aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2013-06-13 23:24:36 +0100
committerMatthew Wild <mwild1@gmail.com>2013-06-13 23:24:36 +0100
commit9052e8bf8faf0c5cf0d5f645cbe2abe8e6464817 (patch)
tree79ee0e0fb16935e5bccc66437d2064837668f111
parent68036030e2d66232f23135cd6830e313be013432 (diff)
parentcd8304b6e0e62e9b917b640778580cf538b52b3c (diff)
downloadprosody-9052e8bf8faf0c5cf0d5f645cbe2abe8e6464817.tar.gz
prosody-9052e8bf8faf0c5cf0d5f645cbe2abe8e6464817.zip
Merge the merge
-rw-r--r--core/certmanager.lua83
-rw-r--r--plugins/mod_disco.lua43
-rw-r--r--plugins/mod_http_files.lua2
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua238
-rw-r--r--plugins/mod_tls.lua62
-rw-r--r--plugins/muc/mod_muc.lua59
-rwxr-xr-xprosody6
-rw-r--r--util/sasl.lua1
-rw-r--r--util/sasl/external.lua25
9 files changed, 296 insertions, 223 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 5618589b..92b63ec3 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -12,6 +12,7 @@ local ssl = ssl;
local ssl_newcontext = ssl and ssl.newcontext;
local tostring = tostring;
+local pairs = pairs;
local prosody = prosody;
local resolve_path = configmanager.resolve_relative_path;
@@ -28,54 +29,60 @@ end
module "certmanager"
-- Global SSL options if not overridden per-host
-local default_ssl_config = configmanager.get("*", "ssl");
-local default_capath = "/etc/ssl/certs";
-local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
-local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+local global_ssl_config = configmanager.get("*", "ssl");
+
+local core_defaults = {
+ capath = "/etc/ssl/certs";
+ protocol = "sslv23";
+ verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
+ options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
+ verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+ curve = "secp384r1";
+}
+local path_options = { -- These we pass through resolve_path()
+ key = true, certificate = true, cafile = true, capath = true
+}
if ssl and not luasec_has_verifyext and ssl.x509 then
-- COMPAT mw/luasec-hg
- for i=1,#default_verifyext do -- Remove lsec_ prefix
- default_verify[#default_verify+1] = default_verifyext[i]:sub(6);
+ for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
+ core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);
end
end
-if luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true then
- default_options[#default_options+1] = "no_compression";
-end
-if luasec_has_no_compression then -- Has no_compression? Then it has these too...
- default_options[#default_options+1] = "single_dh_use";
- default_options[#default_options+1] = "single_ecdh_use";
+if luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true then
+ core_defaults.options[#core_defaults.options+1] = "no_compression";
end
function create_context(host, mode, user_ssl_config)
- user_ssl_config = user_ssl_config or default_ssl_config;
+ user_ssl_config = user_ssl_config or {}
+ user_ssl_config.mode = mode;
if not ssl then return nil, "LuaSec (required for encryption) was not found"; end
- if not user_ssl_config then return nil, "No SSL/TLS configuration present for "..host; end
+
+ if global_ssl_config then
+ for option,default_value in pairs(global_ssl_config) do
+ if not user_ssl_config[option] then
+ user_ssl_config[option] = default_value;
+ end
+ end
+ end
+ for option,default_value in pairs(core_defaults) do
+ if not user_ssl_config[option] then
+ user_ssl_config[option] = default_value;
+ end
+ end
+ user_ssl_config.password = user_ssl_config.password or function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
+ for option in pairs(path_options) do
+ user_ssl_config[option] = user_ssl_config[option] and resolve_path(config_path, user_ssl_config[option]);
+ end
+
if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end
if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end
