session/"/>
<implements rdf:resource="http://www.unicode.org/reports/tr39/"/>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0004.html"/>
<xmpp:version>2.9</xmpp:version>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0009.html"/>
<xmpp:since>0.4</xmpp:since>
<xmpp:until>0.7</xmpp:until>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0012.html"/>
<xmpp:version>2.0</xmpp:version>
<xmpp:since>0.1</xmpp:since>
<xmpp:note>mod_lastactivity and mod_uptime</xmpp:note>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0016.html"/>
<xmpp:since>0.7</xmpp:since>
<xmpp:until>0.10</xmpp:until>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0030.html"/>
<xmpp:since>0.10</xmpp:since>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0045.html"/>
<xmpp:version>1.32.0</xmpp:version>
<xmpp:since>0.3</xmpp:since>
<xmpp:status>partial</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0049.html"/>
<xmpp:version>1.2</xmpp:version>
<xmpp:since>0.1</xmpp:since>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0050.html"/>
<xmpp:since>0.8</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0054.html"/>
<xmpp:since>0.1</xmpp:since>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0060.html"/>
<xmpp:version>1.15.8</xmpp:version>
<xmpp:since>0.9</xmpp:since>
<xmpp:status>partial</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0065.html"/>
<xmpp:version>1.8.1</xmpp:version>
<xmpp:since>0.7</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0068.html"/>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0077.html"/>
<xmpp:since>0.1</xmpp:since>
<xmpp:version>2.4</xmpp:version>
<xmpp:status>complete</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0078.html"/>
<xmpp:version>2.5</xmpp:version>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0080.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0082.html"/>
<xmpp:version>1.1</xmpp:version>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0084.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0090.html"/>
<xmpp:version>1.1</xmpp:version>
<xmpp:since>0.1</xmpp:since>
<xmpp:note>mod_time</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0091.html"/>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0092.html"/>
<xmpp:version>1.1</xmpp:version>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0106.html"/>
<xmpp:since>0.9</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0107.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0108.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0114.html"/>
<xmpp:version>1.6</xmpp:version>
<xmpp:since>0.4</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0115.html"/>
<xmpp:since>0.8</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0118.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0122.html"/>
<xmpp:version>1.0.2</xmpp:version>
<xmpp:since>0.11</xmpp:since>
<xmpp:status>partial</xmpp:status>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0124.html"/>
<xmpp:since>0.2</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0126.html"/>
<xmpp:until>0.10</xmpp:until>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0128.html"/>
<xmpp:since>0.9</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0133.html"/>
<xmpp:since>0.7</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0138.html"/>
<xmpp:version>2.0</xmpp:version>
<xmpp:since>0.6</xmpp:since>
<xmpp:until>0.10</xmpp:until>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0153.html"/>
<xmpp:version>1.1</xmpp:version>
<xmpp:since>0.11</xmpp:since>
<xmpp:note>via XEP-0398</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0157.html"/>
<xmpp:version>1.1.0</xmpp:version>
<xmpp:since>0.10</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0160.html"/>
<xmpp:version>1.0.1</xmpp:version>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0163.html"/>
<xmpp:version>1.2.1</xmpp:version>
<xmpp:since>0.5</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0170.html"/>
<xmpp:version>1.0</xmpp:version>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0172.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0175.html"/>
<xmpp:version>1.2</xmpp:version>
<xmpp:since>0.4</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0178.html"/>
<xmpp:version>1.1</xmpp:version>
<xmpp:since>0.9</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0182.html"/>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0185.html"/>
<xmpp:version>1.0</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.9.10</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0189.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0191.html"/>
<xmpp:version>1.3</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.10</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0194.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0195.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0196.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0197.html"/>
<xmpp:note>via XEP-0163</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0199.html"/>
<xmpp:version>2.0.1</xmpp:version>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0202.html"/>
<xmpp:version>2.0</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.1</xmpp:since>
<xmpp:note>mod_time</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0203.html"/>
<xmpp:version>2.0</xmpp:version>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0206.html"/>
<xmpp:version>1.2</xmpp:version>
<xmpp:since>0.2</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0212.html"/>
<xmpp:note>required level</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0215.html"/>
<xmpp:version>0.7</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.12</xmpp:since>
<xmpp:note>mod_external_services</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0220.html"/>
<xmpp:since>0.1</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0227.html"/>
<xmpp:since>0.7</xmpp:since>
<xmpp:note>Used in migrator tools</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0237.html"/>
<xmpp:since>0.4</xmpp:since>
<xmpp:note>implied by rfc6121</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0249.html"/>
<xmpp:version>1.2</xmpp:version>
<xmpp:since>0.12</xmpp:since>
<xmpp:note>mod_csi_simple</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0280.html"/>
<xmpp:version>0.12.1</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.10</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0286.html"/>
<xmpp:since>0.11</xmpp:since>
<xmpp:note>mod_csi_simple</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0288.html"/>
<xmpp:version>1.0.1</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.12</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0292.html"/>
<xmpp:version>0.10</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.11</xmpp:since>
<xmpp:note>mod_vcard4, mod_vcard_legacy</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0302.html"/>
<xmpp:note>Core Server</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0307.html"/>
<xmpp:version>0.1</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.6</xmpp:since>
<xmpp:note>Moved into mod_muc_unique in 0.11</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0313.html"/>
<xmpp:version>0.6.3</xmpp:version>
<xmpp:since>0.10</xmpp:since>
<xmpp:note>mod_mam, mod_muc_mam</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0317.html"/>
<xmpp:version>0.1</xmpp:version>
<xmpp:status>planned</xmpp:status>
<xmpp:since>0.12</xmpp:since>
<xmpp:note>muc/hats</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0318.html"/>
<xmpp:version>0.2</xmpp:version>
<xmpp:since>0.9</xmpp:since>
<xmpp:note>refers to inclusion of delay stamp in presence</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0352.html"/>
<xmpp:version>0.3.0</xmpp:version>
<xmpp:since>0.11</xmpp:since>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0353.html"/>
<xmpp:version>0.3</xmpp:version>
<xmpp:since>0.11.6</xmpp:since>
<xmpp:note>triggers buffer flush in mod_csi_simple since 0.11.6; recognised by mod_carbons and mod_mam since 0.12</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0359.html"/>
<xmpp:version>0.6.0</xmpp:version>
<xmpp:status>complete</xmpp:status>
<xmpp:since>0.10.0</xmpp:since>
<xmpp:note>Used in context of XEP-0313 by mod_mam and mod_muc_mam</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0368.html"/>
<xmpp:version>1.1.0</xmpp:version>
<xmpp:status>partial</xmpp:status>
<xmpp:since>0.2</xmpp:since>
<xmpp:note>legacy_ssl_ports</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0380.html"/>
<xmpp:version>0.3.0</xmpp:version>
<xmpp:since>0.11</xmpp:since>
<xmpp:note>Used in context of XEP-0352</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0384.html"/>
<xmpp:note>via XEP-0163, XEP-0222</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0398.html"/>
<xmpp:version>0.2.1</xmpp:version>
<xmpp:since>0.11</xmpp:since>
<xmpp:status>complete</xmpp:status>
<xmpp:note>mod_vcard_legacy</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
<xmpp:SupportedXep>
<xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0410.html"/>
<xmpp:version>1.0.1</xmpp:version>
<xmpp:since>0.11</xmpp:since>
<xmpp:status>complete</xmpp:status>
<xmpp:note>Server Optimization</xmpp:note>
</xmpp:SupportedXep>
</implements>
</Project>
</rdf:RDF>

21
doc/net.server.lua
View file

@ -160,6 +160,26 @@ Returns:
local function addserver(address, port, listeners, pattern, sslctx)
end
--[[ Binds and listens on the given address and port
Mostly the same as addserver but with all optional arguments in a table
Arguments:
- address: address to bind to, may be "*" to bind all addresses. will be resolved if it is a string.
- port: port to bind (as number)
- listeners: a table of listeners
- config: table of extra settings
- read_size: the amount of bytes to read or a read pattern
- tls_ctx: is a valid luasec constructor
- tls_direct: boolean true for direct TLS, false (or nil) for starttls
Returns:
- handle
- nil, "an error message": on failure (e.g. out of file descriptors)
]]
local function listen(address, port, listeners, config)
end
--[[ Wraps a lua-socket socket client socket in a handle.
The socket must be already connected to the remote end.
If `sslctx` is given, a SSL session will be negotiated before listeners are called.
@ -255,4 +275,5 @@ return {
closeall = closeall;
hook_signal = hook_signal;
watchfd = watchfd;
listen = listen;
}

7
doc/storage.tld
View file

@ -47,6 +47,13 @@ interface archive_store
-- Array of dates which do have messages (Optional?)
dates : ( self, string? ) -> ({ string }) | (nil, string)
-- Map of counts per "with" field
summary : ( self, string?, archive_query? ) -> ( { string : integer } ) | (nil, string)
-- Map-store API
get : ( self, string, string ) -> (stanza, number?, string?) | (nil, string)
set : ( self, string, string, stanza, number?, string? ) -> (boolean) | (nil, string)
end
-- This represents moduleapi

17
makefile
View file

@ -19,6 +19,9 @@ INSTALL_EXEC=$(INSTALL) -m755
MKDIR=install -d
MKDIR_PRIVATE=$(MKDIR) -m750
LUACHECK=luacheck
BUSTED=busted
.PHONY: all test clean install
all: prosody.install prosodyctl.install prosody.cfg.lua.install prosody.version
@ -45,9 +48,12 @@ install: prosody.install prosodyctl.install prosody.cfg.lua.install util/encodin
$(INSTALL_DATA) util/*.so $(SOURCE)/util
$(MKDIR) $(SOURCE)/util/sasl
$(INSTALL_DATA) util/sasl/*.lua $(SOURCE)/util/sasl
$(MKDIR) $(MODULES)/mod_s2s $(MODULES)/mod_pubsub $(MODULES)/adhoc $(MODULES)/muc $(MODULES)/mod_mam
$(MKDIR) $(SOURCE)/util/human
$(INSTALL_DATA) util/human/*.lua $(SOURCE)/util/human
$(MKDIR) $(SOURCE)/util/prosodyctl
$(INSTALL_DATA) util/prosodyctl/*.lua $(SOURCE)/util/prosodyctl
$(MKDIR) $(MODULES)/mod_pubsub $(MODULES)/adhoc $(MODULES)/muc $(MODULES)/mod_mam
$(INSTALL_DATA) plugins/*.lua $(MODULES)
$(INSTALL_DATA) plugins/mod_s2s/*.lua $(MODULES)/mod_s2s
$(INSTALL_DATA) plugins/mod_pubsub/*.lua $(MODULES)/mod_pubsub
$(INSTALL_DATA) plugins/adhoc/*.lua $(MODULES)/adhoc
$(INSTALL_DATA) plugins/muc/*.lua $(MODULES)/muc
@ -68,8 +74,13 @@ clean:
rm -f prosody.version
$(MAKE) clean -C util-src
lint:
$(LUACHECK) -q $$(HGPLAIN= hg files -I '**.lua') prosody prosodyctl
@echo $$(sed -n '/^\tlocal exclude_files/,/^}/p;' .luacheckrc | sed '1d;$d' | wc -l) files ignored
shellcheck configure
test:
busted --lua=$(RUNWITH)
$(BUSTED) --lua=$(RUNWITH)
prosody.install: prosody

42
net/adns.lua
View file

@ -8,13 +8,17 @@
local server = require "net.server";
local new_resolver = require "net.dns".resolver;
local promise = require "util.promise";
local log = require "util.logger".init("adns");
local coroutine, tostring, pcall = coroutine, tostring, pcall;
log("debug", "Using legacy DNS API (missing lua-unbound?)"); -- TODO write docs about luaunbound
-- TODO Raise log level once packages are available
local coroutine, pcall = coroutine, pcall;
local setmetatable = setmetatable;
local function dummy_send(sock, data, i, j) return (j-i)+1; end
local function dummy_send(sock, data, i, j) return (j-i)+1; end -- luacheck: ignore 212
local _ENV = nil;
-- luacheck: std none
@ -29,8 +33,7 @@ local function new_async_socket(sock, resolver)
local peername = "<unknown>";
local listener = {};
local handler = {};
local err;
function listener.onincoming(conn, data)
function listener.onincoming(conn, data) -- luacheck: ignore 212/conn
if data then
resolver:feed(handler, data);
end
@ -46,9 +49,12 @@ local function new_async_socket(sock, resolver)
resolver:servfail(conn); -- Let the magic commence
end
end
handler, err = server.wrapclient(sock, "dns", 53, listener);
if not handler then
return nil, err;
do
local err;
handler, err = server.wrapclient(sock, "dns", 53, listener);
if not handler then
return nil, err;
end
end
handler.settimeout = function () end
@ -71,11 +77,11 @@ function async_resolver_methods:lookup(handler, qname, qtype, qclass)
handler(peek);
return;
end
log("debug", "Records for %s not in cache, sending query (%s)...", qname, tostring(coroutine.running()));
log("debug", "Records for %s not in cache, sending query (%s)...", qname, coroutine.running());
local ok, err = resolver:query(qname, qtype, qclass);
if ok then
coroutine.yield(setmetatable({ resolver, qclass or "IN", qtype or "A", qname, coroutine.running()}, query_mt)); -- Wait for reply
log("debug", "Reply for %s (%s)", qname, tostring(coroutine.running()));
log("debug", "Reply for %s (%s)", qname, coroutine.running());
end
if ok then
ok, err = pcall(handler, resolver:peek(qname, qtype, qclass));
@ -84,13 +90,25 @@ function async_resolver_methods:lookup(handler, qname, qtype, qclass)
ok, err = pcall(handler, nil, err);
end
if not ok then
log("error", "Error in DNS response handler: %s", tostring(err));
log("error", "Error in DNS response handler: %s", err);
end
end)(resolver:peek(qname, qtype, qclass));
end
function query_methods:cancel(call_handler, reason)
log("warn", "Cancelling DNS lookup for %s", tostring(self[4]));
function async_resolver_methods:lookup_promise(qname, qtype, qclass)
return promise.new(function (resolve, reject)
local function handler(answer)
if not answer then
return reject();
end
resolve(answer);
end
self:lookup(handler, qname, qtype, qclass);
end);
end
function query_methods:cancel(call_handler, reason) -- luacheck: ignore 212/reason
log("warn", "Cancelling DNS lookup for %s", self[4]);
self[1].cancel(self[2], self[3], self[4], self[5], call_handler);
end

8
net/connect.lua
View file

@ -2,6 +2,12 @@ local server = require "net.server";
local log = require "util.logger".init("net.connect");
local new_id = require "util.id".short;
-- TODO #1246 Happy Eyeballs
-- FIXME RFC 6724
-- FIXME Error propagation from resolvers doesn't work
-- FIXME #1428 Reuse DNS resolver object between service and basic resolver
-- FIXME #1429 Close DNS resolver object when done
local pending_connection_methods = {};
local pending_connection_mt = {
__name = "pending_connection";
@ -38,7 +44,7 @@ local function attempt_connection(p)
p:log("debug", "Next target to try is %s:%d", ip, port);
local conn, err = server.addclient(ip, port, pending_connection_listeners, p.options.pattern or "*a", p.options.sslctx, conn_type, extra);
if not conn then
log("debug", "Connection attempt failed immediately: %s", tostring(err));
log("debug", "Connection attempt failed immediately: %s", err);
p.last_error = err or "unknown reason";
return attempt_connection(p);
end

18
net/connlisteners.lua
View file

@ -1,18 +0,0 @@
-- COMPAT w/pre-0.9
local log = require "util.logger".init("net.connlisteners");
local traceback = debug.traceback;
local _ENV = nil;
-- luacheck: std none
local function fail()
log("error", "Attempt to use legacy connlisteners API. For more info see https://prosody.im/doc/developers/network");
log("error", "Legacy connlisteners API usage, %s", traceback("", 2));
end
return {
register = fail;
get = fail;
start = fail;
-- epic fail
};

56
net/cqueues.lua
View file

@ -9,6 +9,7 @@
local server = require "net.server";
local cqueues = require "cqueues";
local timer = require "util.timer";
assert(cqueues.VERSION >= 20150113, "cqueues newer than 20150113 required")
-- Create a single top level cqueue
@ -16,55 +17,24 @@ local cq;
if server.cq then -- server provides cqueues object
cq = server.cq;
elseif server.get_backend() == "select" and server._addtimer then -- server_select
elseif server.watchfd then
cq = cqueues.new();
local function step()
local timeout = timer.add_task(cq:timeout() or 0, function ()
-- FIXME It should be enough to reschedule this timeout instead of replacing it, but this does not work. See https://issues.prosody.im/1572
assert(cq:loop(0));
end
-- Use wrapclient (as wrapconnection isn't exported) to get server_select to watch cq fd
local handler = server.wrapclient({
getfd = function() return cq:pollfd(); end;
settimeout = function() end; -- Method just needs to exist
close = function() end; -- Need close method for 'closeall'
}, nil, nil, {});
-- Only need to listen for readable; cqueues handles everything under the hood
-- readbuffer is called when `select` notes an fd as readable
handler.readbuffer = step;
-- Use server_select low lever timer facility,
-- this callback gets called *every* time there is a timeout in the main loop
server._addtimer(function(current_time)
-- This may end up in extra step()'s, but cqueues handles it for us.
step();
return cq:timeout();
end);
elseif server.event and server.base then -- server_event
cq = cqueues.new();
-- Only need to listen for readable; cqueues handles everything under the hood
local EV_READ = server.event.EV_READ;
-- Convert a cqueues timeout to an acceptable timeout for luaevent
local function luaevent_safe_timeout(cq)
server.watchfd(cq:pollfd(), function ()
assert(cq:loop(0));
local t = cq:timeout();
-- if you give luaevent 0 or nil, it re-uses the previous timeout.
if t == 0 then
t = 0.000001; -- 1 microsecond is the smallest that works (goes into a `struct timeval`)
elseif t == nil then -- pick something big if we don't have one
t = 0x7FFFFFFF; -- largest 32bit int
if t then
timer.stop(timeout);
timeout = timer.add_task(cq:timeout(), function ()
assert(cq:loop(0));
return cq:timeout();
end);
end
return t
end
local event_handle;
event_handle = server.base:addevent(cq:pollfd(), EV_READ, function(e)
-- Need to reference event_handle or this callback will get collected
-- This creates a circular reference that can only be broken if event_handle is manually :close()'d
local _ = event_handle;
-- Run as many cqueues things as possible (with a timeout of 0)
-- If an error is thrown, it will break the libevent loop; but prosody resumes after logging a top level error
assert(cq:loop(0));
return EV_READ, luaevent_safe_timeout(cq);
end, luaevent_safe_timeout(cq));
end);
else
error "NYI"
end

72
net/dns.lua
View file

@ -13,10 +13,12 @@
local socket = require "socket";
local timer = require "util.timer";
local have_timer, timer = pcall(require, "util.timer");
local new_ip = require "util.ip".new_ip;
local have_util_net, util_net = pcall(require, "util.net");
local log = require "util.logger".init("dns");
local _, windows = pcall(require, "util.windows");
local is_windows = (_ and windows) or os.getenv("WINDIR");
@ -69,7 +71,9 @@ local ztact = { -- public domain 20080404 lua@ztact.com
};
local get, set = ztact.get, ztact.set;
local default_timeout = 15;
local default_timeout = 5;
local default_jitter = 1;
local default_retry_jitter = 2;
-------------------------------------------------- module dns
local _ENV = nil;
@ -664,8 +668,10 @@ end
-- socket layer -------------------------------------------------- socket layer
resolver.delays = { 1, 3 };
resolver.delays = { 1, 2, 3, 5 };
resolver.jitter = have_timer and default_jitter or nil;
resolver.retry_jitter = have_timer and default_retry_jitter or nil;
function resolver:addnameserver(address) -- - - - - - - - - - addnameserver
self.server = self.server or {};
@ -853,7 +859,10 @@ function resolver:query(qname, qtype, qclass) -- - - - - - - - - - -- query
packet = header..question,
server = self.best_server,
delay = 1,
retry = socket.gettime() + self.delays[1]
retry = socket.gettime() + self.delays[1];
qclass = qclass;
qtype = qtype;
qname = qname;
};
-- remember the query
@ -864,30 +873,32 @@ function resolver:query(qname, qtype, qclass) -- - - - - - - - - - -- query
if not conn then
return nil, err;
end
conn:send (o.packet)
if self.jitter then
timer.add_task(math.random()*self.jitter, function ()
conn:send(o.packet);
end);
else
conn:send(o.packet);
end
-- remember which coroutine wants the answer
if co then
set(self.wanted, qclass, qtype, qname, co, true);
end
if timer and self.timeout then
if have_timer and self.timeout then
local num_servers = #self.server;
local i = 1;
timer.add_task(self.timeout, function ()
if get(self.wanted, qclass, qtype, qname, co) then
if i < num_servers then
log("debug", "DNS request timeout %d/%d", i, num_servers)
i = i + 1;
self:servfail(conn);
o.server = self.best_server;
conn, err = self:getsocket(o.server);
if conn then
conn:send(o.packet);
return self.timeout;
end
end
-- Tried everything, failed
self:cancel(qclass, qtype, qname);
self:servfail(self.socket[o.server]);
-- end
end
-- Still outstanding? (i.e. retried)
if get(self.wanted, qclass, qtype, qname, co) then
return self.timeout; -- Then wait
end
end)
end
@ -904,6 +915,7 @@ function resolver:servfail(sock, err)
-- Find all requests to the down server, and retry on the next server
self.time = socket.gettime();
log("debug", "servfail %d (of %d)", num, #self.server);
for id,queries in pairs(self.active) do
for question,o in pairs(queries) do
if o.server == num then -- This request was to the broken server
@ -913,12 +925,27 @@ function resolver:servfail(sock, err)
end
o.retries = (o.retries or 0) + 1;
if o.retries >= #self.server then
--print('timeout');
queries[question] = nil;
else
local retried;
if o.retries < #self.server then
sock, err = self:getsocket(o.server);
if sock then sock:send(o.packet); end
if sock then
retried = true;
if self.retry_jitter then
local delay = self.delays[((o.retries-1)%#self.delays)+1] + (math.random()*self.retry_jitter);
log("debug", "retry %d in %0.2fs", o.retries, delay);
timer.add_task(delay, function ()
sock:send(o.packet);
end);
else
log("debug", "retry %d (immediate)", o.retries);
sock:send(o.packet);
end
end
end
if not retried then
log("debug", 'tried all servers, giving up');
self:cancel(o.qclass, o.qtype, o.qname);
queries[question] = nil;
end
end
end
@ -1164,6 +1191,7 @@ end
local _resolver = dns.resolver();
dns._resolver = _resolver;
_resolver.jitter, _resolver.retry_jitter = false, false;
function dns.lookup(...) -- - - - - - - - - - - - - - - - - - - - - lookup
return _resolver:lookup(...);

25
net/http.lua
View file

@ -12,6 +12,8 @@ local httpstream_new = require "net.http.parser".new;
local util_http = require "util.http";
local events = require "util.events";
local verify_identity = require"util.x509".verify_identity;
local promise = require "util.promise";
local http_errors = require "net.http.errors";
local basic_resolver = require "net.resolvers.basic";
local connect = require "net.connect".connect;
@ -40,7 +42,7 @@ local listener = { default_port = 80, default_mode = "*a" };
local function handleerr(err) log("error", "Traceback[http]: %s", traceback(tostring(err), 2)); return err; end
local function log_if_failed(req, ret, ...)
if not ret then
log("error", "Request '%s': error in callback: %s", req.id, tostring((...)));
log("error", "Request '%s': error in callback: %s", req.id, (...));
if not req.suppress_errors then
error(...);
end
@ -161,7 +163,7 @@ function listener.onincoming(conn, data)
local request = requests[conn];
if not request then
log("warn", "Received response from connection %s with no request attached!", tostring(conn));
log("warn", "Received response from connection %s with no request attached!", conn);
return;
end
@ -282,7 +284,22 @@ end
local function new(options)
local http = {
options = options;
request = request;
request = function (self, u, ex, callback)
if callback ~= nil then
return request(self, u, ex, callback);
else
return promise.new(function (resolve, reject)
request(self, u, ex, function (body, code, a, b)
if code == 0 then
reject(http_errors.new(body, { request = a }));
else
a.request = b;
resolve(a);
end
end);
end);
end
end;
new = options and function (new_options)
local final_options = {};
for k, v in pairs(options) do final_options[k] = v; end
@ -297,7 +314,7 @@ local function new(options)
end
local default_http = new({
sslctx = { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" } };
sslctx = { mode = "client", protocol = "sslv23", options = { "no_sslv2", "no_sslv3" }, alpn = "http/1.1" };
suppress_errors = true;
});

2
net/http/codes.lua
View file

@ -82,5 +82,5 @@ local response_codes = {
-- [512-599] = "Unassigned";
};
for k,v in pairs(response_codes) do response_codes[k] = k.." "..v; end
for k,v in pairs(response_codes) do response_codes[k] = ("%03d %s"):format(k, v); end
return setmetatable(response_codes, { __index = function(_, k) return k.." Unassigned"; end })

115
net/http/errors.lua Normal file
View file

@ -0,0 +1,115 @@
-- This module returns a table that is suitable for use as a util.error registry,
-- and a function to return a util.error object given callback 'code' and 'body'
-- parameters.
local codes = require "net.http.codes";
local util_error = require "util.error";
local error_templates = {
-- This code is used by us to report a client-side or connection error.
-- Instead of using the code, use the supplied body text to get one of
-- the more detailed errors below.
[0] = {
code = 0, type = "cancel", condition = "internal-server-error";
text = "Connection or internal error";
};
-- These are net.http built-in errors, they are returned in
-- the body parameter when code == 0
["cancelled"] = {
code = 0, type = "cancel", condition = "remote-server-timeout";
text = "Request cancelled";
};
["connection-closed"] = {
code = 0, type = "wait", condition = "remote-server-timeout";
text = "Connection closed";
};
["certificate-chain-invalid"] = {
code = 0, type = "cancel", condition = "remote-server-timeout";
text = "Server certificate not trusted";
};
["certificate-verify-failed"] = {
code = 0, type = "cancel", condition = "remote-server-timeout";
text = "Server certificate invalid";
};
["connection failed"] = {
code = 0, type = "cancel", condition = "remote-server-not-found";
text = "Connection failed";
};
["invalid-url"] = {
code = 0, type = "modify", condition = "bad-request";
text = "Invalid URL";
};
-- This doesn't attempt to map every single HTTP code (not all have sane mappings),
-- but all the common ones should be covered. XEP-0086 was used as reference for
-- most of these.
[400] = { type = "modify", condition = "bad-request" };
[401] = { type = "auth", condition = "not-authorized" };
[402] = { type = "auth", condition = "payment-required" };
[403] = { type = "auth", condition = "forbidden" };
[404] = { type = "cancel", condition = "item-not-found" };
[405] = { type = "cancel", condition = "not-allowed" };
[406] = { type = "modify", condition = "not-acceptable" };
[407] = { type = "auth", condition = "registration-required" };
[408] = { type = "wait", condition = "remote-server-timeout" };
[409] = { type = "cancel", condition = "conflict" };
[410] = { type = "cancel", condition = "gone" };
[411] = { type = "modify", condition = "bad-request" };
[412] = { type = "cancel", condition = "conflict" };
[413] = { type = "modify", condition = "resource-constraint" };
[414] = { type = "modify", condition = "resource-constraint" };
[415] = { type = "cancel", condition = "feature-not-implemented" };
[416] = { type = "modify", condition = "bad-request" };
[422] = { type = "modify", condition = "bad-request" };
[423] = { type = "wait", condition = "resource-constraint" };
[429] = { type = "wait", condition = "resource-constraint" };
[431] = { type = "modify", condition = "resource-constraint" };
[451] = { type = "auth", condition = "forbidden" };
[500] = { type = "wait", condition = "internal-server-error" };
[501] = { type = "cancel", condition = "feature-not-implemented" };
[502] = { type = "wait", condition = "remote-server-timeout" };
[503] = { type = "cancel", condition = "service-unavailable" };
[504] = { type = "wait", condition = "remote-server-timeout" };
[507] = { type = "wait", condition = "resource-constraint" };
[511] = { type = "auth", condition = "not-authorized" };
};
for k, v in pairs(codes) do
if error_templates[k] then
error_templates[k].code = k;
error_templates[k].text = v;
else
error_templates[k] = { type = "cancel", condition = "undefined-condition", text = v, code = k };
end
end
setmetatable(error_templates, {
__index = function(_, k)
if type(k) ~= "number" then
return nil;
end
return {
type = "cancel";
condition = "undefined-condition";
text = codes[k] or (k.." Unassigned");
code = k;
};
end
});
local function new(code, body, context)
if code == 0 then
return util_error.new(body, context, error_templates);
else
return util_error.new(code, context, error_templates);
end
end
return {
registry = error_templates;
new = new;
};

