diff options
82 files changed, 5692 insertions, 2648 deletions
@@ -6,6 +6,7 @@ www_files html/* prosody.lua prosody.cfg.lua +prosody.version config.unix *.patch *.orig @@ -21,13 +21,15 @@ install: prosody.install prosodyctl.install prosody.cfg.lua.install util/encodin install -m750 -d $(DATA) install -d $(MAN)/man1 install -d $(CONFIG)/certs - install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util $(SOURCE)/fallbacks + install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util install -m755 ./prosody.install $(BIN)/prosody install -m755 ./prosodyctl.install $(BIN)/prosodyctl install -m644 core/* $(SOURCE)/core install -m644 net/* $(SOURCE)/net - install -m644 util/* $(SOURCE)/util - install -m644 fallbacks/* $(SOURCE)/fallbacks + install -m644 util/*.lua $(SOURCE)/util + install -m644 util/*.so $(SOURCE)/util + install -d $(SOURCE)/util/sasl + install -m644 util/sasl/* $(SOURCE)/util/sasl install -m644 plugins/*.lua $(MODULES) install -d $(MODULES)/muc install -m644 plugins/muc/* $(MODULES)/muc @@ -1,5 +1,3 @@ -== 0.7 == -DONE: http://blog.prosody.im/prosody-0-7-0rc1-available-for-testing/ == 0.8 == - Ad-hoc commands: http://code.google.com/p/prosody-modules/wiki/mod_adhoc @@ -16,7 +16,7 @@ CC=gcc LD=gcc CFLAGS="-fPIC -Wall" -LFLAGS="-shared" +LDFLAGS="-shared" # Help @@ -26,7 +26,7 @@ Configure Prosody prior to building. --help This help. --ostype=OS Use one of the OS presets. - May be one of: debian, macosx + May be one of: debian, macosx, linux --prefix=DIR Prefix where Prosody should be installed. Default is $PREFIX --sysconfdir=DIR Location where the config file should be installed. @@ -47,8 +47,8 @@ Configure Prosody prior to building. Default is $OPENSSL_LIB --cflags=FLAGS Flags to pass to the compiler Default is $CFLAGS ---lflags=FLAGS Flags to pass to the linker - Default is $LFLAGS +--ldflags=FLAGS Flags to pass to the linker + Default is $LDFLAGS --c-compiler=CC The C compiler to use when building modules. Default is $CC --linker=CC The linker to use when building modules. @@ -107,25 +107,25 @@ do ;; --with-lua-lib=*) LUA_LIBDIR="$value" LUA_LIBDIR_SET=yes - ;; + ;; --with-idn=*) IDN_LIB="$value" - ;; + ;; --with-ssl=*) OPENSSL_LIB="$value" - ;; + ;; --cflags=*) CFLAGS="$value" - ;; - --lflags=*) - LFLAGS="$value" - ;; + ;; + --ldflags=*) + LDFLAGS="$value" + ;; --c-compiler=*) CC="$value" - ;; + ;; --linker=*) LD="$value" - ;; + ;; *) echo "Error: Unknown flag: $1" exit 1 @@ -144,12 +144,20 @@ then fi if [ "$OSTYPE" = "macosx" ] then LUA_INCDIR=/usr/local/include; - LUA_INCDIR_SET=yes + LUA_INCDIR_SET=yes LUA_LIBDIR=/usr/local/lib LUA_LIBDIR_SET=yes CFLAGS="-Wall" - LFLAGS="-bundle -undefined dynamic_lookup" - fi + LDFLAGS="-bundle -undefined dynamic_lookup" + fi + if [ "$OSTYPE" = "linux" ] + then LUA_INCDIR=/usr/local/include; + LUA_INCDIR_SET=yes + LUA_LIBDIR=/usr/local/lib + LUA_LIBDIR_SET=yes + CFLAGS="-Wall -fPIC" + LDFLAGS="-shared" + fi fi if [ "$PREFIX_SET" = "yes" -a ! "$SYSCONFDIR_SET" = "yes" ] @@ -299,7 +307,7 @@ REQUIRE_CONFIG=$REQUIRE_CONFIG IDN_LIB=$IDN_LIB OPENSSL_LIB=$OPENSSL_LIB CFLAGS=$CFLAGS -LFLAGS=$LFLAGS +LDFLAGS=$LDFLAGS CC=$CC LD=$LD diff --git a/core/actions.lua b/core/actions.lua deleted file mode 100644 index ee5abc22..00000000 --- a/core/actions.lua +++ /dev/null @@ -1,27 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -
-local actions = {};
-
-function register(path, t)
- local curr = actions;
- for comp in path:gmatch("([^/]+)/") do
- if curr[comp] == nil then
- curr[comp] = {};
- end
- curr = curr[comp];
- if type(curr) ~= "table" then
- return nil, "path-taken";
- end
- end
- curr[path:match("/([^/]+)$")] = t;
- return true;
-end
-
-return { actions = actions, register= register };
\ No newline at end of file diff --git a/core/certmanager.lua b/core/certmanager.lua new file mode 100644 index 00000000..fa920b91 --- /dev/null +++ b/core/certmanager.lua @@ -0,0 +1,64 @@ +local configmanager = require "core.configmanager"; +local log = require "util.logger".init("certmanager"); +local ssl = ssl; +local ssl_newcontext = ssl and ssl.newcontext; + +local setmetatable, tostring = setmetatable, tostring; + +local prosody = prosody; + +module "certmanager" + +-- These are the defaults if not overridden in the config +local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; +local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; + +local default_ssl_ctx_mt = { __index = default_ssl_ctx }; +local default_ssl_ctx_in_mt = { __index = default_ssl_ctx_in }; + +-- Global SSL options if not overridden per-host +local default_ssl_config = configmanager.get("*", "core", "ssl"); + +function create_context(host, mode, config) + local ssl_config = config and config.core.ssl or default_ssl_config; + if ssl and ssl_config then + local ctx, err = ssl_newcontext(setmetatable(ssl_config, mode == "client" and default_ssl_ctx_mt or default_ssl_ctx_in_mt)); + if not ctx then + err = err or "invalid ssl config" + local file = err:match("^error loading (.-) %("); + if file then + if file == "private key" then + file = ssl_config.key or "your private key"; + elseif file == "certificate" then + file = ssl_config.certificate or "your certificate file"; + end + local reason = err:match("%((.+)%)$") or "some reason"; + if reason == "Permission denied" then + reason = "Check that the permissions allow Prosody to read this file."; + elseif reason == "No such file or directory" then + reason = "Check that the path is correct, and the file exists."; + elseif reason == "system lib" then + reason = "Previous error (see logs), or other system error."; + elseif reason == "(null)" or not reason then + reason = "Check that the file exists and the permissions are correct"; + else + reason = "Reason: "..tostring(reason):lower(); + end + log("error", "SSL/TLS: Failed to load %s: %s", file, reason); + else + log("error", "SSL/TLS: Error initialising for host %s: %s", host, err ); + end + ssl = false + end + return ctx, err; + end + return nil; +end + +function reload_ssl_config() + default_ssl_config = configmanager.get("*", "core", "ssl"); +end + +prosody.events.add_handler("config-reloaded", reload_ssl_config); + +return _M; diff --git a/core/componentmanager.lua b/core/componentmanager.lua index 660d26fe..48e27984 100644 --- a/core/componentmanager.lua +++ b/core/componentmanager.lua @@ -8,6 +8,7 @@ local prosody = _G.prosody; local log = require "util.logger".init("componentmanager"); +local certmanager = require "core.certmanager"; local configmanager = require "core.configmanager"; local modulemanager = require "core.modulemanager"; local jid_split = require "util.jid".split; @@ -16,6 +17,7 @@ local events_new = require "util.events".new; local st = require "util.stanza"; local prosody, hosts = prosody, prosody.hosts; local ssl = ssl; +local uuid_gen = require "util.uuid".generate; local pairs, setmetatable, type, tostring = pairs, setmetatable, type, tostring; @@ -83,15 +85,16 @@ function create_component(host, component, events) if hosts[base_host] then ssl_ctx = hosts[base_host].ssl_ctx; ssl_ctx_in = hosts[base_host].ssl_ctx_in; - elseif prosody.global_ssl_ctx then + else -- We have no cert, and no parent host to borrow a cert from -- Use global/default cert if there is one - ssl_ctx = ssl.newcontext(prosody.global_ssl_ctx); - ssl_ctx_in = ssl.newcontext(setmetatable({ mode = "server" }, { __index = prosody.global_ssl_ctx })); + ssl_ctx = certmanager.create_context(host, "client"); + ssl_ctx_in = certmanager.create_context(host, "server"); end end return { type = "component", host = host, connected = true, s2sout = {}, - ssl_ctx = ssl_ctx, ssl_ctx_in = ssl_ctx_in, events = events or events_new() }; + ssl_ctx = ssl_ctx, ssl_ctx_in = ssl_ctx_in, events = events or events_new(), + dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen() }; end function register_component(host, component, session) @@ -100,12 +103,16 @@ function register_component(host, component, session) components[host] = component; hosts[host] = session or create_component(host, component, old_events); - + -- Add events object if not already one if not hosts[host].events then hosts[host].events = old_events or events_new(); end - + + if not hosts[host].dialback_secret then + hosts[host].dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen(); + end + -- add to disco_items if not(host:find("@", 1, true) or host:find("/", 1, true)) and host:find(".", 1, true) then disco_items:set(host:sub(host:find(".", 1, true)+1), host, true); diff --git a/core/configmanager.lua b/core/configmanager.lua index 6350d80b..54fb0a9a 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -68,7 +68,7 @@ function load(filename, format) if parsers[format] and parsers[format].load then local f, err = io.open(filename); - if f then + if f then local ok, err = parsers[format].load(f:read("*a"), filename); f:close(); if ok then @@ -95,6 +95,15 @@ function addparser(format, parser) end end +-- _M needed to avoid name clash with local 'parsers' +function _M.parsers() + local p = {}; + for format in pairs(parsers) do + table.insert(p, format); + end + return p; +end + -- Built-in Lua parser do local loadstring, pcall, setmetatable = _G.loadstring, _G.pcall, _G.setmetatable; diff --git a/core/hostmanager.lua b/core/hostmanager.lua index b549e6f7..c8928b27 100644 --- a/core/hostmanager.lua +++ b/core/hostmanager.lua @@ -9,20 +9,19 @@ local ssl = ssl local hosts = hosts; +local certmanager = require "core.certmanager"; local configmanager = require "core.configmanager"; local eventmanager = require "core.eventmanager"; local modulemanager = require "core.modulemanager"; local events_new = require "util.events".new; +local uuid_gen = require "util.uuid".generate; + if not _G.prosody.incoming_s2s then require "core.s2smanager"; end local incoming_s2s = _G.prosody.incoming_s2s; --- These are the defaults if not overridden in the config -local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; -local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; - local log = require "util.logger".init("hostmanager"); local pairs, setmetatable = pairs, setmetatable; @@ -36,7 +35,7 @@ local function load_enabled_hosts(config) local activated_any_host; for host, host_config in pairs(defined_hosts) do - if host ~= "*" and (host_config.core.enabled == nil or host_config.core.enabled) and not host_config.core.component_module then + if host ~= "*" and host_config.core.enabled ~= false and not host_config.core.component_module then activated_any_host = true; activate(host, host_config); end @@ -53,11 +52,12 @@ end eventmanager.add_event_hook("server-starting", load_enabled_hosts); function activate(host, host_config) - hosts[host] = {type = "local", connected = true, sessions = {}, - host = host, s2sout = {}, events = events_new(), - disallow_s2s = configmanager.get(host, "core", "disallow_s2s") - or (configmanager.get(host, "core", "anonymous_login") - and (configmanager.get(host, "core", "disallow_s2s") ~= false)) + hosts[host] = {type = "local", connected = true, sessions = {}, + host = host, s2sout = {}, events = events_new(), + disallow_s2s = configmanager.get(host, "core", "disallow_s2s") + or (configmanager.get(host, "core", "anonymous_login") + and (configmanager.get(host, "core", "disallow_s2s") ~= false)); + dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen(); }; for option_name in pairs(host_config.core) do if option_name:match("_ports$") or option_name:match("_interface$") then @@ -65,14 +65,9 @@ function activate(host, host_config) end end - if ssl then - local ssl_config = host_config.core.ssl or configmanager.get("*", "core", "ssl"); - if ssl_config then - hosts[host].ssl_ctx = ssl.newcontext(setmetatable(ssl_config, { __index = default_ssl_ctx })); - hosts[host].ssl_ctx_in = ssl.newcontext(setmetatable(ssl_config, { __index = default_ssl_ctx_in })); - end - end - + hosts[host].ssl_ctx = certmanager.create_context(host, "client", host_config); -- for outgoing connections + hosts[host].ssl_ctx_in = certmanager.create_context(host, "server", host_config); -- for incoming connections + log((hosts_loaded_once and "info") or "debug", "Activated host: %s", host); eventmanager.fire_event("host-activated", host, host_config); end diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua index 162d5b2b..3ec696d5 100644 --- a/core/loggingmanager.lua +++ b/core/loggingmanager.lua @@ -94,7 +94,7 @@ function apply_sink_rules(sink_type) end end elseif type(logging_config) == "string" and (not logging_config:match("^%*")) and sink_type == "file" then - -- User specified simply a filename, and the "file" sink type + -- User specified simply a filename, and the "file" sink type -- was just added for _, sink_config in pairs(default_file_logging) do sink_config.filename = logging_config; @@ -128,7 +128,7 @@ function get_levels(criteria, set) return set; elseif in_range then set[level] = true; - end + end end end @@ -161,12 +161,12 @@ function log_sink_types.stdout() if timestamps then io_write(os_date(timestamps), " "); end - if ... then + if ... then io_write(name, rep(" ", sourcewidth-namelen), level, "\t", format(message, ...), "\n"); else io_write(name, rep(" ", sourcewidth-namelen), level, "\t", message, "\n"); end - end + end end do @@ -197,7 +197,7 @@ do if timestamps then io_write(os_date(timestamps), " "); end - if ... then + if ... then io_write(name, rep(" ", sourcewidth-namelen), getstring(logstyles[level], level), "\t", format(message, ...), "\n"); else io_write(name, rep(" ", sourcewidth-namelen), getstring(logstyles[level], level), "\t", message, "\n"); @@ -237,7 +237,7 @@ function log_sink_types.file(config) if timestamps then write(logfile, os_date(timestamps), " "); end - if ... then + if ... then write(logfile, name, "\t", level, "\t", format(message, ...), "\n"); else write(logfile, name, "\t" , level, "\t", message, "\n"); diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 3ad02b30..8e62aecb 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -13,14 +13,13 @@ local log = logger.init("modulemanager"); local eventmanager = require "core.eventmanager"; local config = require "core.configmanager"; local multitable_new = require "util.multitable".new; -local register_actions = require "core.actions".register; local st = require "util.stanza"; local pluginloader = require "util.pluginloader"; local hosts = hosts; local prosody = prosody; -local loadfile, pcall = loadfile, pcall; +local loadfile, pcall, xpcall = loadfile, pcall, xpcall; local setmetatable, setfenv, getfenv = setmetatable, setfenv, getfenv; local pairs, ipairs = pairs, ipairs; local t_insert, t_concat = table.insert, table.concat; @@ -28,7 +27,17 @@ local type = type; local next = next; local rawget = rawget; local error = error; -local tostring = tostring; +local tostring, tonumber = tostring, tonumber; + +local debug_traceback = debug.traceback; +local unpack, select = unpack, select; +pcall = function(f, ...) + local n = select("#", ...); + local params = {...}; + return xpcall(function() f(unpack(params, 1, n)) end, function(e) return tostring(e).."\n"..debug_traceback(); end); +end + +local array, set = require "util.array", require "util.set"; local autoload_modules = {"presence", "message", "iq"}; @@ -126,6 +135,7 @@ function load(host, module_name, config) local api_instance = setmetatable({ name = module_name, host = host, config = config, _log = _log, log = function (self, ...) return _log(...); end }, { __index = api }); local pluginenv = setmetatable({ module = api_instance }, { __index = _G }); + api_instance.environment = pluginenv; setfenv(mod, pluginenv); if not hosts[host] then @@ -156,6 +166,7 @@ function load(host, module_name, config) log("error", "Error initializing module '%s' on '%s': %s", module_name, host, err or "nil"); end if success then + (hosts[api_instance.host] or prosody).events.fire_event("module-loaded", { module = module_name, host = host }); return true; else -- load failed, unloading unload(api_instance.host, module_name); @@ -172,7 +183,7 @@ function is_loaded(host, name) end function unload(host, name, ...) - local mod = get_module(host, name); + local mod = get_module(host, name); if not mod then return nil, "module-not-loaded"; end if module_has_method(mod, "unload") then @@ -207,6 +218,7 @@ function unload(host, name, ...) end end modulemap[host][name] = nil; + (hosts[host] or prosody).events.fire_event("module-unloaded", { module = name, host = host }); return true; end @@ -287,7 +299,7 @@ function module_has_method(module, method) end function call_module_method(module, method, ...) - if module_has_method(module, method) then + if module_has_method(module, method) then local f = module.module[method]; return pcall(f, ...); else @@ -296,7 +308,7 @@ function call_module_method(module, method, ...) end ----- API functions exposed to modules ----------- --- Must all be in api.* +-- Must all be in api.* -- Returns the name of the current module function api:get_name() @@ -394,7 +406,7 @@ function api:require(lib) f, n = pluginloader.load_code(lib, lib..".lib.lua"); end if not f then error("Failed to load plugin library '"..lib.."', error: "..n); end -- FIXME better error message - setfenv(f, setmetatable({ module = self }, { __index = _G })); + setfenv(f, self.environment); return f(); end @@ -409,6 +421,85 @@ function api:get_option(name, default_value) return value; end +function api:get_option_string(name, default_value) + local value = self:get_option(name, default_value); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + if value == nil then + return nil; + end + return tostring(value); +end + +function api:get_option_number(name, ...) + local value = self:get_option(name, ...); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + local ret = tonumber(value); + if value ~= nil and ret == nil then + self:log("error", "Config option '%s' not understood, expecting a number", name); + end + return ret; +end + +function api:get_option_boolean(name, ...) + local value = self:get_option(name, ...); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + if value == nil then + return nil; + end + local ret = value == true or value == "true" or value == 1 or nil; + if ret == nil then + ret = (value == false or value == "false" or value == 0); + if ret then + ret = false; + else + ret = nil; + end + end + if ret == nil then + self:log("error", "Config option '%s' not understood, expecting true/false", name); + end + return ret; +end + +function api:get_option_array(name, ...) + local value = self:get_option(name, ...); + + if value == nil then + return nil; + end + + if type(value) ~= "table" then + return array{ value }; -- Assume any non-list is a single-item list + end + + return array():append(value); -- Clone +end + +function api:get_option_set(name, ...) + local value = self:get_option_array(name, ...); + + if value == nil then + return nil; + end + + return set.new(value); +end + local t_remove = _G.table.remove; local module_items = multitable_new(); function api:add_item(key, value) @@ -449,19 +540,4 @@ function api:get_host_items(key) return result; end --------------------------------------------------------------------- - -local actions = {}; - -function actions.load(params) - --return true, "Module loaded ("..params.module.." on "..params.host..")"; - return load(params.host, params.module); -end - -function actions.unload(params) - return unload(params.host, params.module); -end - -register_actions("/modules", actions); - return _M; diff --git a/core/objectmanager.lua b/core/objectmanager.lua deleted file mode 100644 index 684ed807..00000000 --- a/core/objectmanager.lua +++ /dev/null @@ -1,68 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -
-local new_multitable = require "util.multitable".new;
-local t_insert = table.insert;
-local t_concat = table.concat;
-local tostring = tostring;
-local unpack = unpack;
-local pairs = pairs;
-local error = error;
-local type = type;
-local _G = _G;
-
-local data = new_multitable();
-
-module "objectmanager"
-
-function set(...)