-
- local ssl_config = {
- mode = mode;
- protocol = user_ssl_config.protocol or "sslv23";
- key = resolve_path(config_path, user_ssl_config.key);
- password = user_ssl_config.password or function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
- certificate = resolve_path(config_path, user_ssl_config.certificate);
- capath = resolve_path(config_path, user_ssl_config.capath or default_capath);
- cafile = resolve_path(config_path, user_ssl_config.cafile);
- verify = user_ssl_config.verify or default_verify;
- verifyext = user_ssl_config.verifyext or default_verifyext;
- options = user_ssl_config.options or default_options;
- depth = user_ssl_config.depth;
- curve = user_ssl_config.curve or "secp384r1";
- dhparam = user_ssl_config.dhparam;
- };
-
- local ctx, err = ssl_newcontext(ssl_config);
-
- -- LuaSec ignores the cipher list from the config, so we have to take care
+
+ local ctx, err = ssl_newcontext(user_ssl_config);
+
+ -- COMPAT Older LuaSec ignores the cipher list from the config, so we have to take care
-- of it ourselves (W/A for #x)
if ctx and user_ssl_config.ciphers then
local success;
@@ -88,9 +95,9 @@ function create_context(host, mode, user_ssl_config)
local file = err:match("^error loading (.-) %(");
if file then
if file == "private key" then
- file = ssl_config.key or "your private key";
+ file = user_ssl_config.key or "your private key";
elseif file == "certificate" then
- file = ssl_config.certificate or "your certificate file";
+ file = user_ssl_config.certificate or "your certificate file";
end
local reason = err:match("%((.+)%)$") or "some reason";
if reason == "Permission denied" then
@@ -113,7 +120,7 @@ function create_context(host, mode, user_ssl_config)
end
function reload_ssl_config()
- default_ssl_config = configmanager.get("*", "ssl");
+ global_ssl_config = configmanager.get("*", "ssl");
end
prosody.events.add_handler("config-reloaded", reload_ssl_config);
diff --git a/plugins/mod_disco.lua b/plugins/mod_disco.lua
index b8df0bd6..06a4bb1e 100644
--- a/plugins/mod_disco.lua
+++ b/plugins/mod_disco.lua
@@ -32,7 +32,9 @@ do -- validate disco_items
end
end
-module:add_identity("server", "im", module:get_option_string("name", "Prosody")); -- FIXME should be in the non-existing mod_router
+if module:get_host_type() == "normal" then
+ module:add_identity("server", "im", module:get_option_string("name", "Prosody")); -- FIXME should be in the non-existing mod_router
+end
module:add_feature("http://jabber.org/protocol/disco#info");
module:add_feature("http://jabber.org/protocol/disco#items");
@@ -97,7 +99,18 @@ module:hook("iq/host/http://jabber.org/protocol/disco#info:query", function(even
local origin, stanza = event.origin, event.stanza;
if stanza.attr.type ~= "get" then return; end
local node = stanza.tags[1].attr.node;
- if node and node ~= "" and node ~= "http://prosody.im#"..get_server_caps_hash() then return; end -- TODO fire event?
+ if node and node ~= "" and node ~= "http://prosody.im#"..get_server_caps_hash() then
+ local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info', node=node});
+ local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false};
+ local ret = module:fire_event("host-disco-info-node", event);
+ if ret ~= nil then return ret; end
+ if event.exists then
+ origin.send(reply);
+ else
+ origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Node does not exist"));
+ end
+ return true;
+ end
local reply_query = get_server_disco_info();
reply_query.node = node;
local reply = st.reply(stanza):add_child(reply_query);
@@ -108,9 +121,21 @@ module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function(eve
local origin, stanza = event.origin, event.stanza;
if stanza.attr.type ~= "get" then return; end
local node = stanza.tags[1].attr.node;
- if node and node ~= "" then return; end -- TODO fire event?