149
net/http/files.lua Normal file
View file

@ -0,0 +1,149 @@
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local server = require"net.http.server";
local lfs = require "lfs";
local new_cache = require "util.cache".new;
local log = require "util.logger".init("net.http.files");
local os_date = os.date;
local open = io.open;
local stat = lfs.attributes;
local build_path = require"socket.url".build_path;
local path_sep = package.config:sub(1,1);
local forbidden_chars_pattern = "[/%z]";
if package.config:sub(1,1) == "\\" then
forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
end
local urldecode = require "util.http".urldecode;
local function sanitize_path(path) --> util.paths or util.http?
if not path then return end
local out = {};
local c = 0;
for component in path:gmatch("([^/]+)") do
component = urldecode(component);
if component:find(forbidden_chars_pattern) then
return nil;
elseif component == ".." then
if c <= 0 then
return nil;
end
out[c] = nil;
c = c - 1;
elseif component ~= "." then
c = c + 1;
out[c] = component;
end
end
if path:sub(-1,-1) == "/" then
out[c+1] = "";
end
return "/"..table.concat(out, "/");
end
local function serve(opts)
if type(opts) ~= "table" then -- assume path string
opts = { path = opts };
end
local mime_map = opts.mime_map or { html = "text/html" };
local cache = new_cache(opts.cache_size or 256);
local cache_max_file_size = tonumber(opts.cache_max_file_size) or 1024
-- luacheck: ignore 431
local base_path = opts.path;
local dir_indices = opts.index_files or { "index.html", "index.htm" };
local directory_index = opts.directory_index;
local function serve_file(event, path)
local request, response = event.request, event.response;
local sanitized_path = sanitize_path(path);
if path and not sanitized_path then
return 400;
end
path = sanitized_path;
local orig_path = sanitize_path(request.path);
local full_path = base_path .. (path or ""):gsub("/", path_sep);
local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
if not attr then
return 404;
end
local request_headers, response_headers = request.headers, response.headers;
local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
response_headers.last_modified = last_modified;
local etag = ('"%x-%x-%x"'):format(attr.change or 0, attr.size or 0, attr.modification or 0);
response_headers.etag = etag;
local if_none_match = request_headers.if_none_match
local if_modified_since = request_headers.if_modified_since;
if etag == if_none_match
or (not if_none_match and last_modified == if_modified_since) then
return 304;
end
local data = cache:get(orig_path);
if data and data.etag == etag then
response_headers.content_type = data.content_type;
data = data.data;
cache:set(orig_path, data);
elseif attr.mode == "directory" and path then
if full_path:sub(-1) ~= "/" then
local dir_path = { is_absolute = true, is_directory = true };
for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end
response_headers.location = build_path(dir_path);
return 301;
end
for i=1,#dir_indices do
if stat(full_path..dir_indices[i], "mode") == "file" then
return serve_file(event, path..dir_indices[i]);
end
end
if directory_index then
data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
end
if not data then
return 403;
end
cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; });
response_headers.content_type = mime_map.html;
else
local f, err = open(full_path, "rb");
if not f then
log("debug", "Could not open %s. Error was %s", full_path, err);
return 403;
end
local ext = full_path:match("%.([^./]+)$");
local content_type = ext and mime_map[ext];
response_headers.content_type = content_type;
if attr.size > cache_max_file_size then
response_headers.content_length = ("%d"):format(attr.size);
log("debug", "%d > cache_max_file_size", attr.size);
return response:send_file(f);
else
data = f:read("*a");
f:close();
end
cache:set(orig_path, { data = data; content_type = content_type; etag = etag });
end
return response:send(data);
end
return serve_file;
end
return {
serve = serve;
}

134
net/http/parser.lua
View file

@ -1,8 +1,8 @@
local tonumber = tonumber;
local assert = assert;
local t_insert, t_concat = table.insert, table.concat;
local url_parse = require "socket.url".parse;
local urldecode = require "util.http".urldecode;
local dbuffer = require "util.dbuffer";
local function preprocess_path(path)
path = urldecode((path:gsub("//+", "/")));
@ -28,10 +28,13 @@ local httpstream = {};
function httpstream.new(success_cb, error_cb, parser_type, options_cb)
local client = true;
if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end
local buf, buflen, buftable = {}, 0, true;
local bodylimit = tonumber(options_cb and options_cb().body_size_limit) or 10*1024*1024;
-- https://stackoverflow.com/a/686243
-- Indiviual headers can be up to 16k? What madness?
local headlimit = tonumber(options_cb and options_cb().head_size_limit) or 10*1024;
local buflimit = tonumber(options_cb and options_cb().buffer_size_limit) or bodylimit * 2;
local chunked, chunk_size, chunk_start;
local buffer = dbuffer.new(buflimit);
local chunked;
local state = nil;
local packet;
local len;
@ -41,32 +44,26 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
feed = function(_, data)
if error then return nil, "parse has failed"; end
if not data then -- EOF
if buftable then buf, buftable = t_concat(buf), false; end
if state and client and not len then -- reading client body until EOF
packet.body = buf;
buffer:collapse();
packet.body = buffer:read_chunk() or "";
success_cb(packet);
elseif buf ~= "" then -- unexpected EOF
state = nil;
elseif buffer:length() ~= 0 then -- unexpected EOF
error = true; return error_cb("unexpected-eof");
end
return;
end
if buftable then
t_insert(buf, data);
else
buf = { buf, data };
buftable = true;
end
buflen = buflen + #data;
if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end
while buflen > 0 do
if not buffer:write(data) then error = true; return error_cb("max-buffer-size-exceeded"); end
while buffer:length() > 0 do
if state == nil then -- read request
if buftable then buf, buftable = t_concat(buf), false; end
local index = buf:find("\r\n\r\n", nil, true);
local index = buffer:sub(1, headlimit):find("\r\n\r\n", nil, true);
if not index then return; end -- not enough data
local method, path, httpversion, status_code, reason_phrase;
-- FIXME was reason_phrase meant to be passed on somewhere?
local method, path, httpversion, status_code, reason_phrase; -- luacheck: ignore reason_phrase
local first_line;
local headers = {};
for line in buf:sub(1,index+1):gmatch("([^\r\n]+)\r\n") do -- parse request
for line in buffer:read(index+3):gmatch("([^\r\n]+)\r\n") do -- parse request
if first_line then
local key, val = line:match("^([^%s:]+): *(.*)$");
if not key then error = true; return error_cb("invalid-header-line"); end -- TODO handle multi-line and invalid headers
@ -91,7 +88,6 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
if not first_line then error = true; return error_cb("invalid-status-line"); end
chunked = have_body and headers["transfer-encoding"] == "chunked";
len = tonumber(headers["content-length"]); -- TODO check for invalid len
if len and len > bodylimit then error = true; return error_cb("content-length-limit-exceeded"); end
if client then
-- FIXME handle '100 Continue' response (by skipping it)
if not have_body then len = 0; end
@ -99,7 +95,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
code = status_code;
httpversion = httpversion;
headers = headers;
body = have_body and "" or nil;
body = false;
-- COMPAT the properties below are deprecated
responseversion = httpversion;
responseheaders = headers;
@ -124,60 +120,72 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
path = path;
httpversion = httpversion;
headers = headers;
body = nil;
body = false;
body_sink = nil;
};
end
buf = buf:sub(index + 4);
buflen = #buf;
if len and len > bodylimit then
-- Early notification, for redirection
success_cb(packet);
if not packet.body_sink then error = true; return error_cb("content-length-limit-exceeded"); end
end
if chunked and not packet.body_sink then
success_cb(packet);
if not packet.body_sink then
packet.body_buffer = dbuffer.new(buflimit);
end
end
state = true;
end
if state then -- read body
if client then
if chunked then
if chunk_start and buflen - chunk_start - 2 < chunk_size then
return;
end -- not enough data
if buftable then buf, buftable = t_concat(buf), false; end
if not buf:find("\r\n", nil, true) then
return;
end -- not enough data
if not chunk_size then
chunk_size, chunk_start = buf:match("^(%x+)[^\r\n]*\r\n()");
chunk_size = chunk_size and tonumber(chunk_size, 16);
if not chunk_size then error = true; return error_cb("invalid-chunk-size"); end
if chunked then
local chunk_header = buffer:sub(1, 512); -- XXX How large do chunk headers grow?
local chunk_size, chunk_start = chunk_header:match("^(%x+)[^\r\n]*\r\n()");
if not chunk_size then return; end
chunk_size = chunk_size and tonumber(chunk_size, 16);
if not chunk_size then error = true; return error_cb("invalid-chunk-size"); end
if chunk_size == 0 and chunk_header:find("\r\n\r\n", chunk_start-2, true) then
local body_buffer = packet.body_buffer;
if body_buffer then
packet.body_buffer = nil;
body_buffer:collapse();
packet.body = body_buffer:read_chunk() or "";
end
if chunk_size == 0 and buf:find("\r\n\r\n", chunk_start-2, true) then
state, chunk_size = nil, nil;
buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped
success_cb(packet);
elseif buflen - chunk_start - 2 >= chunk_size then -- we have a chunk
packet.body = packet.body..buf:sub(chunk_start, chunk_start + (chunk_size-1));
buf = buf:sub(chunk_start + chunk_size + 2);
buflen = buflen - (chunk_start + chunk_size + 2 - 1);
chunk_size, chunk_start = nil, nil;
else -- Partial chunk remaining
break;
end
elseif len and buflen >= len then
if buftable then buf, buftable = t_concat(buf), false; end
if packet.code == 101 then
packet.body, buf, buflen, buftable = buf, {}, 0, true;
else
packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
buflen = #buf;
end
state = nil; success_cb(packet);
else
buffer:collapse();
local buf = buffer:read_chunk();
buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped
buffer:write(buf);
state, chunked = nil, nil;
success_cb(packet);
elseif buffer:length() - chunk_start - 2 >= chunk_size then -- we have a chunk
buffer:discard(chunk_start - 1); -- TODO verify that it's not off-by-one
(packet.body_sink or packet.body_buffer):write(buffer:read(chunk_size));
buffer:discard(2); -- CRLF
else -- Partial chunk remaining
break;
end
elseif buflen >= len then
if buftable then buf, buftable = t_concat(buf), false; end
packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
buflen = #buf;
elseif packet.body_sink then
local chunk = buffer:read_chunk(len);
while chunk and len > 0 do
if packet.body_sink:write(chunk) then
len = len - #chunk;
chunk = buffer:read_chunk(len);
else
error = true;
return error_cb("body-sink-write-failure");
end
end
if len == 0 then state = nil; success_cb(packet); end
elseif buffer:length() >= len then
assert(not chunked)
packet.body = buffer:read(len) or "";
state = nil; success_cb(packet);
else
break;
end
else
break;
end
end
end;

105
net/http/server.lua
View file

@ -13,6 +13,8 @@ local traceback = debug.traceback;
local tostring = tostring;
local cache = require "util.cache";
local codes = require "net.http.codes";
local promise = require "util.promise";
local errors = require "util.error";
local blocksize = 2^16;
local _M = {};
@ -170,6 +172,49 @@ local headerfix = setmetatable({}, {
end
});
local function handle_result(request, response, result)
if result == nil then
result = 404;
end
if result == true then
return;
end
local body;
local result_type = type(result);
if result_type == "number" then
response.status_code = result;
if result >= 400 then
body = events.fire_event("http-error", { request = request, response = response, code = result });
end
elseif result_type == "string" then
body = result;
elseif errors.is_err(result) then
response.status_code = result.code or 500;
body = events.fire_event("http-error", { request = request, response = response, code = result.code or 500, error = result });
elseif promise.is_promise(result) then
result:next(function (ret)
handle_result(request, response, ret);
end, function (err)
response.status_code = 500;
handle_result(request, response, err or 500);
end);
return true;
elseif result_type == "table" then
for k, v in pairs(result) do
if k ~= "headers" then
response[k] = v;
else
for header_name, header_value in pairs(v) do
response.headers[header_name] = header_value;
end
end
end
end
return response:send(body);
end
function _M.hijack_response(response, listener) -- luacheck: ignore
error("TODO");
end
@ -194,8 +239,11 @@ function handle_request(conn, request, finish_cb)
response_conn_header = httpversion == "1.1" and "close" or nil
end
local is_head_request = request.method == "HEAD";
local response = {
request = request;
is_head_request = is_head_request;
status_code = 200;
headers = { date = date_header, connection = response_conn_header };
persistent = persistent;
@ -227,6 +275,11 @@ function handle_request(conn, request, finish_cb)
local payload = { request = request, response = response };
log("debug", "Firing event: %s", global_event);
local result = events.fire_event(global_event, payload);
if result == nil and is_head_request then
local global_head_event = "GET "..request.path:match("[^?]*");
log("debug", "Firing event: %s", global_head_event);
result = events.fire_event(global_head_event, payload);
end
if result == nil then
if not hosts[host] then
if hosts[default_host] then
@ -247,40 +300,17 @@ function handle_request(conn, request, finish_cb)
local host_event = request.method.." "..host..request.path:match("[^?]*");
log("debug", "Firing event: %s", host_event);
result = events.fire_event(host_event, payload);
end
if result ~= nil then
if result ~= true then
local body;
local result_type = type(result);
if result_type == "number" then
response.status_code = result;
if result >= 400 then
payload.code = result;
body = events.fire_event("http-error", payload);
end
elseif result_type == "string" then
body = result;
elseif result_type == "table" then
for k, v in pairs(result) do
if k ~= "headers" then
response[k] = v;
else
for header_name, header_value in pairs(v) do
response.headers[header_name] = header_value;
end
end
end
end
response:send(body);
if result == nil and is_head_request then
local host_head_event = "GET "..host..request.path:match("[^?]*");
log("debug", "Firing event: %s", host_head_event);
result = events.fire_event(host_head_event, payload);
end
return;
end
-- if handler not called, return 404
response.status_code = 404;
payload.code = 404;
response:send(events.fire_event("http-error", payload));
return handle_result(request, response, result);
end
local function prepare_header(response)
local status_line = "HTTP/"..response.request.httpversion.." "..(response.status or codes[response.status_code]);
local headers = response.headers;
@ -292,16 +322,29 @@ local function prepare_header(response)
return output;
end
_M.prepare_header = prepare_header;
function _M.send_head_response(response)
if response.finished then return; end
local output = prepare_header(response);
response.conn:write(t_concat(output));
response:done();
end
function _M.send_response(response, body)
if response.finished then return; end
body = body or response.body or "";
response.headers.content_length = #body;
response.headers.content_length = ("%d"):format(#body);
if response.is_head_request then
return _M.send_head_response(response)
end
local output = prepare_header(response);
t_insert(output, body);
response.conn:write(t_concat(output));
response:done();
end
function _M.send_file(response, f)
if response.is_head_request then
if f.close then f:close(); end
return _M.send_head_response(response);
end
if response.finished then return; end
local chunked = not response.headers.content_length;
if chunked then response.headers.transfer_encoding = "chunked"; end

40
net/resolvers/basic.lua
View file

@ -2,10 +2,13 @@ local adns = require "net.adns";
local inet_pton = require "util.net".pton;
local inet_ntop = require "util.net".ntop;
local idna_to_ascii = require "util.encodings".idna.to_ascii;
local unpack = table.unpack or unpack; -- luacheck: ignore 113
local methods = {};
local resolver_mt = { __index = methods };
-- FIXME RFC 6724
-- Find the next target to connect to, and
-- pass it to cb()
function methods:next(cb)
@ -36,23 +39,32 @@ function methods:next(cb)
-- Resolve DNS to target list
local dns_resolver = adns.resolver();
dns_resolver:lookup(function (answer)
if answer then
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
end
end
ready();
end, self.hostname, "A", "IN");
dns_resolver:lookup(function (answer)
if answer then
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
if not self.extra or self.extra.use_ipv4 ~= false then
dns_resolver:lookup(function (answer)
if answer then
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
end
end
end
ready();
end, self.hostname, "A", "IN");
else
ready();
end, self.hostname, "AAAA", "IN");
end
if not self.extra or self.extra.use_ipv6 ~= false then
dns_resolver:lookup(function (answer)
if answer then
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
end
end
ready();
end, self.hostname, "AAAA", "IN");
else
ready();
end
end
local function new(hostname, port, conn_type, extra)

1
net/resolvers/manual.lua
View file

@ -1,5 +1,6 @@
local methods = {};
local resolver_mt = { __index = methods };
local unpack = table.unpack or unpack; -- luacheck: ignore 113
-- Find the next target to connect to, and
-- pass it to cb()

29
net/resolvers/service.lua
View file

@ -1,6 +1,8 @@
local adns = require "net.adns";
local basic = require "net.resolvers.basic";
local inet_pton = require "util.net".pton;
local idna_to_ascii = require "util.encodings".idna.to_ascii;
local unpack = table.unpack or unpack; -- luacheck: ignore 113
local methods = {};
local resolver_mt = { __index = methods };
@ -9,14 +11,17 @@ local resolver_mt = { __index = methods };
-- pass it to cb()
function methods:next(cb)
if self.targets then
if #self.targets == 0 then
cb(nil);
return;
if not self.resolver then
if #self.targets == 0 then
cb(nil);
return;
end
local next_target = table.remove(self.targets, 1);
self.resolver = basic.new(unpack(next_target, 1, 4));
end
local next_target = table.remove(self.targets, 1);
self.resolver = basic.new(unpack(next_target, 1, 4));
self.resolver:next(function (...)
if ... == nil then
self.resolver = nil;
self:next(cb);
else
cb(...);
@ -39,7 +44,11 @@ function methods:next(cb)
-- Resolve DNS to target list
local dns_resolver = adns.resolver();
dns_resolver:lookup(function (answer)
dns_resolver:lookup(function (answer, err)
if not answer and not err then
-- net.adns returns nil if there are zero records or nxdomain
answer = {};
end
if answer then
if #answer == 0 then
if self.extra and self.extra.default_port then
@ -64,6 +73,14 @@ function methods:next(cb)
end
local function new(hostname, service, conn_type, extra)
local is_ip = inet_pton(hostname);
if not is_ip and hostname:sub(1,1) == '[' then
is_ip = inet_pton(hostname:sub(2,-2));
end
if is_ip and extra and extra.default_port then
return basic.new(hostname, extra.default_port, conn_type, extra);
end
return setmetatable({
hostname = idna_to_ascii(hostname);
service = service;

6
net/server.lua
View file

@ -13,7 +13,11 @@ if not (prosody and prosody.config_loaded) then
end
local log = require "util.logger".init("net.server");
local server_type = require "core.configmanager".get("*", "network_backend") or "select";
local have_util_poll = pcall(require, "util.poll");
local default_backend = have_util_poll and "epoll" or "select";
local server_type = require "core.configmanager".get("*", "network_backend") or default_backend;
if require "core.configmanager".get("*", "use_libevent") then
server_type = "event";

362
net/server_epoll.lua
View file

@ -9,20 +9,24 @@
local t_insert = table.insert;
local t_concat = table.concat;
local setmetatable = setmetatable;
local tostring = tostring;
local pcall = pcall;
local type = type;
local next = next;
local pairs = pairs;
local log = require "util.logger".init("server_epoll");
local traceback = debug.traceback;
local logger = require "util.logger";
local log = logger.init("server_epoll");
local socket = require "socket";
local luasec = require "ssl";
local gettime = require "util.time".now;
local realtime = require "util.time".now;
local monotonic = require "util.time".monotonic;
local indexedbheap = require "util.indexedbheap";
local createtable = require "util.table".create;
local inet = require "util.net";
local inet_pton = inet.pton;
local _SOCKETINVALID = socket._SOCKETINVALID or -1;
local new_id = require "util.id".medium;
local xpcall = require "util.xpcall".xpcall;
local poller = require "util.poll"
local EEXIST = poller.EEXIST;
@ -38,7 +42,10 @@ local default_config = { __index = {
read_timeout = 14 * 60;
-- How long to wait for a socket to become writable after queuing data to send
send_timeout = 60;
send_timeout = 180;
-- How long to wait for a socket to become writable after creation
connect_timeout = 20;
-- Some number possibly influencing how many pending connections can be accepted
tcp_backlog = 128;
@ -58,6 +65,20 @@ local default_config = { __index = {
-- Maximum and minimum amount of time to sleep waiting for events (adjusted for pending timers)
max_wait = 86400;
min_wait = 1e-06;
-- Enable extra noisy debug logging
-- TODO disable once considered stable
verbose = true;
-- EXPERIMENTAL
-- Whether to kill connections in case of callback errors.
fatal_errors = false;
-- Or disable protection (like server_select) for potential performance gains
protect_listeners = true;
-- Attempt writes instantly
opportunistic_writes = false;
}};
local cfg = default_config.__index;
@ -68,48 +89,50 @@ local fds = createtable(10, 0); -- FD -> conn
local timers = indexedbheap.create();
local function noop() end
local function closetimer(t)
t[1] = 0;
t[2] = noop;
timers:remove(t.id);
local function closetimer(id)
timers:remove(id);
end
local function reschedule(t, time)
t[1] = time;
timers:reprioritize(t.id, time);
end
-- Add absolute timer
local function at(time, f)
local timer = { time, f, close = closetimer, reschedule = reschedule, id = nil };
timer.id = timers:insert(timer, time);
return timer;
local function reschedule(id, time)
time = monotonic() + time;
timers:reprioritize(id, time);
end
-- Add relative timer
local function addtimer(timeout, f)
return at(gettime() + timeout, f);
local function addtimer(timeout, f, param)
local time = monotonic() + timeout;
if param ~= nil then
local timer_callback = f
function f(current_time, timer_id)
local t = timer_callback(current_time, timer_id, param)
return t;
end
end
local id = timers:insert(f, time);
return id;
end
-- Run callbacks of expired timers
-- Return time until next timeout
local function runtimers(next_delay, min_wait)
-- Any timers at all?
local now = gettime();
local elapsed = monotonic();
local now = realtime();
local peek = timers:peek();
while peek do
if peek > now then
next_delay = peek - now;
if peek > elapsed then
next_delay = peek - elapsed;
break;
end
local _, timer, id = timers:pop();
local ok, ret = pcall(timer[2], now);
local ok, ret = xpcall(timer, traceback, now, id);
if ok and type(ret) == "number" then
local next_time = now+ret;
timer[1] = next_time;
local next_time = elapsed+ret;
timers:insert(timer, next_time);
elseif not ok then
log("error", "Error in timer: %s", ret);
end
peek = timers:peek();
@ -138,6 +161,22 @@ function interface_mt:__tostring()
return ("FD %d"):format(self:getfd());
end
interface.log = log;
function interface:debug(msg, ...) --luacheck: ignore 212/self
self.log("debug", msg, ...);
end
interface.noise = interface.debug;
function interface:noise(msg, ...) --luacheck: ignore 212/self
if cfg.verbose then
return self:debug(msg, ...);
end
end
function interface:error(msg, ...) --luacheck: ignore 212/self
self.log("error", msg, ...);
end
-- Replace the listener and tell the old one
function interface:setlistener(listeners, data)
self:on("detach");
@ -148,21 +187,36 @@ end
-- Call a listener callback
function interface:on(what, ...)
if not self.listeners then
log("error", "%s has no listeners", self);
self:error("Interface is missing listener callbacks");
return;
end
local listener = self.listeners["on"..what];
if not listener then
-- log("debug", "Missing listener 'on%s'", what); -- uncomment for development and debugging
self:noise("Missing listener 'on%s'", what); -- uncomment for development and debugging
return;
end
local ok, err = pcall(listener, self, ...);
if not cfg.protect_listeners then
return listener(self, ...);
end
local onerror = self.listeners.onerror or traceback;
local ok, err = xpcall(listener, onerror, self, ...);
if not ok then
log("error", "Error calling on%s: %s", what, err);
if cfg.fatal_errors then
self:error("Closing due to error calling on%s: %s", what, err);
self:destroy();
else
self:debug("Error calling on%s: %s", what, err);
end
return nil, err;
end
return err;
end
-- Allow this one to be overridden
function interface:onincoming(...)
return self:on("incoming", ...);
end
-- Return the file descriptor number
function interface:getfd()
if self.conn then
@ -219,19 +273,21 @@ end
function interface:setreadtimeout(t)
if t == false then
if self._readtimeout then
self._readtimeout:close();
closetimer(self._readtimeout);
self._readtimeout = nil;
end
return
end
t = t or cfg.read_timeout;
if self._readtimeout then
self._readtimeout:reschedule(gettime() + t);
reschedule(self._readtimeout, t);
else
self._readtimeout = addtimer(t, function ()
if self:on("readtimeout") then
self:noise("Read timeout handled");
return cfg.read_timeout;
else
self:debug("Read timeout not handled, disconnecting");
self:on("disconnect", "read timeout");
self:destroy();
end
@ -243,17 +299,18 @@ end
function interface:setwritetimeout(t)
if t == false then
if self._writetimeout then
self._writetimeout:close();
closetimer(self._writetimeout);
self._writetimeout = nil;
end
return
end
t = t or cfg.send_timeout;
if self._writetimeout then
self._writetimeout:reschedule(gettime() + t);
reschedule(self._writetimeout, t);
else
self._writetimeout = addtimer(t, function ()
self:on("disconnect", "write timeout");
self:noise("Write timeout");
self:on("disconnect", self._connected and "write timeout" or "connection timeout");
self:destroy();
end);
end
@ -269,15 +326,15 @@ function interface:add(r, w)
local ok, err, errno = poll:add(fd, r, w);
if not ok then
if errno == EEXIST then
log("debug", "%s already registered!", self);
self:debug("FD already registered in poller! (EEXIST)");
return self:set(r, w); -- So try to change its flags
end
log("error", "Could not register %s: %s(%d)", self, err, errno);
self:debug("Could not register in poller: %s(%d)", err, errno);
return ok, err;
end
self._wantread, self._wantwrite = r, w;
fds[fd] = self;
log("debug", "Watching %s", self);
self:noise("Registered in poller");
return true;
end
@ -290,7 +347,7 @@ function interface:set(r, w)
if w == nil then w = self._wantwrite; end
local ok, err, errno = poll:set(fd, r, w);
if not ok then
log("error", "Could not update poller state %s: %s(%d)", self, err, errno);
self:debug("Could not update poller state: %s(%d)", err, errno);
return ok, err;
end
self._wantread, self._wantwrite = r, w;
@ -307,12 +364,12 @@ function interface:del()
end
local ok, err, errno = poll:del(fd);
if not ok and errno ~= ENOENT then
log("error", "Could not unregister %s: %s(%d)", self, err, errno);
self:debug("Could not unregister: %s(%d)", err, errno);
return ok, err;
end
self._wantread, self._wantwrite = nil, nil;
fds[fd] = nil;
log("debug", "Unwatched %s", self);
self:noise("Unregistered from poller");
return true;
end
@ -334,7 +391,7 @@ function interface:onreadable()
local data, err, partial = self.conn:receive(self.read_size or cfg.read_size);
if data then
self:onconnect();
self:on("incoming", data);
self:onincoming(data);
else
if err == "wantread" then
self:set(true, nil);
@ -345,15 +402,28 @@ function interface:onreadable()
end
if partial and partial ~= "" then
self:onconnect();
self:on("incoming", partial, err);
self:onincoming(partial, err);
end
if err ~= "timeout" then
if err == "closed" then
self:debug("Connection closed by remote");
else
self:debug("Read error, closing (%s)", err);
end
self:on("disconnect", err);
self:destroy()
return;
end
end
if not self.conn then return; end
if self._limit and (data or partial) then
local cost = self._limit * #(data or partial);
if cost > cfg.min_wait then
self:setreadtimeout(false);
self:pausefor(cost);
return;
end
end
if self._wantread and self.conn:dirty() then
self:setreadtimeout(false);
self:pausefor(cfg.read_retry_delay);
@ -367,7 +437,7 @@ function interface:onwritable()
self:onconnect();
if not self.conn then return; end -- could have been closed in onconnect
local buffer = self.writebuffer;
local data = t_concat(buffer);
local data = #buffer == 1 and buffer[1] or t_concat(buffer);
local ok, err, partial = self.conn:send(data);
if ok then
self:set(nil, false);
@ -378,10 +448,12 @@ function interface:onwritable()
self:ondrain(); -- Be aware of writes in ondrain
return;
elseif partial then
self:debug("Sent %d out of %d buffered bytes", partial, #data);
buffer[1] = data:sub(partial+1);
for i = #buffer, 2, -1 do
buffer[i] = nil;
end
self:set(nil, true);
self:setwritetimeout();
end
if err == "wantwrite" or err == "timeout" then
@ -407,8 +479,14 @@ function interface:write(data)
else
self.writebuffer = { data };
end
self:setwritetimeout();
self:set(nil, true);
if not self._write_lock then
if cfg.opportunistic_writes then
self:onwritable();
return #data;
end
self:setwritetimeout();
self:set(nil, true);
end
return #data;
end
interface.send = interface.write;
@ -418,10 +496,10 @@ function interface:close()
if self.writebuffer and self.writebuffer[1] then
self:set(false, true); -- Flush final buffer contents
self.write, self.send = noop, noop; -- No more writing
log("debug", "Close %s after writing", self);
self:debug("Close after writing remaining buffered data");
self.ondrain = interface.close;
else
log("debug", "Close %s now", self);
self:debug("Closing now");
self.write, self.send = noop, noop;
self.close = noop;
self:on("disconnect");
@ -450,31 +528,32 @@ function interface:starttls(tls_ctx)
if tls_ctx then self.tls_ctx = tls_ctx; end
self.starttls = false;
if self.writebuffer and self.writebuffer[1] then
log("debug", "Start TLS on %s after write", self);
self:debug("Start TLS after write");
self.ondrain = interface.starttls;
self:set(nil, true); -- make sure wantwrite is set
else
if self.ondrain == interface.starttls then
self.ondrain = nil;
end
self.onwritable = interface.tlshandskake;
self.onreadable = interface.tlshandskake;
self.onwritable = interface.tlshandshake;
self.onreadable = interface.tlshandshake;
self:set(true, true);
log("debug", "Prepare to start TLS on %s", self);
self:debug("Prepared to start TLS");
end
end
function interface:tlshandskake()
function interface:tlshandshake()
self:setwritetimeout(false);
self:setreadtimeout(false);
if not self._tls then
self._tls = true;
log("debug", "Start TLS on %s now", self);
self:debug("Starting TLS now");
self:del();
self:updatenames(); -- Can't getpeer/sockname after wrap()
local ok, conn, err = pcall(luasec.wrap, self.conn, self.tls_ctx);
if not ok then
conn, err = ok, conn;
log("error", "Failed to initialize TLS: %s", err);
self:debug("Failed to initialize TLS: %s", err);
end
if not conn then
self:on("disconnect", err);
@ -483,33 +562,43 @@ function interface:tlshandskake()
end
conn:settimeout(0);
self.conn = conn;
if conn.sni and self.servername then
conn:sni(self.servername);
if conn.sni then
if self.servername then
conn:sni(self.servername);
elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then
conn:sni(self._server.hosts, true);
end
end
self:on("starttls");
self.ondrain = nil;
self.onwritable = interface.tlshandskake;
self.onreadable = interface.tlshandskake;
self.onwritable = interface.tlshandshake;
self.onreadable = interface.tlshandshake;
return self:init();
end
self:noise("Continuing TLS handshake");
local ok, err = self.conn:dohandshake();
if ok then
log("debug", "TLS handshake on %s complete", self);
local info = self.conn.info and self.conn:info();
if type(info) == "table" then
self:debug("TLS handshake complete (%s with %s)", info.protocol, info.cipher);
else
self:debug("TLS handshake complete");
end
self.onwritable = nil;
self.onreadable = nil;
self:on("status", "ssl-handshake-complete");
self:setwritetimeout();
self:set(true, true);
elseif err == "wantread" then
log("debug", "TLS handshake on %s to wait until readable", self);
self:noise("TLS handshake to wait until readable");
self:set(true, false);
self:setreadtimeout(cfg.ssl_handshake_timeout);
elseif err == "wantwrite" then
log("debug", "TLS handshake on %s to wait until writable", self);
self:noise("TLS handshake to wait until writable");
self:set(false, true);
self:setwritetimeout(cfg.ssl_handshake_timeout);
else
log("debug", "TLS handshake error on %s: %s", self, err);
self:debug("TLS handshake error: %s", err);
self:on("disconnect", err);
self:destroy();
end
@ -517,15 +606,18 @@ end
local function wrapsocket(client, server, read_size, listeners, tls_ctx, extra) -- luasocket object -> interface object
client:settimeout(0);
local conn_id = ("conn%s"):format(new_id());
local conn = setmetatable({
conn = client;
_server = server;
created = gettime();
created = realtime();
listeners = listeners;
read_size = read_size or (server and server.read_size);
writebuffer = {};
tls_ctx = tls_ctx or (server and server.tls_ctx);
tls_direct = server and server.tls_direct;
id = conn_id;
log = logger.init(conn_id);
extra = extra;
}, interface_mt);
@ -542,12 +634,12 @@ end
function interface:updatenames()
local conn = self.conn;
local ok, peername, peerport = pcall(conn.getpeername, conn);
if ok then
self.peername, self.peerport = peername, peerport;
if ok and peername then
self.peername, self.peerport = peername, peerport or 0;
end
local ok, sockname, sockport = pcall(conn.getsockname, conn);
if ok then
self.sockname, self.sockport = sockname, sockport;
if ok and sockname then
self.sockname, self.sockport = sockname, sockport or 0;
end
end
@ -556,74 +648,127 @@ end
function interface:onacceptable()
local conn, err = self.conn:accept();
if not conn then
log("debug", "Error accepting new client: %s, server will be paused for %ds", err, cfg.accept_retry_interval);
self:debug("Error accepting new client: %s, server will be paused for %ds", err, cfg.accept_retry_interval);
self:pausefor(cfg.accept_retry_interval);
return;
end
local client = wrapsocket(conn, self, nil, self.listeners);
log("debug", "New connection %s", tostring(client));
client:debug("New connection %s on server %s", client, self);
client:init();
if self.tls_direct then
client:starttls(self.tls_ctx);
else
client:onconnect();
end
end
-- Initialization
function interface:init()
self:setwritetimeout();
self:setwritetimeout(cfg.connect_timeout);
return self:add(true, true);
end
function interface:pause()
self:noise("Pause reading");
return self:set(false);
end
function interface:resume()
self:noise("Resume reading");
return self:set(true);
end
-- Pause connection for some time
function interface:pausefor(t)
self:noise("Pause for %fs", t);
if self._pausefor then
self._pausefor:close();
closetimer(self._pausefor);
self._pausefor = nil;
end
if t == false then return; end
self:set(false);
self._pausefor = addtimer(t, function ()
self._pausefor = nil;
self:set(true);
self:noise("Resuming after pause, connection is %s", not self.conn and "missing" or self.conn:dirty() and "dirty" or "clean");
if self.conn and self.conn:dirty() then
self:onreadable();
end
end);
end
function interface:setlimit(Bps)
if Bps > 0 then
self._limit = 1/Bps;
else
self._limit = nil;
end
end
function interface:pause_writes()
if self._write_lock then
return
end
self:noise("Pause writes");
self._write_lock = true;
self:setwritetimeout(false);
self:set(nil, false);
end
function interface:resume_writes()
if not self._write_lock then
return
end
self:noise("Resume writes");
self._write_lock = nil;
if self.writebuffer[1] then
self:setwritetimeout();
self:set(nil, true);
end
end
-- Connected!
function interface:onconnect()
if self.conn and not self.peername and self.conn.getpeername then
self.peername, self.peerport = self.conn:getpeername();
end
self._connected = true;
self:updatenames();
self:debug("Connected (%s)", self);
self.onconnect = noop;
self:on("connect");
end
local function addserver(addr, port, listeners, read_size, tls_ctx)
local function wrapserver(conn, addr, port, listeners, config)
local server = setmetatable({
conn = conn;
created = realtime();
listeners = listeners;
read_size = config and config.read_size;
onreadable = interface.onacceptable;
tls_ctx = config and config.tls_ctx;
tls_direct = config and config.tls_direct;
hosts = config and config.sni_hosts;
sockname = addr;
sockport = port;
log = logger.init(("serv%s"):format(new_id()));
}, interface_mt);
server:debug("Server %s created", server);
server:add(true, false);
return server;
end
local function listen(addr, port, listeners, config)
local conn, err = socket.bind(addr, port, cfg.tcp_backlog);
if not conn then return conn, err; end
conn:settimeout(0);
local server = setmetatable({
conn = conn;
created = gettime();
listeners = listeners;
return wrapserver(conn, addr, port, listeners, config);
end
-- COMPAT
local function addserver(addr, port, listeners, read_size, tls_ctx)
return listen(addr, port, listeners, {
read_size = read_size;
onreadable = interface.onacceptable;
tls_ctx = tls_ctx;
tls_direct = tls_ctx and true or false;
sockname = addr;
sockport = port;
}, interface_mt);
server:add(true, false);
return server;
});
end
-- COMPAT
@ -659,13 +804,19 @@ local function addclient(addr, port, listeners, read_size, tls_ctx, typ, extra)
return nil, "invalid socket type";
end
local conn, err = create();
if not conn then return conn, err; end
local ok, err = conn:settimeout(0);
if not ok then return ok, err; end
local ok, err = conn:setpeername(addr, port);
if not ok and err ~= "timeout" then return ok, err; end
local client = wrapsocket(conn, nil, read_size, listeners, tls_ctx, extra)
local ok, err = client:init();
if not client.peername then
-- otherwise not set until connected
client.peername, client.peerport = addr, port;
end
if not ok then return ok, err; end
client:debug("Client %s created", client);
if tls_ctx then
client:starttls(tls_ctx);
end
@ -687,23 +838,23 @@ local function watchfd(fd, onreadable, onwritable)
end;
-- Otherwise it'll need to be something LuaSocket-compatible
end
conn.id = new_id();
conn.log = logger.init(("fdwatch%s"):format(conn.id));
conn:add(onreadable, onwritable);
return conn;
end;
-- Dump all data from one connection into another
local function link(from, to)
from.listeners = setmetatable({
onincoming = function (_, data)
from:pause();
to:write(data);
end,
}, {__index=from.listeners});
to.listeners = setmetatable({
ondrain = function ()
from:resume();
end,
}, {__index=to.listeners});
local function link(from, to, read_size)
from:debug("Linking to %s", to.id);
function from:onincoming(data)
self:pause();
to:write(data);
end
function to:ondrain() -- luacheck: ignore 212/self
from:resume();
end
from:set_mode(read_size);
from:set(true, nil);
to:set(nil, true);
end
@ -762,11 +913,21 @@ return {
addserver = addserver;
addclient = addclient;
add_task = addtimer;
at = at;
timer = {
-- API-compatible with util.timer
add_task = addtimer;
stop = closetimer;
reschedule = reschedule;
to_absolute_time = function (t)
return t-monotonic()+realtime();
end;
};
listen = listen;
loop = loop;
closeall = closeall;
setquitting = setquitting;
wrapclient = wrapclient;
wrapserver = wrapserver;
watchfd = watchfd;
link = link;
set_config = function (newconfig)
@ -776,6 +937,7 @@ return {
-- libevent emulation
event = { EV_READ = "r", EV_WRITE = "w", EV_READWRITE = "rw", EV_LEAVE = -1 };
addevent = function (fd, mode, callback)
log("warn", "Using deprecated libevent emulation, please update code to use watchfd API instead");
local function onevent(self)
local ret = self:callback();
if ret == -1 then
@ -795,6 +957,8 @@ return {
fds[fd] = nil;
end;
}, interface_mt);
conn.id = conn:getfd();
conn.log = logger.init(("fdwatch%d"):format(conn.id));
local ok, err = conn:add(mode == "r" or mode == "rw", mode == "w" or mode == "rw");
if not ok then return ok, err; end
return conn;