- return data:set(...);
-end
-function remove(...)
- return data:remove(...);
-end
-function get(...)
- return data:get(...);
-end
-
-local function get_path(path)
- if type(path) == "table" then return path; end
- local s = {};
- for part in tostring(path):gmatch("[%w_]+") do
- t_insert(s, part);
- end
- return s;
-end
-
-function get_object(path)
- path = get_path(path)
- return data:get(unpack(path)), path;
-end
-function set_object(path, object)
- path = get_path(path);
- data:set(unpack(path), object);
-end
-
-data:set("ls", function(_dir)
- local obj, dir = get_object(_dir);
- if not obj then error("object not found: " .. t_concat(dir, '/')); end
- local r = {};
- if type(obj) == "table" then
- for key, val in pairs(obj) do
- r[key] = type(val);
- end
- end
- return r;
-end);
-data:set("get", get_object);
-data:set("set", set_object);
-data:set("echo", function(...) return {...}; end);
-data:set("_G", _G);
-
-return _M;
diff --git a/core/rostermanager.lua b/core/rostermanager.lua index 08ab3565..e2a92696 100644 --- a/core/rostermanager.lua +++ b/core/rostermanager.lua @@ -114,8 +114,14 @@ function save_roster(username, host, roster) --end end if roster then - if not roster[false] then roster[false] = {}; end - roster[false].version = (roster[false].version or 0) + 1; + local metadata = roster[false]; + if not metadata then + metadata = {}; + roster[false] = metadata; + end + if metadata.version ~= true then + metadata.version = (metadata.version or 0) + 1; + end return datamanager.store(username, host, "roster", roster); end log("warn", "save_roster: user had no roster to save"); diff --git a/core/s2smanager.lua b/core/s2smanager.lua index ea6fe96d..ca87670a 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -16,8 +16,10 @@ local socket = require "socket"; local format = string.format; local t_insert, t_sort = table.insert, table.sort; local get_traceback = debug.traceback; -local tostring, pairs, ipairs, getmetatable, newproxy, error, tonumber - = tostring, pairs, ipairs, getmetatable, newproxy, error, tonumber; +local tostring, pairs, ipairs, getmetatable, newproxy, error, tonumber, + setmetatable + = tostring, pairs, ipairs, getmetatable, newproxy, error, tonumber, + setmetatable; local idna_to_ascii = require "util.encodings".idna.to_ascii; local connlisteners_get = require "net.connlisteners".get; @@ -36,8 +38,6 @@ local log = logger_init("s2smanager"); local sha256_hash = require "util.hashes".sha256; -local dialback_secret = uuid_gen(); - local adns, dns = require "net.adns", require "net.dns"; local config = require "core.configmanager"; local connect_timeout = config.get("*", "core", "s2s_timeout") or 60; @@ -137,7 +137,7 @@ function new_incoming(conn) open_sessions = open_sessions + 1; local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$")); session.log = log; - session.sends2s = function (t) log("debug", "sending: %s", tostring(t)); w(tostring(t)); end + session.sends2s = function (t) log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)")); w(conn, tostring(t)); end incoming_s2s[session] = true; add_task(connect_timeout, function () if session.conn ~= conn or @@ -145,16 +145,17 @@ function new_incoming(conn) return; -- Ok, we're connect[ed|ing] end -- Not connected, need to close session and clean up - (session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", + (session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", session.from_host or "(unknown)", session.to_host or "(unknown)"); session:close("connection-timeout"); end); return session; end -function new_outgoing(from_host, to_host) - local host_session = { to_host = to_host, from_host = from_host, host = from_host, - notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; +function new_outgoing(from_host, to_host, connect) + local host_session = { to_host = to_host, from_host = from_host, host = from_host, + notopen = true, type = "s2sout_unauthed", direction = "outgoing", + open_stream = session_open_stream }; hosts[from_host].s2sout[to_host] = host_session; @@ -165,10 +166,12 @@ function new_outgoing(from_host, to_host) host_session.log = log; end - -- Kick the connection attempting machine - attempt_connection(host_session); + if connect ~= false then + -- Kick the connection attempting machine into life + attempt_connection(host_session); + end - if not host_session.sends2s then + if not host_session.sends2s then -- A sends2s which buffers data (until the stream is opened) -- note that data in this buffer will be sent before the stream is authed -- and will not be ack'd in any way, successful or otherwise @@ -182,7 +185,6 @@ function new_outgoing(from_host, to_host) buffer[#buffer+1] = data; log("debug", "Buffered item %d: %s", #buffer, tostring(data)); end - end return host_session; @@ -298,7 +300,7 @@ function try_connect(host_session, connect_host, connect_port) adns.cancel(handle, true); end end); - + return true; end @@ -323,7 +325,7 @@ function make_connect(host_session, connect_host, connect_port) end local cl = connlisteners_get("xmppserver"); - conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1, hosts[from_host].ssl_ctx, false ); + conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1 ); host_session.conn = conn; -- Register this outgoing connection so that xmppserver_listener knows about it @@ -331,9 +333,10 @@ function make_connect(host_session, connect_host, connect_port) cl.register_outgoing(conn, host_session); local w, log = conn.write, host_session.log; - host_session.sends2s = function (t) log("debug", "sending: %s", tostring(t)); w(tostring(t)); end + host_session.sends2s = function (t) log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?")); w(conn, tostring(t)); end + + host_session:open_stream(from_host, to_host); - conn.write(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0' xml:lang='en'>]], from_host, to_host)); log("debug", "Connection attempt in progress..."); add_task(connect_timeout, function () if host_session.conn ~= conn or @@ -342,13 +345,20 @@ function make_connect(host_session, connect_host, connect_port) return; -- Ok, we're connect[ed|ing] end -- Not connected, need to close session and clean up - (host_session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", + (host_session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", host_session.from_host or "(unknown)", host_session.to_host or "(unknown)"); host_session:close("connection-timeout"); end); return true; end +function session_open_stream(session, from, to) + session.sends2s(st.stanza("stream:stream", { + xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', + ["xmlns:stream"]='http://etherx.jabber.org/streams', + from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag()); +end + function streamopened(session, attr) local send = session.sends2s; @@ -372,13 +382,13 @@ function streamopened(session, attr) return; end send("<?xml version='1.0'?>"); - send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', + send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.to_host, to=session.from_host, version=(session.version > 0 and "1.0" or nil) }):top_tag()); if session.version >= 1.0 then local features = st.stanza("stream:features"); if session.to_host then - hosts[session.to_host].events.fire_event("s2s-stream-features", { session = session, features = features }); + hosts[session.to_host].events.fire_event("s2s-stream-features", { origin = session, features = features }); else (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", session.from_host or "unknown host"); end @@ -393,13 +403,13 @@ function streamopened(session, attr) -- Send unauthed buffer -- (stanzas which are fine to send before dialback) - -- Note that this is *not* the stanza queue (which + -- Note that this is *not* the stanza queue (which -- we can only send if auth succeeds) :) local send_buffer = session.send_buffer; if send_buffer and #send_buffer > 0 then log("debug", "Sending s2s send_buffer now..."); for i, data in ipairs(send_buffer) do - session.sends2s(data); + session.sends2s(tostring(data)); send_buffer[i] = nil; end end @@ -415,16 +425,12 @@ function streamopened(session, attr) end end end - session.notopen = nil; end function streamclosed(session) - (session.log or log)("debug", "</stream:stream>"); - if session.sends2s then - session.sends2s("</stream:stream>"); - end - session.notopen = true; + (session.log or log)("debug", "Received </stream:stream>"); + session:close(); end function initiate_dialback(session) @@ -435,7 +441,7 @@ function initiate_dialback(session) end function generate_dialback(id, to, from) - return sha256_hash(id..to..from..dialback_secret, true); + return sha256_hash(id..to..from..hosts[from].dialback_secret, true); end function verify_dialback(id, to, from, key) @@ -498,9 +504,32 @@ function mark_connected(session) end end -local function null_data_handler(conn, data) log("debug", "Discarding data from destroyed s2s session: %s", data); end +local resting_session = { -- Resting, not dead + destroyed = true; + type = "s2s_destroyed"; + open_stream = function (session) + session.log("debug", "Attempt to open stream on resting session"); + end; + close = function (session) + session.log("debug", "Attempt to close already-closed session"); + end; + }; resting_session.__index = resting_session; + +function retire_session(session) + local log = session.log or log; + for k in pairs(session) do + if k ~= "trace" and k ~= "log" and k ~= "id" then + session[k] = nil; + end + end + + function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end + function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end + return setmetatable(session, resting_session); +end function destroy_session(session, reason) + if session.destroyed then return; end (session.log or log)("info", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host)); if session.direction == "outgoing" then @@ -510,12 +539,7 @@ function destroy_session(session, reason) incoming_s2s[session] = nil; end - for k in pairs(session) do - if k ~= "trace" then - session[k] = nil; - end - end - session.data = null_data_handler; + retire_session(session); -- Clean session until it is GC'd end return _M; diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index ad4ad0c9..6e771a84 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -8,7 +8,7 @@ -local tonumber, tostring = tonumber, tostring; +local tonumber, tostring, setmetatable = tonumber, tostring, setmetatable; local ipairs, pairs, print, next= ipairs, pairs, print, next; local format = import("string", "format"); @@ -50,8 +50,8 @@ function new_session(conn) open_sessions = open_sessions + 1; log("debug", "open sessions now: ".. open_sessions); local w = conn.write; - session.send = function (t) w(tostring(t)); end - session.ip = conn.ip(); + session.send = function (t) w(conn, tostring(t)); end + session.ip = conn:ip(); local conn_name = "c2s"..tostring(conn):match("[a-f0-9]+$"); session.log = logger.init(conn_name); @@ -66,31 +66,46 @@ function new_session(conn) return session; end -local function null_data_handler(conn, data) log("debug", "Discarding data from destroyed c2s session: %s", data); end +local resting_session = { -- Resting, not dead + destroyed = true; + type = "c2s_destroyed"; + close = function (session) + session.log("debug", "Attempt to close already-closed session"); + end; + }; resting_session.__index = resting_session; + +function retire_session(session) + local log = session.log or log; + for k in pairs(session) do + if k ~= "trace" and k ~= "log" and k ~= "id" then + session[k] = nil; + end + end + + function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end + function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end + return setmetatable(session, resting_session); +end function destroy_session(session, err) (session.log or log)("info", "Destroying session for %s (%s@%s)", session.full_jid or "(unknown)", session.username or "(unknown)", session.host or "(unknown)"); + if session.destroyed then return; end -- Remove session/resource from user's session list if session.full_jid then - hosts[session.host].events.fire_event("resource-unbind", {session=session, error=err}); - hosts[session.host].sessions[session.username].sessions[session.resource] = nil; full_sessions[session.full_jid] = nil; - + if not next(hosts[session.host].sessions[session.username].sessions) then log("debug", "All resources of %s are now offline", session.username); hosts[session.host].sessions[session.username] = nil; bare_sessions[session.username..'@'..session.host] = nil; end + + hosts[session.host].events.fire_event("resource-unbind", {session=session, error=err}); end - for k in pairs(session) do - if k ~= "trace" then - session[k] = nil; - end - end - session.data = null_data_handler; + retire_session(session); end function make_authenticated(session, username) @@ -168,7 +183,12 @@ end function streamopened(session, attr) local send = session.send; - session.host = attr.to or error("Client failed to specify destination hostname"); + session.host = attr.to; + if not session.host then + session:close{ condition = "improper-addressing", + text = "A 'to' attribute is required on stream headers" }; + return; + end session.host = nameprep(session.host); session.version = tonumber(attr.version) or 0; session.streamid = uuid_generate(); @@ -193,6 +213,7 @@ function streamopened(session, attr) end local features = st.stanza("stream:features"); + hosts[session.host].events.fire_event("stream-features", { origin = session, features = features }); fire_event("stream-features", session, features); send(features); @@ -200,8 +221,8 @@ function streamopened(session, attr) end function streamclosed(session) - session.send("</stream:stream>"); - session.notopen = true; + session.log("debug", "Received </stream:stream>"); + session:close(); end function send_to_available_resources(user, host, stanza) diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 7ebfb2bb..d6dd5306 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -123,7 +123,7 @@ function core_post_stanza(origin, stanza, preevents) local node, host, resource = jid_split(to); local to_bare = node and (node.."@"..host) or host; -- bare JID - local to_type; + local to_type, to_self; if node then if resource then to_type = '/full'; @@ -131,6 +131,7 @@ function core_post_stanza(origin, stanza, preevents) to_type = '/bare'; if node == origin.username and host == origin.host then stanza.attr.to = nil; + to_self = true; end end else @@ -138,6 +139,7 @@ function core_post_stanza(origin, stanza, preevents) to_type = '/host'; else to_type = '/bare'; + to_self = true; end end @@ -148,6 +150,7 @@ function core_post_stanza(origin, stanza, preevents) local h = hosts[to_bare] or hosts[host or origin.host]; if h then if h.events.fire_event(stanza.name..to_type, event_data) then return; end -- do processing + if to_self and h.events.fire_event(stanza.name..'/self', event_data) then return; end -- do processing if h.type == "component" then component_handle_stanza(origin, stanza); @@ -179,7 +182,7 @@ function core_route_stanza(origin, stanza) local xmlns = stanza.attr.xmlns; --stanza.attr.xmlns = "jabber:server"; stanza.attr.xmlns = nil; - log("debug", "sending s2s stanza: %s", tostring(stanza)); + log("debug", "sending s2s stanza: %s", tostring(stanza.top_tag and stanza:top_tag()) or stanza); send_s2s(origin.host, host, stanza); -- TODO handle remote routing errors stanza.attr.xmlns = xmlns; -- reset else diff --git a/core/usermanager.lua b/core/usermanager.lua index 6b19b651..8d7270c2 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -14,11 +14,15 @@ local ipairs = ipairs; local hashes = require "util.hashes"; local jid_bare = require "util.jid".bare; local config = require "core.configmanager"; +local hosts = hosts; module "usermanager" +local function is_cyrus(host) return config.get(host, "core", "sasl_backend") == "cyrus"; end + function validate_credentials(host, username, password, method) log("debug", "User '%s' is being validated", username); + if is_cyrus(host) then return nil, "Legacy auth not supported with Cyrus SASL."; end local credentials = datamanager.load(username, host, "accounts") or {}; if method == nil then method = "PLAIN"; end @@ -48,14 +52,26 @@ function validate_credentials(host, username, password, method) end function get_password(username, host) - return (datamanager.load(username, host, "accounts") or {}).password + if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end + return (datamanager.load(username, host, "accounts") or {}).password +end +function set_password(username, host, password) + if is_cyrus(host) then return nil, "Passwords unavailable for Cyrus SASL."; end + local account = datamanager.load(username, host, "accounts"); + if account then + account.password = password; + return datamanager.store(username, host, "accounts", account); + end + return nil, "Account not available."; end function user_exists(username, host) + if is_cyrus(host) then return true; end return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials end function create_user(username, password, host) + if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end return datamanager.store(username, host, "accounts", {password = password}); end diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index c6684305..b7992f77 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -12,8 +12,6 @@ require "util.stanza" local st = stanza; local tostring = tostring; -local pairs = pairs; -local ipairs = ipairs; local t_insert = table.insert; local t_concat = table.concat; @@ -24,103 +22,92 @@ local error = error; module "xmlhandlers" local ns_prefixes = { - ["http://www.w3.org/XML/1998/namespace"] = "xml"; - } + ["http://www.w3.org/XML/1998/namespace"] = "xml"; +}; + +local xmlns_streams = "http://etherx.jabber.org/streams"; + +local ns_separator = "\1"; +local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$"; function init_xmlhandlers(session, stream_callbacks) - local ns_stack = { "" }; - local curr_tag; - local chardata = {}; - local xml_handlers = {}; - local log = session.log or default_log; - - local cb_streamopened = stream_callbacks.streamopened; - local cb_streamclosed = stream_callbacks.streamclosed; - local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end; - local cb_handlestanza = stream_callbacks.handlestanza; - - local stream_tag = stream_callbacks.stream_tag; - local stream_default_ns = stream_callbacks.default_ns; - - local stanza - function xml_handlers:StartElement(tagname, attr) - if stanza and #chardata > 0 then - -- We have some character data in the buffer - stanza:text(t_concat(chardata)); - chardata = {}; - end - local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$"); - if name == "" then - curr_ns, name = "", curr_ns; - end + local chardata = {}; + local xml_handlers = {}; + local log = session.log or default_log; + + local cb_streamopened = stream_callbacks.streamopened; + local cb_streamclosed = stream_callbacks.streamclosed; + local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end; + local cb_handlestanza = stream_callbacks.handlestanza; + + local stream_ns = stream_callbacks.stream_ns or xmlns_streams; + local stream_tag = stream_ns..ns_separator..(stream_callbacks.stream_tag or "stream"); + local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error"); + + local stream_default_ns = stream_callbacks.default_ns; + + local stanza; + function xml_handlers:StartElement(tagname, attr) + if stanza and #chardata > 0 then + -- We have some character data in the buffer + stanza:text(t_concat(chardata)); + chardata = {}; + end + local curr_ns,name = tagname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end - if curr_ns ~= stream_default_ns then - attr.xmlns = curr_ns; - end - - -- FIXME !!!!! - for i=1,#attr do - local k = attr[i]; - attr[i] = nil; - local ns, nm = k:match("^([^\1]*)\1?