-
+ if node and node ~= "" then
+ local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#items', node=node});
+ local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false};
+ local ret = module:fire_event("host-disco-items-node", event);
+ if ret ~= nil then return ret; end
+ if event.exists then
+ origin.send(reply);
+ else
+ origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Node does not exist"));
+ end
+ return true;
+ end
local reply = st.reply(stanza):query("http://jabber.org/protocol/disco#items");
+ local ret = module:fire_event("host-disco-items", { origin = origin, stanza = stanza, reply = reply });
+ if ret ~= nil then return ret; end
for jid, name in pairs(get_children(module.host)) do
reply:tag("item", {jid = jid, name = name~=true and name or nil}):up();
end
@@ -138,8 +163,9 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#info:query", function(even
if node and node ~= "" then
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info', node=node});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
- local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false}
- module:fire_event("account-disco-info-node", event);
+ local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false};
+ local ret = module:fire_event("account-disco-info-node", event);
+ if ret ~= nil then return ret; end
if event.exists then
origin.send(reply);
else
@@ -163,8 +189,9 @@ module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(eve
if node and node ~= "" then
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#items', node=node});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
- local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false}
- module:fire_event("account-disco-items-node", event);
+ local event = { origin = origin, stanza = stanza, reply = reply, node = node, exists = false};
+ local ret = module:fire_event("account-disco-items-node", event);
+ if ret ~= nil then return ret; end
if event.exists then
origin.send(reply);
else
diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua
index 915bec58..59fd50aa 100644
--- a/plugins/mod_http_files.lua
+++ b/plugins/mod_http_files.lua
@@ -19,7 +19,7 @@ local base_path = module:get_option_string("http_files_dir", module:get_option_s
local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" });
local directory_index = module:get_option_boolean("http_dir_listing");
-local mime_map = module:shared("mime").types;
+local mime_map = module:shared("/*/http_files/mime").types;
if not mime_map then
mime_map = {
html = "text/html", htm = "text/html",
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index ad20c6a7..81a66f8b 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -18,6 +18,10 @@ local lib_pubsub = module:require "pubsub";
local handlers = lib_pubsub.handlers;
local pubsub_error_reply = lib_pubsub.pubsub_error_reply;
+module:depends("disco");
+module:add_identity("pubsub", "service", pubsub_disco_name);
+module:add_feature("http://jabber.org/protocol/pubsub");
+
function handle_pubsub_iq(event)
local origin, stanza = event.origin, event.stanza;
local pubsub = stanza.tags[1];
@@ -51,8 +55,6 @@ end
module:hook("iq/host/"..xmlns_pubsub..":pubsub", handle_pubsub_iq);
module:hook("iq/host/"..xmlns_pubsub_owner..":pubsub", handle_pubsub_iq);
-local disco_info;
-
local feature_map = {
create = { "create-nodes", "instant-nodes", "item-ids" };
retract = { "delete-items", "retract-items" };
@@ -64,87 +66,59 @@ local feature_map = {
get_subscriptions = { "retrieve-subscriptions" };
};
-local function add_disco_features_from_service(disco, service)
+local function add_disco_features_from_service(service)
for method, features in pairs(feature_map) do
if service[method] then
for _, feature in ipairs(features) do
if feature then
- disco:tag("feature", { var = xmlns_pubsub.."#"..feature }):up();
+ module:add_feature(xmlns_pubsub.."#"..feature);
end
end
end
end