55
net/server_event.lua
View file

@ -165,8 +165,12 @@ function interface_mt:_start_ssl(call_onconnect) -- old socket will be destroyed
return false
end
if self.conn.sni and self.servername then
self.conn:sni(self.servername);
if self.conn.sni then
if self.servername then
self.conn:sni(self.servername);
elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then
self.conn:sni(self._server.hosts, true);
end
end
self.conn:settimeout( 0 ) -- set non blocking
@ -258,6 +262,7 @@ end
--TODO: Deprecate
function interface_mt:lock_read(switch)
log("warn", ":lock_read is deprecated, use :pasue() and :resume()");
if switch then
return self:pause();
else
@ -277,6 +282,19 @@ function interface_mt:resume()
end
end
function interface_mt:pause_writes()
return self:_lock(self.nointerface, self.noreading, true);
end
function interface_mt:resume_writes()
self:_lock(self.nointerface, self.noreading, false);
if self.writecallback and not self.eventwrite then
self.eventwrite = addevent( base, self.conn, EV_WRITE, self.writecallback, cfg.WRITE_TIMEOUT ); -- register callback
return true;
end
end
function interface_mt:counter(c)
if c then
self._connections = self._connections + c
@ -286,7 +304,7 @@ end
-- Public methods
function interface_mt:write(data)
if self.nowriting then return nil, "locked" end
if self.nointerface then return nil, "locked"; end
--vdebug( "try to send data to client, id/data:", self.id, data )
data = tostring( data )
local len = #data
@ -298,7 +316,7 @@ function interface_mt:write(data)
end
t_insert(self.writebuffer, data) -- new buffer
self.writebufferlen = total
if not self.eventwrite then -- register new write event
if not self.eventwrite and not self.nowriting then -- register new write event
--vdebug( "register new write event" )
self.eventwrite = addevent( base, self.conn, EV_WRITE, self.writecallback, cfg.WRITE_TIMEOUT )
end
@ -445,10 +463,6 @@ end
function interface_mt:ontimeout()
end
function interface_mt:onreadtimeout()
self.fatalerror = "timeout during receiving"
debug( "connection failed:", self.fatalerror )
self:_close()
self.eventread = nil
end
function interface_mt:ondrain()
end
@ -642,7 +656,7 @@ local function handleclient( client, ip, port, server, pattern, listener, sslctx
return interface
end
local function handleserver( server, addr, port, pattern, listener, sslctx ) -- creates an server interface
local function handleserver( server, addr, port, pattern, listener, sslctx, startssl ) -- creates a server interface
debug "creating server interface..."
local interface = {
_connections = 0;
@ -658,6 +672,7 @@ local function handleserver( server, addr, port, pattern, listener, sslctx ) --
_ip = addr, _port = port, _pattern = pattern,
_sslctx = sslctx;
hosts = {};
}
interface.id = tostring(interface):match("%x+$");
interface.readcallback = function( event ) -- server handler, called on incoming connections
@ -677,6 +692,7 @@ local function handleserver( server, addr, port, pattern, listener, sslctx ) --
end
end
--vdebug("max connection check ok, accepting...")
-- luacheck: ignore 231/err
local client, err = server:accept() -- try to accept; TODO: check err
while client do
if interface._connections >= cfg.MAX_CONNECTIONS then
@ -688,7 +704,7 @@ local function handleserver( server, addr, port, pattern, listener, sslctx ) --
interface._connections = interface._connections + 1 -- increase connection count
local clientinterface = handleclient( client, client_ip, client_port, interface, pattern, listener, sslctx )
--vdebug( "client id:", clientinterface, "startssl:", startssl )
if has_luasec and sslctx then
if has_luasec and startssl then
clientinterface:starttls(sslctx, true)
else
clientinterface:_start_session( true )
@ -707,9 +723,9 @@ local function handleserver( server, addr, port, pattern, listener, sslctx ) --
return interface
end
local function addserver( addr, port, listener, pattern, sslctx, startssl ) -- TODO: check arguments
--vdebug( "creating new tcp server with following parameters:", addr or "nil", port or "nil", sslctx or "nil", startssl or "nil")
if sslctx and not has_luasec then
local function listen(addr, port, listener, config)
config = config or {}
if config.sslctx and not has_luasec then
debug "fatal error: luasec not found"
return nil, "luasec not found"
end
@ -718,11 +734,20 @@ local function addserver( addr, port, listener, pattern, sslctx, startssl ) --
debug( "creating server socket on "..addr.." port "..port.." failed:", err )
return nil, err
end
local interface = handleserver( server, addr, port, pattern, listener, sslctx, startssl ) -- new server handler
local interface = handleserver( server, addr, port, config.read_size, listener, config.tls_ctx, config.tls_direct) -- new server handler
debug( "new server created with id:", tostring(interface))
return interface
end
local function addserver( addr, port, listener, pattern, sslctx ) -- TODO: check arguments
--vdebug( "creating new tcp server with following parameters:", addr or "nil", port or "nil", sslctx or "nil", startssl or "nil")
return listen( addr, port, listener, {
read_size = pattern,
tls_ctx = sslctx,
tls_direct = not not sslctx,
});
end
local function wrapclient( client, ip, port, listeners, pattern, sslctx, extra )
local interface = handleclient( client, ip, port, nil, pattern, listeners, sslctx, extra )
interface:_start_connection(sslctx)
@ -756,6 +781,7 @@ local function addclient( addr, serverport, listener, pattern, sslctx, typ, extr
client:settimeout( 0 ) -- set nonblocking
local res, err = client:setpeername( addr, serverport ) -- connect
if res or ( err == "timeout" ) then
-- luacheck: ignore 211/port
local ip, port = client:getsockname( )
local interface = wrapclient( client, ip, serverport, listener, pattern, sslctx, extra )
debug( "new connection id:", interface.id )
@ -883,6 +909,7 @@ return {
event_base = base,
addevent = newevent,
addserver = addserver,
listen = listen,
addclient = addclient,
wrapclient = wrapclient,
setquitting = setquitting,

144
net/server_select.lua
View file

@ -68,6 +68,7 @@ local idfalse
local closeall
local addsocket
local addserver
local listen
local addtimer
local getserver
local wrapserver
@ -123,7 +124,7 @@ local _maxsslhandshake
_server = { } -- key = port, value = table; list of listening servers
_readlist = { } -- array with sockets to read from
_sendlist = { } -- arrary with sockets to write to
_sendlist = { } -- array with sockets to write to
_timerlist = { } -- array of timer functions
_socketlist = { } -- key = socket, value = wrapped socket (handlers)
_readtimes = { } -- key = handler, value = timestamp of last data reading
@ -149,7 +150,7 @@ _checkinterval = 30 -- interval in secs to check idle clients
_sendtimeout = 60000 -- allowed send idle time in secs
_readtimeout = 14 * 60 -- allowed read idle time in secs
local is_windows = package.config:sub(1,1) == "\\" -- check the directory separator, to detemine whether this is Windows
local is_windows = package.config:sub(1,1) == "\\" -- check the directory separator, to determine whether this is Windows
_maxfd = (is_windows and math.huge) or luasocket._SETSIZE or 1024 -- max fd number, limit to 1024 by default to prevent glibc buffer overflow, but not on Windows
_maxselectlen = luasocket._SETSIZE or 1024 -- But this still applies on Windows
@ -157,7 +158,7 @@ _maxsslhandshake = 30 -- max handshake round-trips
----------------------------------// PRIVATE //--
wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx ) -- this function wraps a server -- FIXME Make sure FD < _maxfd
wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, ssldirect ) -- this function wraps a server -- FIXME Make sure FD < _maxfd
if socket:getfd() >= _maxfd then
out_error("server.lua: Disallowed FD number: "..socket:getfd())
@ -183,6 +184,7 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx ) -- t
handler.sslctx = function( )
return sslctx
end
handler.hosts = {} -- sni
handler.remove = function( )
connections = connections - 1
if handler then
@ -244,13 +246,13 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx ) -- t
local client, err = accept( socket ) -- try to accept
if client then
local ip, clientport = client:getpeername( )
local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx ) -- wrap new client socket
local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx, ssldirect ) -- wrap new client socket
if err then -- error while wrapping ssl socket
return false
end
connections = connections + 1
out_put( "server.lua: accepted new client connection from ", tostring(ip), ":", tostring(clientport), " to ", tostring(serverport))
if dispatch and not sslctx then -- SSL connections will notify onconnect when handshake completes
if dispatch and not ssldirect then -- SSL connections will notify onconnect when handshake completes
return dispatch( handler );
end
return;
@ -264,7 +266,7 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx ) -- t
return handler
end
wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx, extra ) -- this function wraps a client to a handler object
wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx, ssldirect, extra ) -- this function wraps a client to a handler object
if socket:getfd() >= _maxfd then
out_error("server.lua: Disallowed FD number: "..socket:getfd()) -- PROTIP: Switch to libevent
@ -287,6 +289,8 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
local ssl
local pending
local dispatch = listeners.onincoming
local status = listeners.onstatus
local disconnect = listeners.ondisconnect
@ -341,6 +345,9 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
listeners.onattach(self, data)
end
end
handler._setpending = function( )
pending = true
end
handler.getstats = function( )
return readtraffic, sendtraffic
end
@ -377,7 +384,7 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
_readlistlen = removesocket( _readlist, socket, _readlistlen )
_readtimes[ handler ] = nil
if bufferqueuelen ~= 0 then
handler.sendbuffer() -- Try now to send any outstanding data
handler:sendbuffer() -- Try now to send any outstanding data
if bufferqueuelen ~= 0 then -- Still not empty, so we'll try again later
if handler then
handler.write = nil -- ... but no further writing allowed
@ -429,9 +436,8 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
bufferlen = bufferlen + #data
if bufferlen > maxsendlen then
_closelist[ handler ] = "send buffer exceeded" -- cannot close the client at the moment, have to wait to the end of the cycle
handler.write = idfalse -- don't write anymore
return false
elseif socket and not _sendlist[ socket ] then
elseif not nosend and socket and not _sendlist[ socket ] then
_sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
end
bufferqueuelen = bufferqueuelen + 1
@ -461,49 +467,55 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
maxreadlen = readlen or maxreadlen
return bufferlen, maxreadlen, maxsendlen
end
--TODO: Deprecate
handler.lock_read = function (self, switch)
out_error( "server.lua, lock_read() is deprecated, use pause() and resume()" )
if switch == true then
local tmp = _readlistlen
_readlistlen = removesocket( _readlist, socket, _readlistlen )
_readtimes[ handler ] = nil
if _readlistlen ~= tmp then
noread = true
end
return self:pause()
elseif switch == false then
if noread then
noread = false
_readlistlen = addsocket(_readlist, socket, _readlistlen)
_readtimes[ handler ] = _currenttime
end
return self:resume()
end
return noread
end
handler.pause = function (self)
return self:lock_read(true);
local tmp = _readlistlen
_readlistlen = removesocket( _readlist, socket, _readlistlen )
_readtimes[ handler ] = nil
if _readlistlen ~= tmp then
noread = true
end
return noread;
end
handler.resume = function (self)
return self:lock_read(false);
if noread then
noread = false
_readlistlen = addsocket(_readlist, socket, _readlistlen)
_readtimes[ handler ] = _currenttime
end
return noread;
end
handler.lock = function( self, switch )
handler.lock_read (switch)
out_error( "server.lua, lock() is deprecated" )
handler.lock_read (self, switch)
if switch == true then
handler.write = idfalse
local tmp = _sendlistlen
_sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
_writetimes[ handler ] = nil
if _sendlistlen ~= tmp then
nosend = true
end
handler.pause_writes (self)
elseif switch == false then
handler.write = write
if nosend then
nosend = false
write( "" )
end
handler.resume_writes (self)
end
return noread, nosend
end
handler.pause_writes = function (self)
local tmp = _sendlistlen
_sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
_writetimes[ handler ] = nil
nosend = true
end
handler.resume_writes = function (self)
nosend = false
if bufferlen > 0 and socket then
_sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
end
end
local _readbuffer = function( ) -- this function reads data
local buffer, err, part = receive( socket, pattern ) -- receive buffer with "pattern"
if not err or (err == "wantread" or err == "timeout") then -- received something
@ -518,6 +530,12 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
_readtraffic = _readtraffic + count
_readtimes[ handler ] = _currenttime
--out_put( "server.lua: read data '", buffer:gsub("[^%w%p ]", "."), "', error: ", err )
if pending then -- connection established
pending = nil
if listeners.onconnect then
listeners.onconnect(handler)
end
end
return dispatch( handler, buffer, err )
else -- connections was closed or fatal error
out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " read error: ", tostring(err) )
@ -528,6 +546,12 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
local _sendbuffer = function( ) -- this function sends data
local succ, err, byte, buffer, count;
if socket then
if pending then
pending = nil
if listeners.onconnect then
listeners.onconnect(handler);
end
end
buffer = table_concat( bufferqueue, "", 1, bufferqueuelen )
succ, err, byte = send( socket, buffer, 1, bufferlen )
count = ( succ or byte or 0 ) * STAT_UNIT
@ -604,7 +628,7 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
coroutine_yield( ) -- handshake not finished
end
end
err = "ssl handshake error: " .. ( err or "handshake too long" );
err = ( err or "handshake too long" );
out_put( "server.lua: ", err );
_ = handler and handler:force_close(err)
return false, err -- handshake failed
@ -624,13 +648,18 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
out_put( "server.lua: attempting to start tls on " .. tostring( socket ) )
local oldsocket, err = socket
socket, err = ssl_wrap( socket, sslctx ) -- wrap socket
if not socket then
out_put( "server.lua: error while starting tls on client: ", tostring(err or "unknown error") )
return nil, err -- fatal error
end
if socket.sni and self.servername then
socket:sni(self.servername);
if socket.sni then
if self.servername then
socket:sni(self.servername);
elseif self._server and type(self._server.hosts) == "table" and next(self._server.hosts) ~= nil then
socket:sni(self.server().hosts, true);
end
end
socket:settimeout( 0 )
@ -668,7 +697,7 @@ wrapconnection = function( server, listeners, socket, ip, serverport, clientport
_socketlist[ socket ] = handler
_readlistlen = addsocket(_readlist, socket, _readlistlen)
if sslctx and has_luasec then
if sslctx and ssldirect and has_luasec then
out_put "server.lua: auto-starting ssl negotiation..."
handler.autostart_ssl = true;
local ok, err = handler:starttls(sslctx);
@ -723,7 +752,7 @@ local function link(sender, receiver, buffersize)
local sender_locked;
local _sendbuffer = receiver.sendbuffer;
function receiver.sendbuffer()
_sendbuffer();
_sendbuffer(receiver);
if sender_locked and receiver.bufferlen() < buffersize then
sender:lock_read(false); -- Unlock now
sender_locked = nil;
@ -743,9 +772,13 @@ end
----------------------------------// PUBLIC //--
addserver = function( addr, port, listeners, pattern, sslctx ) -- this function provides a way for other scripts to reg a server
listen = function ( addr, port, listeners, config )
addr = addr or "*"
config = config or {}
local err
local sslctx = config.tls_ctx;
local ssldirect = config.tls_direct;
local pattern = config.read_size;
if type( listeners ) ~= "table" then
err = "invalid listener table"
elseif type ( addr ) ~= "string" then
@ -766,7 +799,7 @@ addserver = function( addr, port, listeners, pattern, sslctx ) -- this function
out_error( "server.lua, [", addr, "]:", port, ": ", err )
return nil, err
end
local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx ) -- wrap new server socket
local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx, ssldirect ) -- wrap new server socket
if not handler then
server:close( )
return nil, err
@ -779,6 +812,14 @@ addserver = function( addr, port, listeners, pattern, sslctx ) -- this function
return handler
end
addserver = function( addr, port, listeners, pattern, sslctx ) -- this function provides a way for other scripts to reg a server
return listen(addr, port, listeners, {
read_size = pattern;
tls_ctx = sslctx;
tls_direct = sslctx and true or false;
});
end
getserver = function ( addr, port )
return _server[ addr..":"..port ];
end
@ -921,7 +962,7 @@ loop = function(once) -- this is the main loop of the program
for _, socket in ipairs( read ) do -- receive data
local handler = _socketlist[ socket ]
if handler then
handler.readbuffer( )
handler:readbuffer( )
else
closesocket( socket )
out_put "server.lua: found no handler and closed socket (readlist)" -- this can happen
@ -930,7 +971,7 @@ loop = function(once) -- this is the main loop of the program
for _, socket in ipairs( write ) do -- send data waiting in writequeues
local handler = _socketlist[ socket ]
if handler then
handler.sendbuffer( )
handler:sendbuffer( )
else
closesocket( socket )
out_put "server.lua: found no handler and closed socket (writelist)" -- this should not happen
@ -987,21 +1028,13 @@ end
--// EXPERIMENTAL //--
local wrapclient = function( socket, ip, serverport, listeners, pattern, sslctx, extra )
local handler, socket, err = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx, extra)
local handler, socket, err = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx, sslctx, extra)
if not handler then return nil, err end
_socketlist[ socket ] = handler
if not sslctx then
handler._setpending()
_readlistlen = addsocket(_readlist, socket, _readlistlen)
_sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
if listeners.onconnect then
-- When socket is writeable, call onconnect
local _sendbuffer = handler.sendbuffer;
handler.sendbuffer = function ()
handler.sendbuffer = _sendbuffer;
listeners.onconnect(handler);
return _sendbuffer(); -- Send any queued outgoing data
end
end
end
return handler, socket
end
@ -1123,6 +1156,7 @@ return {
stats = stats,
closeall = closeall,
addserver = addserver,
listen = listen,
getserver = getserver,
setlogger = setlogger,
getsettings = getsettings,

208
net/unbound.lua Normal file
View file

@ -0,0 +1,208 @@
-- libunbound based net.adns replacement for Prosody IM
-- Copyright (C) 2013-2015 Kim Alvefur
--
-- This file is MIT licensed.
--
-- luacheck: ignore prosody
local setmetatable = setmetatable;
local tostring = tostring;
local t_concat = table.concat;
local s_format = string.format;
local s_lower = string.lower;
local s_upper = string.upper;
local noop = function() end;
local log = require "util.logger".init("unbound");
local net_server = require "net.server";
local libunbound = require"lunbound";
local promise = require"util.promise";
local gettime = require"socket".gettime;
local dns_utils = require"util.dns";
local classes, types, errors = dns_utils.classes, dns_utils.types, dns_utils.errors;
local parsers = dns_utils.parsers;
local function add_defaults(conf)
if conf then
for option, default in pairs(libunbound.config) do
if conf[option] == nil then
conf[option] = default;
end
end
end
return conf;
end
local unbound_config;
if prosody then
local config = require"core.configmanager";
unbound_config = add_defaults(config.get("*", "unbound"));
prosody.events.add_handler("config-reloaded", function()
unbound_config = add_defaults(config.get("*", "unbound"));
end);
end
-- Note: libunbound will default to using root hints if resolvconf is unset
local function connect_server(unbound, server)
return server.watchfd(unbound, function ()
unbound:process()
end);
end
local unbound = libunbound.new(unbound_config);
local server_conn = connect_server(unbound, net_server);
local answer_mt = {
__tostring = function(self)
if self._string then return self._string end
local h = s_format("Status: %s", errors[self.status]);
if self.secure then
h = h .. ", Secure";
elseif self.bogus then
h = h .. s_format(", Bogus: %s", self.bogus);
end
local t = { h };
for i = 1, #self do
t[i+1]=self.qname.."\t"..classes[self.qclass].."\t"..types[self.qtype].."\t"..tostring(self[i]);
end
local _string = t_concat(t, "\n");
self._string = _string;
return _string;
end;
};
local waiting_queries = {};
local function prep_answer(a)
if not a then return end
local status = errors[a.rcode];
local qclass = classes[a.qclass];
local qtype = types[a.qtype];
a.status, a.class, a.type = status, qclass, qtype;
local t = s_lower(qtype);
local rr_mt = { __index = a, __tostring = function(self) return tostring(self[t]) end };
local parser = parsers[qtype];
for i = 1, #a do
if a.bogus then
-- Discard bogus data
a[i] = nil;
else
a[i] = setmetatable({[t] = parser(a[i])}, rr_mt);
end
end
return setmetatable(a, answer_mt);
end
local function lookup(callback, qname, qtype, qclass)
qtype = qtype and s_upper(qtype) or "A";
qclass = qclass and s_upper(qclass) or "IN";
local ntype, nclass = types[qtype], classes[qclass];
local startedat = gettime();
local ret;
local function callback_wrapper(a, err)
local gotdataat = gettime();
waiting_queries[ret] = nil;
if a then
prep_answer(a);
log("debug", "Results for %s %s %s: %s (%s, %f sec)", qname, qclass, qtype, a.rcode == 0 and (#a .. " items") or a.status,
a.secure and "Secure" or a.bogus or "Insecure", gotdataat - startedat); -- Insecure as in unsigned
else
log("error", "Results for %s %s %s: %s", qname, qclass, qtype, tostring(err));
end
local ok, cerr = pcall(callback, a, err);
if not ok then log("error", "Error in callback: %s", cerr); end
end
log("debug", "Resolve %s %s %s", qname, qclass, qtype);
local err;
ret, err = unbound:resolve_async(callback_wrapper, qname, ntype, nclass);
if ret then
waiting_queries[ret] = callback;
else
log("warn", err);
end
return ret, err;
end
local function lookup_sync(qname, qtype, qclass)
qtype = qtype and s_upper(qtype) or "A";
qclass = qclass and s_upper(qclass) or "IN";
local ntype, nclass = types[qtype], classes[qclass];
local a, err = unbound:resolve(qname, ntype, nclass);
if not a then return a, err; end
return prep_answer(a);
end
local function cancel(id)
local cb = waiting_queries[id];
unbound:cancel(id);
if cb then
cb(nil, "canceled");
waiting_queries[id] = nil;
end
return true;
end
-- Reinitiate libunbound context, drops cache
local function purge()
for id in pairs(waiting_queries) do cancel(id); end
if server_conn then server_conn:close(); end
unbound = libunbound.new(unbound_config);
server_conn = connect_server(unbound, net_server);
return true;
end
local function not_implemented()
error "not implemented";
end
-- Public API
local _M = {
lookup = lookup;
cancel = cancel;
new_async_socket = not_implemented;
dns = {
lookup = lookup_sync;
cancel = cancel;
cache = noop;
socket_wrapper_set = noop;
settimeout = noop;
query = noop;
purge = purge;
random = noop;
peek = noop;
types = types;
classes = classes;
};
};
local function lookup_promise(_, qname, qtype, qclass)
return promise.new(function (resolve, reject)
local function callback(answer, err)
if err then
return reject(err);
else
return resolve(answer);
end
end
local ret, err = lookup(callback, qname, qtype, qclass)
if not ret then reject(err); end
end);
end
local wrapper = {
lookup = function (_, callback, qname, qtype, qclass)
return lookup(callback, qname, qtype, qclass)
end;
lookup_promise = lookup_promise;
_resolver = {
settimeout = function () end;
closeall = function () end;
};
}
function _M.resolver() return wrapper; end
return _M;