(.*)$"); - if nm ~= "" then - ns = ns_prefixes[ns]; - if ns then - attr[ns..":"..nm] = attr[k]; - attr[k] = nil; - end - end - end - - if not stanza then --if we are not currently inside a stanza - if session.notopen then - if tagname == stream_tag then - if cb_streamopened then - cb_streamopened(session, attr); - end - else - -- Garbage before stream? - cb_error(session, "no-stream"); - end - return; - end - if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then - cb_error(session, "invalid-top-level-element"); - end - - stanza = st.stanza(name, attr); - curr_tag = stanza; - else -- we are inside a stanza, so add a tag - attr.xmlns = nil; - if curr_ns ~= stream_default_ns then - attr.xmlns = curr_ns; - end - stanza:tag(name, attr); - end + if curr_ns ~= stream_default_ns then + attr.xmlns = curr_ns; end - function xml_handlers:CharacterData(data) - if stanza then - t_insert(chardata, data); + + -- FIXME !!!!! + for i=1,#attr do + local k = attr[i]; + attr[i] = nil; + local ns, nm = k:match(ns_pattern); + if nm ~= "" then + ns = ns_prefixes[ns]; + if ns then + attr[ns..":"..nm] = attr[k]; + attr[k] = nil; + end end end - function xml_handlers:EndElement(tagname) - local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$"); - if name == "" then - curr_ns, name = "", curr_ns; - end - if (not stanza) or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then + + if not stanza then --if we are not currently inside a stanza + if session.notopen then if tagname == stream_tag then - if cb_streamclosed then - cb_streamclosed(session); + if cb_streamopened then + cb_streamopened(session, attr); end - elseif name == "error" then - cb_error(session, "stream-error", stanza); else - cb_error(session, "parse-error", "unexpected-element-close", name); + -- Garbage before stream? + cb_error(session, "no-stream"); end - stanza, chardata = nil, {}; return; end + if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then + cb_error(session, "invalid-top-level-element"); + end + + stanza = st.stanza(name, attr); + else -- we are inside a stanza, so add a tag + attr.xmlns = nil; + if curr_ns ~= stream_default_ns then + attr.xmlns = curr_ns; + end + stanza:tag(name, attr); + end + end + function xml_handlers:CharacterData(data) + if stanza then + t_insert(chardata, data); + end + end + function xml_handlers:EndElement(tagname) + if stanza then if #chardata > 0 then -- We have some character data in the buffer stanza:text(t_concat(chardata)); @@ -128,12 +115,30 @@ function init_xmlhandlers(session, stream_callbacks) end -- Complete stanza if #stanza.last_add == 0 then - cb_handlestanza(session, stanza); + if tagname ~= stream_error_tag then + cb_handlestanza(session, stanza); + else + cb_error(session, "stream-error", stanza); + end stanza = nil; else stanza:up(); end + else + if tagname == stream_tag then + if cb_streamclosed then + cb_streamclosed(session); + end + else + local curr_ns,name = tagname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + cb_error(session, "parse-error", "unexpected-element-close", name); + end + stanza, chardata = nil, {}; end + end return xml_handlers; end diff --git a/doc/lxmppd_core_rostermanager.txt b/doc/lxmppd_core_rostermanager.txt deleted file mode 100644 index 4f501158..00000000 --- a/doc/lxmppd_core_rostermanager.txt +++ /dev/null @@ -1,9 +0,0 @@ -lxmppd -> core -> rostermanager.lua - requires "util.datamanager" - module "rostermanager" - -function log(type, message) - logs a message of type "rostermanager" - -function getroster(username, host) - Retrieves the user's roster from the server and loads it with the datamanager
\ No newline at end of file diff --git a/doc/lxmppd_core_stanz_dispatch.txt b/doc/lxmppd_core_stanz_dispatch.txt deleted file mode 100644 index 15bb730b..00000000 --- a/doc/lxmppd_core_stanz_dispatch.txt +++ /dev/null @@ -1,27 +0,0 @@ -lxmppd -> core -> stanza_dispatch - requires "util.stanza" - requires "core.usermanager" - -function init_stanza_dispatcher(session) - Initialises the stanza dispatcher which handles different stanza according - to their type and XML namespace, dispatching to required handlers. - - iq_handlers["jabber:iq:auth"] - A list of handlers for "jabber:iq:auth" stanzas -- authentication - (request) stanzas. - - function (stanza) - If one of username, password and resource are missing then it ????. - If not, then it validates the credentials and replies with the - appropriate stanza. - - iq_handlers["jabber:iq:roster"] - A list of handlers for "jabber:iq:roster" stanzas -- roster management - - function (stanza) - Parses the type of stanza for roster management and does what is - requested (roster retrieval, etc.) - - function (stanza) - Validates the stanza and calls the required handler - diff --git a/man/prosodyctl.man b/man/prosodyctl.man index 44a84145..6dcb04cd 100644 --- a/man/prosodyctl.man +++ b/man/prosodyctl.man @@ -49,6 +49,10 @@ will block for up to five seconds to wait for the server to execute. Stops the \fBprosody\fP server daemon. This operation will block for up to five seconds to wait for the server to stop executing. +.IP \fBrestart\fP +Restarts the \fBprosody\fP server daemon. Equivalent to running \fBprosodyctl +stop\fP followed by \fBprosodyctl start\fP. + .IP \fBstatus\fP Prints the current execution status of the \fBprosody\fP server daemon. diff --git a/net/adns.lua b/net/adns.lua index 5d5a2256..88d4b4b3 100644 --- a/net/adns.lua +++ b/net/adns.lua @@ -14,6 +14,8 @@ local log = require "util.logger".init("adns"); local t_insert, t_remove = table.insert, table.remove; local coroutine, tostring, pcall = coroutine, tostring, pcall; +local function dummy_send(sock, data, i, j) return (j-i)+1; end + module "adns" function lookup(handler, qname, qtype, qclass) @@ -43,35 +45,39 @@ function cancel(handle, call_handler) end function new_async_socket(sock, resolver) - local newconn, peername = {}, "<unknown>"; + local peername = "<unknown>"; local listener = {}; - function listener.incoming(conn, data) - dns.feed(sock, data); - end - function listener.disconnect(conn, err) - log("warn", "DNS socket for %s disconnected: %s", peername, err); - local servers = resolver.server; - if resolver.socketset[newconn.handler] == resolver.best_server and resolver.best_server == #servers then - log("error", "Exhausted all %d configured DNS servers, next lookup will try %s again", #servers, servers[1]); + local handler = {}; + function listener.onincoming(conn, data) + if data then + dns.feed(handler, data); end + end + function listener.ondisconnect(conn, err) + if err then + log("warn", "DNS socket for %s disconnected: %s", peername, err); + local servers = resolver.server; + if resolver.socketset[conn] == resolver.best_server and resolver.best_server == #servers then + log("error", "Exhausted all %d configured DNS servers, next lookup will try %s again", #servers, servers[1]); + end - resolver:servfail(conn); -- Let the magic commence + resolver:servfail(conn); -- Let the magic commence + end end - newconn.handler, newconn._socket = server.wrapclient(sock, "dns", 53, listener); - if not newconn.handler then + handler = server.wrapclient(sock, "dns", 53, listener); + if not handler then log("warn", "handler is nil"); end - if not newconn._socket then - log("warn", "socket is nil"); - end - newconn.handler.settimeout = function () end - newconn.handler.setsockname = function (_, ...) return sock:setsockname(...); end - newconn.handler.setpeername = function (_, ...) peername = (...); local ret = sock:setpeername(...); _.setsend(sock.send); return ret; end - newconn.handler.connect = function (_, ...) return sock:connect(...) end - newconn.handler.send = function (_, data) _.write(data); return _.sendbuffer(); end - return newconn.handler; + + handler.settimeout = function () end + handler.setsockname = function (_, ...) return sock:setsockname(...); end + handler.setpeername = function (_, ...) peername = (...); local ret = sock:setpeername(...); _:set_send(dummy_send); return ret; end + handler.connect = function (_, ...) return sock:connect(...) end + --handler.send = function (_, data) _:write(data); return _.sendbuffer and _.sendbuffer(); end + handler.send = function (_, data) return sock:send(data); end + return handler; end -dns:socket_wrapper_set(new_async_socket); +dns.socket_wrapper_set(new_async_socket); return _M; diff --git a/net/connlisteners.lua b/net/connlisteners.lua index 2bc591ac..93dce8b3 100644 --- a/net/connlisteners.lua +++ b/net/connlisteners.lua @@ -53,17 +53,17 @@ function start(name, udata) error("No such connection module: "..name.. (err and (" ("..err..")") or ""), 0); end - if udata then - if (udata.type == "ssl" or udata.type == "tls") and not udata.ssl then - error("No SSL context supplied for a "..tostring(udata.type):upper().." connection!", 0); - elseif udata.ssl and udata.type == "tcp" then - error("SSL context supplied for a TCP connection!", 0); - end + local interface = (udata and udata.interface) or h.default_interface or "*"; + local port = (udata and udata.port) or h.default_port or error("Can't start listener "..name.." because no port was specified, and it has no default port", 0); + local mode = (udata and udata.mode) or h.default_mode or 1; + local ssl = (udata and udata.ssl) or nil; + local autossl = udata and udata.type == "ssl"; + + if autossl and not ssl then + return nil, "no ssl context"; end - return server.addserver(h, - (udata and udata.port) or h.default_port or error("Can't start listener "..name.." because no port was specified, and it has no default port", 0), - (udata and udata.interface) or h.default_interface or "*", (udata and udata.mode) or h.default_mode or 1, (udata and udata.ssl) or nil, 99999999, udata and udata.type == "ssl"); + return server.addserver(interface, port, h, mode, autossl and ssl or nil); end return _M; diff --git a/net/dns.lua b/net/dns.lua index 1b5321af..020a0ae8 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -532,14 +532,19 @@ function resolver:adddefaultnameservers() -- - - - - adddefaultnameservers if not self.server or #self.server == 0 then -- TODO log warning about no nameservers, adding opendns servers as fallback self:addnameserver("208.67.222.222"); - self:addnameserver("208.67.220.220") ; + self:addnameserver("208.67.220.220"); end else -- posix local resolv_conf = io.open("/etc/resolv.conf"); if resolv_conf then for line in resolv_conf:lines() do - local address = line:gsub("#.*$", ""):match('^%s*nameserver%s+(%d+%.%d+%.%d+%.%d+)%s*$'); - if address then self:addnameserver(address) end + line = line:gsub("#.*$", "") + :match('^%s*nameserver%s+(.*)%s*$'); + if line then + line:gsub("%f[%d.](%d+%.%d+%.%d+%.%d+)%f[^%d.]", function (address) + self:addnameserver(address) + end); + end end end if not self.server or #self.server == 0 then @@ -727,7 +732,7 @@ function resolver:receive(rset) -- - - - - - - - - - - - - - - - - receive local packet = sock:receive(); if packet then response = self:decode(packet); - if response and self.active[response.header.id] + if response and self.active[response.header.id] and self.active[response.header.id][response.question.raw] then --print('received response'); --self.print(response); @@ -796,7 +801,7 @@ function resolver:feed(sock, packet) set(self.wanted, q.class, q.type, q.name, nil); end end - end + end return response; end @@ -846,7 +851,14 @@ end function resolver:lookup(qname, qtype, qclass) -- - - - - - - - - - lookup self:query (qname, qtype, qclass) - while self:pulse() do socket.select(self.socket, nil, 4); end + while self:pulse() do + local recvt = {} + local i, s + for i, s in ipairs(self.socket) do + recvt[i] = s.socket() + end + socket.select(recvt, nil, 4) + end --print(self.cache); return self:peek(qname, qtype, qclass); end @@ -913,11 +925,6 @@ end -- module api ------------------------------------------------------ module api -local function resolve(func, ...) -- - - - - - - - - - - - - - resolver_get - return func(dns._resolver, ...); -end - - function dns.resolver () -- - - - - - - - - - - - - - - - - - - - - resolver -- this function seems to be redundant with resolver.new () @@ -928,37 +935,35 @@ function dns.resolver () -- - - - - - - - - - - - - - - - - - - - - resolver return r; end +local _resolver = dns.resolver(); +dns._resolver = _resolver; function dns.lookup(...) -- - - - - - - - - - - - - - - - - - - - - lookup - return resolve(resolver.lookup, ...); + return _resolver:lookup(...); end - function dns.purge(...) -- - - - - - - - - - - - - - - - - - - - - - purge - return resolve(resolver.purge, ...); + return _resolver:purge(...); end function dns.peek(...) -- - - - - - - - - - - - - - - - - - - - - - - peek - return resolve(resolver.peek, ...); + return _resolver:peek(...); end - function dns.query(...) -- - - - - - - - - - - - - - - - - - - - - - query - return resolve(resolver.query, ...); + return _resolver:query(...); end -function dns.feed(...) -- - - - - - - - - - - - - - - - - - - - - - feed - return resolve(resolver.feed, ...); +function dns.feed(...) -- - - - - - - - - - - - - - - - - - - - - - - feed + return _resolver:feed(...); end -function dns.cancel(...) -- - - - - - - - - - - - - - - - - - - - - - cancel - return resolve(resolver.cancel, ...); +function dns.cancel(...) -- - - - - - - - - - - - - - - - - - - - - - cancel + return _resolver:cancel(...); end -function dns:socket_wrapper_set(...) -- - - - - - - - - socket_wrapper_set - return resolve(resolver.socket_wrapper_set, ...); +function dns.socket_wrapper_set(...) -- - - - - - - - - socket_wrapper_set + return _resolver:socket_wrapper_set(...); end -dns._resolver = dns.resolver(); - return dns; diff --git a/net/http.lua b/net/http.lua index 09777165..0634d773 100644 --- a/net/http.lua +++ b/net/http.lua @@ -17,11 +17,10 @@ local connlisteners_get = require "net.connlisteners".get; local listener = connlisteners_get("httpclient") or error("No httpclient listener!"); local t_insert, t_concat = table.insert, table.concat; -local tonumber, tostring, pairs, xpcall, select, debug_traceback, char, format = +local tonumber, tostring, pairs, xpcall, select, debug_traceback, char, format = tonumber, tostring, pairs, xpcall, select, debug.traceback, string.char, string.format; local log = require "util.logger".init("http"); -local print = function () end module "http" @@ -51,7 +50,7 @@ local function request_reader(request, data, startpos) return; end if request.state == "body" and request.state ~= "completed" then - print("Reading body...") + log("debug", "Reading body...") if not request.body then request.body = {}; request.havebodylength, request.bodylength = 0, tonumber(request.responseheaders["content-length"]); end if startpos then data = data:sub(startpos, -1) @@ -68,11 +67,11 @@ local function request_reader(request, data, startpos) request.body = nil; request.state = "completed"; else - print("", "Have "..request.havebodylength.." bytes out of "..request.bodylength); + log("debug", "Have "..request.havebodylength.." bytes out of "..request.bodylength); end end elseif request.state == "headers" then - print("Reading headers...") + log("debug", "Reading headers...") local pos = startpos; local headers, headers_complete = request.responseheaders; if not headers then @@ -84,12 +83,12 @@ local function request_reader(request, data, startpos) local k, v = line:match("(%S+): (.+)"); if k and v then headers[k:lower()] = v; - --print("Header: "..k:lower().." = "..v); + --log("debug", "Header: "..k:lower().." = "..v); elseif #line == 0 then headers_complete = true; break; else - print("Unhandled header line: "..line); + log("warn", "Unhandled header line: "..line); end end if not headers_complete then return; end @@ -103,7 +102,7 @@ local function request_reader(request, data, startpos) return request_reader(request, data, startpos); end elseif request.state == "status" then - print("Reading status...") + log("debug", "Reading status...") local http, code, text, linelen = data:match("^HTTP/(%S+) (%d+) (.-)\r\n()", startpos); code = tonumber(code); if not code then @@ -165,7 +164,7 @@ function request(u, ex, callback) end req.handler, req.conn = server.wrapclient(socket.tcp(), req.host, req.port or 80, listener, "*a"); - req.write = req.handler.write; + req.write = function (...) return req.handler:write(...); end req.conn:settimeout(0); local ok, err = req.conn:connect(req.host, req.port or 80); if not ok and err ~= "timeout" then @@ -212,8 +211,9 @@ end function destroy_request(request) if request.conn then - request.handler.close() - listener.disconnect(request.handler, "closed"); + request.conn = nil; + request.handler:close() + listener.ondisconnect(request.handler, "closed"); end end diff --git a/net/httpclient_listener.lua b/net/httpclient_listener.lua index 0fbcd928..dfa25062 100644 --- a/net/httpclient_listener.lua +++ b/net/httpclient_listener.lua @@ -15,7 +15,7 @@ local buffers = {}; -- Buffers of partial lines local httpclient = { default_port = 80, default_mode = "*a" }; -function httpclient.listener(conn, data) +function httpclient.onincoming(conn, data) local request = requests[conn]; if not request then @@ -28,7 +28,7 @@ function httpclient.listener(conn, data) end end -function httpclient.disconnect(conn, err) +function httpclient.ondisconnect(conn, err) local request = requests[conn]; if request and err ~= "closed" then request:reader(nil); diff --git a/net/httpserver.lua b/net/httpserver.lua index d3f6a276..59ddbb12 100644 --- a/net/httpserver.lua +++ b/net/httpserver.lua @@ -39,40 +39,35 @@ local function send_response(request, response) if response.body or response.headers then local body = response.body and tostring(response.body); log("debug", "Sending response to %s", request.id); - resp = { "HTTP/1.0 ", response.status or "200 OK", "\r\n"}; + resp = { "HTTP/1.0 "..(response.status or "200 OK").."\r\n" }; local h = response.headers; if h then for k, v in pairs(h) do - t_insert(resp, k); - t_insert(resp, ": "); - t_insert(resp, v); - t_insert(resp, "\r\n"); + t_insert(resp, k..": "..v.."\r\n"); end end if body and not (h and h["Content-Length"]) then - t_insert(resp, "Content-Length: "); - t_insert(resp, #body); - t_insert(resp, "\r\n"); + t_insert(resp, "Content-Length: "..#body.."\r\n"); end t_insert(resp, "\r\n"); if body and request.method ~= "HEAD" then t_insert(resp, body); end + request.write(t_concat(resp)); else -- Response we have is just a string (the body) log("debug", "Sending 200 response to %s", request.id or "<none>"); - resp = { "HTTP/1.0 200 OK\r\n" }; - t_insert(resp, "Connection: close\r\n"); - t_insert(resp, "Content-Type: text/html\r\n"); - t_insert(resp, "Content-Length: "); - t_insert(resp, #response); - t_insert(resp, "\r\n\r\n"); + local resp = "HTTP/1.0 200 OK\r\n" + .. "Connection: close\r\n" + .. "Content-Type: text/html\r\n" + .. "Content-Length: "..#response.."