for affiliation in pairs(service.config.capabilities) do
if affiliation ~= "none" and affiliation ~= "owner" then
- disco:tag("feature", { var = xmlns_pubsub.."#"..affiliation.."-affiliation" }):up();
+ module:add_feature(xmlns_pubsub.."#"..affiliation.."-affiliation");
end
end
end
-local function build_disco_info(service)
- local disco_info = st.stanza("query", { xmlns = "http://jabber.org/protocol/disco#info" })
- :tag("identity", { category = "pubsub", type = "service", name = pubsub_disco_name }):up()
- :tag("feature", { var = "http://jabber.org/protocol/pubsub" }):up();
- add_disco_features_from_service(disco_info, service);
- return disco_info;
-end
-
-module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function (event)
- local origin, stanza = event.origin, event.stanza;
- local node = stanza.tags[1].attr.node;
- if not node then
- return origin.send(st.reply(stanza):add_child(disco_info));
- else
- local ok, ret = service:get_nodes(stanza.attr.from);
- if ok and not ret[node] then
- ok, ret = false, "item-not-found";
- end
- if not ok then
- return origin.send(pubsub_error_reply(stanza, ret));
- end
- local reply = st.reply(stanza)
- :tag("query", { xmlns = "http://jabber.org/protocol/disco#info", node = node })
- :tag("identity", { category = "pubsub", type = "leaf" });
- return origin.send(reply);
+module:hook("host-disco-info-node", function (event)
+ local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node;
+ local ok, ret = service:get_nodes(stanza.attr.from);
+ if ok and not ret[node] then
+ return;
end
+ if not ok then
+ return origin.send(pubsub_error_reply(stanza, ret));
+ end
+ event.exists = true;
+ reply:tag("identity", { category = "pubsub", type = "leaf" });
end);
-local function handle_disco_items_on_node(event)
- local stanza, origin = event.stanza, event.origin;
- local query = stanza.tags[1];
- local node = query.attr.node;
+module:hook("host-disco-items-node", function (event)
+ local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node;
local ok, ret = service:get_items(node, stanza.attr.from);
if not ok then
return origin.send(pubsub_error_reply(stanza, ret));
end
- local reply = st.reply(stanza)
- :tag("query", { xmlns = "http://jabber.org/protocol/disco#items", node = node });
-
for id, item in pairs(ret) do
reply:tag("item", { jid = module.host, name = id }):up();
end
-
- return origin.send(reply);
-end
+ event.exists = true;
+end);
-module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function (event)
- if event.stanza.tags[1].attr.node then
- return handle_disco_items_on_node(event);
- end
+module:hook("host-disco-items", function (event)
+ local stanza, origin, reply = event.stanza, event.origin, event.reply;
local ok, ret = service:get_nodes(event.stanza.attr.from);
if not ok then
- event.origin.send(pubsub_error_reply(event.stanza, ret));
- else
- local reply = st.reply(event.stanza)
- :tag("query", { xmlns = "http://jabber.org/protocol/disco#items" });
- for node, node_obj in pairs(ret) do
- reply:tag("item", { jid = module.host, node = node, name = node_obj.config.name }):up();
- end
- event.origin.send(reply);
+ return origin.send(pubsub_error_reply(event.stanza, ret));
+ end
+ for node, node_obj in pairs(ret) do
+ reply:tag("item", { jid = module.host, node = node, name = node_obj.config.name }):up();
end
- return true;
end);
local admin_aff = module:get_option_string("default_admin_affiliation", "owner");
@@ -158,7 +132,7 @@ end
function set_service(new_service)
service = new_service;
module.environment.service = service;
- disco_info = build_disco_info(service);
+ add_disco_features_from_service(service);
end
function module.save()
@@ -169,83 +143,87 @@ function module.restore(data)
set_service(data.service);
end
-set_service(pubsub.new({
- capabilities = {
- none = {
- create = false;
- publish = false;
- retract = false;
- get_nodes = true;
-
- subscribe = true;
- unsubscribe = true;
- get_subscription = true;