7
net/websocket.lua
View file

@ -23,6 +23,7 @@ local websockets = {};
local websocket_listeners = {};
function websocket_listeners.ondisconnect(conn, err)
local s = websockets[conn];
if not s then return; end
websockets[conn] = nil;
if s.close_timer then
timer.stop(s.close_timer);
@ -113,7 +114,7 @@ function websocket_listeners.onincoming(conn, buffer, err) -- luacheck: ignore 2
frame.MASK = true; -- RFC 6455 6.1.5: If the data is being sent by the client, the frame(s) MUST be masked
conn:write(frames.build(frame));
elseif frame.opcode == 0xA then -- Pong frame
log("debug", "Received unexpected pong frame: " .. tostring(frame.data));
log("debug", "Received unexpected pong frame: %s", frame.data);
else
return fail(s, 1002, "Reserved opcode");
end
@ -131,7 +132,7 @@ end
function websocket_methods:close(code, reason)
if self.readyState < 2 then
code = code or 1000;
log("debug", "closing WebSocket with code %i: %s" , code , tostring(reason));
log("debug", "closing WebSocket with code %i: %s" , code , reason);
self.readyState = 2;
local conn = self.conn;
conn:write(frames.build_close(code, reason, true));
@ -245,7 +246,7 @@ local function connect(url, ex, listeners)
or (protocol and not protocol[r.headers["sec-websocket-protocol"]])
then
s.readyState = 3;
log("warn", "WebSocket connection to %s failed: %s", url, tostring(b));
log("warn", "WebSocket connection to %s failed: %s", url, b);
if s.onerror then s:onerror("connecting-failed"); end
return;
end

7
net/websocket/frames.lua
View file

@ -9,8 +9,7 @@
local softreq = require "util.dependencies".softreq;
local random_bytes = require "util.random".bytes;
local bit = assert(softreq"bit" or softreq"bit32",
"No bit module found. See https://prosody.im/doc/depends#bitop");
local bit = require "util.bitcompat";
local band = bit.band;
local bor = bit.bor;
local bxor = bit.bxor;
@ -20,8 +19,8 @@ local unpack = table.unpack or unpack; -- luacheck: ignore 113
local t_concat = table.concat;
local s_char= string.char;
local s_pack = string.pack; -- luacheck: ignore 143
local s_unpack = string.unpack; -- luacheck: ignore 143
local s_pack = string.pack;
local s_unpack = string.unpack;
if not s_pack and softreq"struct" then
s_pack = softreq"struct".pack;

8
plugins/adhoc/adhoc.lib.lua
View file

@ -21,7 +21,13 @@ local function _cmdtag(desc, status, sessionid, action)
end
function _M.new(name, node, handler, permission)
return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = (permission or "user") };
if not permission then
error "adhoc.new() expects a permission argument, none given"
end
if permission == "user" then
error "the permission mode 'user' has been renamed 'any', please update your code"
end
return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = permission };
end
function _M.handle_cmd(command, origin, stanza)

12
plugins/adhoc/mod_adhoc.lua
View file

@ -8,7 +8,7 @@
local it = require "util.iterators";
local st = require "util.stanza";
local is_admin = require "core.usermanager".is_admin;
local jid_split = require "util.jid".split;
local jid_host = require "util.jid".host;
local adhoc_handle_cmd = module:require "adhoc".handle_cmd;
local xmlns_cmd = "http://jabber.org/protocol/commands";
local commands = {};
@ -21,12 +21,12 @@ module:hook("host-disco-info-node", function (event)
local from = stanza.attr.from;
local privileged = is_admin(from, stanza.attr.to);
local global_admin = is_admin(from);
local username, hostname = jid_split(from);
local hostname = jid_host(from);
local command = commands[node];
if (command.permission == "admin" and privileged)
or (command.permission == "global_admin" and global_admin)
or (command.permission == "local_user" and hostname == module.host)
or (command.permission == "user") then
or (command.permission == "any") then
reply:tag("identity", { name = command.name,
category = "automation", type = "command-node" }):up();
reply:tag("feature", { var = xmlns_cmd }):up();
@ -52,12 +52,12 @@ module:hook("host-disco-items-node", function (event)
local from = stanza.attr.from;
local admin = is_admin(from, stanza.attr.to);
local global_admin = is_admin(from);
local username, hostname = jid_split(from);
local hostname = jid_host(from);
for node, command in it.sorted_pairs(commands) do
if (command.permission == "admin" and admin)
or (command.permission == "global_admin" and global_admin)
or (command.permission == "local_user" and hostname == module.host)
or (command.permission == "user") then
or (command.permission == "any") then
reply:tag("item", { name = command.name,
node = node, jid = module:get_host() });
reply:up();
@ -74,7 +74,7 @@ module:hook("iq-set/host/"..xmlns_cmd..":command", function (event)
local from = stanza.attr.from;
local admin = is_admin(from, stanza.attr.to);
local global_admin = is_admin(from);
local username, hostname = jid_split(from);
local hostname = jid_host(from);
if (command.permission == "admin" and not admin)
or (command.permission == "global_admin" and not global_admin)
or (command.permission == "local_user" and hostname ~= module.host) then

24
plugins/mod_admin_adhoc.lua
View file

@ -59,7 +59,7 @@ local add_user_command_handler = adhoc_simple(add_user_layout, function(fields,
if err then
return generate_error_message(err);
end
local username, host, resource = jid.split(fields.accountjid);
local username, host = jid.split(fields.accountjid);
if module_host ~= host then
return { status = "completed", error = { message = "Trying to add a user on " .. host .. " but command was sent to " .. module_host}};
end
@ -94,7 +94,7 @@ local change_user_password_command_handler = adhoc_simple(change_user_password_l
if err then
return generate_error_message(err);
end
local username, host, resource = jid.split(fields.accountjid);
local username, host = jid.split(fields.accountjid);
if module_host ~= host then
return {
status = "completed",
@ -136,7 +136,7 @@ local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fi
local failed = {};
local succeeded = {};
for _, aJID in ipairs(fields.accountjids) do
local username, host, resource = jid.split(aJID);
local username, host = jid.split(aJID);
if (host == module_host) and usermanager_user_exists(username, host) and usermanager_delete_user(username, host) then
module:log("debug", "User %s has been deleted", aJID);
succeeded[#succeeded+1] = aJID;
@ -180,7 +180,7 @@ local end_user_session_handler = adhoc_simple(end_user_session_layout, function(
local failed = {};
local succeeded = {};
for _, aJID in ipairs(fields.accountjids) do
local username, host, resource = jid.split(aJID);
local username, host = jid.split(aJID);
if (host == module_host) and usermanager_user_exists(username, host) and disconnect_user(aJID) then
succeeded[#succeeded+1] = aJID;
else
@ -212,7 +212,7 @@ local get_user_password_handler = adhoc_simple(get_user_password_layout, functio
if err then
return generate_error_message(err);
end
local user, host, resource = jid.split(fields.accountjid);
local user, host = jid.split(fields.accountjid);
local accountjid;
local password;
if host ~= module_host then
@ -243,7 +243,7 @@ local get_user_roster_handler = adhoc_simple(get_user_roster_layout, function(fi
return generate_error_message(err);
end
local user, host, resource = jid.split(fields.accountjid);
local user, host = jid.split(fields.accountjid);
if host ~= module_host then
return { status = "completed", error = { message = "Tried to get roster for a user on " .. host .. " but command was sent to " .. module_host } };
elseif not usermanager_user_exists(user, host) then
@ -392,6 +392,12 @@ local function session_flags(session, line)
if session.cert_identity_status == "valid" then
flags[#flags+1] = "authenticated";
end
if session.dialback_key then
flags[#flags+1] = "dialback";
end
if session.external_auth then
flags[#flags+1] = "SASL";
end
if session.secure then
flags[#flags+1] = "encrypted";
end
@ -404,6 +410,12 @@ local function session_flags(session, line)
if session.ip and session.ip:match(":") then
flags[#flags+1] = "IPv6";
end
if session.incoming and session.outgoing then
flags[#flags+1] = "bidi";
elseif session.is_bidi or session.bidi_session then
flags[#flags+1] = "bidi";
end
line[#line+1] = "("..t_concat(flags, ", ")..")";
return t_concat(line, " ");

1665
plugins/mod_admin_shell.lua Normal file
View file

File diff suppressed because it is too large Load diff

73
plugins/mod_admin_socket.lua Normal file
View file

@ -0,0 +1,73 @@
module:set_global();
local have_unix, unix = pcall(require, "socket.unix");
if not have_unix or type(unix) ~= "table" then
module:log_status("error", "LuaSocket unix socket support not available or incompatible, ensure it is up to date");
return;
end
local server = require "net.server";
local adminstream = require "util.adminstream";
local socket_path = module:get_option_path("admin_socket", "prosody.sock", "data");
local sessions = module:shared("sessions");
local function fire_admin_event(session, stanza)
local event_data = {
origin = session, stanza = stanza;
};
local event_name;
if stanza.attr.xmlns then
event_name = "admin/"..stanza.attr.xmlns..":"..stanza.name;
else
event_name = "admin/"..stanza.name;
end
module:log("debug", "Firing %s", event_name);
return module:fire_event(event_name, event_data);
end
module:hook("server-stopping", function ()
for _, session in pairs(sessions) do
session:close("system-shutdown");
end
os.remove(socket_path);
end);
--- Unix domain socket management
local conn, sock;
local listeners = adminstream.server(sessions, fire_admin_event).listeners;
local function accept_connection()
module:log("debug", "accepting...");
local client = sock:accept();
if not client then return; end
server.wrapclient(client, "unix", 0, listeners, "*a");
end
function module.load()
sock = unix.stream();
sock:settimeout(0);
os.remove(socket_path);
assert(sock:bind(socket_path));
assert(sock:listen());
if server.wrapserver then
conn = server.wrapserver(sock, socket_path, 0, listeners);
else
conn = server.watchfd(sock:getfd(), accept_connection);
end
end
function module.unload()
if conn then
conn:close();
end
if sock then
sock:close();
end
os.remove(socket_path);
end

1538
plugins/mod_admin_telnet.lua
View file

File diff suppressed because it is too large Load diff

1
plugins/mod_announce.lua
View file

@ -38,6 +38,7 @@ end
-- Old <message>-based jabberd-style announcement sending
function handle_announcement(event)
local stanza = event.stanza;
-- luacheck: ignore 211/node
local node, host, resource = jid.split(stanza.attr.to);
if resource ~= "announce/online" then

14
plugins/mod_auth_internal_hashed.lua
View file

@ -9,7 +9,7 @@
local max = math.max;
local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
local scram_hashers = require "util.sasl.scram".hashers;
local usermanager = require "core.usermanager";
local generate_uuid = require "util.uuid".generate;
local new_sasl = require "util.sasl".new;
@ -22,7 +22,9 @@ local host = module.host;
local accounts = module:open_store("accounts");
local hash_name = module:get_option_string("password_hash", "SHA-1");
local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library");
local scram_name = "scram_"..hash_name:gsub("%-","_"):lower();
-- Default; can be set per-user
local default_iteration_count = 4096;
@ -54,7 +56,7 @@ function provider.test_password(username, password)
return nil, "Auth failed. Stored salt and iteration count information is not complete.";
end
local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count);
local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count);
local stored_key_hex = to_hex(stored_key);
local server_key_hex = to_hex(server_key);
@ -72,7 +74,7 @@ function provider.set_password(username, password)
if account then
account.salt = generate_uuid();
account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
local valid, stored_key, server_key = get_auth_db(password, account.salt, account.iteration_count);
if not valid then
return valid, stored_key;
end
@ -106,7 +108,7 @@ function provider.create_user(username, password)
return accounts:set(username, {});
end
local salt = generate_uuid();
local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count);
if not valid then
return valid, stored_key;
end
@ -127,7 +129,7 @@ function provider.get_sasl_handler()
plain_test = function(_, username, password, realm)
return usermanager.test_password(username, realm, password), true;
end,
scram_sha_1 = function(_, username)
[scram_name] = function(_, username)
local credentials = accounts:get(username);
if not credentials then return; end
if credentials.password then

22
plugins/mod_authz_internal.lua Normal file
View file

@ -0,0 +1,22 @@
local normalize = require "util.jid".prep;
local admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
local host = module.host;
local role_store = module:open_store("roles");
local admin_role = { ["prosody:admin"] = true };
function get_user_roles(user)
if admin_jids:contains(user.."@"..host) then
return admin_role;
end
return role_store:get(user);
end
function get_jid_roles(jid)
if admin_jids:contains(jid) then
return admin_role;
end
return nil;
end

5
plugins/mod_blocklist.lua
View file

@ -67,7 +67,7 @@ local function migrate_privacy_list(username)
if item.type == "jid" and item.action == "deny" then
local jid = jid_prep(item.value);
if not jid then
module:log("warn", "Invalid JID in privacy store for user '%s' not migrated: %s", username, tostring(item.value));
module:log("warn", "Invalid JID in privacy store for user '%s' not migrated: %s", username, item.value);
else
migrated_data[jid] = true;
end
@ -162,7 +162,7 @@ local function edit_blocklist(event)
local blocklist = cache[username] or get_blocklist(username);
local new_blocklist = {
-- We set the [false] key to someting as a signal not to migrate privacy lists
-- We set the [false] key to something as a signal not to migrate privacy lists
[false] = blocklist[false] or { created = now; };
};
if type(blocklist[false]) == "table" then
@ -189,6 +189,7 @@ local function edit_blocklist(event)
if is_blocking then
for jid in pairs(send_unavailable) do
-- Check that this JID isn't already blocked, i.e. this is not a change
if not blocklist[jid] then
for _, session in pairs(sessions[username].sessions) do
if session.presence then

94
plugins/mod_bosh.lua
View file

@ -44,19 +44,41 @@ local bosh_max_polling = module:get_option_number("bosh_max_polling", 5);
local bosh_max_wait = module:get_option_number("bosh_max_wait", 120);
local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure");
local cross_domain = module:get_option("cross_domain_bosh", false);
local cross_domain = module:get_option("cross_domain_bosh");
if cross_domain == true then cross_domain = "*"; end
if type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end
if cross_domain ~= nil then
module:log("info", "The 'cross_domain_bosh' option has been deprecated");
end
local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
-- All sessions, and sessions that have no requests open
local sessions = module:shared("sessions");
local measure_active = module:measure("active_sessions", "amount");
local measure_inactive = module:measure("inactive_sessions", "amount");
local report_bad_host = module:measure("bad_host", "rate");
local report_bad_sid = module:measure("bad_sid", "rate");
local report_new_sid = module:measure("new_sid", "rate");
local report_timeout = module:measure("timeout", "rate");
module:hook("stats-update", function ()
local active = 0;
local inactive = 0;
for _, session in pairs(sessions) do
if #session.requests > 0 then
active = active + 1;
else
inactive = inactive + 1;
end
end
measure_active(active);
measure_inactive(inactive);
end);
-- Used to respond to idle sessions (those with waiting requests)
function on_destroy_request(request)
log("debug", "Request destroyed: %s", tostring(request));
log("debug", "Request destroyed: %s", request);
local session = sessions[request.context.sid];
if session then
local requests = session.requests;
@ -73,7 +95,7 @@ function on_destroy_request(request)
if session.inactive_timer then
session.inactive_timer:stop();
end
session.inactive_timer = module:add_timer(max_inactive, check_inactive, session, request.context,
session.inactive_timer = module:add_timer(max_inactive, session_timeout, session, request.context,
"BOSH client silent for over "..max_inactive.." seconds");
(session.log or log)("debug", "BOSH session marked as inactive (for %ds)", max_inactive);
end
@ -84,31 +106,16 @@ function on_destroy_request(request)
end
end
function check_inactive(now, session, context, reason) -- luacheck: ignore 212/now
function session_timeout(now, session, context, reason) -- luacheck: ignore 212/now
if not session.destroyed then
report_timeout();
sessions[context.sid] = nil;
sm_destroy_session(session, reason);
end
end
local function set_cross_domain_headers(response)
local headers = response.headers;
headers.access_control_allow_methods = "GET, POST, OPTIONS";
headers.access_control_allow_headers = "Content-Type";
headers.access_control_max_age = "7200";
headers.access_control_allow_origin = cross_domain;
return response;
end
function handle_OPTIONS(event)
if cross_domain and event.request.headers.origin then
set_cross_domain_headers(event.response);
end
return "";
end
function handle_POST(event)
log("debug", "Handling new request %s: %s\n----------", tostring(event.request), tostring(event.request.body));
log("debug", "Handling new request %s: %s\n----------", event.request, event.request.body);
local request, response = event.request, event.response;
response.on_destroy = on_destroy_request;
@ -121,10 +128,6 @@ function handle_POST(event)
local headers = response.headers;
headers.content_type = "text/xml; charset=utf-8";
if cross_domain and request.headers.origin then
set_cross_domain_headers(response);
end
-- stream:feed() calls the stream_callbacks, so all stanzas in
-- the body are processed in this next line before it returns.
-- In particular, the streamopened() stream callback is where
@ -205,6 +208,7 @@ function handle_POST(event)
return;
end
module:log("warn", "Unable to associate request with a session (incomplete request?)");
report_bad_sid();
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "item-not-found" });
return tostring(close_reply) .. "\n";
@ -220,7 +224,7 @@ local function bosh_reset_stream(session) session.notopen = true; end
local stream_xmlns_attr = { xmlns = "urn:ietf:params:xml:ns:xmpp-streams" };
local function bosh_close_stream(session, reason)
(session.log or log)("info", "BOSH client disconnected: %s", tostring((reason and reason.condition or reason) or "session close"));
(session.log or log)("info", "BOSH client disconnected: %s", (reason and reason.condition or reason) or "session close");
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams });
@ -245,7 +249,7 @@ local function bosh_close_stream(session, reason)
close_reply = reason;
end
end
log("info", "Disconnecting client, <stream:error> is: %s", tostring(close_reply));
log("info", "Disconnecting client, <stream:error> is: %s", close_reply);
end
local response_body = tostring(close_reply);
@ -268,17 +272,27 @@ function stream_callbacks.streamopened(context, attr)
-- New session request
context.notopen = nil; -- Signals that we accept this opening tag
if not attr.to then
log("debug", "BOSH client tried to connect without specifying a host");
report_bad_host();
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
response:send(tostring(close_reply));
return;
end
local to_host = nameprep(attr.to);
local wait = tonumber(attr.wait);
if not to_host then
log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to));
log("debug", "BOSH client tried to connect to invalid host: %s", attr.to);
report_bad_host();
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
response:send(tostring(close_reply));
return;
end
if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then
log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait));
log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", attr.rid, attr.wait);
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "bad-request" });
response:send(tostring(close_reply));
@ -309,6 +323,7 @@ function stream_callbacks.streamopened(context, attr)
session.log("debug", "BOSH session created for request from %s", session.ip);
log("info", "New BOSH session, assigned it sid '%s'", sid);
report_new_sid();
module:fire_event("bosh-session", { session = session, request = request });
@ -323,7 +338,7 @@ function stream_callbacks.streamopened(context, attr)
s.attr.xmlns = "jabber:client";
end
s = filter("stanzas/out", s);
--log("debug", "Sending BOSH data: %s", tostring(s));
--log("debug", "Sending BOSH data: %s", s);
if not s then return true end
t_insert(session.send_buffer, tostring(s));
@ -363,6 +378,7 @@ function stream_callbacks.streamopened(context, attr)
if not session then
-- Unknown sid
log("info", "Client tried to use sid '%s' which we don't know about", sid);
report_bad_sid();
response:send(tostring(st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", condition = "item-not-found" })));
context.notopen = nil;
return;
@ -425,7 +441,7 @@ function stream_callbacks.streamopened(context, attr)
end
end
local function handleerr(err) log("error", "Traceback[bosh]: %s", traceback(tostring(err), 2)); end
local function handleerr(err) log("error", "Traceback[bosh]: %s", traceback(err, 2)); end
function runner_callbacks:error(err) -- luacheck: ignore 212/self
return handleerr(err);
@ -495,14 +511,16 @@ function stream_callbacks.error(context, error)
end
end
local GET_response_body = [[<html><body>
<p>It works! Now point your BOSH client to this URL to connect to Prosody.</p>
<p>For more information see <a href="https://prosody.im/doc/setting_up_bosh">Prosody: Setting up BOSH</a>.</p>
</body></html>]];
local GET_response = {
headers = {
content_type = "text/html";
};
body = [[<html><body>
<p>It works! Now point your BOSH client to this URL to connect to Prosody.</p>
<p>For more information see <a href="https://prosody.im/doc/setting_up_bosh">Prosody: Setting up BOSH</a>.</p>
</body></html>]];
body = module:get_option_string("bosh_get_response_body", GET_response_body);
};
module:depends("http");
@ -511,8 +529,6 @@ module:provides("http", {
route = {
["GET"] = GET_response;
["GET /"] = GET_response;
["OPTIONS"] = handle_OPTIONS;
["OPTIONS /"] = handle_OPTIONS;
["POST"] = handle_POST;
["POST /"] = handle_POST;
};

54
plugins/mod_c2s.lua
View file

@ -56,7 +56,17 @@ end);
local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
function stream_callbacks.streamopened(session, attr)
-- run _streamopened in async context
session.thread:run({ stream = "opened", attr = attr });
end
function stream_callbacks._streamopened(session, attr)
local send = session.send;
if not attr.to then
session:close{ condition = "improper-addressing",
text = "A 'to' attribute is required on stream headers" };
return;
end
local host = nameprep(attr.to);
if not host then
session:close{ condition = "improper-addressing",
@ -98,7 +108,6 @@ function stream_callbacks.streamopened(session, attr)
session.compressed = info.compression;
else
(session.log or log)("info", "Stream encrypted");
session.compressed = sock.compression and sock:compression(); --COMPAT mw/luasec-hg
end
end
@ -107,12 +116,23 @@ function stream_callbacks.streamopened(session, attr)
if features.tags[1] or session.full_jid then
send(features);
else
(session.log or log)("warn", "No stream features to offer");
if session.secure then
-- Here SASL should be offered
(session.log or log)("warn", "No stream features to offer on secure session. Check authentication settings.");
else
-- Normally STARTTLS would be offered
(session.log or log)("warn", "No stream features to offer on insecure session. Check encryption and security settings.");
end
session:close{ condition = "undefined-condition", text = "No stream features to proceed with" };
end
end
function stream_callbacks.streamclosed(session)
function stream_callbacks.streamclosed(session, attr)
-- run _streamclosed in async context
session.thread:run({ stream = "closed", attr = attr });
end
function stream_callbacks._streamclosed(session)
session.log("debug", "Received </stream:stream>");
session:close(false);
end
@ -122,7 +142,7 @@ function stream_callbacks.error(session, error, data)
session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
session:close("invalid-namespace");
elseif error == "parse-error" then
(session.log or log)("debug", "Client XML parse error: %s", tostring(data));
(session.log or log)("debug", "Client XML parse error: %s", data);
session:close("not-well-formed");
elseif error == "stream-error" then
local condition, text = "undefined-condition";
@ -252,8 +272,6 @@ function listener.onconnect(conn)
local sock = conn:socket();
if sock.info then
session.compressed = sock:info"compression";
elseif sock.compression then
session.compressed = sock:compression(); --COMPAT mw/luasec-hg
end
end
@ -273,7 +291,13 @@ function listener.onconnect(conn)
end
session.thread = runner(function (stanza)
core_process_stanza(session, stanza);
if st.is_stanza(stanza) then
core_process_stanza(session, stanza);
elseif stanza.stream == "opened" then
stream_callbacks._streamopened(session, stanza.attr);
elseif stanza.stream == "closed" then
stream_callbacks._streamclosed(session, stanza.attr);
end
end, runner_callbacks, session);
local filter = session.filter;
@ -284,8 +308,12 @@ function listener.onconnect(conn)
if data then
local ok, err = stream:feed(data);
if not ok then
log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
session:close("not-well-formed");
log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
if err == "stanza-too-large" then
session:close({ condition = "policy-violation", text = "XML stanza is too big" });
else
session:close("not-well-formed");
end
end
end
end
@ -328,6 +356,13 @@ function listener.onreadtimeout(conn)
end
end
function listener.ondrain(conn)
local session = sessions[conn];
if session then
return (hosts[session.host] or prosody).events.fire_event("c2s-ondrain", { session = session });
end
end
local function keepalive(event)
local session = event.session;
if not session.notopen then
@ -360,6 +395,7 @@ module:provides("net", {
default_port = 5222;
encryption = "starttls";
multiplex = {
protocol = "xmpp-client";
pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:client%1.*>";
};
});

95
plugins/mod_carbons.lua
View file

@ -5,10 +5,15 @@
local st = require "util.stanza";
local jid_bare = require "util.jid".bare;
local jid_resource = require "util.jid".resource;
local xmlns_carbons = "urn:xmpp:carbons:2";
local xmlns_forward = "urn:xmpp:forward:0";
local full_sessions, bare_sessions = prosody.full_sessions, prosody.bare_sessions;
local function is_bare(jid)
return not jid_resource(jid);
end
local function toggle_carbons(event)
local origin, stanza = event.origin, event.stanza;
local state = stanza.tags[1].name;
@ -20,6 +25,50 @@ end
module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons);
module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons);
local function should_copy(stanza, c2s, user_bare) --> boolean, reason: string
local st_type = stanza.attr.type or "normal";
if stanza:get_child("private", xmlns_carbons) then
return false, "private";
end
if stanza:get_child("no-copy", "urn:xmpp:hints") then
return false, "hint";
end
if not c2s and stanza.attr.to ~= user_bare and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then
-- MUC PMs are normally sent to full JIDs
return false, "muc-pm";
end
if st_type == "chat" then
return true, "type";
end
if st_type == "normal" and stanza:get_child("body") then
return true, "type";
end
-- Normal outgoing chat messages are sent to=bare JID. This clause should
-- match the error bounces from those, which would have from=bare JID and
-- be incoming (not c2s).
if st_type == "error" and not c2s and is_bare(stanza.attr.from) then
return true, "bounce";
end
if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then
-- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment
return true, "jingle call";
end
for archived in stanza:childtags("stanza-id", "urn:xmpp:sid:0") do
if archived and archived.attr.by == user_bare then
return true, "archived";
end
end
return false, "default";
end
local function message_handler(event, c2s)
local origin, stanza = event.origin, event.stanza;
local orig_type = stanza.attr.type or "normal";
@ -28,10 +77,6 @@ local function message_handler(event, c2s)
local orig_to = stanza.attr.to;
local bare_to = jid_bare(orig_to);
if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body"))) then
return -- Only chat type messages
end
-- Stanza sent by a local client
local bare_jid = bare_from; -- JID of the local user
local target_session = origin;
@ -56,35 +101,21 @@ local function message_handler(event, c2s)
return -- No use in sending carbons to an offline user
end
if stanza:get_child("private", xmlns_carbons) then
if not c2s then
local should, why = should_copy(stanza, c2s, bare_jid);
if not should then
module:log("debug", "Not copying stanza: %s (%s)", stanza:top_tag(), why);
if why == "private" and not c2s then
stanza:maptags(function(tag)
if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then
return tag;
end
end);
end
module:log("debug", "Message tagged private, ignoring");
return
elseif stanza:get_child("no-copy", "urn:xmpp:hints") then
module:log("debug", "Message has no-copy hint, ignoring");
return
elseif not c2s and bare_jid ~= orig_to and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then
module:log("debug", "MUC PM, ignoring");
return
return;
end
-- Create the carbon copy and wrap it as per the Stanza Forwarding XEP
local copy = st.clone(stanza);
if c2s and not orig_to then
stanza.attr.to = bare_from;
end
copy.attr.xmlns = "jabber:client";
local carbon = st.message{ from = bare_jid, type = orig_type, }
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons })
:tag("forwarded", { xmlns = xmlns_forward })
:add_child(copy):reset();
local carbon;
user_sessions = user_sessions and user_sessions.sessions;
for _, session in pairs(user_sessions) do
-- Carbons are sent to resources that have enabled it
@ -93,6 +124,20 @@ local function message_handler(event, c2s)
and session ~= target_session
-- and isn't among the top resources that would receive the message per standard routing rules
and (c2s or session.priority ~= top_priority) then
if not carbon then
-- Create the carbon copy and wrap it as per the Stanza Forwarding XEP
local copy = st.clone(stanza);
if c2s and not orig_to then
stanza.attr.to = bare_from;
end
copy.attr.xmlns = "jabber:client";
carbon = st.message{ from = bare_jid, type = orig_type, }
:tag(c2s and "sent" or "received", { xmlns = xmlns_carbons })
:tag("forwarded", { xmlns = xmlns_forward })
:add_child(copy):reset();
end
carbon.attr.to = session.full_jid;
module:log("debug", "Sending carbon to %s", session.full_jid);
session.send(carbon);