\r\n" + .. "\r\n" + .. response; - t_insert(resp, response); + request.write(resp); end - request.write(t_concat(resp)); if not request.stayopen then request:destroy(); end @@ -193,7 +188,7 @@ local function request_reader(request, data, startpos) request.url = url_parse(request.path); - log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler.serverport()); + log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler:serverport()); if request.onlystatus then if not call_callback(request) then @@ -211,17 +206,17 @@ end -- The default handler for requests default_handler = function (method, body, request) - log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler.serverport()); - return { status = "404 Not Found", + log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler:serverport()); + return { status = "404 Not Found", headers = { ["Content-Type"] = "text/html" }, body = "<html><head><title>Page Not Found</title></head><body>Not here :(</body></html>" }; end function new_request(handler) - return { handler = handler, conn = handler.socket, - write = handler.write, state = "request", - server = http_servers[handler.serverport()], + return { handler = handler, conn = handler, + write = function (...) return handler:write(...); end, state = "request", + server = http_servers[handler:serverport()], send = send_response, destroy = destroy_request, id = tostring{}:match("%x+$") @@ -239,9 +234,9 @@ function destroy_request(request) else log("debug", "Request has no destroy callback"); end - request.handler.close() + request.handler:close() if request.conn then - listener.disconnect(request.handler, "closed"); + listener.ondisconnect(request.conn, "closed"); end end end diff --git a/net/httpserver_listener.lua b/net/httpserver_listener.lua index d7d9b3dc..dd14b43c 100644 --- a/net/httpserver_listener.lua +++ b/net/httpserver_listener.lua @@ -16,7 +16,7 @@ local requests = {}; -- Open requests local httpserver = { default_port = 80, default_mode = "*a" }; -function httpserver.listener(conn, data) +function httpserver.onincoming(conn, data) local request = requests[conn]; if not request then @@ -24,7 +24,7 @@ function httpserver.listener(conn, data) requests[conn] = request; -- If using HTTPS, request is secure - if conn.ssl() then + if conn:ssl() then request.secure = true; end end @@ -34,7 +34,7 @@ function httpserver.listener(conn, data) end end -function httpserver.disconnect(conn, err) +function httpserver.ondisconnect(conn, err) local request = requests[conn]; if request and not request.destroyed then request.conn = nil; diff --git a/net/multiplex_listener.lua b/net/multiplex_listener.lua new file mode 100644 index 00000000..bf193ad8 --- /dev/null +++ b/net/multiplex_listener.lua @@ -0,0 +1,46 @@ + +local connlisteners_register = require "net.connlisteners".register; +local connlisteners_get = require "net.connlisteners".get; + +local httpserver_listener = connlisteners_get("httpserver"); +local xmppserver_listener = connlisteners_get("xmppserver"); +local xmppclient_listener = connlisteners_get("xmppclient"); +local xmppcomponent_listener = connlisteners_get("xmppcomponent"); + +local server = { default_mode = "*a" }; + +local buffer = {}; + +function server.onincoming(conn, data) + if not data then return; end + local buf = buffer[conn]; + buffer[conn] = nil; + buf = buf and buf..data or data; + if buf:match("^[a-zA-Z]") then + local listener = httpserver_listener; + conn:setlistener(listener); + listener.onincoming(conn, buf); + elseif buf:match(">") then + local listener; + local xmlns = buf:match("%sxmlns%s*=%s*['\"]([^'\"]*)"); + if xmlns == "jabber:server" then + listener = xmppserver_listener; + elseif xmlns == "jabber:component:accept" then + listener = xmppcomponent_listener; + else + listener = xmppclient_listener; + end + conn:setlistener(listener); + listener.onincoming(conn, buf); + elseif #buf > 1024 then + conn:close(); + else + buffer[conn] = buf; + end +end + +function server.ondisconnect(conn, err) + buffer[conn] = nil; -- warn if no buffer? +end + +connlisteners_register("multiplex", server); diff --git a/net/server.lua b/net/server.lua index 61e3104f..e0d4b85a 100644 --- a/net/server.lua +++ b/net/server.lua @@ -1,914 +1,56 @@ ---
--- server.lua by blastbeat of the luadch project
--- Re-used here under the MIT/X Consortium License
---
--- Modifications (C) 2008-2010 Matthew Wild, Waqas Hussain
---
-
--- // wrapping luadch stuff // --
-
-local use = function( what )
- return _G[ what ]
-end
-local clean = function( tbl )
- for i, k in pairs( tbl ) do
- tbl[ i ] = nil
- end
-end
-
-local log, table_concat = require ("util.logger").init("socket"), table.concat;
-local out_put = function (...) return log("debug", table_concat{...}); end
-local out_error = function (...) return log("warn", table_concat{...}); end
-local mem_free = collectgarbage
-
-----------------------------------// DECLARATION //--
-
---// constants //--
-
-local STAT_UNIT = 1 -- byte
-
---// lua functions //--
-
-local type = use "type"
-local pairs = use "pairs"
-local ipairs = use "ipairs"
-local tostring = use "tostring"
-local collectgarbage = use "collectgarbage"
-
---// lua libs //--
-
-local os = use "os"
-local table = use "table"
-local string = use "string"
-local coroutine = use "coroutine"
-
---// lua lib methods //--
-
-local os_time = os.time
-local os_difftime = os.difftime
-local table_concat = table.concat
-local table_remove = table.remove
-local string_len = string.len
-local string_sub = string.sub
-local coroutine_wrap = coroutine.wrap
-local coroutine_yield = coroutine.yield
-
---// extern libs //--
-
-local luasec = select( 2, pcall( require, "ssl" ) )
-local luasocket = require "socket"
-
---// extern lib methods //--
-
-local ssl_wrap = ( luasec and luasec.wrap )
-local socket_bind = luasocket.bind
-local socket_sleep = luasocket.sleep
-local socket_select = luasocket.select
-local ssl_newcontext = ( luasec and luasec.newcontext )
-
---// functions //--
-
-local id
-local loop
-local stats
-local idfalse
-local addtimer
-local closeall
-local addserver
-local getserver
-local wrapserver
-local getsettings
-local closesocket
-local removesocket
-local removeserver
-local changetimeout
-local wrapconnection
-local changesettings
-
---// tables //--
-
-local _server
-local _readlist
-local _timerlist
-local _sendlist
-local _socketlist
-local _closelist
-local _readtimes
-local _writetimes
-
---// simple data types //--
-
-local _
-local _readlistlen
-local _sendlistlen
-local _timerlistlen
-
-local _sendtraffic
-local _readtraffic
-
-local _selecttimeout
-local _sleeptime
-
-local _starttime
-local _currenttime
-
-local _maxsendlen
-local _maxreadlen
-
-local _checkinterval
-local _sendtimeout
-local _readtimeout
-
-local _cleanqueue
-
-local _timer
-
-local _maxclientsperserver
-
-----------------------------------// DEFINITION //--
-
-_server = { } -- key = port, value = table; list of listening servers
-_readlist = { } -- array with sockets to read from
-_sendlist = { } -- arrary with sockets to write to
-_timerlist = { } -- array of timer functions
-_socketlist = { } -- key = socket, value = wrapped socket (handlers)
-_readtimes = { } -- key = handler, value = timestamp of last data reading
-_writetimes = { } -- key = handler, value = timestamp of last data writing/sending
-_closelist = { } -- handlers to close
-
-_readlistlen = 0 -- length of readlist
-_sendlistlen = 0 -- length of sendlist
-_timerlistlen = 0 -- lenght of timerlist
-
-_sendtraffic = 0 -- some stats
-_readtraffic = 0
-
-_selecttimeout = 1 -- timeout of socket.select
-_sleeptime = 0 -- time to wait at the end of every loop
-
-_maxsendlen = 51000 * 1024 -- max len of send buffer
-_maxreadlen = 25000 * 1024 -- max len of read buffer
-
-_checkinterval = 1200000 -- interval in secs to check idle clients
-_sendtimeout = 60000 -- allowed send idle time in secs
-_readtimeout = 6 * 60 * 60 -- allowed read idle time in secs
-
-_cleanqueue = false -- clean bufferqueue after using
-
-_maxclientsperserver = 1000
-
-_maxsslhandshake = 30 -- max handshake round-trips
-----------------------------------// PRIVATE //--
-
-wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxconnections, startssl ) -- this function wraps a server
-
- maxconnections = maxconnections or _maxclientsperserver
-
- local connections = 0
-
- local dispatch, disconnect = listeners.incoming or listeners.listener, listeners.disconnect
-
- local err
-
- local ssl = false
-
- if sslctx then
- ssl = true
- if not ssl_newcontext then
- out_error "luasec not found"
- ssl = false
- end
- if type( sslctx ) ~= "table" then
- out_error "server.lua: wrong server sslctx"
- ssl = false
- end
- local ctx;
- ctx, err = ssl_newcontext( sslctx )
- if not ctx then
- err = err or "wrong sslctx parameters"
- local file;
- file = err:match("^error loading (.-) %(");
- if file then
- if file == "private key" then
- file = sslctx.key or "your private key";
- elseif file == "certificate" then
- file = sslctx.certificate or "your certificate file";
- end
- local reason = err:match("%((.+)%)$") or "some reason";
- if reason == "Permission denied" then
- reason = "Check that the permissions allow Prosody to read this file.";
- elseif reason == "No such file or directory" then
- reason = "Check that the path is correct, and the file exists.";
- elseif reason == "system lib" then
- reason = "Previous error (see logs), or other system error.";
- else
- reason = "Reason: "..tostring(reason or "unknown"):lower();
- end
- log("error", "SSL/TLS: Failed to load %s: %s", file, reason);
- else
- log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err );
- end
- ssl = false
- end
- sslctx = ctx;
- end
- if not ssl then
- sslctx = false;
- if startssl then
- log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport )
- return nil, "Cannot start ssl, see log for details"
- end
- end
-
- local accept = socket.accept
-
- --// public methods of the object //--
-
- local handler = { }
-
- handler.shutdown = function( ) end
-
- handler.ssl = function( )
- return ssl
- end
- handler.sslctx = function( )
- return sslctx
- end
- handler.remove = function( )
- connections = connections - 1
- end
- handler.close = function( )
- for _, handler in pairs( _socketlist ) do
- if handler.serverport == serverport then
- handler.disconnect( handler, "server closed" )
- handler.close( true )
- end
- end
- socket:close( )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _socketlist[ socket ] = nil
- handler = nil
- socket = nil
- --mem_free( )
- out_put "server.lua: closed server handler and removed sockets from list"
- end
- handler.ip = function( )
- return ip
- end
- handler.serverport = function( )
- return serverport
- end
- handler.socket = function( )
- return socket
- end
- handler.readbuffer = function( )
- if connections > maxconnections then
- out_put( "server.lua: refused new client connection: server full" )
- return false
- end
- local client, err = accept( socket ) -- try to accept
- if client then
- local ip, clientport = client:getpeername( )
- client:settimeout( 0 )
- local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx, startssl ) -- wrap new client socket
- if err then -- error while wrapping ssl socket
- return false
- end
- connections = connections + 1
- out_put( "server.lua: accepted new client connection from ", tostring(ip), ":", tostring(clientport), " to ", tostring(serverport))
- return dispatch( handler )
- elseif err then -- maybe timeout or something else
- out_put( "server.lua: error with new client connection: ", tostring(err) )
- return false
- end
- end
- return handler
-end
-
-wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx, startssl ) -- this function wraps a client to a handler object
-
- socket:settimeout( 0 )
-
- --// local import of socket methods //--
-
- local send
- local receive
- local shutdown
-
- --// private closures of the object //--
-
- local ssl
-
- local dispatch = listeners.incoming or listeners.listener
- local status = listeners.status
- local disconnect = listeners.disconnect
-
- local bufferqueue = { } -- buffer array
- local bufferqueuelen = 0 -- end of buffer array
-
- local toclose
- local fatalerror
- local needtls
-
- local bufferlen = 0
-
- local noread = false
- local nosend = false
-
- local sendtraffic, readtraffic = 0, 0
-
- local maxsendlen = _maxsendlen
- local maxreadlen = _maxreadlen
-
- --// public methods of the object //--
-
- local handler = bufferqueue -- saves a table ^_^
-
- handler.dispatch = function( )
- return dispatch
- end
- handler.disconnect = function( )
- return disconnect
- end
- handler.setlistener = function( listeners )
- dispatch = listeners.incoming
- disconnect = listeners.disconnect
- end
- handler.getstats = function( )
- return readtraffic, sendtraffic
- end
- handler.ssl = function( )
- return ssl
- end
- handler.sslctx = function ( )
- return sslctx
- end
- handler.send = function( _, data, i, j )
- return send( socket, data, i, j )
- end
- handler.receive = function( pattern, prefix )
- return receive( socket, pattern, prefix )
- end
- handler.shutdown = function( pattern )
- return shutdown( socket, pattern )
- end
- handler.close = function( forced )
- if not handler then return true; end
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _readtimes[ handler ] = nil
- if bufferqueuelen ~= 0 then
- if not ( forced or fatalerror ) then
- handler.sendbuffer( )
- if bufferqueuelen ~= 0 then -- try again...
- if handler then
- handler.write = nil -- ... but no further writing allowed
- end
- toclose = true
- return false
- end
- else
- send( socket, table_concat( bufferqueue, "", 1, bufferqueuelen ), 1, bufferlen ) -- forced send
- end
- end
- if socket then
- _ = shutdown and shutdown( socket )
- socket:close( )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _socketlist[ socket ] = nil
- socket = nil
- else
- out_put "server.lua: socket already closed"
- end
- if handler then
- _writetimes[ handler ] = nil
- _closelist[ handler ] = nil
- handler = nil
- end
- if server then
- server.remove( )
- end
- out_put "server.lua: closed client handler and removed socket from list"
- return true
- end
- handler.ip = function( )
- return ip
- end
- handler.serverport = function( )
- return serverport
- end
- handler.clientport = function( )
- return clientport
- end
- local write = function( data )
- bufferlen = bufferlen + string_len( data )
- if bufferlen > maxsendlen then
- _closelist[ handler ] = "send buffer exceeded" -- cannot close the client at the moment, have to wait to the end of the cycle
- handler.write = idfalse -- dont write anymore
- return false
- elseif socket and not _sendlist[ socket ] then
- _sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
- end
- bufferqueuelen = bufferqueuelen + 1
- bufferqueue[ bufferqueuelen ] = data
- if handler then
- _writetimes[ handler ] = _writetimes[ handler ] or _currenttime
- end
- return true
- end
- handler.write = write
- handler.bufferqueue = function( )
- return bufferqueue
- end
- handler.socket = function( )
- return socket
- end
- handler.pattern = function( new )
- pattern = new or pattern
- return pattern
- end
- handler.setsend = function ( newsend )
- send = newsend or send
- return send
- end
- handler.bufferlen = function( readlen, sendlen )
- maxsendlen = sendlen or maxsendlen
- maxreadlen = readlen or maxreadlen
- return bufferlen, maxreadlen, maxsendlen
- end
- handler.lock = function( switch )
- if switch == true then
- handler.write = idfalse
- local tmp = _sendlistlen
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _writetimes[ handler ] = nil
- if _sendlistlen ~= tmp then
- nosend = true
- end
- tmp = _readlistlen
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _readtimes[ handler ] = nil
- if _readlistlen ~= tmp then
- noread = true
- end
- elseif switch == false then
- handler.write = write
- if noread then
- noread = false
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
- _readtimes[ handler ] = _currenttime
- end
- if nosend then
- nosend = false
- write( "" )
- end
- end
- return noread, nosend
- end
- local _readbuffer = function( ) -- this function reads data
- local buffer, err, part = receive( socket, pattern ) -- receive buffer with "pattern"
- if not err or (err == "wantread" or err == "timeout") or string_len(part) > 0 then -- received something
- local buffer = buffer or part or ""
- local len = string_len( buffer )
- if len > maxreadlen then
- disconnect( handler, "receive buffer exceeded" )
- handler.close( true )
- return false
- end
- local count = len * STAT_UNIT
- readtraffic = readtraffic + count
- _readtraffic = _readtraffic + count
- _readtimes[ handler ] = _currenttime
- --out_put( "server.lua: read data '", buffer:gsub("[^%w%p ]", "."), "', error: ", err )
- return dispatch( handler, buffer, err )
- else -- connections was closed or fatal error
- out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " read error: ", tostring(err) )
- fatalerror = true
- disconnect( handler, err )
- _ = handler and handler.close( )
- return false
- end
- end
- local _sendbuffer = function( ) -- this function sends data
- local succ, err, byte, buffer, count;
- local count;
- if socket then
- buffer = table_concat( bufferqueue, "", 1, bufferqueuelen )
- succ, err, byte = send( socket, buffer, 1, bufferlen )
- count = ( succ or byte or 0 ) * STAT_UNIT
- sendtraffic = sendtraffic + count
- _sendtraffic = _sendtraffic + count
- _ = _cleanqueue and clean( bufferqueue )
- --out_put( "server.lua: sended '", buffer, "', bytes: ", tostring(succ), ", error: ", tostring(err), ", part: ", tostring(byte), ", to: ", tostring(ip), ":", tostring(clientport) )
- else
- succ, err, count = false, "closed", 0;
- end
- if succ then -- sending succesful
- bufferqueuelen = 0
- bufferlen = 0
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) -- delete socket from writelist
- _ = needtls and handler.starttls(true)
- _writetimes[ handler ] = nil
- _ = toclose and handler.close( )
- return true
- elseif byte and ( err == "timeout" or err == "wantwrite" ) then -- want write
- buffer = string_sub( buffer, byte + 1, bufferlen ) -- new buffer
- bufferqueue[ 1 ] = buffer -- insert new buffer in queue
- bufferqueuelen = 1
- bufferlen = bufferlen - byte
- _writetimes[ handler ] = _currenttime
- return true
- else -- connection was closed during sending or fatal error
- out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " write error: ", tostring(err) )
- fatalerror = true
- disconnect( handler, err )
- _ = handler and handler.close( )
- return false
- end
- end
-
- -- Set the sslctx
- local handshake;
- function handler.set_sslctx(new_sslctx)
- ssl = true
- sslctx = new_sslctx;
- local wrote
- local read
- handshake = coroutine_wrap( function( client ) -- create handshake coroutine
- local err
- for i = 1, _maxsslhandshake do
- _sendlistlen = ( wrote and removesocket( _sendlist, client, _sendlistlen ) ) or _sendlistlen
- _readlistlen = ( read and removesocket( _readlist, client, _readlistlen ) ) or _readlistlen
- read, wrote = nil, nil
- _, err = client:dohandshake( )
- if not err then
- out_put( "server.lua: ssl handshake done" )
- handler.readbuffer = _readbuffer -- when handshake is done, replace the handshake function with regular functions
- handler.sendbuffer = _sendbuffer
- _ = status and status( handler, "ssl-handshake-complete" )
- _readlistlen = addsocket(_readlist, client, _readlistlen)
- return true
- else
- out_put( "server.lua: error during ssl handshake: ", tostring(err) )
- if err == "wantwrite" and not wrote then
- _sendlistlen = addsocket(_sendlist, client, _sendlistlen)
- wrote = true
- elseif err == "wantread" and not read then
- _readlistlen = addsocket(_readlist, client, _readlistlen)
- read = true
- else
- break;
- end
- --coroutine_yield( handler, nil, err ) -- handshake not finished
- coroutine_yield( )
- end
- end
- disconnect( handler, "ssl handshake failed" )
- _ = handler and handler.close( true ) -- forced disconnect
- return false -- handshake failed
- end
- )
- end
- if sslctx then -- ssl?