- get_subscriptions = true;
- get_items = true;
-
- subscribe_other = false;
- unsubscribe_other = false;
- get_subscription_other = false;
- get_subscriptions_other = false;
-
- be_subscribed = true;
- be_unsubscribed = true;
-
- set_affiliation = false;
- };
- publisher = {
- create = false;
- publish = true;
- retract = true;
- get_nodes = true;
-
- subscribe = true;
- unsubscribe = true;
- get_subscription = true;
- get_subscriptions = true;
- get_items = true;
-
- subscribe_other = false;
- unsubscribe_other = false;
- get_subscription_other = false;
- get_subscriptions_other = false;
-
- be_subscribed = true;
- be_unsubscribed = true;
-
- set_affiliation = false;
- };
- owner = {
- create = true;
- publish = true;
- retract = true;
- delete = true;
- get_nodes = true;
-
- subscribe = true;
- unsubscribe = true;
- get_subscription = true;
- get_subscriptions = true;
- get_items = true;
-
-
- subscribe_other = true;
- unsubscribe_other = true;
- get_subscription_other = true;
- get_subscriptions_other = true;
-
- be_subscribed = true;
- be_unsubscribed = true;
-
- set_affiliation = true;
+function module.load()
+ if module.reloading then return; end
+
+ set_service(pubsub.new({
+ capabilities = {
+ none = {
+ create = false;
+ publish = false;
+ retract = false;
+ get_nodes = true;
+
+ subscribe = true;
+ unsubscribe = true;
+ get_subscription = true;
+ get_subscriptions = true;
+ get_items = true;
+
+ subscribe_other = false;
+ unsubscribe_other = false;
+ get_subscription_other = false;
+ get_subscriptions_other = false;
+
+ be_subscribed = true;
+ be_unsubscribed = true;
+
+ set_affiliation = false;
+ };
+ publisher = {
+ create = false;
+ publish = true;
+ retract = true;
+ get_nodes = true;
+
+ subscribe = true;
+ unsubscribe = true;
+ get_subscription = true;
+ get_subscriptions = true;
+ get_items = true;
+
+ subscribe_other = false;
+ unsubscribe_other = false;
+ get_subscription_other = false;
+ get_subscriptions_other = false;
+
+ be_subscribed = true;
+ be_unsubscribed = true;
+
+ set_affiliation = false;
+ };
+ owner = {
+ create = true;
+ publish = true;
+ retract = true;
+ delete = true;
+ get_nodes = true;
+
+ subscribe = true;
+ unsubscribe = true;
+ get_subscription = true;
+ get_subscriptions = true;
+ get_items = true;
+
+
+ subscribe_other = true;
+ unsubscribe_other = true;
+ get_subscription_other = true;
+ get_subscriptions_other = true;
+
+ be_subscribed = true;
+ be_unsubscribed = true;
+
+ set_affiliation = true;
+ };
};
- };
- autocreate_on_publish = autocreate_on_publish;
- autocreate_on_subscribe = autocreate_on_subscribe;
+ autocreate_on_publish = autocreate_on_publish;
+ autocreate_on_subscribe = autocreate_on_subscribe;
- broadcaster = simple_broadcast;
- get_affiliation = get_affiliation;
+ broadcaster = simple_broadcast;
+ get_affiliation = get_affiliation;
- normalize_jid = jid_bare;
-}));
+ normalize_jid = jid_bare;
+ }));
+end
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index 80b56abb..e167cf95 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -23,20 +23,48 @@ local s2s_feature = st.stanza("starttls", starttls_attr);
if secure_auth_only then c2s_feature:tag("required"):up(); end
if secure_s2s_only then s2s_feature:tag("required"):up(); end
-local global_ssl_ctx = prosody.global_ssl_ctx;
-
local hosts = prosody.hosts;
local host = hosts[module.host];
+local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
+do
+ local function get_ssl_cfg(typ)
+ local cfg_key = (typ and typ.."_" or "").."ssl";
+ local ssl_config = config.rawget(module.host, cfg_key);
+ if not ssl_config then
+ local base_host = module.host:match("%.(.*)");
+ ssl_config = config.get(base_host, cfg_key);
+ end
+ return ssl_config or typ and get_ssl_cfg();
+ end
+
+ local ssl_config, err = get_ssl_cfg("c2s");
+ ssl_ctx_c2s, err = create_context(host.host, "server", ssl_config); -- for incoming client connections