19
plugins/mod_component.lua
View file

@ -49,6 +49,7 @@ function module.add_host(module)
local send;
local function on_destroy(session, err) --luacheck: ignore 212/err
module:set_status("warn", err and ("Disconnected: "..err) or "Disconnected");
env.connected = false;
env.session = false;
send = nil;
@ -102,6 +103,7 @@ function module.add_host(module)
module:log("info", "External component successfully authenticated");
session.send(st.stanza("handshake"));
module:fire_event("component-authenticated", { session = session });
module:set_status("info", "Connected");
return true;
end
@ -130,7 +132,8 @@ function module.add_host(module)
end
module:log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag());
if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable"));
event.origin.send(st.error_reply(stanza, "wait", "remote-server-timeout", "Component unavailable", module.host)
:tag("not-connected", { xmlns = "xmpp:prosody.im/protocol/component" }));
end
end
return true;
@ -165,11 +168,11 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
function stream_callbacks.error(session, error, data)
if session.destroyed then return; end
module:log("warn", "Error processing component stream: %s", tostring(error));
module:log("warn", "Error processing component stream: %s", error);
if error == "no-stream" then
session:close("invalid-namespace");
elseif error == "parse-error" then
session.log("warn", "External component %s XML parse error: %s", tostring(session.host), tostring(data));
session.log("warn", "External component %s XML parse error: %s", session.host, data);
session:close("not-well-formed");
elseif error == "stream-error" then
local condition, text = "undefined-condition";
@ -206,7 +209,7 @@ function stream_callbacks.streamclosed(session)
session:close();
end
local function handleerr(err) log("error", "Traceback[component]: %s", traceback(tostring(err), 2)); end
local function handleerr(err) log("error", "Traceback[component]: %s", traceback(err, 2)); end
function stream_callbacks.handlestanza(session, stanza)
-- Namespaces are icky.
if not stanza.attr.xmlns and stanza.name == "handshake" then
@ -266,10 +269,10 @@ local function session_close(session, reason)
if reason.extra then
stanza:add_child(reason.extra);
end
module:log("info", "Disconnecting component, <stream:error> is: %s", tostring(stanza));
module:log("info", "Disconnecting component, <stream:error> is: %s", stanza);
session.send(stanza);
elseif reason.name then -- a stanza
module:log("info", "Disconnecting component, <stream:error> is: %s", tostring(reason));
module:log("info", "Disconnecting component, <stream:error> is: %s", reason);
session.send(reason);
end
end
@ -310,7 +313,7 @@ function listener.onconnect(conn)
function session.data(_, data)
local ok, err = stream:feed(data);
if ok then return; end
module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
session:close("not-well-formed");
end
@ -325,7 +328,7 @@ end
function listener.ondisconnect(conn, err)
local session = sessions[conn];
if session then
(session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err));
(session.log or log)("info", "component disconnected: %s (%s)", session.host, err);
if session.host then
module:context(session.host):fire_event("component-disconnected", { session = session, reason = err });
end

14
plugins/mod_csi.lua
View file

@ -2,8 +2,9 @@ local st = require "util.stanza";
local xmlns_csi = "urn:xmpp:csi:0";
local csi_feature = st.stanza("csi", { xmlns = xmlns_csi });
local csi_handler_available = nil;
module:hook("stream-features", function (event)
if event.origin.username then
if event.origin.username and csi_handler_available then
event.features:add_child(csi_feature);
end
end);
@ -21,3 +22,14 @@ end
module:hook("stanza/"..xmlns_csi..":active", refire_event("csi-client-active"));
module:hook("stanza/"..xmlns_csi..":inactive", refire_event("csi-client-inactive"));
function module.load()
if prosody.hosts[module.host].events._handlers["csi-client-active"] then
csi_handler_available = true;
module:set_status("core", "CSI handler module loaded");
else
csi_handler_available = false;
module:set_status("warn", "No CSI handler module loaded");
end
end
module:hook("module-loaded", module.load);
module:hook("module-unloaded", module.load);

242
plugins/mod_csi_simple.lua
View file

@ -1,4 +1,4 @@
-- Copyright (C) 2016-2018 Kim Alvefur
-- Copyright (C) 2016-2020 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
@ -9,115 +9,209 @@ module:depends"csi"
local jid = require "util.jid";
local st = require "util.stanza";
local dt = require "util.datetime";
local new_queue = require "util.queue".new;
local function new_pump(output, ...)
-- luacheck: ignore 212/self
local q = new_queue(...);
local flush = true;
function q:pause()
flush = false;
end
function q:resume()
flush = true;
return q:flush();
end
local push = q.push;
function q:push(item)
local ok = push(self, item);
if not ok then
q:flush();
output(item, self);
elseif flush then
return q:flush();
end
return true;
end
function q:flush()
local item = self:pop();
while item do
output(item, self);
item = self:pop();
end
return true;
end
return q;
end
local filters = require "util.filters";
local queue_size = module:get_option_number("csi_queue_size", 256);
module:hook("csi-is-stanza-important", function (event)
local stanza = event.stanza;
if not st.is_stanza(stanza) then
return true;
local important_payloads = module:get_option_set("csi_important_payloads", { });
function is_important(stanza) --> boolean, reason: string
if stanza == " " then
return true, "whitespace keepalive";
elseif type(stanza) == "string" then
return true, "raw data";
elseif not st.is_stanza(stanza) then
-- This should probably never happen
return true, type(stanza);
end
if stanza.attr.xmlns ~= nil then
-- stream errors, stream management etc
return true, "nonza";
end
local st_name = stanza.name;
if not st_name then return false; end
local st_type = stanza.attr.type;
if st_name == "presence" then
if st_type == nil or st_type == "unavailable" then
return false;
if st_type == nil or st_type == "unavailable" or st_type == "error" then
return false, "presence update";
end
return true;
-- TODO Some MUC awareness, e.g. check for the 'this relates to you' status code
return true, "subscription request";
elseif st_name == "message" then
if st_type == "headline" then
return false;
-- Headline messages are ephemeral by definition
return false, "headline";
end
if st_type == "error" then
return true, "delivery failure";
end
if stanza:get_child("sent", "urn:xmpp:carbons:2") then
return true;
return true, "carbon";
end
local forwarded = stanza:find("{urn:xmpp:carbons:2}received/{urn:xmpp:forward:0}/{jabber:client}message");
if forwarded then
stanza = forwarded;
end
if stanza:get_child("body") then
return true;
return true, "body";
end
if stanza:get_child("subject") then
return true;
-- Last step of a MUC join
return true, "subject";
end
if stanza:get_child("encryption", "urn:xmpp:eme:0") then
return true;
-- Since we can't know what an encrypted message contains, we assume it's important
-- XXX Experimental XEP
return true, "encrypted";
end
if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then
return true, "invite";
end
if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then
return true;
-- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment
return true, "jingle call";
end
for important in important_payloads do
if stanza:find(important) then
return true;
end
end
return false;
elseif st_name == "iq" then
return true;
end
return true;
end
module:hook("csi-is-stanza-important", function (event)
local important, why = is_important(event.stanza);
event.reason = why;
return important;
end, -1);
local function should_flush(stanza, session, ctr) --> boolean, reason: string
if ctr >= queue_size then
return true, "queue size limit reached";
end
local event = { stanza = stanza, session = session };
local ret = module:fire_event("csi-is-stanza-important", event)
return ret, event.reason;
end
local function with_timestamp(stanza, from)
if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then
stanza = st.clone(stanza);
stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = from, stamp = dt.datetime()}));
end
return stanza;
end
local measure_buffer_hold = module:measure("buffer_hold", "times");
local flush_reasons = setmetatable({}, {
__index = function (t, reason)
local m = module:measure("flush_reason."..reason:gsub("%W", "_"), "rate");
t[reason] = m;
return m;
end;
});
local function manage_buffer(stanza, session)
local ctr = session.csi_counter or 0;
local flush, why = should_flush(stanza, session, ctr);
if flush then
if session.csi_measure_buffer_hold then
session.csi_measure_buffer_hold();
session.csi_measure_buffer_hold = nil;
end
flush_reasons[why or "important"]();
session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter);
session.conn:resume_writes();
else
session.log("debug", "Holding buffer (%s; queue size is %d)", why or "unimportant", session.csi_counter);
stanza = with_timestamp(stanza, jid.join(session.username, session.host))
end
session.csi_counter = ctr + 1;
return stanza;
end
local function flush_buffer(data, session)
session.log("debug", "Flushing buffer (%s; queue size is %d)", "client activity", session.csi_counter);
flush_reasons["client activity"]();
if session.csi_measure_buffer_hold then
session.csi_measure_buffer_hold();
session.csi_measure_buffer_hold = nil;
end
session.conn:resume_writes();
return data;
end
function enable_optimizations(session)
if session.conn and session.conn.pause_writes then
session.conn:pause_writes();
session.csi_measure_buffer_hold = measure_buffer_hold();
session.csi_counter = 0;
filters.add_filter(session, "stanzas/out", manage_buffer);
filters.add_filter(session, "bytes/in", flush_buffer);
else
session.log("warn", "Session connection does not support write pausing");
end
end
function disable_optimizations(session)
filters.remove_filter(session, "stanzas/out", manage_buffer);
filters.remove_filter(session, "bytes/in", flush_buffer);
session.csi_counter = nil;
if session.csi_measure_buffer_hold then
session.csi_measure_buffer_hold();
session.csi_measure_buffer_hold = nil;
end
if session.conn and session.conn.resume_writes then
session.conn:resume_writes();
end
end
module:hook("csi-client-inactive", function (event)
local session = event.origin;
if session.pump then
session.pump:pause();
else
local bare_jid = jid.join(session.username, session.host);
local send = session.send;
session._orig_send = send;
local pump = new_pump(session.send, queue_size);
pump:pause();
session.pump = pump;
function session.send(stanza)
if session.state == "active" or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then
pump:flush();
send(stanza);
else
if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then
stanza = st.clone(stanza);
stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = bare_jid, stamp = dt.datetime()}));
end
pump:push(stanza);
end
return true;
end
end
enable_optimizations(session);
end);
module:hook("csi-client-active", function (event)
local session = event.origin;
if session.pump then
session.pump:resume();
disable_optimizations(session);
end);
module:hook("pre-resource-unbind", function (event)
local session = event.session;
disable_optimizations(session);
end, 1);
module:hook("c2s-ondrain", function (event)
local session = event.session;
if session.state == "inactive" and session.conn and session.conn.pause_writes then
session.conn:pause_writes();
session.csi_measure_buffer_hold = measure_buffer_hold();
session.log("debug", "Buffer flushed, resuming inactive mode (queue size was %d)", session.csi_counter);
session.csi_counter = 0;
end
end);
function module.load()
for _, user_session in pairs(prosody.hosts[module.host].sessions) do
for _, session in pairs(user_session.sessions) do
if session.state == "inactive" then
enable_optimizations(session);
end
end
end
end
function module.unload()
for _, user_session in pairs(prosody.hosts[module.host].sessions) do
for _, session in pairs(user_session.sessions) do
if session.state == "inactive" then
disable_optimizations(session);
end
end
end
end

6
plugins/mod_dialback.lua
View file

@ -93,6 +93,11 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
-- he wants to be identified through dialback
-- We need to check the key with the Authoritative server
local attr = stanza.attr;
if not attr.to or not attr.from then
origin.log("debug", "Missing Dialback addressing (from=%q, to=%q)", attr.from, attr.to);
origin:close("improper-addressing");
return true;
end
local to, from = nameprep(attr.to), nameprep(attr.from);
if not hosts[to] then
@ -102,6 +107,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
return true;
elseif not from then
origin:close("improper-addressing");
return true;
end
if dwd and origin.secure then

233
plugins/mod_external_services.lua Normal file
View file

@ -0,0 +1,233 @@
local dt = require "util.datetime";
local base64 = require "util.encodings".base64;
local hashes = require "util.hashes";
local st = require "util.stanza";
local jid = require "util.jid";
local array = require "util.array";
local default_host = module:get_option_string("external_service_host", module.host);
local default_port = module:get_option_number("external_service_port");
local default_secret = module:get_option_string("external_service_secret");
local default_ttl = module:get_option_number("external_service_ttl", 86400);
local configured_services = module:get_option_array("external_services", {});
local access = module:get_option_set("external_service_access", {});
-- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
local function behave_turn_rest_credentials(srv, item, secret)
local ttl = default_ttl;
if type(item.ttl) == "number" then
ttl = item.ttl;
end
local expires = srv.expires or os.time() + ttl;
local username;
if type(item.username) == "string" then
username = string.format("%d:%s", expires, item.username);
else
username = string.format("%d", expires);
end
srv.username = username;
srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username));
end
local algorithms = {
turn = behave_turn_rest_credentials;
}
-- filter config into well-defined service records
local function prepare(item)
if type(item) ~= "table" then
module:log("error", "Service definition is not a table: %q", item);
return nil;
end
local srv = {
type = nil;
transport = nil;
host = default_host;
port = default_port;
username = nil;
password = nil;
restricted = nil;
expires = nil;
};
if type(item.type) == "string" then
srv.type = item.type;
else
module:log("error", "Service missing mandatory 'type' field: %q", item);
return nil;
end
if type(item.transport) == "string" then
srv.transport = item.transport;
end
if type(item.host) == "string" then
srv.host = item.host;
end
if type(item.port) == "number" then
srv.port = item.port;
end
if type(item.username) == "string" then
srv.username = item.username;
end
if type(item.password) == "string" then
srv.password = item.password;
srv.restricted = true;
end
if item.restricted == true then
srv.restricted = true;
end
if type(item.expires) == "number" then
srv.expires = item.expires;
elseif type(item.ttl) == "number" then
srv.expires = os.time() + item.ttl;
end
if (item.secret == true and default_secret) or type(item.secret) == "string" then
local secret_cb = item.credentials_cb or algorithms[item.algorithm] or algorithms[srv.type];
local secret = item.secret;
if secret == true then
secret = default_secret;
end
if secret_cb then
secret_cb(srv, item, secret);
srv.restricted = true;
end
end
return srv;
end
function module.load()
-- Trigger errors on startup
local services = configured_services / prepare;
if #services == 0 then
module:log("warn", "No services configured or all had errors");
end
end
-- Ensure only valid items are added in events
local services_mt = {
__index = getmetatable(array()).__index;
__newindex = function (self, i, v)
rawset(self, i, assert(prepare(v), "Invalid service entry added"));
end;
}
local function handle_services(event)
local origin, stanza = event.origin, event.stanza;
local action = stanza.tags[1];
local user_bare = jid.bare(stanza.attr.from);
local user_host = jid.host(user_bare);
if not ((access:empty() and origin.type == "c2s") or access:contains(user_bare) or access:contains(user_host)) then
origin.send(st.error_reply(stanza, "auth", "forbidden"));
return true;
end
local reply = st.reply(stanza):tag("services", { xmlns = action.attr.xmlns });
local extras = module:get_host_items("external_service");
local services = ( configured_services + extras ) / prepare;
local requested_type = action.attr.type;
if requested_type then
services:filter(function(item)
return item.type == requested_type;
end);
end
setmetatable(services, services_mt);
module:fire_event("external_service/services", {
origin = origin;
stanza = stanza;
reply = reply;
requested_type = requested_type;
services = services;
});
for _, srv in ipairs(services) do
reply:tag("service", {
type = srv.type;
transport = srv.transport;
host = srv.host;
port = srv.port and string.format("%d", srv.port) or nil;
username = srv.username;
password = srv.password;
expires = srv.expires and dt.datetime(srv.expires) or nil;
restricted = srv.restricted and "1" or nil;
}):up();
end
origin.send(reply);
return true;
end
local function handle_credentials(event)
local origin, stanza = event.origin, event.stanza;
local action = stanza.tags[1];
if origin.type ~= "c2s" then
origin.send(st.error_reply(stanza, "auth", "forbidden"));
return true;
end
local reply = st.reply(stanza):tag("credentials", { xmlns = action.attr.xmlns });
local extras = module:get_host_items("external_service");
local services = ( configured_services + extras ) / prepare;
services:filter(function (item)
return item.restricted;
end)
local requested_credentials = {};
for service in action:childtags("service") do
table.insert(requested_credentials, {
type = service.attr.type;
host = service.attr.host;
port = tonumber(service.attr.port);
});
end
setmetatable(services, services_mt);
setmetatable(requested_credentials, services_mt);
module:fire_event("external_service/credentials", {
origin = origin;
stanza = stanza;
reply = reply;
requested_credentials = requested_credentials;
services = services;
});
for req_srv in action:childtags("service") do
for _, srv in ipairs(services) do
if srv.type == req_srv.attr.type and srv.host == req_srv.attr.host
and not req_srv.attr.port or srv.port == tonumber(req_srv.attr.port) then
reply:tag("service", {
type = srv.type;
transport = srv.transport;
host = srv.host;
port = srv.port and string.format("%d", srv.port) or nil;
username = srv.username;
password = srv.password;
expires = srv.expires and dt.datetime(srv.expires) or nil;
restricted = srv.restricted and "1" or nil;
}):up();
end
end
end
origin.send(reply);
return true;
end
-- XEP-0215 v0.7
module:add_feature("urn:xmpp:extdisco:2");
module:hook("iq-get/host/urn:xmpp:extdisco:2:services", handle_services);
module:hook("iq-get/host/urn:xmpp:extdisco:2:credentials", handle_credentials);
-- COMPAT XEP-0215 v0.6
-- Those still on the old version gets to deal with undefined attributes until they upgrade.
module:add_feature("urn:xmpp:extdisco:1");
module:hook("iq-get/host/urn:xmpp:extdisco:1:services", handle_services);
module:hook("iq-get/host/urn:xmpp:extdisco:1:credentials", handle_credentials);

6
plugins/mod_groups.lua
View file

@ -25,7 +25,7 @@ function inject_roster_contacts(event)
local function import_jids_to_roster(group_name)
for jid in pairs(groups[group_name]) do
-- Add them to roster
--module:log("debug", "processing jid %s in group %s", tostring(jid), tostring(group_name));
--module:log("debug", "processing jid %s in group %s", jid, group_name);
if jid ~= bare_jid then
if not roster[jid] then roster[jid] = {}; end
roster[jid].subscription = "both";
@ -99,7 +99,7 @@ function module.load()
end
members[false][#members[false]+1] = curr_group; -- Is a public group
end
module:log("debug", "New group: %s", tostring(curr_group));
module:log("debug", "New group: %s", curr_group);
groups[curr_group] = groups[curr_group] or {};
else
-- Add JID
@ -108,7 +108,7 @@ function module.load()
local jid;
jid = jid_prep(entryjid:match("%S+"));
if jid then
module:log("debug", "New member of %s: %s", tostring(curr_group), tostring(jid));
module:log("debug", "New member of %s: %s", curr_group, jid);
groups[curr_group][jid] = name or false;
members[jid] = members[jid] or {};
members[jid][#members[jid]+1] = curr_group;

102
plugins/mod_http.lua
View file

@ -7,13 +7,21 @@
--
module:set_global();
module:depends("http_errors");
pcall(function ()
module:depends("http_errors");
end);
local portmanager = require "core.portmanager";
local moduleapi = require "core.moduleapi";
local url_parse = require "socket.url".parse;
local url_build = require "socket.url".build;
local normalize_path = require "util.http".normalize_path;
local set = require "util.set";
local ip_util = require "util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
local server = require "net.http.server";
@ -22,6 +30,12 @@ server.set_default_host(module:get_option_string("http_default_host"));
server.set_option("body_size_limit", module:get_option_number("http_max_content_size"));
server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size"));
-- CORS settigs
local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" });
local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" });
local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false);
local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60);
local function get_http_event(host, app_path, key)
local method, path = key:match("^(%S+)%s+(.+)$");
if not method then -- No path specified, default to "" (base path)
@ -79,10 +93,22 @@ function moduleapi.http_url(module, app_name, default_path)
return url_build(url);
end
end
module:log("warn", "No http ports enabled, can't generate an external URL");
if prosody.process_type == "prosody" then
module:log("warn", "No http ports enabled, can't generate an external URL");
end
return "http://disabled.invalid/";
end
local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, origin)
response.headers.access_control_allow_methods = tostring(methods);
response.headers.access_control_allow_headers = tostring(headers);
response.headers.access_control_max_age = tostring(max_age)
response.headers.access_control_allow_origin = origin or "*";
if allow_credentials then
response.headers.access_control_allow_credentials = "true";
end
end
function module.add_host(module)
local host = module.host;
if host ~= "*" then
@ -101,9 +127,29 @@ function module.add_host(module)
end
apps[app_name] = apps[app_name] or {};
local app_handlers = apps[app_name];
local app_methods = opt_methods;
local function cors_handler(event_data)
local request, response = event_data.request, event_data.response;
apply_cors_headers(response, app_methods, opt_headers, opt_max_age, opt_credentials, request.headers.origin);
end
local function options_handler(event_data)
cors_handler(event_data);
return "";
end
local streaming = event.item.streaming_uploads;
for key, handler in pairs(event.item.route or {}) do
local event_name = get_http_event(host, app_path, key);
if event_name then
local method = event_name:match("^%S+");
if not app_methods:contains(method) then
app_methods = app_methods + set.new{ method };
end
local options_event_name = event_name:gsub("^%S+", "OPTIONS");
if type(handler) ~= "function" then
local data = handler;
handler = function () return data; end
@ -118,9 +164,24 @@ function module.add_host(module)
elseif event_name:sub(-1, -1) == "/" then
module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1);
end
if not streaming then
-- COMPAT Modules not compatible with streaming uploads behave as before.
local _handler = handler;
function handler(event) -- luacheck: ignore 432/event
if event.request.body ~= false then
return _handler(event);
end
end
end
if not app_handlers[event_name] then
app_handlers[event_name] = handler;
app_handlers[event_name] = {
main = handler;
cors = cors_handler;
options = options_handler;
};
module:hook_object_event(server, event_name, handler);
module:hook_object_event(server, event_name, cors_handler, 1);
module:hook_object_event(server, options_event_name, options_handler, -1);
else
module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name);
end
@ -130,8 +191,8 @@ function module.add_host(module)
end
local services = portmanager.get_active_services();
if services:get("https") or services:get("http") then
module:log("debug", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path));
else
module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path));
elseif prosody.process_type == "prosody" then
module:log("warn", "Not listening on any ports, '%s' will be unreachable", app_name);
end
end
@ -139,8 +200,11 @@ function module.add_host(module)
local function http_app_removed(event)
local app_handlers = apps[event.item.name];
apps[event.item.name] = nil;
for event_name, handler in pairs(app_handlers) do
module:unhook_object_event(server, event_name, handler);
for event_name, handlers in pairs(app_handlers) do
module:unhook_object_event(server, event_name, handlers.main);
module:unhook_object_event(server, event_name, handlers.cors);
local options_event_name = event_name:gsub("^%S+", "OPTIONS");
module:unhook_object_event(server, options_event_name, handlers.options);
end
end
@ -158,13 +222,31 @@ module.add_host(module); -- set up handling on global context too
local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items;
local function is_trusted_proxy(ip)
local parsed_ip = new_ip(ip)
for trusted_proxy in trusted_proxies do
if match_ip(parsed_ip, parse_cidr(trusted_proxy)) then
return true;
end
end
return false
end
local function get_ip_from_request(request)
local ip = request.conn:ip();
local forwarded_for = request.headers.x_forwarded_for;
if forwarded_for then
-- luacheck: ignore 631
-- This logic looks weird at first, but it makes sense.
-- The for loop will take the last non-trusted-proxy IP from `forwarded_for`.
-- We append the original request IP to the header. Then, since the last IP wins, there are two cases:
-- Case a) The original request IP is *not* in trusted proxies, in which case the X-Forwarded-For header will, effectively, be ineffective; the original request IP will win because it overrides any other IP in the header.
-- Case b) The original request IP is in trusted proxies. In that case, the if branch in the for loop will skip the last IP, causing it to be ignored. The second-to-last IP will be taken instead.
-- Case c) If the second-to-last IP is also a trusted proxy, it will also be ignored, iteratively, up to the last IP which isn’t in trusted proxies.
-- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP.
forwarded_for = forwarded_for..", "..ip;
for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do
if not trusted_proxies[forwarded_ip] then
if not is_trusted_proxy(forwarded_ip) then
ip = forwarded_ip;
end
end
@ -195,10 +277,8 @@ module:provides("net", {
listener = server.listener;
default_port = 5281;
encryption = "ssl";
ssl_config = {
verify = "none";
};
multiplex = {
protocol = "http/1.1";
pattern = "^[A-Z]";
};
});

39
plugins/mod_http_errors.lua
View file

@ -26,21 +26,24 @@ local html = [[
<meta charset="utf-8">
<title>{title}</title>
<style>
body{
margin-top:14%;
text-align:center;
background-color:#F8F8F8;
font-family:sans-serif;
body {
margin-top : 14%;
text-align : center;
background-color : #F8F8F8;
font-family : sans-serif
}
h1{
font-size:xx-large;
h1 {
font-size : xx-large
}
p{
font-size:x-large;
p {
font-size : x-large
}
p+p {
font-size:large;
font-family:courier;
font-size : large;
font-family : courier
}
</style>
</head>
@ -70,5 +73,17 @@ module:hook_object_event(server, "http-error", function (event)
if event.response then
event.response.headers.content_type = "text/html; charset=utf-8";
end
return get_page(event.code, (show_private and event.private_message) or event.message);
return get_page(event.code, (show_private and event.private_message) or event.message or (event.error and event.error.text));
end);
module:hook_object_event(server, "http-error", function (event)
local request, response = event.request, event.response;
if request and response and request.path == "/" and response.status_code == 404 then
response.headers.content_type = "text/html; charset=utf-8";
return render(html, {
title = "Prosody is running!";
message = "Welcome to the XMPP world!";
});
end
end, 1);

175
plugins/mod_http_files.lua
View file

@ -7,14 +7,9 @@
--
module:depends("http");
local server = require"net.http.server";
local lfs = require "lfs";
local os_date = os.date;
local open = io.open;
local stat = lfs.attributes;
local build_path = require"socket.url".build_path;
local path_sep = package.config:sub(1,1);
local fileserver = require"net.http.files";
local base_path = module:get_option_path("http_files_dir", module:get_option_path("http_path"));
local cache_size = module:get_option_number("http_files_cache_size", 128);
@ -38,7 +33,9 @@ if not mime_map then
module:shared("/*/http_files/mime").types = mime_map;
local mime_types, err = open(module:get_option_path("mime_types_file", "/etc/mime.types", "config"), "r");
if mime_types then
if not mime_types then
module:log("debug", "Could not open MIME database: %s", err);
else
local mime_data = mime_types:read("*a");
mime_types:close();
setmetatable(mime_map, {
@ -51,148 +48,56 @@ if not mime_map then
end
end
local forbidden_chars_pattern = "[/%z]";
if prosody.platform == "windows" then
forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
local function get_calling_module()
local info = debug.getinfo(3, "S");
if not info then return "An unknown module"; end
return info.source:match"mod_[^/\\.]+" or info.short_src;
end
local urldecode = require "util.http".urldecode;
function sanitize_path(path)
if not path then return end
local out = {};
local c = 0;
for component in path:gmatch("([^/]+)") do
component = urldecode(component);
if component:find(forbidden_chars_pattern) then
return nil;
elseif component == ".." then
if c <= 0 then
return nil;
end
out[c] = nil;
c = c - 1;
elseif component ~= "." then
c = c + 1;
out[c] = component;
end
end
if path:sub(-1,-1) == "/" then
out[c+1] = "";
end
return "/"..table.concat(out, "/");
end
local cache = require "util.cache".new(cache_size);
-- COMPAT -- TODO deprecate
function serve(opts)
if type(opts) ~= "table" then -- assume path string
opts = { path = opts };
end
-- luacheck: ignore 431
local base_path = opts.path;
local dir_indices = opts.index_files or dir_indices;
local directory_index = opts.directory_index;
local function serve_file(event, path)
local request, response = event.request, event.response;
local sanitized_path = sanitize_path(path);
if path and not sanitized_path then
return 400;
end
path = sanitized_path;
local orig_path = sanitize_path(request.path);
local full_path = base_path .. (path or ""):gsub("/", path_sep);
local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
if not attr then
return 404;
end
local request_headers, response_headers = request.headers, response.headers;
local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
response_headers.last_modified = last_modified;
local etag = ('"%x-%x-%x"'):format(attr.change or 0, attr.size or 0, attr.modification or 0);
response_headers.etag = etag;
local if_none_match = request_headers.if_none_match
local if_modified_since = request_headers.if_modified_since;
if etag == if_none_match
or (not if_none_match and last_modified == if_modified_since) then
return 304;
end
local data = cache:get(orig_path);
if data and data.etag == etag then
response_headers.content_type = data.content_type;
data = data.data;
elseif attr.mode == "directory" and path then
if full_path:sub(-1) ~= "/" then
local dir_path = { is_absolute = true, is_directory = true };
for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end
response_headers.location = build_path(dir_path);
return 301;
end
for i=1,#dir_indices do
if stat(full_path..dir_indices[i], "mode") == "file" then
return serve_file(event, path..dir_indices[i]);
end
end
if directory_index then
data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
end
if not data then
return 403;
end
cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; });
response_headers.content_type = mime_map.html;
else
local f, err = open(full_path, "rb");
if not f then
module:log("debug", "Could not open %s. Error was %s", full_path, err);
return 403;
end
local ext = full_path:match("%.([^./]+)$");
local content_type = ext and mime_map[ext];
response_headers.content_type = content_type;
if attr.size > cache_max_file_size then
response_headers.content_length = attr.size;
module:log("debug", "%d > cache_max_file_size", attr.size);
return response:send_file(f);
else
data = f:read("*a");
f:close();
end
cache:set(orig_path, { data = data; content_type = content_type; etag = etag });
end
return response:send(data);
if opts.directory_index == nil then
opts.directory_index = directory_index;
end
return serve_file;
if opts.mime_map == nil then
opts.mime_map = mime_map;
end
if opts.cache_size == nil then
opts.cache_size = cache_size;
end
if opts.cache_max_file_size == nil then
opts.cache_max_file_size = cache_max_file_size;
end
if opts.index_files == nil then
opts.index_files = dir_indices;
end
-- TODO Crank up to warning
module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module());
return fileserver.serve(opts);
end
function wrap_route(routes)
module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module());
for route,handler in pairs(routes) do
if type(handler) ~= "function" then
routes[route] = serve(handler);
routes[route] = fileserver.serve(handler);
end
end
return routes;
end
if base_path then
module:provides("http", {
route = {
["GET /*"] = serve {
path = base_path;
directory_index = directory_index;
}
};
});
else
module:log("debug", "http_files_dir not set, assuming use by some other module");
end
module:provides("http", {
route = {
["GET /*"] = fileserver.serve({
path = base_path;
directory_index = directory_index;
mime_map = mime_map;
cache_size = cache_size;
cache_max_file_size = cache_max_file_size;
index_files = dir_indices;
});
};
});