- handler.set_sslctx(sslctx);
- if startssl then -- ssl now?
- --out_put("server.lua: ", "starting ssl handshake")
- local err
- socket, err = ssl_wrap( socket, sslctx ) -- wrap socket
- if err then
- out_put( "server.lua: ssl error: ", tostring(err) )
- --mem_free( )
- return nil, nil, err -- fatal error
- end
- socket:settimeout( 0 )
- handler.readbuffer = handshake
- handler.sendbuffer = handshake
- handshake( socket ) -- do handshake
- if not socket then
- return nil, nil, "ssl handshake failed";
- end
- else
- -- We're not automatically doing SSL, so we're not secure (yet)
- ssl = false
- handler.starttls = function( now )
- if not now then
- --out_put "server.lua: we need to do tls, but delaying until later"
- needtls = true
- return
- end
- --out_put( "server.lua: attempting to start tls on " .. tostring( socket ) )
- local oldsocket, err = socket
- socket, err = ssl_wrap( socket, sslctx ) -- wrap socket
- --out_put( "server.lua: sslwrapped socket is " .. tostring( socket ) )
- if err then
- out_put( "server.lua: error while starting tls on client: ", tostring(err) )
- return nil, err -- fatal error
- end
-
- socket:settimeout( 0 )
-
- -- add the new socket to our system
-
- send = socket.send
- receive = socket.receive
- shutdown = id
-
- _socketlist[ socket ] = handler
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
-
- -- remove traces of the old socket
-
- _readlistlen = removesocket( _readlist, oldsocket, _readlistlen )
- _sendlistlen = removesocket( _sendlist, oldsocket, _sendlistlen )
- _socketlist[ oldsocket ] = nil
-
- handler.starttls = nil
- needtls = nil
-
- -- Secure now
- ssl = true
-
- handler.readbuffer = handshake
- handler.sendbuffer = handshake
- handshake( socket ) -- do handshake
- end
- handler.readbuffer = _readbuffer
- handler.sendbuffer = _sendbuffer
- end
- else -- normal connection
- ssl = false
- handler.readbuffer = _readbuffer
- handler.sendbuffer = _sendbuffer
- end
-
- send = socket.send
- receive = socket.receive
- shutdown = ( ssl and id ) or socket.shutdown
-
- _socketlist[ socket ] = handler
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
-
- return handler, socket
-end
-
-id = function( )
-end
-
-idfalse = function( )
- return false
-end
-
-addsocket = function( list, socket, len )
- if not list[ socket ] then
- len = len + 1
- list[ len ] = socket
- list[ socket ] = len
- end
- return len;
-end
-
-removesocket = function( list, socket, len ) -- this function removes sockets from a list ( copied from copas )
- local pos = list[ socket ]
- if pos then
- list[ socket ] = nil
- local last = list[ len ]
- list[ len ] = nil
- if last ~= socket then
- list[ last ] = pos
- list[ pos ] = last
- end
- return len - 1
- end
- return len
-end
-
-closesocket = function( socket )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _socketlist[ socket ] = nil
- socket:close( )
- --mem_free( )
-end
-
-----------------------------------// PUBLIC //--
-
-addserver = function( listeners, port, addr, pattern, sslctx, maxconnections, startssl ) -- this function provides a way for other scripts to reg a server
- local err
- --out_put("server.lua: autossl on ", port, " is ", startssl)
- if type( listeners ) ~= "table" then
- err = "invalid listener table"
- end
- if type( port ) ~= "number" or not ( port >= 0 and port <= 65535 ) then
- err = "invalid port"
- elseif _server[ port ] then
- err = "listeners on port '" .. port .. "' already exist"
- elseif sslctx and not luasec then
- err = "luasec not found"
- end
- if err then
- out_error( "server.lua, port ", port, ": ", err )
- return nil, err
- end
- addr = addr or "*"
- local server, err = socket_bind( addr, port )
- if err then
- out_error( "server.lua, port ", port, ": ", err )
- return nil, err
- end
- local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx, maxconnections, startssl ) -- wrap new server socket
- if not handler then
- server:close( )
- return nil, err
- end
- server:settimeout( 0 )
- _readlistlen = addsocket(_readlist, server, _readlistlen)
- _server[ port ] = handler
- _socketlist[ server ] = handler
- out_put( "server.lua: new server listener on '", addr, ":", port, "'" )
- return handler
-end
-
-getserver = function ( port )
- return _server[ port ];
-end
-
-removeserver = function( port )
- local handler = _server[ port ]
- if not handler then
- return nil, "no server found on port '" .. tostring( port ) .. "'"
- end
- handler.close( )
- _server[ port ] = nil
- return true
-end
-
-closeall = function( )
- for _, handler in pairs( _socketlist ) do
- handler.close( )
- _socketlist[ _ ] = nil
- end
- _readlistlen = 0
- _sendlistlen = 0
- _timerlistlen = 0
- _server = { }
- _readlist = { }
- _sendlist = { }
- _timerlist = { }
- _socketlist = { }
- --mem_free( )
-end
-
-getsettings = function( )
- return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, _cleanqueue, _maxclientsperserver, _maxsslhandshake
-end
-
-changesettings = function( new )
- if type( new ) ~= "table" then
- return nil, "invalid settings table"
- end
- _selecttimeout = tonumber( new.timeout ) or _selecttimeout
- _sleeptime = tonumber( new.sleeptime ) or _sleeptime
- _maxsendlen = tonumber( new.maxsendlen ) or _maxsendlen
- _maxreadlen = tonumber( new.maxreadlen ) or _maxreadlen
- _checkinterval = tonumber( new.checkinterval ) or _checkinterval
- _sendtimeout = tonumber( new.sendtimeout ) or _sendtimeout
- _readtimeout = tonumber( new.readtimeout ) or _readtimeout
- _cleanqueue = new.cleanqueue
- _maxclientsperserver = new._maxclientsperserver or _maxclientsperserver
- _maxsslhandshake = new._maxsslhandshake or _maxsslhandshake
- return true
-end
-
-addtimer = function( listener )
- if type( listener ) ~= "function" then
- return nil, "invalid listener function"
- end
- _timerlistlen = _timerlistlen + 1
- _timerlist[ _timerlistlen ] = listener
- return true
-end
-
-stats = function( )
- return _readtraffic, _sendtraffic, _readlistlen, _sendlistlen, _timerlistlen
-end
-
-local dontstop = true; -- thinking about tomorrow, ...
-
-setquitting = function (quit)
- dontstop = not quit;
- return;
-end
-
-loop = function( ) -- this is the main loop of the program
- while dontstop do
- local read, write, err = socket_select( _readlist, _sendlist, _selecttimeout )
- for i, socket in ipairs( write ) do -- send data waiting in writequeues
- local handler = _socketlist[ socket ]
- if handler then
- handler.sendbuffer( )
- else
- closesocket( socket )
- out_put "server.lua: found no handler and closed socket (writelist)" -- this should not happen
- end
- end
- for i, socket in ipairs( read ) do -- receive data
- local handler = _socketlist[ socket ]
- if handler then
- handler.readbuffer( )
- else
- closesocket( socket )
- out_put "server.lua: found no handler and closed socket (readlist)" -- this can happen
- end
- end
- for handler, err in pairs( _closelist ) do
- handler.disconnect( )( handler, err )
- handler.close( true ) -- forced disconnect
- end
- clean( _closelist )
- _currenttime = os_time( )
- if os_difftime( _currenttime - _timer ) >= 1 then
- for i = 1, _timerlistlen do
- _timerlist[ i ]( _currenttime ) -- fire timers
- end
- _timer = _currenttime
- end
- socket_sleep( _sleeptime ) -- wait some time
- --collectgarbage( )
- end
- return "quitting"
-end
-
---// EXPERIMENTAL //--
-
-local wrapclient = function( socket, ip, serverport, listeners, pattern, sslctx, startssl )
- local handler = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx, startssl )
- _socketlist[ socket ] = handler
- _sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
- return handler, socket
-end
-
-local addclient = function( address, port, listeners, pattern, sslctx, startssl )
- local client, err = luasocket.tcp( )
- if err then
- return nil, err
- end
- client:settimeout( 0 )
- _, err = client:connect( address, port )
- if err then -- try again
- local handler = wrapclient( client, address, port, listeners )
- else
- wrapconnection( nil, listeners, client, address, port, "clientport", pattern, sslctx, startssl )
- end
-end
-
---// EXPERIMENTAL //--
-
-----------------------------------// BEGIN //--
-
-use "setmetatable" ( _socketlist, { __mode = "k" } )
-use "setmetatable" ( _readtimes, { __mode = "k" } )
-use "setmetatable" ( _writetimes, { __mode = "k" } )
-
-_timer = os_time( )
-_starttime = os_time( )
-
-addtimer( function( )
- local difftime = os_difftime( _currenttime - _starttime )
- if difftime > _checkinterval then
- _starttime = _currenttime
- for handler, timestamp in pairs( _writetimes ) do
- if os_difftime( _currenttime - timestamp ) > _sendtimeout then
- --_writetimes[ handler ] = nil
- handler.disconnect( )( handler, "send timeout" )
- handler.close( true ) -- forced disconnect
- end
- end
- for handler, timestamp in pairs( _readtimes ) do
- if os_difftime( _currenttime - timestamp ) > _readtimeout then
- --_readtimes[ handler ] = nil
- handler.disconnect( )( handler, "read timeout" )
- handler.close( ) -- forced disconnect?
- end
- end
- end
- end
-)
-
-----------------------------------// PUBLIC INTERFACE //--
-
-return {
-
- addclient = addclient,
- wrapclient = wrapclient,
-
- loop = loop,
- stats = stats,
- closeall = closeall,
- addtimer = addtimer,
- addserver = addserver,
- getserver = getserver,
- getsettings = getsettings,
- setquitting = setquitting,
- removeserver = removeserver,
- changesettings = changesettings,
-}
+-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local use_luaevent = require "core.configmanager".get("*", "core", "use_libevent"); + +if use_luaevent then + use_luaevent = pcall(require, "luaevent.core"); + if not use_luaevent then + log("error", "libevent not found, falling back to select()"); + end +end + +local server; + +if use_luaevent then + server = require "net.server_event"; + -- util.timer requires "net.server", so instead of having + -- Lua look for, and load us again (causing a loop) - set this here + -- (usually it isn't set until we return, look down there...) + package.loaded["net.server"] = server; + + -- Backwards compatibility for timers, addtimer + -- called a function roughly every second + local add_task = require "util.timer".add_task; + function server.addtimer(f) + return add_task(1, function (...) f(...); return 1; end); + end + + -- Overwrite signal.signal() because we need to ask libevent to + -- handle them instead + local ok, signal = pcall(require, "util.signal"); + if ok and signal then + local _signal_signal = signal.signal; + function signal.signal(signal_id, handler) + if type(signal_id) == "string" then + signal_id = signal[signal_id:upper()]; + end + if type(signal_id) ~= "number" then + return false, "invalid-signal"; + end + return server.hook_signal(signal_id, handler); + end + end +else + server = require "net.server_select"; + package.loaded["net.server"] = server; +end + +-- require "net.server" shall now forever return this, +-- ie. server_select or server_event as chosen above. +return server; diff --git a/net/server_event.lua b/net/server_event.lua new file mode 100644 index 00000000..43e70a0f --- /dev/null +++ b/net/server_event.lua @@ -0,0 +1,890 @@ +--[[ + + + server.lua based on lua/libevent by blastbeat + + notes: + -- when using luaevent, never register 2 or more EV_READ at one socket, same for EV_WRITE + -- you cant even register a new EV_READ/EV_WRITE callback inside another one + -- never call eventcallback:close( ) from inside eventcallback + -- to do some of the above, use timeout events or something what will called from outside + -- dont let garbagecollect eventcallbacks, as long they are running + -- when using luasec, there are 4 cases of timeout errors: wantread or wantwrite during reading or writing + +--]] + +local SCRIPT_NAME = "server_event.lua" +local SCRIPT_VERSION = "0.05" +local SCRIPT_AUTHOR = "blastbeat" +local LAST_MODIFIED = "2009/11/20" + +local cfg = { + MAX_CONNECTIONS = 100000, -- max per server connections (use "ulimit -n" on *nix) + MAX_HANDSHAKE_ATTEMPS = 1000, -- attempts to finish ssl handshake + HANDSHAKE_TIMEOUT = 60, -- timout in seconds per handshake attempt + MAX_READ_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes allowed to read from sockets + MAX_SEND_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes size of write buffer (for writing on sockets) + ACCEPT_DELAY = 10, -- seconds to wait until the next attempt of a full server to accept + READ_TIMEOUT = 60 * 60 * 6, -- timeout in seconds for read data from socket + WRITE_TIMEOUT = 180, -- timeout in seconds for write data on socket + CONNECT_TIMEOUT = 20, -- timeout in seconds for connection attempts + CLEAR_DELAY = 5, -- seconds to wait for clearing interface list (and calling ondisconnect listeners) + DEBUG = true, -- show debug messages +} + +local function use(x) return rawget(_G, x); end +local print = use "print" +local pcall = use "pcall" +local ipairs = use "ipairs" +local string = use "string" +local select = use "select" +local require = use "require" +local tostring = use "tostring" +local coroutine = use "coroutine" +local setmetatable = use "setmetatable" + +local ssl = use "ssl" +local socket = use "socket" or require "socket" + +local log = require ("util.logger").init("socket") + +local function debug(...) + return log("debug", ("%s "):rep(select('#', ...)), ...) +end +local vdebug = debug; + +local bitor = ( function( ) -- thx Rici Lake + local hasbit = function( x, p ) + return x % ( p + p ) >= p + end + return function( x, y ) + local p = 1 + local z = 0 + local limit = x > y and x or y + while p <= limit do + if hasbit( x, p ) or hasbit( y, p ) then + z = z + p + end + p = p + p + end + return z + end +end )( ) + +local event = require "luaevent.core" +local base = event.new( ) +local EV_READ = event.EV_READ +local EV_WRITE = event.EV_WRITE +local EV_TIMEOUT = event.EV_TIMEOUT +local EV_SIGNAL = event.EV_SIGNAL + +local EV_READWRITE = bitor( EV_READ, EV_WRITE ) + +local interfacelist = ( function( ) -- holds the interfaces for sockets + local array = { } + local len = 0 + return function( method, arg ) + if "add" == method then + len = len + 1 + array[ len ] = arg + arg:_position( len ) + return len + elseif "delete" == method then + if len <= 0 then + return nil, "array is already empty" + end + local position = arg:_position() -- get position in array + if position ~= len then + local interface = array[ len ] -- get last interface + array[ position ] = interface -- copy it into free position + array[ len ] = nil -- free last position + interface:_position( position ) -- set new position in array + else -- free last position + array[ len ] = nil + end + len = len - 1 + return len + else + return array + end + end +end )( ) + +-- Client interface methods +local interface_mt +do + interface_mt = {}; interface_mt.__index = interface_mt; + + local addevent = base.addevent + local coroutine_wrap, coroutine_yield = coroutine.wrap,coroutine.yield + local string_len = string.len + + -- Private methods + function interface_mt:_position(new_position) + self.position = new_position or self.position + return self.position; + end + function interface_mt:_close() -- regs event to start self:_destroy() + local callback = function( ) + self:_destroy(); + self.eventclose = nil + return -1 + end + self.eventclose = addevent( base, nil, EV_TIMEOUT, callback, 0 ) + return true + end + + function interface_mt:_start_connection(plainssl) -- should be called from addclient + local callback = function( event ) + if EV_TIMEOUT == event then -- timout during connection + self.fatalerror = "connection timeout" + self:ontimeout() -- call timeout listener + self:_close() + debug( "new connection failed. id:", self.id, "error:", self.fatalerror ) + else + if plainssl and ssl then -- start ssl session + self:starttls() + else -- normal connection + self:_start_session( self.listener.onconnect ) + end + debug( "new connection established. id:", self.id ) + end + self.eventconnect = nil + return -1 + end + self.eventconnect = addevent( base, self.conn, EV_WRITE, callback, cfg.CONNECT_TIMEOUT ) + return true + end + function interface_mt:_start_session(onconnect) -- new session, for example after startssl + if self.type == "client" then + local callback = function( ) + self:_lock( false, false, false ) + --vdebug( "start listening on client socket with id:", self.id ) + self.eventread = addevent( base, self.conn, EV_READ, self.readcallback, cfg.READ_TIMEOUT ); -- register callback + self:onconnect() + self.eventsession = nil + return -1 + end + self.eventsession = addevent( base, nil, EV_TIMEOUT, callback, 0 ) + else + self:_lock( false ) + --vdebug( "start listening on server socket with id:", self.id ) + self.eventread = addevent( base, self.conn, EV_READ, self.readcallback ) -- register callback + end + return true + end + function interface_mt:_start_ssl(arg) -- old socket will be destroyed, therefore we have to close read/write events first + --vdebug( "starting ssl session with client id:", self.id ) + local _ + _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks! + _ = self.eventwrite and self.eventwrite:close( ) + self.eventread, self.eventwrite = nil, nil + local err + self.conn, err = ssl.wrap( self.conn, self._sslctx ) + if err then + self.fatalerror = err + self.conn = nil -- cannot be used anymore + if "onconnect" == arg then + self.ondisconnect = nil -- dont call this when client isnt really connected + end + self:_close() + debug( "fatal error while ssl wrapping:", err ) + return false + end + self.conn:settimeout( 0 ) -- set non blocking + local handshakecallback = coroutine_wrap( + function( event ) + local _, err + local attempt = 0 + local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPS + while attempt < maxattempt do -- no endless loop + attempt = attempt + 1 + debug( "ssl handshake of client with id:"..tostring(self).."attemp:"..attempt ) + if attempt > maxattempt then + self.fatalerror = "max handshake attemps exceeded" + elseif EV_TIMEOUT == event then + self.fatalerror = "timeout during handshake" + else + _, err = self.conn:dohandshake( ) + if not err then + self:_lock( false, false, false ) -- unlock the interface; sending, closing etc allowed + self.send = self.conn.send -- caching table lookups with new client object + self.receive = self.conn.receive + local onsomething + if "onconnect" == arg then -- trigger listener + onsomething = self.onconnect + else + onsomething = self.onsslconnection + end + self:_start_session( onsomething ) + debug( "ssl handshake done" ) + self:onstatus("ssl-handshake-complete"); + self.eventhandshake = nil + return -1 + end + debug( "error during ssl handshake:", err ) + if err == "wantwrite" then + event = EV_WRITE + elseif err == "wantread" then + event = EV_READ + else + self.fatalerror = err + end + end + if self.fatalerror then + if "onconnect" == arg then + self.ondisconnect = nil -- dont call this when client isnt really connected + end + self:_close() + debug( "handshake failed because:", self.fatalerror ) + self.eventhandshake = nil + return -1 + end + event = coroutine_yield( event, cfg.HANDSHAKE_TIMEOUT ) -- yield this monster... + end + end + ) + debug "starting handshake..." + self:_lock( false, true, true ) -- unlock read/write events, but keep interface locked + self.eventhandshake = addevent( base, self.conn, EV_READWRITE, handshakecallback, cfg.HANDSHAKE_TIMEOUT ) + return true + end + function interface_mt:_destroy() -- close this interface + events and call last listener + debug( "closing client with id:", self.id ) + self:_lock( true, true, true ) -- first of all, lock the interface to avoid further actions + local _ + _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks! + if self.type == "client" then + _ = self.eventwrite and self.eventwrite:close( ) + _ = self.eventhandshake and self.eventhandshake:close( ) + _ = self.eventstarthandshake and self.eventstarthandshake:close( ) + _ = self.eventconnect and self.eventconnect:close( ) + _ = self.eventsession