+ if err then module:log("error", "Error creating context for c2s: %s", err); end
+
+ ssl_config = get_ssl_cfg("s2s");
+ ssl_ctx_s2sin, err = create_context(host.host, "server", ssl_config); -- for incoming server connections
+ ssl_ctx_s2sout = create_context(host.host, "client", ssl_config); -- for outgoing server connections
+ if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
+end
+
local function can_do_tls(session)
+ if not session.conn.starttls then
+ return false;
+ elseif session.ssl_ctx then
+ return true;
+ end
if session.type == "c2s_unauthed" then
- return session.conn.starttls and host.ssl_ctx_in;
+ module:log("debug", "session.ssl_ctx = ssl_ctx_c2s;")
+ session.ssl_ctx = ssl_ctx_c2s;
elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
- return session.conn.starttls and host.ssl_ctx_in;
+ session.ssl_ctx = ssl_ctx_s2sin;
elseif session.direction == "outgoing" and allow_s2s_tls then
- return session.conn.starttls and host.ssl_ctx;
+ session.ssl_ctx = ssl_ctx_s2sout;
+ else
+ return false;
end
- return false;
+ return session.ssl_ctx;
end
-- Hook <starttls/>
@@ -45,9 +73,7 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
if can_do_tls(origin) then
(origin.sends2s or origin.send)(starttls_proceed);
origin:reset_stream();
- local host = origin.to_host or origin.host;
- local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx;
- origin.conn:starttls(ssl_ctx);
+ origin.conn:starttls(origin.ssl_ctx);
origin.log("debug", "TLS negotiation started for %s...", origin.type);
origin.secure = false;
else
@@ -85,23 +111,7 @@ end, 500);
module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
module:log("debug", "Proceeding with TLS on s2sout...");
session:reset_stream();
- local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx;
- session.conn:starttls(ssl_ctx);
+ session.conn:starttls(session.ssl_ctx);
session.secure = false;
return true;
end);
-
-function module.load()
- local ssl_config = config.rawget(module.host, "ssl");
- if not ssl_config then
- local base_host = module.host:match("%.(.*)");
- ssl_config = config.get(base_host, "ssl");
- end
- host.ssl_ctx = create_context(host.host, "client", ssl_config); -- for outgoing connections
- host.ssl_ctx_in = create_context(host.host, "server", ssl_config); -- for incoming connections
-end
-
-function module.unload()
- host.ssl_ctx = nil;
- host.ssl_ctx_in = nil;
-end
diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua
index bc865ec9..a9480465 100644
--- a/plugins/muc/mod_muc.lua
+++ b/plugins/muc/mod_muc.lua
@@ -40,6 +40,10 @@ local room_configs = module:open_store("config");
-- Configurable options
muclib.set_max_history_length(module:get_option_number("max_history_messages"));
+module:depends("disco");
+module:add_identity("conference", "text", muc_name);
+module:add_feature("http://jabber.org/protocol/muc");
+
local function is_admin(jid)
return um_is_admin(jid, module.host);
end
@@ -107,20 +111,15 @@ local host_room = muc_new_room(muc_host);
host_room.route_stanza = room_route_stanza;
host_room.save = room_save;
-local function get_disco_info(stanza)
- return st.iq({type='result', id=stanza.attr.id, from=muc_host, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#info")
- :tag("identity", {category='conference', type='text', name=muc_name}):up()
- :tag("feature", {var="http://jabber.org/protocol/muc"}); -- TODO cache disco reply
-end
-local function get_disco_items(stanza)
- local reply = st.iq({type='result', id=stanza.attr.id, from=muc_host, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#items");
+module:hook("host-disco-items", function(event)
+ local reply = event.reply;
+ module:log("debug", "host-disco-items called");
for jid, room in pairs(rooms) do
if not room:get_hidden() then
reply:tag("item", {jid=jid, name=room:get_name()}):up();
end
end
- return reply; -- TODO cache disco reply
-end
+end);
local function handle_to_domain(event)
local origin, stanza = event.origin, event.stanza;