2
plugins/mod_lastactivity.lua
View file

@ -30,7 +30,7 @@ module:hook("iq-get/bare/jabber:iq:last:query", function(event)
if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then
local seconds, text = "0", "";
if map[username] then
seconds = tostring(os.difftime(os.time(), map[username].t));
seconds = string.format("%d", os.difftime(os.time(), map[username].t));
text = map[username].s;
end
origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:last', seconds=seconds}):text(text));

4
plugins/mod_legacyauth.lua
View file

@ -78,8 +78,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event)
session:close(); -- FIXME undo resource bind and auth instead of closing the session?
return true;
end
session.send(st.reply(stanza));
else
session.send(st.error_reply(stanza, "auth", "not-authorized", err));
end
session.send(st.reply(stanza));
else
session.send(st.error_reply(stanza, "auth", "not-authorized"));
end

43
plugins/mod_limits.lua
View file

@ -32,7 +32,7 @@ local function parse_burst(burst, sess_type)
end
local n_burst = tonumber(burst);
if not n_burst then
module:log("error", "Unable to parse burst for %s: %q, using default burst interval (%ds)", sess_type, tostring(burst), default_burst);
module:log("error", "Unable to parse burst for %s: %q, using default burst interval (%ds)", sess_type, burst, default_burst);
end
return n_burst or default_burst;
end
@ -51,18 +51,18 @@ end
local default_filter_set = {};
function default_filter_set.bytes_in(bytes, session)
local sess_throttle = session.throttle;
if sess_throttle then
local ok, balance, outstanding = sess_throttle:poll(#bytes, true);
local sess_throttle = session.throttle;
if sess_throttle then
local ok, _, outstanding = sess_throttle:poll(#bytes, true);
if not ok then
session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding);
session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding);
outstanding = ceil(outstanding);
session.conn:pause(); -- Read no more data from the connection until there is no outstanding data
local outstanding_data = bytes:sub(-outstanding);
bytes = bytes:sub(1, #bytes-outstanding);
timer.add_task(limits_resolution, function ()
if not session.conn then return; end
if sess_throttle:peek(#outstanding_data) then
if sess_throttle:peek(#outstanding_data) then
session.log("debug", "Resuming paused session");
session.conn:resume();
end
@ -84,8 +84,13 @@ local function filter_hook(session)
local session_type = session.type:match("^[^_]+");
local filter_set, opts = type_filters[session_type], limits[session_type];
if opts then
session.throttle = throttle.create(opts.bytes_per_second * opts.burst_seconds, opts.burst_seconds);
filters.add_filter(session, "bytes/in", filter_set.bytes_in, 1000);
if session.conn and session.conn.setlimit then
session.conn:setlimit(opts.bytes_per_second);
-- Currently no burst support
else
session.throttle = throttle.create(opts.bytes_per_second * opts.burst_seconds, opts.burst_seconds);
filters.add_filter(session, "bytes/in", filter_set.bytes_in, 1000);
end
end
end
@ -96,3 +101,25 @@ end
function module.unload()
filters.remove_filter_hook(filter_hook);
end
function module.add_host(module)
local unlimited_jids = module:get_option_inherited_set("unlimited_jids", {});
if not unlimited_jids:empty() then
module:hook("authentication-success", function (event)
local session = event.session;
local session_type = session.type:match("^[^_]+");
local jid = session.username .. "@" .. session.host;
if unlimited_jids:contains(jid) then
if session.conn and session.conn.setlimit then
session.conn:setlimit(0);
-- Currently no burst support
else
local filter_set = type_filters[session_type];
filters.remove_filter(session, "bytes/in", filter_set.bytes_in);
session.throttle = nil;
end
end
end);
end
end

151
plugins/mod_mam/mod_mam.lua
View file

@ -25,6 +25,7 @@ local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prepped_split = require "util.jid".prepped_split;
local dataform = require "util.dataforms".new;
local get_form_type = require "util.dataforms".get_type;
local host = module.host;
local rm_load_roster = require "core.rostermanager".load_roster;
@ -40,6 +41,11 @@ local strip_tags = module:get_option_set("dont_archive_namespaces", { "http://ja
local archive_store = module:get_option_string("archive_store", "archive");
local archive = module:open_store(archive_store, "archive");
local cleanup_after = module:get_option_string("archive_expires_after", "1w");
local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60);
local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000);
local archive_truncate = math.floor(archive_item_limit * 0.99);
if not archive.find then
error("mod_"..(archive._provided_by or archive.name and "storage_"..archive.name).." does not support archiving\n"
.."See https://prosody.im/doc/storage and https://prosody.im/doc/archiving for more information");
@ -98,7 +104,14 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
local qwith, qstart, qend;
local form = query:get_child("x", "jabber:x:data");
if form then
local err;
local form_type, err = get_form_type(form);
if not form_type then
origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err));
return true;
elseif form_type ~= xmlns_mam then
origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'"));
return true;
end
form, err = query_form:data(form);
if err then
origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));
@ -117,10 +130,12 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
qstart, qend = vstart, vend;
end
module:log("debug", "Archive query, id %s with %s from %s until %s",
tostring(qid), qwith or "anyone",
qstart and timestamp(qstart) or "the dawn of time",
qend and timestamp(qend) or "now");
module:log("debug", "Archive query by %s id=%s with=%s when=%s...%s",
origin.username,
qid or stanza.attr.id,
qwith or "*",
qstart and timestamp(qstart) or "",
qend and timestamp(qend) or "");
-- RSM stuff
local qset = rsm.get(query);
@ -128,6 +143,9 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
local reverse = qset and qset.before or false;
local before, after = qset and qset.before, qset and qset.after;
if type(before) ~= "string" then before = nil; end
if qset then
module:log("debug", "Archive query id=%s rsm=%q", qid or stanza.attr.id, qset);
end
-- Load all the data!
local data, err = archive:find(origin.username, {
@ -140,7 +158,12 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
});
if not data then
origin.send(st.error_reply(stanza, "cancel", "internal-server-error", err));
module:log("debug", "Archive query id=%s failed: %s", qid or stanza.attr.id, err);
if err == "item-not-found" then
origin.send(st.error_reply(stanza, "modify", "item-not-found"));
else
origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
end
return true;
end
local total = tonumber(err);
@ -189,13 +212,13 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
first, last = last, first;
end
-- That's all folks!
module:log("debug", "Archive query %s completed", tostring(qid));
origin.send(st.reply(stanza)
:tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete })
:add_child(rsm.generate {
first = first, last = last, count = total }));
-- That's all folks!
module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, complete and count or count - 1);
return true;
end);
@ -213,13 +236,13 @@ local function shall_store(user, who)
end
local prefs = get_prefs(user);
local rule = prefs[who];
module:log("debug", "%s's rule for %s is %s", user, who, tostring(rule));
module:log("debug", "%s's rule for %s is %s", user, who, rule);
if rule ~= nil then
return rule;
end
-- Below could be done by a metatable
local default = prefs[false];
module:log("debug", "%s's default rule is %s", user, tostring(default));
module:log("debug", "%s's default rule is %s", user, default);
if default == "roster" then
return has_in_roster(user, who);
end
@ -242,11 +265,70 @@ local function strip_stanza_id(stanza, user)
return stanza;
end
local function should_store(stanza, c2s) --> boolean, reason: string
local st_type = stanza.attr.type or "normal";
-- FIXME pass direction of stanza and use that along with bare/full JID addressing
-- for more accurate MUC / type=groupchat check
if st_type == "headline" then
-- Headline messages are ephemeral by definition
return false, "headline";
end
if st_type == "error" and not c2s then
-- Store delivery failure notifications so you know if your own messages were not delivered
return true, "bounce";
end
if st_type == "groupchat" then
-- MUC messages always go to the full JID, usually archived by the MUC
return false, "groupchat";
end
if stanza:get_child("no-store", "urn:xmpp:hints")
or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then
-- XXX Experimental XEP
return false, "hint";
end
if stanza:get_child("store", "urn:xmpp:hints") then
return true, "hint";
end
if stanza:get_child("body") then
return true, "body";
end
if stanza:get_child("subject") then
-- XXX Who would send a message with a subject but without a body?
return true, "subject";
end
if stanza:get_child("encryption", "urn:xmpp:eme:0") then
-- Since we can't know what an encrypted message contains, we assume it's important
-- XXX Experimental XEP
return true, "encrypted";
end
if stanza:get_child(nil, "urn:xmpp:receipts") then
-- If it's important enough to ask for a receipt then it's important enough to archive
-- and the same applies to the receipt
return true, "receipt";
end
if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then
-- XXX Experimental XEP
return true, "marker";
end
if stanza:get_child("x", "jabber:x:conference")
or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then
return true, "invite";
end
if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then
-- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment
return true, "jingle call";
end
-- The IM-NG thing to do here would be to return `not st_to_full`
-- One day ...
return false, "default";
end
-- Handle messages
local function message_handler(event, c2s)
local origin, stanza = event.origin, event.stanza;
local log = c2s and origin.log or module._log;
local orig_type = stanza.attr.type or "normal";
local orig_from = stanza.attr.from;
local orig_to = stanza.attr.to or orig_from;
-- Stanza without 'to' are treated as if it was to their own bare jid
@ -259,21 +341,12 @@ local function message_handler(event, c2s)
-- Filter out <stanza-id> that claim to be from us
event.stanza = strip_stanza_id(stanza, store_user);
-- We store chat messages or normal messages that have a body
if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body")) ) then
log("debug", "Not archiving stanza: %s (type)", stanza:top_tag());
local should, why = should_store(stanza, c2s);
if not should then
log("debug", "Not archiving stanza: %s (%s)", stanza:top_tag(), why);
return;
end
-- or if hints suggest we shouldn't
if not stanza:get_child("store", "urn:xmpp:hints") then -- No hint telling us we should store
if stanza:get_child("no-permanent-store", "urn:xmpp:hints")
or stanza:get_child("no-store", "urn:xmpp:hints") then -- Hint telling us we should NOT store
log("debug", "Not archiving stanza: %s (hint)", stanza:top_tag());
return;
end
end
local clone_for_storage;
if not strip_tags:empty() then
clone_for_storage = st.clone(stanza);
@ -294,10 +367,31 @@ local function message_handler(event, c2s)
-- Check with the users preferences
if shall_store(store_user, with) then
log("debug", "Archiving stanza: %s", stanza:top_tag());
log("debug", "Archiving stanza: %s (%s)", stanza:top_tag(), why);
-- And stash it
local ok, err = archive:append(store_user, nil, clone_for_storage, time_now(), with);
local time = time_now();
local ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
if not ok and err == "quota-limit" then
if type(cleanup_after) == "number" then
module:log("debug", "User '%s' over quota, cleaning archive", store_user);
local cleaned = archive:delete(store_user, {
["end"] = (os.time() - cleanup_after);
});
if cleaned then
ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
end
end
if not ok and (archive.caps and archive.caps.truncate) then
module:log("debug", "User '%s' over quota, truncating archive", store_user);
local truncated = archive:delete(store_user, {
truncate = archive_truncate;
});
if truncated then
ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
end
end
end
if ok then
local clone_for_other_handlers = st.clone(stanza);
local id = ok;
@ -325,8 +419,6 @@ end
module:hook("pre-message/bare", strip_stanza_id_after_other_events, -1);
module:hook("pre-message/full", strip_stanza_id_after_other_events, -1);
local cleanup_after = module:get_option_string("archive_expires_after", "1w");
local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60);
if cleanup_after ~= "never" then
local cleanup_storage = module:open_store("archive_cleanup");
local cleanup_map = module:open_store("archive_cleanup", "map");
@ -361,9 +453,11 @@ if cleanup_after ~= "never" then
last_date:set(username, date);
end
end
local cleanup_time = module:measure("cleanup", "times");
local async = require "util.async";
cleanup_runner = async.runner(function ()
local cleanup_done = cleanup_time();
local users = {};
local cut_off = datestamp(os.time() - cleanup_after);
for date in cleanup_storage:users() do
@ -397,6 +491,7 @@ if cleanup_after ~= "never" then
wait();
end
module:log("info", "Deleted %d expired messages for %d users", sum, num_users);
cleanup_done();
end);
cleanup_task = module:add_timer(1, function ()

85
plugins/mod_mimicking.lua Normal file
View file

@ -0,0 +1,85 @@
-- Prosody IM
-- Copyright (C) 2012 Florian Zeitz
-- Copyright (C) 2019 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local encodings = require "util.encodings";
assert(encodings.confusable, "This module requires that Prosody be built with ICU");
local skeleton = encodings.confusable.skeleton;
local usage = require "util.prosodyctl".show_usage;
local usermanager = require "core.usermanager";
local storagemanager = require "core.storagemanager";
local skeletons
function module.load()
if module.host ~= "*" then
skeletons = module:open_store("skeletons");
end
end
module:hook("user-registered", function(user)
local skel = skeleton(user.username);
local ok, err = skeletons:set(skel, { username = user.username });
if not ok then
module:log("error", "Unable to store mimicry data (%q => %q): %s", user.username, skel, err);
end
end);
module:hook("user-deleted", function(user)
local skel = skeleton(user.username);
local ok, err = skeletons:set(skel, nil);
if not ok and err then
module:log("error", "Unable to clear mimicry data (%q): %s", skel, err);
end
end);
module:hook("user-registering", function(user)
local existing, err = skeletons:get(skeleton(user.username));
if existing then
module:log("debug", "Attempt to register username '%s' which could be confused with '%s'", user.username, existing.username);
user.allowed = false;
elseif err then
module:log("error", "Unable to check if new username '%s' can be confused with any existing user: %s", err);
end
end);
function module.command(arg)
if (arg[1] ~= "bootstrap" or not arg[2]) then
usage("mod_mimicking bootstrap <host>", "Initialize username mimicry database");
return;
end
local host = arg[2];
local host_session = prosody.hosts[host];
if not host_session then
return "No such host";
end
storagemanager.initialize_host(host);
usermanager.initialize_host(host);
skeletons = storagemanager.open(host, "skeletons");
local count = 0;
for user in usermanager.users(host) do
local skel = skeleton(user);
local existing, err = skeletons:get(skel);
if existing and existing.username ~= user then
module:log("warn", "Existing usernames '%s' and '%s' are confusable", existing.username, user);
elseif err then
module:log("error", "Error checking for existing mimicry data (%q = %q): %s", user, skel, err);
end
local ok, err = skeletons:set(skel, { username = user });
if ok then
count = count + 1;
elseif err then
module:log("error", "Unable to store mimicry data (%q => %q): %s", user, skel, err);
end
end
module:log("info", "%d usernames indexed", count);
end

86
plugins/mod_muc_mam.lua
View file

@ -4,7 +4,7 @@
-- This file is MIT/X11 licensed.
if module:get_host_type() ~= "component" then
module:log("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name);
module:log_status("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name);
return;
end
@ -21,6 +21,7 @@ local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prep = require "util.jid".prep;
local dataform = require "util.dataforms".new;
local get_form_type = require "util.dataforms".get_type;
local mod_muc = module:depends"muc";
local get_room_from_jid = mod_muc.get_room_from_jid;
@ -32,6 +33,9 @@ local m_min = math.min;
local timestamp, timestamp_parse, datestamp = import( "util.datetime", "datetime", "parse", "date");
local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50);
local cleanup_after = module:get_option_string("muc_log_expires_after", "1w");
local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60);
local default_history_length = 20;
local max_history_length = module:get_option_number("max_history_messages", math.huge);
@ -49,6 +53,9 @@ local log_by_default = module:get_option_boolean("muc_log_by_default", true);
local archive_store = "muc_log";
local archive = module:open_store(archive_store, "archive");
local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000);
local archive_truncate = math.floor(archive_item_limit * 0.99);
if archive.name == "null" or not archive.find then
if not archive.find then
module:log("error", "Attempt to open archive storage returned a driver without archive API support");
@ -63,12 +70,15 @@ end
local function archiving_enabled(room)
if log_all_rooms then
module:log("debug", "Archiving all rooms");
return true;
end
local enabled = room._data.archiving;
if enabled == nil then
module:log("debug", "Default is %s (for %s)", log_by_default, room.jid);
return log_by_default;
end
module:log("debug", "Logging in room %s is %s", room.jid, enabled);
return enabled;
end
@ -135,7 +145,14 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
local qstart, qend;
local form = query:get_child("x", "jabber:x:data");
if form then
local err;
local form_type, err = get_form_type(form);
if not form_type then
origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err));
return true;
elseif form_type ~= xmlns_mam then
origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'"));
return true;
end
form, err = query_form:data(form);
if err then
origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));
@ -153,10 +170,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
qstart, qend = vstart, vend;
end
module:log("debug", "Archive query id %s from %s until %s)",
tostring(qid),
qstart and timestamp(qstart) or "the dawn of time",
qend and timestamp(qend) or "now");
module:log("debug", "Archive query by %s id=%s when=%s...%s",
origin.username,
qid or stanza.attr.id,
qstart and timestamp(qstart) or "",
qend and timestamp(qend) or "");
-- RSM stuff
local qset = rsm.get(query);
@ -165,6 +183,9 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
local before, after = qset and qset.before, qset and qset.after;
if type(before) ~= "string" then before = nil; end
if qset then
module:log("debug", "Archive query id=%s rsm=%q", qid or stanza.attr.id, qset);
end
-- Load all the data!
local data, err = archive:find(room_node, {
@ -176,7 +197,12 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
});
if not data then
origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
module:log("debug", "Archive query id=%s failed: %s", qid or stanza.attr.id, err);
if err == "item-not-found" then
origin.send(st.error_reply(stanza, "modify", "item-not-found"));
else
origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
end
return true;
end
local total = tonumber(err);
@ -233,13 +259,14 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
first, last = last, first;
end
-- That's all folks!
module:log("debug", "Archive query %s completed", tostring(qid));
origin.send(st.reply(stanza)
:tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete })
:add_child(rsm.generate {
first = first, last = last, count = total }));
-- That's all folks!
module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, complete and count or count - 1);
return true;
end);
@ -274,7 +301,7 @@ module:hook("muc-get-history", function (event)
local data, err = archive:find(jid_split(room_jid), query);
if not data then
module:log("error", "Could not fetch history: %s", tostring(err));
module:log("error", "Could not fetch history: %s", err);
return
end
@ -300,7 +327,7 @@ module:hook("muc-get-history", function (event)
maxchars = maxchars - chars;
end
history[i], i = item, i+1;
-- module:log("debug", tostring(item));
-- module:log("debug", item);
end
function event.next_stanza()
i = i - 1;
@ -325,7 +352,7 @@ end, 1);
-- Handle messages
local function save_to_history(self, stanza)
local room_node, room_host = jid_split(self.jid);
local room_node = jid_split(self.jid);
local stored_stanza = stanza;
@ -352,7 +379,29 @@ local function save_to_history(self, stanza)
end
-- And stash it
local id, err = archive:append(room_node, nil, stored_stanza, time_now(), with);
local time = time_now();
local id, err = archive:append(room_node, nil, stored_stanza, time, with);
if not id and err == "quota-limit" then
if type(cleanup_after) == "number" then
module:log("debug", "Room '%s' over quota, cleaning archive", room_node);
local cleaned = archive:delete(room_node, {
["end"] = (os.time() - cleanup_after);
});
if cleaned then
id, err = archive:append(room_node, nil, stored_stanza, time, with);
end
end
if not id and (archive.caps and archive.caps.truncate) then
module:log("debug", "User '%s' over quota, truncating archive", room_node);
local truncated = archive:delete(room_node, {
truncate = archive_truncate;
});
if truncated then
id, err = archive:append(room_node, nil, stored_stanza, time, with);
end
end
end
if id then
schedule_cleanup(room_node);
@ -391,15 +440,14 @@ end
module:add_feature(xmlns_mam);
module:hook("muc-disco#info", function(event)
event.reply:tag("feature", {var=xmlns_mam}):up();
if archiving_enabled(event.room) then
event.reply:tag("feature", {var=xmlns_mam}):up();
end
event.reply:tag("feature", {var=xmlns_st_id}):up();
end);
-- Cleanup
local cleanup_after = module:get_option_string("muc_log_expires_after", "1w");
local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60);
if cleanup_after ~= "never" then
local cleanup_storage = module:open_store("muc_log_cleanup");
local cleanup_map = module:open_store("muc_log_cleanup", "map");
@ -435,8 +483,11 @@ if cleanup_after ~= "never" then
end
end
local cleanup_time = module:measure("cleanup", "times");
local async = require "util.async";
cleanup_runner = async.runner(function ()
local cleanup_done = cleanup_time();
local rooms = {};
local cut_off = datestamp(os.time() - cleanup_after);
for date in cleanup_storage:users() do
@ -470,6 +521,7 @@ if cleanup_after ~= "never" then
wait();
end
module:log("info", "Deleted %d expired messages for %d rooms", sum, num_rooms);
cleanup_done();
end);
cleanup_task = module:add_timer(1, function ()

43
plugins/mod_net_multiplex.lua
View file

@ -1,22 +1,38 @@
module:set_global();
local array = require "util.array";
local max_buffer_len = module:get_option_number("multiplex_buffer_size", 1024);
local default_mode = module:get_option_number("network_default_read_size", 4096);
local portmanager = require "core.portmanager";
local available_services = {};
local service_by_protocol = {};
local available_protocols = array();
local function add_service(service)
local multiplex_pattern = service.multiplex and service.multiplex.pattern;
local protocol_name = service.multiplex and service.multiplex.protocol;
if protocol_name then
module:log("debug", "Adding multiplex service %q with protocol %q", service.name, protocol_name);
service_by_protocol[protocol_name] = service;
available_protocols:push(protocol_name);
end
if multiplex_pattern then
module:log("debug", "Adding multiplex service %q with pattern %q", service.name, multiplex_pattern);
available_services[service] = multiplex_pattern;
else
elseif not protocol_name then
module:log("debug", "Service %q is not multiplex-capable", service.name);
end
end
module:hook("service-added", function (event) add_service(event.service); end);
module:hook("service-removed", function (event) available_services[event.service] = nil; end);
module:hook("service-removed", function (event)
available_services[event.service] = nil;
if event.service.multiplex and event.service.multiplex.protocol then
available_protocols:filter(function (p) return p ~= event.service.multiplex.protocol end);
service_by_protocol[event.service.multiplex.protocol] = nil;
end
end);
for _, services in pairs(portmanager.get_registered_services()) do
for _, service in ipairs(services) do
@ -26,9 +42,22 @@ end
local buffers = {};
local listener = { default_mode = "*a" };
local listener = { default_mode = max_buffer_len };
function listener.onconnect()
function listener.onconnect(conn)
local sock = conn:socket();
if sock.getalpn then
local selected_proto = sock:getalpn();
local service = service_by_protocol[selected_proto];
if service then
module:log("debug", "Routing incoming connection to %s based on ALPN %q", service.name, selected_proto);
local next_listener = service.listener;
conn:setlistener(next_listener);
conn:set_mode(next_listener.default_mode or default_mode);
local onconnect = next_listener.onconnect;
if onconnect then return onconnect(conn) end
end
end
end
function listener.onincoming(conn, data)
@ -40,6 +69,7 @@ function listener.onincoming(conn, data)
module:log("debug", "Routing incoming connection to %s", service.name);
local next_listener = service.listener;
conn:setlistener(next_listener);
conn:set_mode(next_listener.default_mode or default_mode);
local onconnect = next_listener.onconnect;
if onconnect then onconnect(conn) end
return next_listener.onincoming(conn, buf);
@ -68,5 +98,10 @@ module:provides("net", {
name = "multiplex_ssl";
config_prefix = "ssl";
encryption = "ssl";
ssl_config = {
alpn = function ()
return available_protocols;
end;
};
listener = listener;
});

12
plugins/mod_offline.lua
View file

@ -24,11 +24,16 @@ module:hook("message/offline/handle", function(event)
node = origin.username;
end
return offline_messages:append(node, nil, stanza, os.time(), "");
local ok = offline_messages:append(node, nil, stanza, os.time(), "");
if ok then
module:log("debug", "Saved to offline storage: %s", stanza:top_tag());
end
return ok;
end, -1);
module:hook("message/offline/broadcast", function(event)
local origin = event.origin;
origin.log("debug", "Broadcasting offline messages");
local node, host = origin.username, origin.host;
@ -38,6 +43,9 @@ module:hook("message/offline/broadcast", function(event)
stanza:tag("delay", {xmlns = "urn:xmpp:delay", from = host, stamp = datetime.datetime(when)}):up(); -- XEP-0203
origin.send(stanza);
end
offline_messages:delete(node);
local ok = offline_messages:delete(node);
if type(ok) == "number" and ok > 0 then
origin.log("debug", "%d offline messages consumed");
end
return true;
end, -1);

19
plugins/mod_pep.lua
View file

@ -8,6 +8,7 @@ local calculate_hash = require "util.caps".calculate_hash;
local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
local cache = require "util.cache";
local set = require "util.set";
local new_id = require "util.id".medium;
local storagemanager = require "core.storagemanager";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
@ -123,9 +124,6 @@ local function get_broadcaster(username)
if kind == "retract" then
kind = "items"; -- XEP-0060 signals retraction in an <items> container
end
local message = st.message({ from = user_bare, type = "headline" })
:tag("event", { xmlns = xmlns_pubsub_event })
:tag(kind, { node = node });
if item then
item = st.clone(item);
item.attr.xmlns = nil; -- Clear the pubsub namespace
@ -134,10 +132,19 @@ local function get_broadcaster(username)
item:maptags(function () return nil; end);
end
end
end
local id = new_id();
local message = st.message({ from = user_bare, type = "headline", id = id })
:tag("event", { xmlns = xmlns_pubsub_event })
:tag(kind, { node = node });
if item then
message:add_child(item);
end
for jid in pairs(jids) do
module:log("debug", "Sending notification to %s from %s: %s", jid, user_bare, tostring(item));
module:log("debug", "Sending notification to %s from %s for node %s", jid, user_bare, node);
message.attr.to = jid;
module:send(message);
end
@ -166,12 +173,12 @@ local function get_subscriber_filter(username)
end
function get_pep_service(username)
module:log("debug", "get_pep_service(%q)", username);
local user_bare = jid_join(username, host);
local service = services[username];
if service then
return service;
end
module:log("debug", "Creating pubsub service for user %q", username);
service = pubsub.new({
pep_username = username;
node_defaults = {
@ -238,8 +245,6 @@ end
module:hook("iq/bare/"..xmlns_pubsub..":pubsub", handle_pubsub_iq);
module:hook("iq/bare/"..xmlns_pubsub_owner..":pubsub", handle_pubsub_iq);
module:add_identity("pubsub", "pep", module:get_option_string("name", "Prosody"));
module:add_feature("http://jabber.org/protocol/pubsub#publish");
local function get_caps_hash_from_presence(stanza, current)
local t = stanza.attr.type;

6
plugins/mod_pep_simple.lua
View file

@ -14,6 +14,7 @@ local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed
local pairs = pairs;
local next = next;
local type = type;
local unpack = table.unpack or unpack; -- luacheck: ignore 113
local calculate_hash = require "util.caps".calculate_hash;
local core_post_stanza = prosody.core_post_stanza;
local bare_sessions = prosody.bare_sessions;
@ -84,6 +85,7 @@ local function publish_all(user, recipient, session)
if d and notify then
for node in pairs(notify) do
if d[node] then
-- luacheck: ignore id
local id, item = unpack(d[node]);
session.send(st.message({from=user, to=recipient, type='headline'})
:tag('event', {xmlns='http://jabber.org/protocol/pubsub#event'})
@ -229,13 +231,13 @@ module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", function(event)
return true;
else --invalid request
session.send(st.error_reply(stanza, 'modify', 'bad-request'));
module:log("debug", "Invalid request: %s", tostring(payload));
module:log("debug", "Invalid request: %s", payload);
return true;
end
else --no presence subscription
session.send(st.error_reply(stanza, 'auth', 'not-authorized')
:tag('presence-subscription-required', {xmlns='http://jabber.org/protocol/pubsub#errors'}));
module:log("debug", "Unauthorized request: %s", tostring(payload));
module:log("debug", "Unauthorized request: %s", payload);
return true;
end
end

18
plugins/mod_ping.lua
View file

@ -11,23 +11,9 @@ local st = require "util.stanza";
module:add_feature("urn:xmpp:ping");
local function ping_handler(event)
return event.origin.send(st.reply(event.stanza));
event.origin.send(st.reply(event.stanza));
return true;
end
module:hook("iq-get/bare/urn:xmpp:ping:ping", ping_handler);
module:hook("iq-get/host/urn:xmpp:ping:ping", ping_handler);
-- Ad-hoc command
local datetime = require "util.datetime".datetime;
function ping_command_handler (self, data, state) -- luacheck: ignore 212
local now = datetime();
return { info = "Pong\n"..now, status = "completed" };
end
module:depends "adhoc";
local adhoc_new = module:require "adhoc".new;
local descriptor = adhoc_new("Ping", "ping", ping_command_handler);
module:provides("adhoc", descriptor);