and self.eventsession:close( ) + _ = self.eventwritetimeout and self.eventwritetimeout:close( ) + _ = self.eventreadtimeout and self.eventreadtimeout:close( ) + _ = self.ondisconnect and self:ondisconnect( self.fatalerror ~= "client to close" and self.fatalerror) -- call ondisconnect listener (wont be the case if handshake failed on connect) + _ = self.conn and self.conn:close( ) -- close connection, must also be called outside of any socket registered events! + _ = self._server and self._server:counter(-1); + self.eventread, self.eventwrite = nil, nil + self.eventstarthandshake, self.eventhandshake, self.eventclose = nil, nil, nil + self.readcallback, self.writecallback = nil, nil + else + self.conn:close( ) + self.eventread, self.eventclose = nil, nil + self.interface, self.readcallback = nil, nil + end + interfacelist( "delete", self ) + return true + end + + function interface_mt:_lock(nointerface, noreading, nowriting) -- lock or unlock this interface or events + self.nointerface, self.noreading, self.nowriting = nointerface, noreading, nowriting + return nointerface, noreading, nowriting + end + + --TODO: Deprecate + function interface_mt:lock_read(switch) + if switch then + return self:pause(); + else + return self:resume(); + end + end + + function interface_mt:pause() + return self:_lock(self.nointerface, true, self.nowriting); + end + + function interface_mt:resume() + return self:_lock(self.nointerface, false, self.nowriting); + end + + function interface_mt:counter(c) + if c then + self._connections = self._connections + c + end + return self._connections + end + + -- Public methods + function interface_mt:write(data) + if self.nowriting then return nil, "locked" end + --vdebug( "try to send data to client, id/data:", self.id, data ) + data = tostring( data ) + local len = string_len( data ) + local total = len + self.writebufferlen + if total > cfg.MAX_SEND_LENGTH then -- check buffer length + local err = "send buffer exceeded" + debug( "error:", err ) -- to much, check your app + return nil, err + end + self.writebuffer = self.writebuffer .. data -- new buffer + self.writebufferlen = total + if not self.eventwrite then -- register new write event + --vdebug( "register new write event" ) + self.eventwrite = addevent( base, self.conn, EV_WRITE, self.writecallback, cfg.WRITE_TIMEOUT ) + end + return true + end + function interface_mt:close(now) + if self.nointerface then return nil, "locked"; end + debug( "try to close client connection with id:", self.id ) + if self.type == "client" then + self.fatalerror = "client to close" + if ( not self.eventwrite ) or now then -- try to close immediately + self:_lock( true, true, true ) + self:_close() + return true + else -- wait for incomplete write request + self:_lock( true, true, false ) + debug "closing delayed until writebuffer is empty" + return nil, "writebuffer not empty, waiting" + end + else + debug( "try to close server with id:", self.id, "args:", now ) + self.fatalerror = "server to close" + self:_lock( true ) + local count = 0 + for _, item in ipairs( interfacelist( ) ) do + if ( item.type ~= "server" ) and ( item._server == self ) then -- client/server match + if item:close( now ) then -- writebuffer was empty + count = count + 1 + end + end + end + local timeout = 0 -- dont wait for unfinished writebuffers of clients... + if not now then + timeout = cfg.WRITE_TIMEOUT -- ...or wait for it + end + self:_close( timeout ) -- add new event to remove the server interface + debug( "seconds remained until server is closed:", timeout ) + return count -- returns finished clients with empty writebuffer + end + end + + function interface_mt:server() + return self._server or self; + end + + function interface_mt:port() + return self._port + end + + function interface_mt:serverport() + return self._serverport + end + + function interface_mt:ip() + return self._ip + end + + function interface_mt:ssl() + return self._usingssl + end + + function interface_mt:type() + return self._type or "client" + end + + function interface_mt:connections() + return self._connections + end + + function interface_mt:address() + return self.addr + end + + function interface_mt:set_sslctx(sslctx) + self._sslctx = sslctx; + if sslctx then + self.starttls = nil; -- use starttls() of interface_mt + else + self.starttls = false; -- prevent starttls() + end + end + + function interface_mt:set_mode(pattern) + if pattern then + self._pattern = pattern; + end + return self._pattern; + end + + function interface_mt:set_send(new_send) + -- No-op, we always use the underlying connection's send + end + + function interface_mt:starttls(sslctx) + debug( "try to start ssl at client id:", self.id ) + local err + self._sslctx = sslctx; + if self._usingssl then -- startssl was already called + err = "ssl already active" + end + if err then + debug( "error:", err ) + return nil, err + end + self._usingssl = true + self.startsslcallback = function( ) -- we have to start the handshake outside of a read/write event + self.startsslcallback = nil + self:_start_ssl(); + self.eventstarthandshake = nil + return -1 + end + if not self.eventwrite then + self:_lock( true, true, true ) -- lock the interface, to not disturb the handshake + self.eventstarthandshake = addevent( base, nil, EV_TIMEOUT, self.startsslcallback, 0 ) -- add event to start handshake + else -- wait until writebuffer is empty + self:_lock( true, true, false ) + debug "ssl session delayed until writebuffer is empty..." + end + self.starttls = false; + return true + end + + function interface_mt:setoption(option, value) + if self.conn.setoption then + return self.conn:setoption(option, value); + end + return false, "setoption not implemented"; + end + + function interface_mt:setlistener(listener) + self.onconnect, self.ondisconnect, self.onincoming, self.ontimeout, self.onstatus + = listener.onconnect, listener.ondisconnect, listener.onincoming, listener.ontimeout, listener.onstatus; + end + + -- Stub handlers + function interface_mt:onconnect() + return self:onincoming(nil); + end + function interface_mt:onincoming() + end + function interface_mt:ondisconnect() + end + function interface_mt:ontimeout() + end + function interface_mt:ondrain() + end + function interface_mt:onstatus() + debug("server.lua: Dummy onstatus()") + end +end + +-- End of client interface methods + +local handleclient; +do + local string_sub = string.sub -- caching table lookups + local string_len = string.len + local addevent = base.addevent + local coroutine_wrap = coroutine.wrap + local socket_gettime = socket.gettime + local coroutine_yield = coroutine.yield + function handleclient( client, ip, port, server, pattern, listener, _, sslctx ) -- creates an client interface + --vdebug("creating client interfacce...") + local interface = { + type = "client"; + conn = client; + currenttime = socket_gettime( ); -- safe the origin + writebuffer = ""; -- writebuffer + writebufferlen = 0; -- length of writebuffer + send = client.send; -- caching table lookups + receive = client.receive; + onconnect = listener.onconnect; -- will be called when client disconnects + ondisconnect = listener.ondisconnect; -- will be called when client disconnects + onincoming = listener.onincoming; -- will be called when client sends data + ontimeout = listener.ontimeout; -- called when fatal socket timeout occurs + onstatus = listener.onstatus; -- called for status changes (e.g. of SSL/TLS) + eventread = false, eventwrite = false, eventclose = false, + eventhandshake = false, eventstarthandshake = false; -- event handler + eventconnect = false, eventsession = false; -- more event handler... + eventwritetimeout = false; -- even more event handler... + eventreadtimeout = false; + fatalerror = false; -- error message + writecallback = false; -- will be called on write events + readcallback = false; -- will be called on read events + nointerface = true; -- lock/unlock parameter of this interface + noreading = false, nowriting = false; -- locks of the read/writecallback + startsslcallback = false; -- starting handshake callback + position = false; -- position of client in interfacelist + + -- Properties + _ip = ip, _port = port, _server = server, _pattern = pattern, + _serverport = (server and server:port() or nil), + _sslctx = sslctx; -- parameters + _usingssl = false; -- client is using ssl; + } + if not ssl then interface.starttls = false; end + interface.id = tostring(interface):match("%x+$"); + interface.writecallback = function( event ) -- called on write events + --vdebug( "new client write event, id/ip/port:", interface, ip, port ) + if interface.nowriting or ( interface.fatalerror and ( "client to close" ~= interface.fatalerror ) ) then -- leave this event + --vdebug( "leaving this event because:", interface.nowriting or interface.fatalerror ) + interface.eventwrite = false + return -1 + end + if EV_TIMEOUT == event then -- took too long to write some data to socket -> disconnect + interface.fatalerror = "timeout during writing" + debug( "writing failed:", interface.fatalerror ) + interface:_close() + interface.eventwrite = false + return -1 + else -- can write :) + if interface._usingssl then -- handle luasec + if interface.eventreadtimeout then -- we have to read first + local ret = interface.readcallback( ) -- call readcallback + --vdebug( "tried to read in writecallback, result:", ret ) + end + if interface.eventwritetimeout then -- luasec only + interface.eventwritetimeout:close( ) -- first we have to close timeout event which where regged after a wantread error + interface.eventwritetimeout = false + end + end + local succ, err, byte = interface.conn:send( interface.writebuffer, 1, interface.writebufferlen ) + --vdebug( "write data:", interface.writebuffer, "error:", err, "part:", byte ) + if succ then -- writing succesful + interface.writebuffer = "" + interface.writebufferlen = 0 + interface:ondrain(); + if interface.fatalerror then + debug "closing client after writing" + interface:_close() -- close interface if needed + elseif interface.startsslcallback then -- start ssl connection if needed + debug "starting ssl handshake after writing" + interface.eventstarthandshake = addevent( base, nil, EV_TIMEOUT, interface.startsslcallback, 0 ) + elseif interface.eventreadtimeout then + return EV_WRITE, EV_TIMEOUT + end + interface.eventwrite = nil + return -1 + elseif byte and (err == "timeout" or err == "wantwrite") then -- want write again + --vdebug( "writebuffer is not empty:", err ) + interface.writebuffer = string_sub( interface.writebuffer, byte + 1, interface.writebufferlen ) -- new buffer + interface.writebufferlen = interface.writebufferlen - byte + if "wantread" == err then -- happens only with luasec + local callback = function( ) + interface:_close() + interface.eventwritetimeout = nil + return -1; + end + interface.eventwritetimeout = addevent( base, nil, EV_TIMEOUT, callback, cfg.WRITE_TIMEOUT ) -- reg a new timeout event + debug( "wantread during write attemp, reg it in readcallback but dont know what really happens next..." ) + -- hopefully this works with luasec; its simply not possible to use 2 different write events on a socket in luaevent + return -1 + end + return EV_WRITE, cfg.WRITE_TIMEOUT + else -- connection was closed during writing or fatal error + interface.fatalerror = err or "fatal error" + debug( "connection failed in write event:", interface.fatalerror ) + interface:_close() + interface.eventwrite = nil + return -1 + end + end + end + + interface.readcallback = function( event ) -- called on read events + --vdebug( "new client read event, id/ip/port:", tostring(interface.id), tostring(ip), tostring(port) ) + if interface.noreading or interface.fatalerror then -- leave this event + --vdebug( "leaving this event because:", tostring(interface.noreading or interface.fatalerror) ) + interface.eventread = nil + return -1 + end + if EV_TIMEOUT == event then -- took too long to get some data from client -> disconnect + interface.fatalerror = "timeout during receiving" + debug( "connection failed:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + else -- can read + if interface._usingssl then -- handle luasec + if interface.eventwritetimeout then -- ok, in the past writecallback was regged + local ret = interface.writecallback( ) -- call it + --vdebug( "tried to write in readcallback, result:", tostring(ret) ) + end + if interface.eventreadtimeout then + interface.eventreadtimeout:close( ) + interface.eventreadtimeout = nil + end + end + local buffer, err, part = interface.conn:receive( interface._pattern ) -- receive buffer with "pattern" + --vdebug( "read data:", tostring(buffer), "error:", tostring(err), "part:", tostring(part) ) + buffer = buffer or part or "" + local len = string_len( buffer ) + if len > cfg.MAX_READ_LENGTH then -- check buffer length + interface.fatalerror = "receive buffer exceeded" + debug( "fatal error:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + end + interface.onincoming( interface, buffer, err ) -- send new data to listener + if err and ( err ~= "timeout" and err ~= "wantread" ) then + if "wantwrite" == err then -- need to read on write event + if not interface.eventwrite then -- register new write event if needed + interface.eventwrite = addevent( base, interface.conn, EV_WRITE, interface.writecallback, cfg.WRITE_TIMEOUT ) + end + interface.eventreadtimeout = addevent( base, nil, EV_TIMEOUT, + function( ) + interface:_close() + end, cfg.READ_TIMEOUT + ) + debug( "wantwrite during read attemp, reg it in writecallback but dont know what really happens next..." ) + -- to be honest i dont know what happens next, if it is allowed to first read, the write etc... + else -- connection was closed or fatal error + interface.fatalerror = err + debug( "connection failed in read event:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + end + end + return EV_READ, cfg.READ_TIMEOUT + end + end + + client:settimeout( 0 ) -- set non blocking + setmetatable(interface, interface_mt) + interfacelist( "add", interface ) -- add to interfacelist + return interface + end +end + +local handleserver +do + function handleserver( server, addr, port, pattern, listener, sslctx ) -- creates an server interface + debug "creating server interface..." + local interface = { + _connections = 0; + + conn = server; + onconnect = listener.onconnect; -- will be called when new client connected + eventread = false; -- read event handler + eventclose = false; -- close event handler + readcallback = false; -- read event callback + fatalerror = false; -- error message + nointerface = true; -- lock/unlock parameter + + _ip = addr, _port = port, _pattern = pattern, + _sslctx = sslctx; + } + interface.id = tostring(interface):match("%x+$"); + interface.readcallback = function( event ) -- server handler, called on incoming connections + --vdebug( "server can accept, id/addr/port:", interface, addr, port ) + if interface.fatalerror then + --vdebug( "leaving this event because:", self.fatalerror ) + interface.eventread = nil + return -1 + end + local delay = cfg.ACCEPT_DELAY + if EV_TIMEOUT == event then + if interface._connections >= cfg.MAX_CONNECTIONS then -- check connection count + debug( "to many connections, seconds to wait for next accept:", delay ) + return EV_TIMEOUT, delay -- timeout... + else + return EV_READ -- accept again + end + end + --vdebug("max connection check ok, accepting...") + local client, err = server:accept() -- try to accept; TODO: check err + while client do + if interface._connections >= cfg.MAX_CONNECTIONS then + client:close( ) -- refuse connection + debug( "maximal connections reached, refuse client connection; accept delay:", delay ) + return EV_TIMEOUT, delay -- delay for next accept attemp + end + local client_ip, client_port = client:getpeername( ) + interface._connections = interface._connections + 1 -- increase connection count + local clientinterface = handleclient( client, client_ip, client_port, interface, pattern, listener, nil, sslctx ) + --vdebug( "client id:", clientinterface, "startssl:", startssl ) + if ssl and sslctx then + clientinterface:starttls(sslctx) + else + clientinterface:_start_session( clientinterface.onconnect ) + end + debug( "accepted incoming client connection from:", client_ip or "<unknown IP>", client_port or "<unknown port>", "to", port or "<unknown port>"); + + client, err = server:accept() -- try to accept again + end + return EV_READ + end + + server:settimeout( 0 ) + setmetatable(interface, interface_mt) + interfacelist( "add", interface ) + interface:_start_session() + return interface + end +end + +local addserver = ( function( ) + return function( addr, port, listener, pattern, sslcfg, startssl ) -- TODO: check arguments + --vdebug( "creating new tcp server with following parameters:", addr or "nil", port or "nil", sslcfg or "nil", startssl or "nil") + local server, err = socket.bind( addr, port, cfg.ACCEPT_QUEUE ) -- create server socket + if not server then + debug( "creating server socket failed because:", err ) + return nil, err + end + local sslctx + if sslcfg then + if not ssl then + debug "fatal error: luasec not found" + return nil, "luasec not found" + end + sslctx, err = sslcfg + if err then + debug( "error while creating new ssl context for server socket:", err ) + return nil, err + end + end + local interface = handleserver( server, addr, port, pattern, listener, sslctx, startssl ) -- new server handler + debug( "new server created with id:", tostring(interface)) + return interface + end +end )( ) + +local addclient, wrapclient +do + function wrapclient( client, ip, port, listeners, pattern, sslctx, startssl ) + local interface = handleclient( client, ip, port, nil, pattern, listeners, sslctx ) + interface:_start_session() + return interface + --function handleclient( client, ip, port, server, pattern, listener, _, sslctx ) -- creates an client interface + end + + function addclient( addr, serverport, listener, pattern, localaddr, localport, sslcfg, startssl ) + local client, err = socket.tcp() -- creating new socket + if not client then + debug( "cannot create socket:", err ) + return nil, err + end + client:settimeout( 0 ) -- set nonblocking + if localaddr then + local res, err = client:bind( localaddr, localport, -1 ) + if not res then + debug( "cannot bind client:", err ) + return nil, err + end + end + local sslctx + if sslcfg then -- handle ssl/new context + if not ssl then + debug "need luasec, but not available" + return nil, "luasec not found" + end + sslctx, err = sslcfg + if err then + debug( "cannot create new ssl context:", err ) + return nil, err + end + end + local res, err = client:connect( addr, serverport ) -- connect + if res or ( err == "timeout" ) then + local ip, port = client:getsockname( ) + local server = function( ) + return nil, "this is a dummy server interface" + end + local interface = wrapclient( client, ip, serverport, listener, pattern, sslctx, startssl ) + interface:_start_connection( startssl ) + debug( "new connection id:", interface.id ) + return interface, err + else + debug( "new connection failed:", err ) + return nil, err + end + end +end + + +local loop = function( ) -- starts the event loop + base:loop( ) + return "quitting"; +end + +local newevent = ( function( ) + local add = base.addevent + return function( ... ) + return add( base, ... ) + end +end )( ) + +local closeallservers = function( arg ) + for _, item in ipairs( interfacelist( ) ) do + if item.type == "server" then + item:close( arg ) + end + end +end + +local function setquitting(yes) + if yes then + -- Quit now + closeallservers(); + base:loopexit(); + end +end + +function get_backend() + return base:method(); +end + +-- We need to hold onto the events to stop them +-- being garbage-collected +local signal_events = {}; -- [signal_num] -> event object +function hook_signal(signal_num, handler) + local function _handler(event) + local ret = handler(); + if ret ~= false then -- Continue handling this signal? + return EV_SIGNAL; -- Yes + end + return -1; -- Close this event + end + signal_events[signal_num] = base:addevent(signal_num, EV_SIGNAL, _handler); + return signal_events[signal_num]; +end + +local function link(sender, receiver, buffersize) + sender:set_mode(buffersize); + local sender_locked; + + function receiver:ondrain() + if sender_locked then + sender:resume(); + sender_locked = nil; + end + end + + function sender:onincoming(data) + receiver:write(data); + if receiver.writebufferlen >= buffersize then + sender_locked = true; + sender:pause(); + end + end +end + +return { + + cfg = cfg, + base = base, + loop = loop, + link = link, + event = event, + event_base = base, + addevent = newevent, + addserver = addserver, + addclient = addclient, + wrapclient = wrapclient, + setquitting = setquitting, + closeall = closeallservers, + get_backend = get_backend, + hook_signal = hook_signal, + + __NAME = SCRIPT_NAME, + __DATE = LAST_MODIFIED, + __AUTHOR = SCRIPT_AUTHOR, + __VERSION = SCRIPT_VERSION, + +} diff --git a/net/server_select.lua b/net/server_select.lua new file mode 100644 index 00000000..e3a389a8 --- /dev/null +++ b/net/server_select.lua @@ -0,0 +1,935 @@ +-- +-- server.lua by blastbeat of the luadch project +-- Re-used here under the MIT/X Consortium License +-- +-- Modifications (C) 2008-2010 Matthew Wild, Waqas Hussain +-- + +-- // wrapping luadch stuff // -- + +local use = function( what ) + return _G[ what ] +end +local clean = function( tbl ) + for i, k in pairs( tbl ) do + tbl[ i ] = nil + end +end + +local log, table_concat = require ("util.logger").init("socket"), table.concat; +local out_put = function (...) return log("debug", table_concat{...