@@ -129,11 +128,7 @@ local function handle_to_domain(event)
if stanza.name == "iq" and type == "get" then
local xmlns = stanza.tags[1].attr.xmlns;
local node = stanza.tags[1].attr.node;
- if xmlns == "http://jabber.org/protocol/disco#info" and not node then
- origin.send(get_disco_info(stanza));
- elseif xmlns == "http://jabber.org/protocol/disco#items" and not node then
- origin.send(get_disco_items(stanza));
- elseif xmlns == "http://jabber.org/protocol/muc#unique" then
+ if xmlns == "http://jabber.org/protocol/muc#unique" then
origin.send(st.reply(stanza):tag("unique", {xmlns = xmlns}):text(uuid_gen())); -- FIXME Random UUIDs can theoretically have collisions
else
origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); -- TODO disco/etc
@@ -229,3 +224,39 @@ function shutdown_component()
end
module.unload = shutdown_component;
module:hook_global("server-stopping", shutdown_component);
+
+-- Ad-hoc commands
+module:depends("adhoc")
+local t_concat = table.concat;
+local keys = require "util.iterators".keys;
+local adhoc_new = module:require "adhoc".new;
+local adhoc_initial = require "util.adhoc".new_initial_data_form;
+local dataforms_new = require "util.dataforms".new;
+
+local destroy_rooms_layout = dataforms_new {
+ title = "Destroy rooms";
+ instructions = "Select the rooms to destroy";
+
+ { name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/muc#destroy" };
+ { name = "rooms", type = "list-multi", required = true, label = "Rooms to destroy:"};
+};
+
+local destroy_rooms_handler = adhoc_initial(destroy_rooms_layout, function()
+ return { rooms = array.collect(keys(rooms)):sort() };
+end, function(fields, errors)
+ if errors then
+ local errmsg = {};
+ for name, err in pairs(errors) do
+ errmsg[#errmsg + 1] = name .. ": " .. err;
+ end
+ return { status = "completed", error = { message = t_concat(errmsg, "\n") } };
+ end
+ for _, room in ipairs(fields.rooms) do
+ rooms[room]:destroy();
+ rooms[room] = nil;
+ end
+ return { status = "completed", info = "The following rooms were destroyed:\n"..t_concat(fields.rooms, "\n") };
+end);
+local destroy_rooms_desc = adhoc_new("Destroy Rooms", "http://prosody.im/protocol/muc#destroy", destroy_rooms_handler, "admin");
+
+module:provides("adhoc", destroy_rooms_desc);
diff --git a/prosody b/prosody
index 9a88eac0..1a0f6ff2 100755
--- a/prosody
+++ b/prosody
@@ -264,12 +264,6 @@ function init_global_state()
prosody.events.fire_event("server-stopping", {reason = reason});
server.setquitting(true);
end
-
- -- Load SSL settings from config, and create a ctx table
- local certmanager = require "core.certmanager";
- local global_ssl_ctx = certmanager.create_context("*", "server");
- prosody.global_ssl_ctx = global_ssl_ctx;
-
end
function read_version()
diff --git a/util/sasl.lua b/util/sasl.lua
index afb3861b..d0da9435 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -92,5 +92,6 @@ require "util.sasl.plain" .init(registerMechanism);
require "util.sasl.digest-md5".init(registerMechanism);
require "util.sasl.anonymous" .init(registerMechanism);
require "util.sasl.scram" .init(registerMechanism);
+require "util.sasl.external" .init(registerMechanism);
return _M;
diff --git a/util/sasl/external.lua b/util/sasl/external.lua
new file mode 100644
index 00000000..4c5c4343
--- /dev/null
+++ b/util/sasl/external.lua
@@ -0,0 +1,25 @@
+local saslprep = require "util.encodings".stringprep.saslprep;
+
+module "sasl.external"
+
+local function external(self, message)
+ message = saslprep(message);
+ local state
+ self.username, state = self.profile.external(message);
+
+ if state == false then
+ return "failure", "account-disabled";
+ elseif state == nil then
+ return "failure", "not-authorized";
+ elseif state == "expired" then
+ return "false", "credentials-expired";
+ end
+
+ return "success";
+end
+
+function init(registerMechanism)
+ registerMechanism("EXTERNAL", {"external"}, external);
+end
+
+return _M;