59
plugins/mod_posix.lua
View file

@ -20,7 +20,6 @@ if not have_signal then
module:log("warn", "Couldn't load signal library, won't respond to SIGTERM");
end
local format = require "util.format".format;
local lfs = require "lfs";
local stat = lfs.attributes;
@ -31,39 +30,12 @@ module:set_global(); -- we're a global module
local umask = module:get_option_string("umask", "027");
pposix.umask(umask);
-- Allow switching away from root, some people like strange ports.
module:hook("server-started", function ()
local uid = module:get_option("setuid");
local gid = module:get_option("setgid");
if gid then
local success, msg = pposix.setgid(gid);
if success then
module:log("debug", "Changed group to %s successfully.", gid);
else
module:log("error", "Failed to change group to %s. Error: %s", gid, msg);
prosody.shutdown("Failed to change group to %s", gid);
end
end
if uid then
local success, msg = pposix.setuid(uid);
if success then
module:log("debug", "Changed user to %s successfully.", uid);
else
module:log("error", "Failed to change user to %s. Error: %s", uid, msg);
prosody.shutdown("Failed to change user to %s", uid);
end
end
end);
-- Don't even think about it!
if not prosody.start_time then -- server-starting
local suid = module:get_option("setuid");
if not suid or suid == 0 or suid == "root" then
if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
prosody.shutdown("Refusing to run as root");
end
if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then
module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!");
module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root");
prosody.shutdown("Refusing to run as root");
end
end
@ -113,24 +85,15 @@ local function write_pidfile()
end
end
local syslog_opened;
function syslog_sink_maker(config) -- luacheck: ignore 212/config
if not syslog_opened then
pposix.syslog_open("prosody", module:get_option_string("syslog_facility"));
syslog_opened = true;
end
local syslog = pposix.syslog_log;
return function (name, level, message, ...)
syslog(level, name, format(message, ...));
end;
end
require "core.loggingmanager".register_sink_type("syslog", syslog_sink_maker);
local daemonize = prosody.opts.daemonize;
if daemonize == nil then
-- Fall back to config file if not specified on command-line
daemonize = module:get_option("daemonize", prosody.installed);
daemonize = module:get_option_boolean("daemonize", nil);
if daemonize ~= nil then
module:log("warn", "The 'daemonize' option has been deprecated, specify -D or -F on the command line instead.");
-- TODO: Write some docs and include a link in the warning.
end
end
local function remove_log_sinks()
@ -154,9 +117,7 @@ if daemonize then
write_pidfile();
end
end
if not prosody.start_time then -- server-starting
daemonize_server();
end
module:hook("server-started", daemonize_server)
else
-- Not going to daemonize, so write the pid of this process
write_pidfile();

37
plugins/mod_presence.lua
View file

@ -14,6 +14,7 @@ local s_find = string.find;
local tonumber = tonumber;
local core_post_stanza = prosody.core_post_stanza;
local core_process_stanza = prosody.core_process_stanza;
local st = require "util.stanza";
local jid_split = require "util.jid".split;
local jid_bare = require "util.jid".bare;
@ -30,6 +31,14 @@ local recalc_resource_map = require "util.presence".recalc_resource_map;
local ignore_presence_priority = module:get_option_boolean("ignore_presence_priority", false);
local pre_approval_stream_feature = st.stanza("sub", {xmlns="urn:xmpp:features:pre-approval"});
module:hook("stream-features", function(event)
local origin, features = event.origin, event.features;
if origin.username then
features:add_child(pre_approval_stream_feature);
end
end);
function handle_normal_presence(origin, stanza)
if ignore_presence_priority then
local priority = stanza:get_child("priority");
@ -81,8 +90,14 @@ function handle_normal_presence(origin, stanza)
res.presence.attr.to = nil;
end
end
for jid in pairs(roster[false].pending) do -- resend incoming subscription requests
origin.send(st.presence({type="subscribe", from=jid})); -- TODO add to attribute? Use original?
for jid, pending_request in pairs(roster[false].pending) do -- resend incoming subscription requests
if type(pending_request) == "table" then
local subscribe = st.deserialize(pending_request);
subscribe.attr.type, subscribe.attr.from = "subscribe", jid;
origin.send(subscribe);
else
origin.send(st.presence({type="subscribe", from=jid}));
end
end
local request = st.presence({type="subscribe", from=origin.username.."@"..origin.host});
for jid, item in pairs(roster) do -- resend outgoing subscription requests
@ -175,8 +190,10 @@ function handle_outbound_presence_subscriptions_and_probes(origin, stanza, from_
if rostermanager.subscribed(node, host, to_bare) then
rostermanager.roster_push(node, host, to_bare);
end
core_post_stanza(origin, stanza);
send_presence_of_available_resources(node, host, to_bare, origin);
if rostermanager.is_contact_subscribed(node, host, to_bare) then
core_post_stanza(origin, stanza);
send_presence_of_available_resources(node, host, to_bare, origin);
end
if rostermanager.is_user_subscribed(node, host, to_bare) then
core_post_stanza(origin, st.presence({ type = "probe", from = from_bare, to = to_bare }));
end
@ -184,6 +201,8 @@ function handle_outbound_presence_subscriptions_and_probes(origin, stanza, from_
-- 1. send unavailable
-- 2. route stanza
-- 3. roster push (subscription = from or both)
-- luacheck: ignore 211/pending_in
-- Is pending_in meant to be used?
local success, pending_in, subscribed = rostermanager.unsubscribed(node, host, to_bare);
if success then
if subscribed then
@ -223,10 +242,16 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b
if 0 == send_presence_of_available_resources(node, host, from_bare, origin) then
core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- TODO send last activity
end
elseif rostermanager.is_contact_preapproved(node, host, from_bare) then
if not rostermanager.is_contact_pending_in(node, host, from_bare) then
if rostermanager.set_contact_pending_in(node, host, from_bare, stanza) then
core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="subscribed"}), true);
end -- TODO else return error, unable to save
end
else
core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- acknowledging receipt
if not rostermanager.is_contact_pending_in(node, host, from_bare) then
if rostermanager.set_contact_pending_in(node, host, from_bare) then
if rostermanager.set_contact_pending_in(node, host, from_bare, stanza) then
sessionmanager.send_to_available_resources(node, host, stanza);
end -- TODO else return error, unable to save
end
@ -346,7 +371,7 @@ module:hook("resource-unbind", function(event)
if err then
pres:tag("status"):text("Disconnected: "..err):up();
end
session:dispatch_stanza(pres);
core_process_stanza(session, pres);
elseif session.directed then
local pres = st.presence{ type = "unavailable", from = session.full_jid };
if err then

7
plugins/mod_proxy65.lua
View file

@ -12,7 +12,6 @@ module:set_global();
local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep;
local st = require "util.stanza";
local sha1 = require "util.hashes".sha1;
local b64 = require "util.encodings".base64.encode;
local server = require "net.server";
local portmanager = require "core.portmanager";
@ -45,7 +44,7 @@ function listener.onincoming(conn, data)
end -- else error, unexpected input
conn:write("\5\255"); -- send (SOCKS version 5, no acceptable method)
conn:close();
module:log("debug", "Invalid SOCKS5 greeting received: '%s'", b64(data));
module:log("debug", "Invalid SOCKS5 greeting received: %q", data:sub(1, 300));
else -- connection request
--local head = string.char( 0x05, 0x01, 0x00, 0x03, 40 ); -- ( VER=5=SOCKS5, CMD=1=CONNECT, RSV=0=RESERVED, ATYP=3=DOMAIMNAME, SHA-1 size )
if #data == 47 and data:sub(1,5) == "\5\1\0\3\40" and data:sub(-2) == "\0\0" then
@ -67,7 +66,7 @@ function listener.onincoming(conn, data)
else -- error, unexpected input
conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
conn:close();
module:log("debug", "Invalid SOCKS5 negotiation received: '%s'", b64(data));
module:log("debug", "Invalid SOCKS5 negotiation received: %q", data:sub(1, 300));
end
end
end
@ -117,7 +116,7 @@ function module.add_host(module)
if jid_compare(jid, acl) then allow = true; break; end
end
if allow then break; end
module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from));
module:log("warn", "Denying use of proxy for %s", stanza.attr.from);
origin.send(st.error_reply(stanza, "auth", "forbidden"));
return true;
end

9
plugins/mod_pubsub/mod_pubsub.lua
View file

@ -75,14 +75,13 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj)
local msg_type = node_obj and node_obj.config.message_type or "headline";
local message = st.message({ from = module.host, type = msg_type, id = id })
:tag("event", { xmlns = xmlns_pubsub_event })
:tag(kind, { node = node })
:tag(kind, { node = node });
if item then
message:add_child(item);
end
local summary;
-- Compose a sensible textual representation of at least Atom payloads
if item and item.tags[1] then
local payload = item.tags[1];
summary = module:fire_event("pubsub-summary/"..payload.attr.xmlns, {
@ -101,11 +100,12 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj)
end
local max_max_items = module:get_option_number("pubsub_max_items", 256);
function check_node_config(node, actor, new_config) -- luacheck: ignore 212/actor 212/node
function check_node_config(node, actor, new_config) -- luacheck: ignore 212/node 212/actor
if (new_config["max_items"] or 1) > max_max_items then
return false;
end
if new_config["access_model"] ~= "whitelist" and new_config["access_model"] ~= "open" then
if new_config["access_model"] ~= "whitelist"
and new_config["access_model"] ~= "open" then
return false;
end
return true;
@ -115,6 +115,7 @@ function is_item_stanza(item)
return st.is_stanza(item) and item.attr.xmlns == xmlns_pubsub and item.name == "item" and #item.tags == 1;
end
-- Compose a textual representation of Atom payloads
module:hook("pubsub-summary/http://www.w3.org/2005/Atom", function (event)
local payload = event.payload;
local title = payload:get_child_text("title");

31
plugins/mod_pubsub/pubsub.lib.lua
View file

@ -7,6 +7,7 @@ local st = require "util.stanza";
local it = require "util.iterators";
local uuid_generate = require "util.uuid".generate;
local dataform = require"util.dataforms".new;
local errors = require "util.error";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
local xmlns_pubsub_errors = "http://jabber.org/protocol/pubsub#errors";
@ -34,6 +35,9 @@ local pubsub_errors = {
};
local function pubsub_error_reply(stanza, error)
local e = pubsub_errors[error];
if not e and errors.is_err(error) then
e = { error.type, error.condition, error.text, error.pubsub_condition };
end
local reply = st.error_reply(stanza, t_unpack(e, 1, 3));
if e[4] then
reply:tag(e[4], { xmlns = xmlns_pubsub_errors }):up();
@ -185,6 +189,14 @@ local node_metadata_form = dataform {
type = "text-single";
name = "pubsub#type";
};
{
type = "text-single";
name = "pubsub#access_model";
};
{
type = "text-single";
name = "pubsub#publish_model";
};
};
local service_method_feature_map = {
@ -258,6 +270,8 @@ function _M.handle_disco_info_node(event, service)
["pubsub#title"] = node_obj.config.title;
["pubsub#description"] = node_obj.config.description;
["pubsub#type"] = node_obj.config.payload_type;
["pubsub#access_model"] = node_obj.config.access_model;
["pubsub#publish_model"] = node_obj.config.publish_model;
}, "result"));
end
end
@ -318,14 +332,9 @@ function handlers.get_items(origin, stanza, items, service)
for _, id in ipairs(results) do
data:add_child(results[id]);
end
local reply;
if data then
reply = st.reply(stanza)
:tag("pubsub", { xmlns = xmlns_pubsub })
:add_child(data);
else
reply = pubsub_error_reply(stanza, "item-not-found");
end
local reply = st.reply(stanza)
:tag("pubsub", { xmlns = xmlns_pubsub })
:add_child(data);
origin.send(reply);
return true;
end
@ -633,14 +642,13 @@ function handlers.set_retract(origin, stanza, retract, service)
end
function handlers.owner_set_purge(origin, stanza, purge, service)
local node, notify = purge.attr.node, purge.attr.notify;
notify = (notify == "1") or (notify == "true");
local node = purge.attr.node;
local reply;
if not node then
origin.send(pubsub_error_reply(stanza, "nodeid-required"));
return true;
end
local ok, ret = service:purge(node, stanza.attr.from, notify);
local ok, ret = service:purge(node, stanza.attr.from, true);
if ok then
reply = st.reply(stanza);
else
@ -802,6 +810,7 @@ local function archive_itemstore(archive, config, user, node)
end
module:log("debug", "Listed items %s", data);
return it.reverse(function()
-- luacheck: ignore 211/when
local id, payload, when, publisher = data();
if id == nil then
return;

1
plugins/mod_register.lua
View file

@ -11,6 +11,7 @@ local allow_registration = module:get_option_boolean("allow_registration", false
if allow_registration then
module:depends("register_ibr");
module:depends("watchregistrations");
end
module:depends("user_account_management");

51
plugins/mod_register_ibr.lua
View file

@ -9,10 +9,12 @@
local st = require "util.stanza";
local dataform_new = require "util.dataforms".new;
local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_create_user = require "core.usermanager".create_user;
local usermanager_delete_user = require "core.usermanager".delete_user;
local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_create_user = require "core.usermanager".create_user;
local usermanager_set_password = require "core.usermanager".create_user;
local usermanager_delete_user = require "core.usermanager".delete_user;
local nodeprep = require "util.encodings".stringprep.nodeprep;
local util_error = require "util.error";
local additional_fields = module:get_option("additional_registration_fields", {});
local require_encryption = module:get_option_boolean("c2s_require_encryption",
@ -155,7 +157,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
return true;
end
local username, password = nodeprep(data.username), data.password;
local username, password = nodeprep(data.username, true), data.password;
data.username, data.password = nil, nil;
local host = module.host;
if not username or username == "" then
@ -167,25 +169,44 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
local user = { username = username, password = password, host = host, additional = data, ip = session.ip, session = session, allowed = true }
module:fire_event("user-registering", user);
if not user.allowed then
log("debug", "Registration disallowed by module: %s", user.reason or "no reason given");
session.send(st.error_reply(stanza, "modify", "not-acceptable", user.reason));
local error_type, error_condition, reason;
local err = user.error;
if err then
error_type, error_condition, reason = err.type, err.condition, err.text;
else
-- COMPAT pre-util.error
error_type, error_condition, reason = user.error_type, user.error_condition, user.reason;
end
log("debug", "Registration disallowed by module: %s", reason or "no reason given");
session.send(st.error_reply(stanza, error_type or "modify", error_condition or "not-acceptable", reason));
return true;
end
if usermanager_user_exists(username, host) then
log("debug", "Attempt to register with existing username");
session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists."));
return true;
if user.allow_reset == username then
local ok, err = util_error.coerce(usermanager_set_password(username, password, host));
if ok then
module:fire_event("user-password-reset", user);
session.send(st.reply(stanza)); -- reset ok!
else
session.log("error", "Unable to reset password for %s@%s: %s", username, host, err);
session.send(st.error_reply(stanza, err.type, err.condition, err.text));
end
return true;
else
log("debug", "Attempt to register with existing username");
session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists."));
return true;
end
end
-- TODO unable to write file, file may be locked, etc, what's the correct error?
local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk.");
if usermanager_create_user(username, password, host) then
local created, err = usermanager_create_user(username, password, host);
if created then
data.registered = os.time();
if not account_details:set(username, data) then
log("debug", "Could not store extra details");
usermanager_delete_user(username, host);
session.send(error_reply);
session.send(st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."));
return true;
end
session.send(st.reply(stanza)); -- user created!
@ -194,8 +215,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event)
username = username, host = host, source = "mod_register",
session = session });
else
log("debug", "Could not create user");
session.send(error_reply);
log("debug", "Could not create user", err);
session.send(st.error_reply(stanza, "cancel", "feature-not-implemented", err));
end
return true;
end);

31
plugins/mod_register_limits.lua
View file

@ -13,6 +13,7 @@ local ip_util = require "util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
local errors = require "util.error";
local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations");
local whitelist_only = module:get_option_boolean("whitelist_registration_only");
@ -54,6 +55,24 @@ local function ip_in_set(set, ip)
return false;
end
local err_registry = {
blacklisted = {
text = "Your IP address is blacklisted";
type = "auth";
condition = "forbidden";
};
not_whitelisted = {
text = "Your IP address is not whitelisted";
type = "auth";
condition = "forbidden";
};
throttled = {
text = "Too many registrations from this IP address recently";
type = "wait";
condition = "policy-violation";
};
}
module:hook("user-registering", function (event)
local session = event.session;
local ip = event.ip or session and session.ip;
@ -63,16 +82,22 @@ module:hook("user-registering", function (event)
elseif ip_in_set(blacklisted_ips, ip) then
log("debug", "Registration disallowed by blacklist");
event.allowed = false;
event.reason = "Your IP address is blacklisted";
event.error = errors.new("blacklisted", event, err_registry);
elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then
log("debug", "Registration disallowed by whitelist");
event.allowed = false;
event.reason = "Your IP address is not whitelisted";
event.error = errors.new("not_whitelisted", event, err_registry);
elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then
if not check_throttle(ip) then
log("debug", "Registrations over limit for ip %s", ip or "?");
event.allowed = false;
event.reason = "Too many registrations from this IP address recently";
event.error = errors.new("throttled", event, err_registry);
end
end
if event.error then
-- COMPAT pre-util.error
event.reason = event.error.text;
event.error_type = event.error.type;
event.error_condition = event.error.condition;
end
end);

302
plugins/mod_s2s/mod_s2s.lua → plugins/mod_s2s.lua
View file

@ -27,8 +27,10 @@ local s2s_destroy_session = require "core.s2smanager".destroy_session;
local uuid_gen = require "util.uuid".generate;
local fire_global_event = prosody.events.fire_event;
local runner = require "util.async".runner;
local s2sout = module:require("s2sout");
local connect = require "net.connect".connect;
local service = require "net.resolvers.service";
local errors = require "util.error";
local set = require "util.set";
local connect_timeout = module:get_option_number("s2s_timeout", 90);
local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5);
@ -46,8 +48,16 @@ local sessions = module:shared("sessions");
local runner_callbacks = {};
local listener = {};
local log = module._log;
local s2s_service_options = {
default_port = 5269;
use_ipv4 = module:get_option_boolean("use_ipv4", true);
use_ipv6 = module:get_option_boolean("use_ipv6", true);
};
module:hook("stats-update", function ()
local count = 0;
local ipv6 = 0;
@ -78,15 +88,28 @@ local function bounce_sendq(session, reason)
(session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback());
end;
};
-- FIXME Allow for more specific error conditions
-- TODO use util.error ?
local error_type = "cancel";
local condition = "remote-server-not-found";
local reason_text;
if session.had_stream then -- set when a stream is opened by the remote
error_type, condition = "wait", "remote-server-timeout";
end
if errors.is_err(reason) then
error_type, condition, reason_text = reason.type, reason.condition, reason.text;
elseif type(reason) == "string" then
reason_text = reason;
end
for i, data in ipairs(sendq) do
local reply = data[2];
if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then
reply.attr.type = "error";
reply:tag("error", {type = "cancel", by = session.from_host})
:tag("remote-server-not-found", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
if reason then
reply:tag("error", {type = error_type, by = session.from_host})
:tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
if reason_text then
reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"})
:text("Server-to-server connection failed: "..reason):up();
:text("Server-to-server connection failed: "..reason_text):up();
end
core_process_stanza(dummy, reply);
end
@ -107,38 +130,33 @@ function route_to_existing_session(event)
return false;
end
local host = hosts[from_host].s2sout[to_host];
if host then
-- We have a connection to this host already
if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then
(host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
if not host then return end
-- Queue stanza until we are able to send it
local queued_item = {
tostring(stanza),
stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza);
};
if host.sendq then
t_insert(host.sendq, queued_item);
else
-- luacheck: ignore 122
host.sendq = { queued_item };
end
host.log("debug", "stanza [%s] queued ", stanza.name);
return true;
elseif host.type == "local" or host.type == "component" then
log("error", "Trying to send a stanza to ourselves??")
log("error", "Traceback: %s", traceback());
log("error", "Stanza: %s", tostring(stanza));
return false;
-- We have a connection to this host already
if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then
(host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
-- Queue stanza until we are able to send it
local queued_item = {
tostring(stanza),
stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza);
};
if host.sendq then
t_insert(host.sendq, queued_item);
else
-- FIXME
if host.from_host ~= from_host then
log("error", "WARNING! This might, possibly, be a bug, but it might not...");
log("error", "We are going to send from %s instead of %s", host.from_host, from_host);
end
if host.sends2s(stanza) then
return true;
end
-- luacheck: ignore 122
host.sendq = { queued_item };
end
host.log("debug", "stanza [%s] queued ", stanza.name);
return true;
elseif host.type == "local" or host.type == "component" then
log("error", "Trying to send a stanza to ourselves??")
log("error", "Traceback: %s", traceback());
log("error", "Stanza: %s", stanza);
return false;
else
if host.sends2s(stanza) then
return true;
end
end
end
@ -148,17 +166,13 @@ function route_to_new_session(event)
local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
log("debug", "opening a new outgoing connection for this stanza");
local host_session = s2s_new_outgoing(from_host, to_host);
host_session.version = 1;
-- Store in buffer
host_session.bounce_sendq = bounce_sendq;
host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} };
log("debug", "stanza [%s] queued until connection complete", tostring(stanza.name));
s2sout.initiate_connection(host_session);
if (not host_session.connecting) and (not host_session.conn) then
log("warn", "Connection to %s failed already, destroying session...", to_host);
s2s_destroy_session(host_session, "Connection failed");
return false;
end
log("debug", "stanza [%s] queued until connection complete", stanza.name);
connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session });
return true;
end
@ -183,10 +197,20 @@ function module.add_host(module)
-- so the stream is ready for stanzas. RFC 6120 Section 4.3
mark_connected(session);
return true;
elseif require_encryption and not session.secure then
session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host);
session:close({
condition = "policy-violation",
text = "Encrypted server-to-server communication is required but was not offered",
}, nil, "Could not establish encrypted connection to remote server");
return true;
elseif not session.dialback_verifying then
session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
session:close();
return false;
session:close({
condition = "unsupported-feature",
text = "No viable authentication method offered",
}, nil, "No viable authentication method offered by remote server");
return true;
end
end, -1);
end
@ -204,7 +228,18 @@ function mark_connected(session)
if session.type == "s2sout" then
fire_global_event("s2sout-established", event_data);
hosts[from].events.fire_event("s2sout-established", event_data);
if session.incoming then
session.send = function(stanza)
return hosts[from].events.fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza });
end;
end
else
if session.outgoing and not hosts[to].s2sout[from] then
session.log("debug", "Setting up to handle route from %s to %s", to, from);
hosts[to].s2sout[from] = session; -- luacheck: ignore 122
end
local host_session = hosts[to];
session.send = function(stanza)
return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza });
@ -224,13 +259,6 @@ function mark_connected(session)
end
session.sendq = nil;
end
if session.resolver then
session.resolver._resolver:closeall()
end
session.resolver = nil;
session.ip_hosts = nil;
session.srv_hosts = nil;
end
end
@ -242,7 +270,7 @@ function make_authenticated(event)
condition = "policy-violation",
text = "Encrypted server-to-server communication is required but was not "
..((session.direction == "outgoing" and "offered") or "used")
});
}, nil, "Could not establish encrypted connection to remote server");
end
end
if hosts[host] then
@ -252,15 +280,13 @@ function make_authenticated(event)
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then
session.type = "s2sin";
if host then
if not session.hosts[host] then session.hosts[host] = {}; end
session.hosts[host].authed = true;
end
elseif session.type == "s2sin" and host then
elseif session.type ~= "s2sin" and session.type ~= "s2sout" then
return false;
end
if session.incoming and host then
if not session.hosts[host] then session.hosts[host] = {}; end
session.hosts[host].authed = true;
else
return false;
end
session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
@ -297,11 +323,12 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
function stream_callbacks.streamopened(session, attr)
-- run _streamopened in async context
session.thread:run({ attr = attr });
session.thread:run({ stream = "opened", attr = attr });
end
function stream_callbacks._streamopened(session, attr)
session.version = tonumber(attr.version) or 0;
session.had_stream = true; -- Had a stream opened at least once
-- TODO: Rename session.secure to session.encrypted
if session.secure == false then
@ -315,7 +342,6 @@ function stream_callbacks._streamopened(session, attr)
session.compressed = info.compression;
else
(session.log or log)("info", "Stream encrypted");
session.compressed = sock.compression and sock:compression(); --COMPAT mw/luasec-hg
end
end
@ -323,7 +349,9 @@ function stream_callbacks._streamopened(session, attr)
-- Send a reply stream header
-- Validate to/from
local to, from = nameprep(attr.to), nameprep(attr.from);
local to, from = attr.to, attr.from;
if to then to = nameprep(attr.to); end
if from then from = nameprep(attr.from); end
if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts)
session:close({ condition = "improper-addressing", text = "Invalid 'to' address" });
return;
@ -417,20 +445,6 @@ function stream_callbacks._streamopened(session, attr)
end
end
-- Send unauthed buffer
-- (stanzas which are fine to send before dialback)
-- Note that this is *not* the stanza queue (which
-- we can only send if auth succeeds) :)
local send_buffer = session.send_buffer;
if send_buffer and #send_buffer > 0 then
log("debug", "Sending s2s send_buffer now...");
for i, data in ipairs(send_buffer) do
session.sends2s(tostring(data));
send_buffer[i] = nil;
end
end
session.send_buffer = nil;
-- If server is pre-1.0, don't wait for features, just do dialback
if session.version < 1.0 then
if not session.dialback_verifying then
@ -442,11 +456,16 @@ function stream_callbacks._streamopened(session, attr)
end
end
function stream_callbacks.streamclosed(session)
function stream_callbacks._streamclosed(session)
(session.log or log)("debug", "Received </stream:stream>");
session:close(false);
end
function stream_callbacks.streamclosed(session, attr)
-- run _streamclosed in async context
session.thread:run({ stream = "closed", attr = attr });
end
function stream_callbacks.error(session, error, data)
if error == "no-stream" then
session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}")));
@ -472,11 +491,12 @@ function stream_callbacks.error(session, error, data)
end
end
local listener = {};
--- Session methods
local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'};
local function session_close(session, reason, remote_reason)
-- reason: stream error to send to the remote server
-- remote_reason: stream error received from the remote server
-- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different
local function session_close(session, reason, remote_reason, bounce_reason)
local log = session.log or log;
if session.conn then
if session.notopen then
@ -487,27 +507,23 @@ local function session_close(session, reason, remote_reason)
end
end
if reason then -- nil == no err, initiated by us, false == initiated by remote
local stream_error;
if type(reason) == "string" then -- assume stream error
log("debug", "Disconnecting %s[%s], <stream:error> is: %s", session.host or session.ip or "(unknown host)", session.type, reason);
session.sends2s(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }));
elseif type(reason) == "table" then
if reason.condition then
local stanza = st.stanza("stream:error"):tag(reason.condition, stream_xmlns_attr):up();
if reason.text then
stanza:tag("text", stream_xmlns_attr):text(reason.text):up();
end
if reason.extra then
stanza:add_child(reason.extra);
end
log("debug", "Disconnecting %s[%s], <stream:error> is: %s",
session.host or session.ip or "(unknown host)", session.type, stanza);
session.sends2s(stanza);
elseif reason.name then -- a stanza
log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s",
session.from_host or "(unknown host)", session.to_host or "(unknown host)",
session.type, reason);
session.sends2s(reason);
stream_error = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' });
elseif type(reason) == "table" and not st.is_stanza(reason) then
stream_error = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up();
if reason.text then
stream_error:tag("text", stream_xmlns_attr):text(reason.text):up();
end
if reason.extra then
stream_error:add_child(reason.extra);
end
end
if st.is_stanza(stream_error) then
-- to and from are never unknown on outgoing connections
log("debug", "Disconnecting %s->%s[%s], <stream:error> is: %s",
session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason);
session.sends2s(stream_error);
end
end
@ -522,16 +538,16 @@ local function session_close(session, reason, remote_reason)
-- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote
local conn = session.conn;
if reason == nil and not session.notopen and session.type == "s2sin" then
if reason == nil and not session.notopen and session.incoming then
add_task(stream_close_timeout, function ()
if not session.destroyed then
session.log("warn", "Failed to receive a stream close response, closing connection anyway...");
s2s_destroy_session(session, reason);
s2s_destroy_session(session, reason, bounce_reason);
conn:close();
end
end);
else
s2s_destroy_session(session, reason);
s2s_destroy_session(session, reason, bounce_reason);
conn:close(); -- Close immediately, as this is an outgoing connection or is not authed
end
end
@ -554,10 +570,12 @@ local function initialize_session(session)
local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit);
session.thread = runner(function (stanza)
if stanza.name == nil then
stream_callbacks._streamopened(session, stanza.attr);
else
if st.is_stanza(stanza) then
core_process_stanza(session, stanza);
elseif stanza.stream == "opened" then
stream_callbacks._streamopened(session, stanza.attr);
elseif stanza.stream == "closed" then
stream_callbacks._streamclosed(session, stanza.attr);
end
end, runner_callbacks, session);
@ -596,8 +614,12 @@ local function initialize_session(session)
if data then
local ok, err = stream:feed(data);
if ok then return; end
log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
session:close("not-well-formed");
log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
if err == "stanza-too-large" then
session:close({ condition = "policy-violation", text = "XML stanza is too big" }, nil, "Received invalid XML from remote server");
else
session:close("not-well-formed", nil, "Received invalid XML from remote server");
end
end
end
@ -672,11 +694,20 @@ function listener.ondisconnect(conn, err)
local session = sessions[conn];
if session then
sessions[conn] = nil;
(session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
if session.secure == false and err then
-- TODO util.error-ify this
err = "Error during negotiation of encrypted connection: "..err;
end
s2s_destroy_session(session, err);
end
end
function listener.onfail(data, err)
local session = data and data.session;
if session then
if err and session.direction == "outgoing" and session.notopen then
(session.log or log)("debug", "s2s connection attempt failed: %s", err);
if s2sout.attempt_connection(session, err) then
return; -- Session lives for now
end
end
(session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed");
s2s_destroy_session(session, err);
@ -700,6 +731,34 @@ function listener.ondetach(conn)
sessions[conn] = nil;
end
function listener.onattach(conn, data)
local session = data and data.session;
if session then
session.conn = conn;
sessions[conn] = session;
initialize_session(session);
end
end
-- Complete the sentence "Your certificate " with what's wrong
local function friendly_cert_error(session) --> string
if session.cert_chain_status == "invalid" then
if session.cert_chain_errors then
local cert_errors = set.new(session.cert_chain_errors[1]);
if cert_errors:contains("certificate has expired") then
return "has expired";
elseif cert_errors:contains("self signed certificate") then
return "is self-signed";
end
end
return "is not trusted"; -- for some other reason
elseif session.cert_identity_status == "invalid" then
return "is not valid for this name";
end
-- this should normally be unreachable except if no s2s auth module was loaded
return "could not be validated";
end
function check_auth_policy(event)
local host, session = event.host, event.session;
local must_secure = secure_auth;
@ -711,20 +770,21 @@ function check_auth_policy(event)
end
if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
if session.direction == "incoming" then
session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
else -- Close outgoing connections without warning
session:close(false);
end
local reason = friendly_cert_error(session);
session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason);
-- XEP-0178 recommends closing outgoing connections without warning
-- but does not give a rationale for this.
-- In practice most cases are configuration mistakes or forgotten
-- certificate renewals. We think it's better to let the other party
-- know about the problem so that they can fix it.
session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
nil, "Remote server's certificate "..reason);
return false;
end
end
module:hook("s2s-check-certificate", check_auth_policy, -1);
s2sout.set_listener(listener);
module:hook("server-stopping", function(event)
local reason = event.reason;
for _, session in pairs(sessions) do
@ -739,7 +799,11 @@ module:provides("net", {
listener = listener;
default_port = 5269;
encryption = "starttls";
ssl_config = { -- FIXME This is not used atm, see mod_tls
verify = { "peer", "client_once", };
};
multiplex = {
protocol = "xmpp-server";
pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
};
});