}); end +local out_error = function (...) return log("warn", table_concat{...}); end +local mem_free = collectgarbage + +----------------------------------// DECLARATION //-- + +--// constants //-- + +local STAT_UNIT = 1 -- byte + +--// lua functions //-- + +local type = use "type" +local pairs = use "pairs" +local ipairs = use "ipairs" +local tostring = use "tostring" +local collectgarbage = use "collectgarbage" + +--// lua libs //-- + +local os = use "os" +local table = use "table" +local string = use "string" +local coroutine = use "coroutine" + +--// lua lib methods //-- + +local os_time = os.time +local os_difftime = os.difftime +local table_concat = table.concat +local table_remove = table.remove +local string_len = string.len +local string_sub = string.sub +local coroutine_wrap = coroutine.wrap +local coroutine_yield = coroutine.yield + +--// extern libs //-- + +local luasec = use "ssl" +local luasocket = use "socket" or require "socket" + +--// extern lib methods //-- + +local ssl_wrap = ( luasec and luasec.wrap ) +local socket_bind = luasocket.bind +local socket_sleep = luasocket.sleep +local socket_select = luasocket.select +local ssl_newcontext = ( luasec and luasec.newcontext ) + +--// functions //-- + +local id +local loop +local stats +local idfalse +local addtimer +local closeall +local addserver +local getserver +local wrapserver +local getsettings +local closesocket +local removesocket +local removeserver +local changetimeout +local wrapconnection +local changesettings + +--// tables //-- + +local _server +local _readlist +local _timerlist +local _sendlist +local _socketlist +local _closelist +local _readtimes +local _writetimes + +--// simple data types //-- + +local _ +local _readlistlen +local _sendlistlen +local _timerlistlen + +local _sendtraffic +local _readtraffic + +local _selecttimeout +local _sleeptime + +local _starttime +local _currenttime + +local _maxsendlen +local _maxreadlen + +local _checkinterval +local _sendtimeout +local _readtimeout + +local _cleanqueue + +local _timer + +local _maxclientsperserver + +----------------------------------// DEFINITION //-- + +_server = { } -- key = port, value = table; list of listening servers +_readlist = { } -- array with sockets to read from +_sendlist = { } -- arrary with sockets to write to +_timerlist = { } -- array of timer functions +_socketlist = { } -- key = socket, value = wrapped socket (handlers) +_readtimes = { } -- key = handler, value = timestamp of last data reading +_writetimes = { } -- key = handler, value = timestamp of last data writing/sending +_closelist = { } -- handlers to close + +_readlistlen = 0 -- length of readlist +_sendlistlen = 0 -- length of sendlist +_timerlistlen = 0 -- lenght of timerlist + +_sendtraffic = 0 -- some stats +_readtraffic = 0 + +_selecttimeout = 1 -- timeout of socket.select +_sleeptime = 0 -- time to wait at the end of every loop + +_maxsendlen = 51000 * 1024 -- max len of send buffer +_maxreadlen = 25000 * 1024 -- max len of read buffer + +_checkinterval = 1200000 -- interval in secs to check idle clients +_sendtimeout = 60000 -- allowed send idle time in secs +_readtimeout = 6 * 60 * 60 -- allowed read idle time in secs + +_cleanqueue = false -- clean bufferqueue after using + +_maxclientsperserver = 1000 + +_maxsslhandshake = 30 -- max handshake round-trips + +----------------------------------// PRIVATE //-- + +wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxconnections ) -- this function wraps a server + + maxconnections = maxconnections or _maxclientsperserver + + local connections = 0 + + local dispatch, disconnect = listeners.onincoming, listeners.ondisconnect + + local accept = socket.accept + + --// public methods of the object //-- + + local handler = { } + + handler.shutdown = function( ) end + + handler.ssl = function( ) + return sslctx ~= nil + end + handler.sslctx = function( ) + return sslctx + end + handler.remove = function( ) + connections = connections - 1 + end + handler.close = function( ) + for _, handler in pairs( _socketlist ) do + if handler.serverport == serverport then + handler.disconnect( handler, "server closed" ) + handler:close( true ) + end + end + socket:close( ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _socketlist[ socket ] = nil + handler = nil + socket = nil + --mem_free( ) + out_put "server.lua: closed server handler and removed sockets from list" + end + handler.ip = function( ) + return ip + end + handler.serverport = function( ) + return serverport + end + handler.socket = function( ) + return socket + end + handler.readbuffer = function( ) + if connections > maxconnections then + out_put( "server.lua: refused new client connection: server full" ) + return false + end + local client, err = accept( socket ) -- try to accept + if client then + local ip, clientport = client:getpeername( ) + client:settimeout( 0 ) + local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx ) -- wrap new client socket + if err then -- error while wrapping ssl socket + return false + end + connections = connections + 1 + out_put( "server.lua: accepted new client connection from ", tostring(ip), ":", tostring(clientport), " to ", tostring(serverport)) + return dispatch( handler ) + elseif err then -- maybe timeout or something else + out_put( "server.lua: error with new client connection: ", tostring(err) ) + return false + end + end + return handler +end + +wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx ) -- this function wraps a client to a handler object + + socket:settimeout( 0 ) + + --// local import of socket methods //-- + + local send + local receive + local shutdown + + --// private closures of the object //-- + + local ssl + + local dispatch = listeners.onincoming + local status = listeners.onstatus + local disconnect = listeners.ondisconnect + local drain = listeners.ondrain + + local bufferqueue = { } -- buffer array + local bufferqueuelen = 0 -- end of buffer array + + local toclose + local fatalerror + local needtls + + local bufferlen = 0 + + local noread = false + local nosend = false + + local sendtraffic, readtraffic = 0, 0 + + local maxsendlen = _maxsendlen + local maxreadlen = _maxreadlen + + --// public methods of the object //-- + + local handler = bufferqueue -- saves a table ^_^ + + handler.dispatch = function( ) + return dispatch + end + handler.disconnect = function( ) + return disconnect + end + handler.setlistener = function( self, listeners ) + dispatch = listeners.onincoming + disconnect = listeners.ondisconnect + status = listeners.onstatus + drain = listeners.ondrain + end + handler.getstats = function( ) + return readtraffic, sendtraffic + end + handler.ssl = function( ) + return ssl + end + handler.sslctx = function ( ) + return sslctx + end + handler.send = function( _, data, i, j ) + return send( socket, data, i, j ) + end + handler.receive = function( pattern, prefix ) + return receive( socket, pattern, prefix ) + end + handler.shutdown = function( pattern ) + return shutdown( socket, pattern ) + end + handler.setoption = function (self, option, value) + if socket.setoption then + return socket:setoption(option, value); + end + return false, "setoption not implemented"; + end + handler.close = function( self, forced ) + if not handler then return true; end + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _readtimes[ handler ] = nil + if bufferqueuelen ~= 0 then + if not ( forced or fatalerror ) then + handler.sendbuffer( ) + if bufferqueuelen ~= 0 then -- try again... + if handler then + handler.write = nil -- ... but no further writing allowed + end + toclose = true + return false + end + else + send( socket, table_concat( bufferqueue, "", 1, bufferqueuelen ), 1, bufferlen ) -- forced send + end + end + if socket then + _ = shutdown and shutdown( socket ) + socket:close( ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _socketlist[ socket ] = nil + socket = nil + else + out_put "server.lua: socket already closed" + end + if handler then + _writetimes[ handler ] = nil + _closelist[ handler ] = nil + handler = nil + end + if server then + server.remove( ) + end + out_put "server.lua: closed client handler and removed socket from list" + return true + end + handler.ip = function( ) + return ip + end + handler.serverport = function( ) + return serverport + end + handler.clientport = function( ) + return clientport + end + local write = function( self, data ) + bufferlen = bufferlen + string_len( data ) + if bufferlen > maxsendlen then + _closelist[ handler ] = "send buffer exceeded" -- cannot close the client at the moment, have to wait to the end of the cycle + handler.write = idfalse -- dont write anymore + return false + elseif socket and not _sendlist[ socket ] then + _sendlistlen = addsocket(_sendlist, socket, _sendlistlen) + end + bufferqueuelen = bufferqueuelen + 1 + bufferqueue[ bufferqueuelen ] = data + if handler then + _writetimes[ handler ] = _writetimes[ handler ] or _currenttime + end + return true + end + handler.write = write + handler.bufferqueue = function( self ) + return bufferqueue + end + handler.socket = function( self ) + return socket + end + handler.set_mode = function( self, new ) + pattern = new or pattern + return pattern + end + handler.set_send = function ( self, newsend ) + send = newsend or send + return send + end + handler.bufferlen = function( self, readlen, sendlen ) + maxsendlen = sendlen or maxsendlen + maxreadlen = readlen or maxreadlen + return bufferlen, maxreadlen, maxsendlen + end + --TODO: Deprecate + handler.lock_read = function (self, switch) + if switch == true then + local tmp = _readlistlen + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _readtimes[ handler ] = nil + if _readlistlen ~= tmp then + noread = true + end + elseif switch == false then + if noread then + noread = false + _readlistlen = addsocket(_readlist, socket, _readlistlen) + _readtimes[ handler ] = _currenttime + end + end + return noread + end + handler.pause = function (self) + return self:lock_read(true); + end + handler.resume = function (self) + return self:lock_read(false); + end + handler.lock = function( self, switch ) + handler.lock_read (switch) + if switch == true then + handler.write = idfalse + local tmp = _sendlistlen + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _writetimes[ handler ] = nil + if _sendlistlen ~= tmp then + nosend = true + end + elseif switch == false then + handler.write = write + if nosend then + nosend = false + write( "" ) + end + end + return noread, nosend + end + local _readbuffer = function( ) -- this function reads data + local buffer, err, part = receive( socket, pattern ) -- receive buffer with "pattern" + if not err or (err == "wantread" or err == "timeout") then -- received something + local buffer = buffer or part or "" + local len = string_len( buffer ) + if len > maxreadlen then + disconnect( handler, "receive buffer exceeded" ) + handler:close( true ) + return false + end + local count = len * STAT_UNIT + readtraffic = readtraffic + count + _readtraffic = _readtraffic + count + _readtimes[ handler ] = _currenttime + --out_put( "server.lua: read data '", buffer:gsub("[^%w%p ]", "."), "', error: ", err ) + return dispatch( handler, buffer, err ) + else -- connections was closed or fatal error + out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " read error: ", tostring(err) ) + fatalerror = true + disconnect( handler, err ) + _ = handler and handler:close( ) + return false + end + end + local _sendbuffer = function( ) -- this function sends data + local succ, err, byte, buffer, count; + local count; + if socket then + buffer = table_concat( bufferqueue, "", 1, bufferqueuelen ) + succ, err, byte = send( socket, buffer, 1, bufferlen ) + count = ( succ or byte or 0 ) * STAT_UNIT + sendtraffic = sendtraffic + count + _sendtraffic = _sendtraffic + count + _ = _cleanqueue and clean( bufferqueue ) + --out_put( "server.lua: sended '", buffer, "', bytes: ", tostring(succ), ", error: ", tostring(err), ", part: ", tostring(byte), ", to: ", tostring(ip), ":", tostring(clientport) ) + else + succ, err, count = false, "closed", 0; + end + if succ then -- sending succesful + bufferqueuelen = 0 + bufferlen = 0 + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) -- delete socket from writelist + _ = needtls and handler:starttls(nil, true) + _writetimes[ handler ] = nil + if drain then + drain(handler) + end + _ = toclose and handler:close( ) + return true + elseif byte and ( err == "timeout" or err == "wantwrite" ) then -- want write + buffer = string_sub( buffer, byte + 1, bufferlen ) -- new buffer + bufferqueue[ 1 ] = buffer -- insert new buffer in queue + bufferqueuelen = 1 + bufferlen = bufferlen - byte + _writetimes[ handler ] = _currenttime + return true + else -- connection was closed during sending or fatal error + out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " write error: ", tostring(err) ) + fatalerror = true + disconnect( handler, err ) + _ = handler and handler:close( ) + return false + end + end + + -- Set the sslctx + local handshake; + function handler.set_sslctx(self, new_sslctx) + ssl = true + sslctx = new_sslctx; + local wrote + local read + handshake = coroutine_wrap( function( client ) -- create handshake coroutine + local err + for i = 1, _maxsslhandshake do + _sendlistlen = ( wrote and removesocket( _sendlist, client, _sendlistlen ) ) or _sendlistlen + _readlistlen = ( read and removesocket( _readlist, client, _readlistlen ) ) or _readlistlen + read, wrote = nil, nil + _, err = client:dohandshake( ) + if not err then + out_put( "server.lua: ssl handshake done" ) + handler.readbuffer = _readbuffer -- when handshake is done, replace the handshake function with regular functions + handler.sendbuffer = _sendbuffer + _ = status and status( handler, "ssl-handshake-complete" ) + _readlistlen = addsocket(_readlist, client, _readlistlen) + return true + else + out_put( "server.lua: error during ssl handshake: ", tostring(err) ) + if err == "wantwrite" and not wrote then + _sendlistlen = addsocket(_sendlist, client, _sendlistlen) + wrote = true + elseif err == "wantread" and not read then + _readlistlen = addsocket(_readlist, client, _readlistlen) + read = true + else + break; + end + --coroutine_yield( handler, nil, err ) -- handshake not finished + coroutine_yield( ) + end + end + disconnect( handler, "ssl handshake failed" ) + _ = handler and handler:close( true ) -- forced disconnect + return false -- handshake failed + end + ) + end + if luasec then + if sslctx then -- ssl? + handler:set_sslctx(sslctx); + out_put("server.lua: ", "starting ssl handshake") + local err + socket, err = ssl_wrap( socket, sslctx ) -- wrap socket + if err then + out_put( "server.lua: ssl error: ", tostring(err) ) + --mem_free( ) + return nil, nil, err -- fatal error + end + socket:settimeout( 0 ) + handler.readbuffer = handshake + handler.sendbuffer = handshake + handshake( socket ) -- do handshake + if not socket then + return nil, nil, "ssl handshake failed"; + end + else + local sslctx; + handler.starttls = function( self, _sslctx, now ) + if _sslctx then + sslctx = _sslctx; + handler:set_sslctx(sslctx); + end + if not now then + out_put "server.lua: we need to do tls, but delaying until later" + needtls = true + return + end + out_put( "server.lua: attempting to start tls on " .. tostring( socket ) ) + local oldsocket, err = socket + socket, err = ssl_wrap( socket, sslctx ) -- wrap socket + --out_put( "server.lua: sslwrapped socket is " .. tostring( socket ) ) + if err then + out_put( "server.lua: error while starting tls on client: ", tostring(err) ) + return nil, err -- fatal error + end + + socket:settimeout( 0 ) + + -- add the new socket to our system + + send = socket.send + receive = socket.receive + shutdown = id + + _socketlist[ socket ] = handler + _readlistlen = addsocket(_readlist, socket, _readlistlen) + + -- remove traces of the old socket + + _readlistlen = removesocket( _readlist, oldsocket, _readlistlen ) + _sendlistlen = removesocket( _sendlist, oldsocket, _sendlistlen ) + _socketlist[ oldsocket ] = nil + + handler.starttls = nil + needtls = nil + + -- Secure now + ssl = true + + handler.readbuffer = handshake + handler.sendbuffer = handshake + handshake( socket ) -- do handshake + end + handler.readbuffer = _readbuffer + handler.sendbuffer = _sendbuffer + end + else + handler.readbuffer = _readbuffer + handler.sendbuffer = _sendbuffer + end + send = socket.send + receive = socket.receive + shutdown = ( ssl and id ) or socket.shutdown + + _socketlist[ socket ] = handler + _readlistlen = addsocket(_readlist, socket, _readlistlen) + if listeners.onconnect then + _sendlistlen = addsocket(_sendlist, socket, _sendlistlen) + handler.sendbuffer = function () + listeners.onconnect(handler); + handler.sendbuffer = _sendbuffer; + if bufferqueuelen > 0 then + return _sendbuffer(); + end + end + end + return handler, socket +end + +id = function( ) +end + +idfalse = function( ) + return false +end + +addsocket = function( list, socket, len ) + if not list[ socket ] then + len = len + 1 + list[ len ] = socket + list[ socket ] = len + end + return len; +end + +removesocket = function( list, socket, len ) -- this function removes sockets from a list ( copied from copas ) + local pos = list[ socket ] + if pos then + list[ socket ] = nil + local last = list[ len ] + list[ len ] = nil + if last ~= socket then + list[ last ] = pos + list[ pos ] = last + end + return len - 1 + end + return len +end + +closesocket = function( socket ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _socketlist[ socket ] = nil + socket:close( ) + --mem_free( ) +end + +local function link(sender, receiver, buffersize) + sender:set_mode(buffersize); + local sender_locked; + local _sendbuffer = receiver.sendbuffer; + function receiver.sendbuffer() + _sendbuffer(); + if sender_locked and receiver.bufferlen() < buffersize then + sender:lock_read(false); -- Unlock now + sender_locked = nil; + end + end + + local _readbuffer = sender.readbuffer; + function sender.readbuffer() + _readbuffer(); + if not sender_locked and receiver.bufferlen() >= buffersize then + sender_locked = true; + sender:lock_read(true); + end + end +end + +----------------------------------// PUBLIC //-- + +addserver = function( addr, port, listeners, pattern, sslctx ) -- this function provides a way for other scripts to reg a server + local err + if type( listeners ) ~= "table" then + err = "invalid listener table" + end + if type( port ) ~= "number" or not ( port >= 0 and port <= 65535 ) then + err = "invalid port" + elseif _server[ port ] then + err = "listeners on port '" .. port .. "' already exist" + elseif sslctx and not luasec then + err = "luasec not found" + end + if err then + out_error( "server.lua, port ", port, ": ", err ) + return nil, err + end + addr = addr or "*" + local server, err = socket_bind( addr, port ) + if err then + out_error( "server.lua, port ", port, ": ", err ) + return nil, err + end + local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx, _maxclientsperserver ) -- wrap new server socket + if not handler then + server:close( ) + return nil, err + end + server:settimeout( 0 ) + _readlistlen = addsocket(_readlist, server, _readlistlen) + _server[ port ] = handler + _socketlist[ server ] = handler + out_put( "server.lua: new "..