349
plugins/mod_s2s/s2sout.lib.lua
View file

@ -1,349 +0,0 @@
-- Prosody IM
-- Copyright (C) 2008-2010 Matthew Wild
-- Copyright (C) 2008-2010 Waqas Hussain
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
--- Module containing all the logic for connecting to a remote server
-- luacheck: ignore 432/err
local portmanager = require "core.portmanager";
local wrapclient = require "net.server".wrapclient;
local initialize_filters = require "util.filters".initialize;
local idna_to_ascii = require "util.encodings".idna.to_ascii;
local new_ip = require "util.ip".new_ip;
local rfc6724_dest = require "util.rfc6724".destination;
local socket = require "socket";
local adns = require "net.adns";
local t_insert, t_sort, ipairs = table.insert, table.sort, ipairs;
local local_addresses = require "util.net".local_addresses;
local s2s_destroy_session = require "core.s2smanager".destroy_session;
local default_mode = module:get_option("network_default_read_size", 4096);
local log = module._log;
local sources = {};
local has_ipv4, has_ipv6;
local dns_timeout = module:get_option_number("dns_timeout", 15);
local resolvers = module:get_option_set("s2s_dns_resolvers")
local s2sout = {};
local s2s_listener;
function s2sout.set_listener(listener)
s2s_listener = listener;
end
local function compare_srv_priorities(a,b)
return a.priority < b.priority or (a.priority == b.priority and a.weight > b.weight);
end
function s2sout.initiate_connection(host_session)
local log = host_session.log or log;
initialize_filters(host_session);
host_session.version = 1;
host_session.resolver = adns.resolver();
host_session.resolver._resolver:settimeout(dns_timeout);
if resolvers then
for resolver in resolvers do
host_session.resolver._resolver:addnameserver(resolver);
end
end
-- Kick the connection attempting machine into life
if not s2sout.attempt_connection(host_session) then
-- Intentionally not returning here, the
-- session is needed, connected or not
s2s_destroy_session(host_session);
end
if not host_session.sends2s then
-- A sends2s which buffers data (until the stream is opened)
-- note that data in this buffer will be sent before the stream is authed
-- and will not be ack'd in any way, successful or otherwise
local buffer;
function host_session.sends2s(data)
if not buffer then
buffer = {};
host_session.send_buffer = buffer;
end
log("debug", "Buffering data on unconnected s2sout to %s", host_session.to_host);
buffer[#buffer+1] = data;
log("debug", "Buffered item %d: %s", #buffer, data);
end
end
end
function s2sout.attempt_connection(host_session, err)
local to_host = host_session.to_host;
local connect_host, connect_port = to_host and idna_to_ascii(to_host), 5269;
local log = host_session.log or log;
if not connect_host then
return false;
end
if not err then -- This is our first attempt
log("debug", "First attempt to connect to %s, starting with SRV lookup...", to_host);
host_session.connecting = true;
host_session.resolver:lookup(function (answer)
local srv_hosts = { answer = answer };
host_session.srv_hosts = srv_hosts;
host_session.srv_choice = 0;
host_session.connecting = nil;
if answer and #answer > 0 then
log("debug", "%s has SRV records, handling...", to_host);
for _, record in ipairs(answer) do
t_insert(srv_hosts, record.srv);
end
if #srv_hosts == 1 and srv_hosts[1].target == "." then
log("debug", "%s does not provide a XMPP service", to_host);
s2s_destroy_session(host_session, err); -- Nothing to see here
return;
end
t_sort(srv_hosts, compare_srv_priorities);
local srv_choice = srv_hosts[1];
host_session.srv_choice = 1;
if srv_choice then
connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port;
log("debug", "Best record found, will connect to %s:%d", connect_host, connect_port);
end
else
log("debug", "%s has no SRV records, falling back to A/AAAA", to_host);
end
-- Try with SRV, or just the plain hostname if no SRV
local ok, err = s2sout.try_connect(host_session, connect_host, connect_port);
if not ok then
if not s2sout.attempt_connection(host_session, err) then
-- No more attempts will be made
s2s_destroy_session(host_session, err);
end
end
end, "_xmpp-server._tcp."..connect_host..".", "SRV");
return true; -- Attempt in progress
elseif host_session.ip_hosts then
return s2sout.try_connect(host_session, connect_host, connect_port, err);
elseif host_session.srv_hosts and #host_session.srv_hosts > host_session.srv_choice then -- Not our first attempt, and we also have SRV
host_session.srv_choice = host_session.srv_choice + 1;
local srv_choice = host_session.srv_hosts[host_session.srv_choice];
connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port;
host_session.log("info", "Connection failed (%s). Attempt #%d: This time to %s:%d", err, host_session.srv_choice, connect_host, connect_port);
else
host_session.log("info", "Failed in all attempts to connect to %s", host_session.to_host);
-- We're out of options
return false;
end
if not (connect_host and connect_port) then
-- Likely we couldn't resolve DNS
log("warn", "Hmm, we're without a host (%s) and port (%s) to connect to for %s, giving up :(", connect_host, connect_port, to_host);
return false;
end
return s2sout.try_connect(host_session, connect_host, connect_port);
end
function s2sout.try_next_ip(host_session)
host_session.connecting = nil;
host_session.ip_choice = host_session.ip_choice + 1;
local ip = host_session.ip_hosts[host_session.ip_choice];
local ok, err= s2sout.make_connect(host_session, ip.ip, ip.port);
if not ok then
if not s2sout.attempt_connection(host_session, err or "closed") then
err = err and (": "..err) or "";
s2s_destroy_session(host_session, "Connection failed"..err);
end
end
end
function s2sout.try_connect(host_session, connect_host, connect_port, err)
host_session.connecting = true;
local log = host_session.log or log;
if not err then
local IPs = {};
host_session.ip_hosts = IPs;
-- luacheck: ignore 231/handle4 231/handle6
local handle4, handle6;
local have_other_result = not(has_ipv4) or not(has_ipv6) or false;
if has_ipv4 then
handle4 = host_session.resolver:lookup(function (reply, err)
handle4 = nil;
if reply and reply[#reply] and reply[#reply].a then
for _, ip in ipairs(reply) do
log("debug", "DNS reply for %s gives us %s", connect_host, ip.a);
IPs[#IPs+1] = new_ip(ip.a, "IPv4");
end
elseif err then
log("debug", "Error in DNS lookup: %s", err);
end
if have_other_result then
if #IPs > 0 then
rfc6724_dest(host_session.ip_hosts, sources);
for i = 1, #IPs do
IPs[i] = {ip = IPs[i], port = connect_port};
end
host_session.ip_choice = 0;
s2sout.try_next_ip(host_session);
else
log("debug", "DNS lookup failed to get a response for %s", connect_host);
host_session.ip_hosts = nil;
if not s2sout.attempt_connection(host_session, "name resolution failed") then -- Retry if we can
log("debug", "No other records to try for %s - destroying", host_session.to_host);
err = err and (": "..err) or "";
s2s_destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't
end
end
else
have_other_result = true;
end
end, connect_host, "A", "IN");
else
have_other_result = true;
end
if has_ipv6 then
handle6 = host_session.resolver:lookup(function (reply, err)
handle6 = nil;
if reply and reply[#reply] and reply[#reply].aaaa then
for _, ip in ipairs(reply) do
log("debug", "DNS reply for %s gives us %s", connect_host, ip.aaaa);
IPs[#IPs+1] = new_ip(ip.aaaa, "IPv6");
end
elseif err then
log("debug", "Error in DNS lookup: %s", err);
end
if have_other_result then
if #IPs > 0 then
rfc6724_dest(host_session.ip_hosts, sources);
for i = 1, #IPs do
IPs[i] = {ip = IPs[i], port = connect_port};
end
host_session.ip_choice = 0;
s2sout.try_next_ip(host_session);
else
log("debug", "DNS lookup failed to get a response for %s", connect_host);
host_session.ip_hosts = nil;
if not s2sout.attempt_connection(host_session, "name resolution failed") then -- Retry if we can
log("debug", "No other records to try for %s - destroying", host_session.to_host);
err = err and (": "..err) or "";
s2s_destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't
end
end
else
have_other_result = true;
end
end, connect_host, "AAAA", "IN");
else
have_other_result = true;
end
return true;
elseif host_session.ip_hosts and #host_session.ip_hosts > host_session.ip_choice then -- Not our first attempt, and we also have IPs left to try
s2sout.try_next_ip(host_session);
else
log("debug", "Out of IP addresses, trying next SRV record (if any)");
host_session.ip_hosts = nil;
if not s2sout.attempt_connection(host_session, "out of IP addresses") then -- Retry if we can
log("debug", "No other records to try for %s - destroying", host_session.to_host);
err = err and (": "..err) or "";
s2s_destroy_session(host_session, "Connecting failed"..err); -- End of the line, we can't
return false;
end
end
return true;
end
function s2sout.make_connect(host_session, connect_host, connect_port)
local log = host_session.log or log;
log("debug", "Beginning new connection attempt to %s ([%s]:%d)", host_session.to_host, connect_host.addr, connect_port);
-- Reset secure flag in case this is another
-- connection attempt after a failed STARTTLS
host_session.secure = nil;
host_session.encrypted = nil;
local conn, handler;
local proto = connect_host.proto;
if proto == "IPv4" then
conn, handler = socket.tcp();
elseif proto == "IPv6" and socket.tcp6 then
conn, handler = socket.tcp6();
else
handler = "Unsupported protocol: "..tostring(proto);
end
if not conn then
log("warn", "Failed to create outgoing connection, system error: %s", handler);
return false, handler;
end
conn:settimeout(0);
local success, err = conn:connect(connect_host.addr, connect_port);
if not success and err ~= "timeout" then
log("warn", "s2s connect() to %s (%s:%d) failed: %s", host_session.to_host, connect_host.addr, connect_port, err);
return false, err;
end
conn = wrapclient(conn, connect_host.addr, connect_port, s2s_listener, default_mode);
host_session.conn = conn;
-- Register this outgoing connection so that xmppserver_listener knows about it
-- otherwise it will assume it is a new incoming connection
s2s_listener.register_outgoing(conn, host_session);
log("debug", "Connection attempt in progress...");
return true;
end
module:hook_global("service-added", function (event)
if event.name ~= "s2s" then return end
local s2s_sources = portmanager.get_active_services():get("s2s");
if not s2s_sources then
module:log("warn", "s2s not listening on any ports, outgoing connections may fail");
return;
end
for source, _ in pairs(s2s_sources) do
if source == "*" or source == "0.0.0.0" then
for _, addr in ipairs(local_addresses("ipv4", true)) do
sources[#sources + 1] = new_ip(addr, "IPv4");
end
elseif source == "::" then
for _, addr in ipairs(local_addresses("ipv6", true)) do
sources[#sources + 1] = new_ip(addr, "IPv6");
end
else
sources[#sources + 1] = new_ip(source, (source:find(":") and "IPv6") or "IPv4");
end
end
for i = 1,#sources do
if sources[i].proto == "IPv6" then
has_ipv6 = true;
elseif sources[i].proto == "IPv4" then
has_ipv4 = true;
end
end
if not (has_ipv4 or has_ipv6) then
module:log("warn", "No local IPv4 or IPv6 addresses detected, outgoing connections may fail");
end
end);
return s2sout;

4
plugins/mod_s2s_auth_certs.lua
View file

@ -17,9 +17,6 @@ module:hook("s2s-check-certificate", function(event)
local chain_valid, errors;
if conn.getpeerverification then
chain_valid, errors = conn:getpeerverification();
elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg
chain_valid, errors = conn:getpeerchainvalid();
errors = (not chain_valid) and { { errors } } or nil;
else
chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
end
@ -30,6 +27,7 @@ module:hook("s2s-check-certificate", function(event)
log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
end
session.cert_chain_status = "invalid";
session.cert_chain_errors = errors;
else
log("debug", "certificate chain validation result: valid");
session.cert_chain_status = "valid";

40
plugins/mod_s2s_bidi.lua Normal file
View file

@ -0,0 +1,40 @@
-- Prosody IM
-- Copyright (C) 2019 Kim Alvefur
--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
local st = require "util.stanza";
local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";
local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
module:hook("s2s-stream-features", function(event)
local origin, features = event.origin, event.features;
if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
end
end);
module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
if bidi then
session.incoming = true;
session.log("debug", "Requesting bidirectional stream");
session.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi }));
end
end
end, 200);
module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
session.log("debug", "Requested bidirectional stream");
session.outgoing = true;
return true;
end
end);

89
plugins/mod_saslauth.lua
View file

@ -12,9 +12,10 @@ local st = require "util.stanza";
local sm_bind_resource = require "core.sessionmanager".bind_resource;
local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
local base64 = require "util.encodings".base64;
local set = require "util.set";
local errors = require "util.error";
local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
local tostring = tostring;
local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
@ -48,7 +49,7 @@ local function handle_status(session, status, ret, err_msg)
module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg });
session.sasl_handler = session.sasl_handler:clean_clone();
elseif status == "success" then
local ok, err = sm_make_authenticated(session, session.sasl_handler.username);
local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.scope);
if ok then
module:fire_event("authentication-success", { session = session });
session.sasl_handler = nil;
@ -67,7 +68,6 @@ local function sasl_process_cdata(session, stanza)
local text = stanza[1];
if text then
text = base64.decode(text);
--log("debug", "AUTH: %s", text:gsub("[%z\001-\008\011\012\014-\031]", " "));
if not text then
session.sasl_handler = nil;
session.send(build_reply("failure", "incorrect-encoding"));
@ -77,7 +77,6 @@ local function sasl_process_cdata(session, stanza)
local status, ret, err_msg = session.sasl_handler:process(text);
status, ret, err_msg = handle_status(session, status, ret, err_msg);
local s = build_reply(status, ret, err_msg);
log("debug", "sasl reply: %s", tostring(s));
session.send(s);
return true;
end
@ -104,18 +103,27 @@ module:hook_tag(xmlns_sasl, "failure", function (session, stanza)
break;
end
end
if text and condition then
condition = condition .. ": " .. text;
end
module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, condition);
local err = errors.new({
-- TODO type = what?
text = text,
condition = condition,
}, {
session = session,
stanza = stanza,
});
module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, err);
session.external_auth = "failed"
session.external_auth_failure_reason = condition;
session.external_auth_failure_reason = err;
end, 500)
module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza
session.log("debug", "No fallback from SASL EXTERNAL failure, giving up");
session:close(nil, session.external_auth_failure_reason);
session:close(nil, session.external_auth_failure_reason, errors.new({
type = "wait", condition = "remote-server-timeout",
text = "Could not authenticate to remote server",
}, { session = session, sasl_failure = session.external_auth_failure_reason, }));
return true;
end, 90)
@ -248,37 +256,72 @@ module:hook("stream-features", function(event)
local sasl_handler = usermanager_get_sasl_handler(module.host, origin)
origin.sasl_handler = sasl_handler;
if origin.encrypted then
-- check wether LuaSec has the nifty binding to the function needed for tls-unique
-- check whether LuaSec has the nifty binding to the function needed for tls-unique
-- FIXME: would be nice to have this check only once and not for every socket
if sasl_handler.add_cb_handler then
local socket = origin.conn:socket();
if socket.getpeerfinished then
log("debug", "Channel binding 'tls-unique' supported");
sasl_handler:add_cb_handler("tls-unique", tls_unique);
else
log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)");
end
sasl_handler["userdata"] = {
["tls-unique"] = socket;
};
else
log("debug", "Channel binding not supported by SASL handler");
end
end
local mechanisms = st.stanza("mechanisms", mechanisms_attr);
local sasl_mechanisms = sasl_handler:mechanisms()
local available_mechanisms = set.new();
for mechanism in pairs(sasl_mechanisms) do
if disabled_mechanisms:contains(mechanism) then
log("debug", "Not offering disabled mechanism %s", mechanism);
elseif not origin.secure and insecure_mechanisms:contains(mechanism) then
log("debug", "Not offering mechanism %s on insecure connection", mechanism);
else
log("debug", "Offering mechanism %s", mechanism);
available_mechanisms:add(mechanism);
end
log("debug", "SASL mechanisms supported by handler: %s", available_mechanisms);
local usable_mechanisms = available_mechanisms - disabled_mechanisms;
local available_disabled = set.intersection(available_mechanisms, disabled_mechanisms);
if not available_disabled:empty() then
log("debug", "Not offering disabled mechanisms: %s", available_disabled);
end
local available_insecure = set.intersection(available_mechanisms, insecure_mechanisms);
if not origin.secure and not available_insecure:empty() then
log("debug", "Session is not secure, not offering insecure mechanisms: %s", available_insecure);
usable_mechanisms = usable_mechanisms - insecure_mechanisms;
end
if not usable_mechanisms:empty() then
log("debug", "Offering usable mechanisms: %s", usable_mechanisms);
for mechanism in usable_mechanisms do
mechanisms:tag("mechanism"):text(mechanism):up();
end
end
if mechanisms[1] then
features:add_child(mechanisms);
elseif not next(sasl_mechanisms) then
log("warn", "No available SASL mechanisms, verify that the configured authentication module is working");
else
log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection");
return;
end
local authmod = module:get_option_string("authentication", "internal_plain");
if available_mechanisms:empty() then
log("warn", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod);
return;
end
if not origin.secure and not available_insecure:empty() then
if not available_disabled:empty() then
log("warn", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)",
authmod, available_insecure, available_disabled);
else
log("warn", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)",
authmod, available_insecure);
end
elseif not available_disabled:empty() then
log("warn", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)",
authmod, available_disabled);
end
else
features:tag("bind", bind_attr):tag("required"):up():up();
features:tag("session", xmpp_session_attr):tag("optional"):up():up();

3
plugins/mod_scansion_record.lua
View file

@ -37,8 +37,7 @@ local function record_event(session, event)
end
local function record_stanza(stanza, session, verb)
local flattened = tostring(stanza):gsub("><", ">\n\t<");
-- TODO Proper prettyprinting with indentation
local flattened = tostring(stanza:indent(2, "\t"));
record(session.scansion_id.." "..verb..":\n\t"..flattened.."\n\n");
end

1
plugins/mod_server_contact_info.lua
View file

@ -16,6 +16,7 @@ local form_layout = require "util.dataforms".new({
{ name = "feedback", var = "feedback-addresses", type = "list-multi" },
{ name = "sales", var = "sales-addresses", type = "list-multi" },
{ name = "security", var = "security-addresses", type = "list-multi" },
{ name = "status", var = "status-addresses", type = "list-multi" },
{ name = "support", var = "support-addresses", type = "list-multi" },
});

5
plugins/mod_stanza_debug.lua
View file

@ -1,18 +1,17 @@
module:set_global();
local tostring = tostring;
local filters = require "util.filters";
local function log_send(t, session)
if t and t ~= "" and t ~= " " then
session.log("debug", "SEND: %s", tostring(t));
session.log("debug", "SEND: %s", t);
end
return t;
end
local function log_recv(t, session)
if t and t ~= "" and t ~= " " then
session.log("debug", "RECV: %s", tostring(t));
session.log("debug", "RECV: %s", t);
end
return t;
end

149
plugins/mod_storage_internal.lua
View file

@ -1,12 +1,17 @@
local cache = require "util.cache";
local datamanager = require "core.storagemanager".olddm;
local array = require "util.array";
local datetime = require "util.datetime";
local st = require "util.stanza";
local now = require "util.time".now;
local id = require "util.id".medium;
local jid_join = require "util.jid".join;
local host = module.host;
local archive_item_limit = module:get_option_number("storage_archive_item_limit", 10000);
local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000));
local driver = {};
function driver:open(store, typ)
@ -43,6 +48,12 @@ end
local archive = {};
driver.archive = { __index = archive };
archive.caps = {
total = true;
quota = archive_item_limit;
truncate = true;
};
function archive:append(username, key, value, when, with)
when = when or now();
if not st.is_stanza(value) then
@ -54,28 +65,57 @@ function archive:append(username, key, value, when, with)
value.attr.stamp = datetime.datetime(when);
value.attr.stamp_legacy = datetime.legacy(when);
local cache_key = jid_join(username, host, self.store);
local item_count = archive_item_count_cache:get(cache_key);
if key then
local items, err = datamanager.list_load(username, host, self.store);
if not items and err then return items, err; end
-- Check the quota
item_count = items and #items or 0;
archive_item_count_cache:set(cache_key, item_count);
if item_count >= archive_item_limit then
module:log("debug", "%s reached or over quota, not adding to store", username);
return nil, "quota-limit";
end
if items then
-- Filter out any item with the same key as the one being added
items = array(items);
items:filter(function (item)
return item.key ~= key;
end);
value.key = key;
items:push(value);
local ok, err = datamanager.list_store(username, host, self.store, items);
if not ok then return ok, err; end
archive_item_count_cache:set(cache_key, #items);
return key;
end
else
if not item_count then -- Item count not cached?
-- We need to load the list to get the number of items currently stored
local items, err = datamanager.list_load(username, host, self.store);
if not items and err then return items, err; end
item_count = items and #items or 0;
archive_item_count_cache:set(cache_key, item_count);
end
if item_count >= archive_item_limit then
module:log("debug", "%s reached or over quota, not adding to store", username);
return nil, "quota-limit";
end
key = id();
end
module:log("debug", "%s has %d items out of %d limit in store %s", username, item_count, archive_item_limit, self.store);
value.key = key;
local ok, err = datamanager.list_append(username, host, self.store, value);
if not ok then return ok, err; end
archive_item_count_cache:set(cache_key, item_count+1);
return key;
end
@ -84,12 +124,18 @@ function archive:find(username, query)
if not items then
if err then
return items, err;
else
return function () end, 0;
elseif query then
if query.before or query.after then
return nil, "item-not-found";
end
if query.total then
return function () end, 0;
end
end
return function () end;
end
local count = #items;
local i = 0;
local count = nil;
local i, last_key = 0;
if query then
items = array(items);
if query.key then
@ -114,24 +160,38 @@ function archive:find(username, query)
return when <= query["end"];
end);
end
count = #items;
if query.total then
count = #items;
end
if query.reverse then
items:reverse();
if query.before then
for j = 1, count do
local found = false;
for j = 1, #items do
if (items[j].key or tostring(j)) == query.before then
found = true;
i = j;
break;
end
end
if not found then
return nil, "item-not-found";
end
end
elseif query.before then
last_key = query.before;
elseif query.after then
for j = 1, count do
local found = false;
for j = 1, #items do
if (items[j].key or tostring(j)) == query.after then
found = true;
i = j;
break;
end
end
if not found then
return nil, "item-not-found";
end
end
if query.limit and #items - i > query.limit then
items[i+query.limit+1] = nil;
@ -140,7 +200,9 @@ function archive:find(username, query)
return function ()
i = i + 1;
local item = items[i];
if not item then return; end
if not item or (last_key and item.key == last_key) then
return;
end
local key = item.key or tostring(i);
local when = item.when or datetime.parse(item.attr.stamp);
local with = item.with;
@ -152,14 +214,83 @@ function archive:find(username, query)
end, count;
end
function archive:get(username, wanted_key)
local iter, err = self:find(username, { key = wanted_key })
if not iter then return iter, err; end
for key, stanza, when, with in iter do
if key == wanted_key then
return stanza, when, with;
end
end
return nil, "item-not-found";
end
function archive:set(username, key, new_value, new_when, new_with)
local items, err = datamanager.list_load(username, host, self.store);
if not items then
if err then
return items, err;
else
return nil, "item-not-found";
end
end
for i = 1, #items do
local old_item = items[i];
if old_item.key == key then
local item = st.preserialize(st.clone(new_value));
local when = new_when or old_item.when or datetime.parse(old_item.attr.stamp);
item.key = key;
item.when = when;
item.with = new_with or old_item.with;
item.attr.stamp = datetime.datetime(when);
item.attr.stamp_legacy = datetime.legacy(when);
items[i] = item;
return datamanager.list_store(username, host, self.store, items);
end
end
return nil, "item-not-found";
end
function archive:dates(username)
local items, err = datamanager.list_load(username, host, self.store);
if not items then return items, err; end
return array(items):pluck("when"):map(datetime.date):unique();
end
function archive:summary(username, query)
local iter, err = self:find(username, query)
if not iter then return iter, err; end
local counts = {};
local earliest = {};
local latest = {};
local body = {};
for _, stanza, when, with in iter do
counts[with] = (counts[with] or 0) + 1;
if earliest[with] == nil then
earliest[with] = when;
end
latest[with] = when;
body[with] = stanza:get_child_text("body") or body[with];
end
return {
counts = counts;
earliest = earliest;
latest = latest;
body = body;
};
end
function archive:users()
return datamanager.users(host, self.store, "list");
end
function archive:delete(username, query)
local cache_key = jid_join(username, host, self.store);
if not query or next(query) == nil then
archive_item_count_cache:set(cache_key, nil);
return datamanager.list_store(username, host, self.store, nil);
end
local items, err = datamanager.list_load(username, host, self.store);
@ -167,6 +298,7 @@ function archive:delete(username, query)
if err then
return items, err;
end
archive_item_count_cache:set(cache_key, 0);
-- Store is empty
return 0;
end
@ -216,6 +348,7 @@ function archive:delete(username, query)
end
local ok, err = datamanager.list_store(username, host, self.store, items);
if not ok then return ok, err; end
archive_item_count_cache:set(cache_key, #items);
return count;
end

97
plugins/mod_storage_memory.lua
View file

@ -8,6 +8,8 @@ local new_id = require "util.id".medium;
local auto_purge_enabled = module:get_option_boolean("storage_memory_temporary", false);
local auto_purge_stores = module:get_option_set("storage_memory_temporary_stores", {});
local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000);
local memory = setmetatable({}, {
__index = function(t, k)
local store = module:shared(k)
@ -51,6 +53,12 @@ archive_store.__index = archive_store;
archive_store.users = _users;
archive_store.caps = {
total = true;
quota = archive_item_limit;
truncate = true;
};
function archive_store:append(username, key, value, when, with)
if is_stanza(value) then
value = st.preserialize(value);
@ -70,6 +78,8 @@ function archive_store:append(username, key, value, when, with)
end
if a[key] then
table.remove(a, a[key]);
elseif #a >= archive_item_limit then
return nil, "quota-limit";
end
local i = #a+1;
a[i] = v;
@ -80,10 +90,18 @@ end
function archive_store:find(username, query)
local items = self.store[username or NULL];
if not items then
return function () end, 0;
if query then
if query.before or query.after then
return nil, "item-not-found";
end
if query.total then
return function () end, 0;
end
end
return function () end;
end
local count = #items;
local i = 0;
local count = nil;
local i, last_key = 0;
if query then
items = array():append(items);
if query.key then
@ -106,24 +124,38 @@ function archive_store:find(username, query)
return item.when <= query["end"];
end);
end
count = #items;
if query.total then
count = #items;
end
if query.reverse then
items:reverse();
if query.before then
for j = 1, count do
local found = false;
for j = 1, #items do
if (items[j].key or tostring(j)) == query.before then
found = true;
i = j;
break;
end
end
if not found then
return nil, "item-not-found";
end
end
elseif query.before then
last_key = query.before;
elseif query.after then
for j = 1, count do
local found = false;
for j = 1, #items do
if (items[j].key or tostring(j)) == query.after then
found = true;
i = j;
break;
end
end
if not found then
return nil, "item-not-found";
end
end
if query.limit and #items - i > query.limit then
items[i+query.limit+1] = nil;
@ -132,11 +164,62 @@ function archive_store:find(username, query)
return function ()
i = i + 1;
local item = items[i];
if not item then return; end
if not item or (last_key and item.key == last_key) then return; end
return item.key, item.value(), item.when, item.with;
end, count;
end
function archive_store:get(username, wanted_key)
local items = self.store[username or NULL];
if not items then return nil, "item-not-found"; end
local i = items[wanted_key];
if not i then return nil, "item-not-found"; end
local item = items[i];
return item.value(), item.when, item.with;
end
function archive_store:set(username, wanted_key, new_value, new_when, new_with)
local items = self.store[username or NULL];
if not items then return nil, "item-not-found"; end
local i = items[wanted_key];
if not i then return nil, "item-not-found"; end
local item = items[i];
if is_stanza(new_value) then
new_value = st.preserialize(new_value);
item.value = envload("return xml"..serialize(new_value), "=(stanza)", { xml = st.deserialize })
else
item.value = envload("return "..serialize(new_value), "=(data)", {});
end
if new_when then
item.when = new_when;
end
if new_with then
item.with = new_when;
end
return true;
end
function archive_store:summary(username, query)
local iter, err = self:find(username, query)
if not iter then return iter, err; end
local counts = {};
local earliest = {};
local latest = {};
for _, _, when, with in iter do
counts[with] = (counts[with] or 0) + 1;
if earliest[with] == nil then
earliest[with] = when;
end
latest[with] = when;
end
return {
counts = counts;
earliest = earliest;
latest = latest;
};
end
function archive_store:delete(username, query)
if not query or next(query) == nil then

Some files were not shown because too many files have changed in this diff Show more