(sslctx and "ssl " or "").."server listener on '", addr, ":", port, "'" ) + return handler +end + +getserver = function ( port ) + return _server[ port ]; +end + +removeserver = function( port ) + local handler = _server[ port ] + if not handler then + return nil, "no server found on port '" .. tostring( port ) .. "'" + end + handler:close( ) + _server[ port ] = nil + return true +end + +closeall = function( ) + for _, handler in pairs( _socketlist ) do + handler:close( ) + _socketlist[ _ ] = nil + end + _readlistlen = 0 + _sendlistlen = 0 + _timerlistlen = 0 + _server = { } + _readlist = { } + _sendlist = { } + _timerlist = { } + _socketlist = { } + --mem_free( ) +end + +getsettings = function( ) + return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, _cleanqueue, _maxclientsperserver, _maxsslhandshake +end + +changesettings = function( new ) + if type( new ) ~= "table" then + return nil, "invalid settings table" + end + _selecttimeout = tonumber( new.timeout ) or _selecttimeout + _sleeptime = tonumber( new.sleeptime ) or _sleeptime + _maxsendlen = tonumber( new.maxsendlen ) or _maxsendlen + _maxreadlen = tonumber( new.maxreadlen ) or _maxreadlen + _checkinterval = tonumber( new.checkinterval ) or _checkinterval + _sendtimeout = tonumber( new.sendtimeout ) or _sendtimeout + _readtimeout = tonumber( new.readtimeout ) or _readtimeout + _cleanqueue = new.cleanqueue + _maxclientsperserver = new._maxclientsperserver or _maxclientsperserver + _maxsslhandshake = new._maxsslhandshake or _maxsslhandshake + return true +end + +addtimer = function( listener ) + if type( listener ) ~= "function" then + return nil, "invalid listener function" + end + _timerlistlen = _timerlistlen + 1 + _timerlist[ _timerlistlen ] = listener + return true +end + +stats = function( ) + return _readtraffic, _sendtraffic, _readlistlen, _sendlistlen, _timerlistlen +end + +local dontstop = true; -- thinking about tomorrow, ... + +setquitting = function (quit) + dontstop = not quit; + return; +end + +loop = function( ) -- this is the main loop of the program + while dontstop do + local read, write, err = socket_select( _readlist, _sendlist, _selecttimeout ) + for i, socket in ipairs( write ) do -- send data waiting in writequeues + local handler = _socketlist[ socket ] + if handler then + handler.sendbuffer( ) + else + closesocket( socket ) + out_put "server.lua: found no handler and closed socket (writelist)" -- this should not happen + end + end + for i, socket in ipairs( read ) do -- receive data + local handler = _socketlist[ socket ] + if handler then + handler.readbuffer( ) + else + closesocket( socket ) + out_put "server.lua: found no handler and closed socket (readlist)" -- this can happen + end + end + for handler, err in pairs( _closelist ) do + handler.disconnect( )( handler, err ) + handler:close( true ) -- forced disconnect + end + clean( _closelist ) + _currenttime = os_time( ) + if os_difftime( _currenttime - _timer ) >= 1 then + for i = 1, _timerlistlen do + _timerlist[ i ]( _currenttime ) -- fire timers + end + _timer = _currenttime + end + socket_sleep( _sleeptime ) -- wait some time + --collectgarbage( ) + end + return "quitting" +end + +local function get_backend() + return "select"; +end + +--// EXPERIMENTAL //-- + +local wrapclient = function( socket, ip, serverport, listeners, pattern, sslctx ) + local handler = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx ) + _socketlist[ socket ] = handler + _sendlistlen = addsocket(_sendlist, socket, _sendlistlen) + return handler, socket +end + +local addclient = function( address, port, listeners, pattern, sslctx ) + local client, err = luasocket.tcp( ) + if err then + return nil, err + end + client:settimeout( 0 ) + _, err = client:connect( address, port ) + if err then -- try again + local handler = wrapclient( client, address, port, listeners ) + else + wrapconnection( nil, listeners, client, address, port, "clientport", pattern, sslctx ) + end +end + +--// EXPERIMENTAL //-- + +----------------------------------// BEGIN //-- + +use "setmetatable" ( _socketlist, { __mode = "k" } ) +use "setmetatable" ( _readtimes, { __mode = "k" } ) +use "setmetatable" ( _writetimes, { __mode = "k" } ) + +_timer = os_time( ) +_starttime = os_time( ) + +addtimer( function( ) + local difftime = os_difftime( _currenttime - _starttime ) + if difftime > _checkinterval then + _starttime = _currenttime + for handler, timestamp in pairs( _writetimes ) do + if os_difftime( _currenttime - timestamp ) > _sendtimeout then + --_writetimes[ handler ] = nil + handler.disconnect( )( handler, "send timeout" ) + handler:close( true ) -- forced disconnect + end + end + for handler, timestamp in pairs( _readtimes ) do + if os_difftime( _currenttime - timestamp ) > _readtimeout then + --_readtimes[ handler ] = nil + handler.disconnect( )( handler, "read timeout" ) + handler:close( ) -- forced disconnect? + end + end + end + end +) + +local function setlogger(new_logger) + local old_logger = log; + if new_logger then + log = new_logger; + end + return old_logger; +end + +----------------------------------// PUBLIC INTERFACE //-- + +return { + + addclient = addclient, + wrapclient = wrapclient, + + loop = loop, + link = link, + stats = stats, + closeall = closeall, + addtimer = addtimer, + addserver = addserver, + getserver = getserver, + setlogger = setlogger, + getsettings = getsettings, + setquitting = setquitting, + removeserver = removeserver, + get_backend = get_backend, + changesettings = changesettings, +} diff --git a/net/xmppclient_listener.lua b/net/xmppclient_listener.lua index f0e756c4..94daa2b2 100644 --- a/net/xmppclient_listener.lua +++ b/net/xmppclient_listener.lua @@ -27,17 +27,38 @@ local sm_streamopened = sessionmanager.streamopened; local sm_streamclosed = sessionmanager.streamclosed; local st = require "util.stanza"; -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", - default_ns = "jabber:client", +local config = require "core.configmanager"; +local opt_keepalives = config.get("*", "core", "tcp_keepalives"); + +local stream_callbacks = { default_ns = "jabber:client", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza }; +local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; + function stream_callbacks.error(session, error, data) if error == "no-stream" then session.log("debug", "Invalid opening stream header"); session:close("invalid-namespace"); - elseif session.close then - (session.log or log)("debug", "Client XML parse error: %s", tostring(error)); + elseif error == "parse-error" then + (session.log or log)("debug", "Client XML parse error: %s", tostring(data)); session:close("xml-not-well-formed"); + elseif error == "stream-error" then + local condition, text = "undefined-condition"; + for child in data:children() do + if child.attr.xmlns == xmlns_xmpp_streams then + if child.name ~= "text" then + condition = child.name; + else + text = child:get_text(); + end + if condition ~= "undefined-condition" and text then + break; + end + end + end + text = condition .. (text and (" ("..text..")") or ""); + session.log("info", "Session closed by remote with error: %s", text); + session:close(nil, text); end end @@ -68,9 +89,8 @@ local function session_reset_stream(session) return true; end - local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then @@ -100,15 +120,15 @@ local function session_close(session, reason) end end session.send("</stream:stream>"); - session.conn.close(); - xmppclient.disconnect(session.conn, (reason and (reason.text or reason.condition)) or reason or "session closed"); + session.conn:close(); + xmppclient.ondisconnect(session.conn, (reason and (reason.text or reason.condition)) or reason or "session closed"); end end -- End of session methods -- -function xmppclient.listener(conn, data) +function xmppclient.onincoming(conn, data) local session = sessions[conn]; if not session then session = sm_new_session(conn); @@ -117,10 +137,14 @@ function xmppclient.listener(conn, data) session.log("info", "Client connected"); -- Client is using legacy SSL (otherwise mod_tls sets this flag) - if conn.ssl() then + if conn:ssl() then session.secure = true; end + if opt_keepalives ~= nil then + conn:setoption("keepalive", opt_keepalives); + end + session.reset_stream = session_reset_stream; session.close = session_close; @@ -133,7 +157,7 @@ function xmppclient.listener(conn, data) end end -function xmppclient.disconnect(conn, err) +function xmppclient.ondisconnect(conn, err) local session = sessions[conn]; if session then (session.log or log)("info", "Client disconnected: %s", err); diff --git a/net/xmppcomponent_listener.lua b/net/xmppcomponent_listener.lua index 1759adf9..b87f7c96 100644 --- a/net/xmppcomponent_listener.lua +++ b/net/xmppcomponent_listener.lua @@ -32,18 +32,35 @@ local xmlns_component = 'jabber:component:accept'; --- Callbacks/data for xmlhandlers to handle streams for us --- -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", default_ns = xmlns_component }; +local stream_callbacks = { default_ns = xmlns_component }; + +local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; function stream_callbacks.error(session, error, data, data2) + if session.destroyed then return; end log("warn", "Error processing component stream: "..tostring(error)); if error == "no-stream" then session:close("invalid-namespace"); - elseif error == "xml-parse-error" and data == "unexpected-element-close" then - session.log("warn", "Unexpected close of '%s' tag", data2); - session:close("xml-not-well-formed"); - else - session.log("warn", "External component %s XML parse error: %s", tostring(session.host), tostring(error)); + elseif error == "parse-error" then + session.log("warn", "External component %s XML parse error: %s", tostring(session.host), tostring(data)); session:close("xml-not-well-formed"); + elseif error == "stream-error" then + local condition, text = "undefined-condition"; + for child in data:children() do + if child.attr.xmlns == xmlns_xmpp_streams then + if child.name ~= "text" then + condition = child.name; + else + text = child:get_text(); + end + if condition ~= "undefined-condition" and text then + break; + end + end + end + text = condition .. (text and (" ("..text..")") or ""); + session.log("info", "Session closed by remote with error: %s", text); + session:close(nil, text); end end @@ -71,8 +88,8 @@ function stream_callbacks.streamopened(session, attr) end function stream_callbacks.streamclosed(session) - session.send("</stream:stream>"); - session.notopen = true; + session.log("Received </stream:stream>"); + session:close(); end local core_process_stanza = core_process_stanza; @@ -87,8 +104,9 @@ end --- Closing a component connection local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) + if session.destroyed then return; end local log = session.log or log; if session.conn then if session.notopen then @@ -117,17 +135,17 @@ local function session_close(session, reason) end end session.send("</stream:stream>"); - session.conn.close(); - component_listener.disconnect(session.conn, "stream error"); + session.conn:close(); + component_listener.ondisconnect(session.conn, "stream error"); end end --- Component connlistener -function component_listener.listener(conn, data) +function component_listener.onincoming(conn, data) local session = sessions[conn]; if not session then local _send = conn.write; - session = { type = "component", conn = conn, send = function (data) return _send(tostring(data)); end }; + session = { type = "component", conn = conn, send = function (data) return _send(conn, tostring(data)); end }; sessions[conn] = session; -- Logging functions -- @@ -146,6 +164,7 @@ function component_listener.listener(conn, data) function session.data(conn, data) local ok, err = parser:parse(data); if ok then return; end + log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); session:close("xml-not-well-formed"); end @@ -157,7 +176,7 @@ function component_listener.listener(conn, data) end end -function component_listener.disconnect(conn, err) +function component_listener.ondisconnect(conn, err) local session = sessions[conn]; if session then (session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err)); @@ -167,7 +186,12 @@ function component_listener.disconnect(conn, err) hosts[session.host].connected = nil; end sessions[conn] = nil; - for k in pairs(session) do session[k] = nil; end + for k in pairs(session) do + if k ~= "log" and k ~= "close" then + session[k] = nil; + end + end + session.destroyed = true; session = nil; end end diff --git a/net/xmppserver_listener.lua b/net/xmppserver_listener.lua index dc3c2bb4..d1272edb 100644 --- a/net/xmppserver_listener.lua +++ b/net/xmppserver_listener.lua @@ -17,16 +17,34 @@ local s2s_streamopened = require "core.s2smanager".streamopened; local s2s_streamclosed = require "core.s2smanager".streamclosed; local s2s_destroy_session = require "core.s2smanager".destroy_session; local s2s_attempt_connect = require "core.s2smanager".attempt_connection; -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", - default_ns = "jabber:server", +local stream_callbacks = { default_ns = "jabber:server", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza }; +local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; + function stream_callbacks.error(session, error, data) if error == "no-stream" then session:close("invalid-namespace"); - else + elseif error == "parse-error" then session.log("debug", "Server-to-server XML parse error: %s", tostring(error)); session:close("xml-not-well-formed"); + elseif error == "stream-error" then + local condition, text = "undefined-condition"; + for child in data:children() do + if child.attr.xmlns == xmlns_xmpp_streams then + if child.name ~= "text" then + condition = child.name; + else + text = child:get_text(); + end + if condition ~= "undefined-condition" and text then + break; + end + end + end + text = condition .. (text and (" ("..text..")") or ""); + session.log("info", "Session closed by remote with error: %s", text); + session:close(nil, text); end end @@ -73,8 +91,8 @@ local function session_reset_stream(session) end local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; -local function session_close(session, reason) +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local function session_close(session, reason, remote_reason) local log = session.log or log; if session.conn then if session.notopen then @@ -103,18 +121,18 @@ local function session_close(session, reason) end end session.sends2s("</stream:stream>"); - if session.notopen or not session.conn.close() then - session.conn.close(true); -- Force FIXME: timer? + if session.notopen or not session.conn:close() then + session.conn:close(true); -- Force FIXME: timer? end - session.conn.close(); - xmppserver.disconnect(session.conn, "stream error"); + session.conn:close(); + xmppserver.ondisconnect(session.conn, remote_reason or (reason and (reason.text or reason.condition)) or reason or "stream closed"); end end -- End of session methods -- -function xmppserver.listener(conn, data) +function xmppserver.onincoming(conn, data) local session = sessions[conn]; if not session then session = s2s_new_incoming(conn); @@ -140,7 +158,7 @@ function xmppserver.listener(conn, data) end end -function xmppserver.status(conn, status) +function xmppserver.onstatus(conn, status) if status == "ssl-handshake-complete" then local session = sessions[conn]; if session and session.direction == "outgoing" then @@ -151,7 +169,7 @@ function xmppserver.status(conn, status) end end -function xmppserver.disconnect(conn, err) +function xmppserver.ondisconnect(conn, err) local session = sessions[conn]; if session then if err and err ~= "closed" and session.srv_hosts then @@ -161,7 +179,7 @@ function xmppserver.disconnect(conn, err) return; -- Session lives for now end end - (session.log or log)("info", "s2s disconnected: %s->%s (%s)", tostring(session.from_host), tostring(session.to_host), tostring(err)); + (session.log or log)("info", "s2s disconnected: %s->%s (%s)", tostring(session.from_host), tostring(session.to_host), tostring(err or "closed")); s2s_destroy_session(session, err); sessions[conn] = nil; session = nil; diff --git a/plugins/mod_actions_http.lua b/plugins/mod_actions_http.lua deleted file mode 100644 index e125f167..00000000 --- a/plugins/mod_actions_http.lua +++ /dev/null @@ -1,86 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - - -local httpserver = require "net.httpserver"; -local t_concat, t_insert = table.concat, table.insert; - -local log = log; - -local response_404 = { status = "404 Not Found", body = "<h1>No such action</h1>Sorry, I don't have the action you requested" }; - -local control = require "core.actions".actions; - - -local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = string.char(tonumber("0x"..k)); return t[k]; end }); - -local function urldecode(s) - return s and (s:gsub("+", " "):gsub("%%([a-fA-F0-9][a-fA-F0-9])", urlcodes)); -end - -local function query_to_table(query) - if type(query) == "string" and #query > 0 then - if query:match("=") then - local params = {}; - for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do - if k and v then - params[urldecode(k)] = urldecode(v); - end - end - return params; - else - return urldecode(query); - end - end -end - - - -local http_path = { http_base }; -local function handle_request(method, body, request) - local path = request.url.path:gsub("^/[^/]+/", ""); - - local curr = control; - - for comp in path:gmatch("([^/]+)") do - curr = curr[comp]; - if not curr then - return response_404; - end - end - - if type(curr) == "table" then - local s = {}; - for k,v in pairs(curr) do - t_insert(s, tostring(k)); - t_insert(s, " = "); - if type(v) == "function" then - t_insert(s, "action") - elseif type(v) == "table" then - t_insert(s, "list"); - else - t_insert(s, tostring(v)); - end - t_insert(s, "\n"); - end - return t_concat(s); - elseif type(curr) == "function" then - local params = query_to_table(request.url.query); - params.host = request.headers.host:gsub(":%d+", ""); - local ok, ret1, ret2 = pcall(curr, params); - if not ok then - return "EPIC FAIL: "..tostring(ret1); - elseif not ret1 then - return "FAIL: "..tostring(ret2); - else - return "OK: "..tostring(ret2); - end - end -end - -httpserver.new{ port = 5280, base = "control", handler = handle_request, ssl = false }
\ No newline at end of file diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 04887c29..b11de6c6 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -23,7 +23,7 @@ local logger = require "util.logger"; local log = logger.init("mod_bosh"); local xmlns_bosh = "http://jabber.org/protocol/httpbind"; -- (hard-coded into a literal in session.send) -local stream_callbacks = { stream_tag = "http://jabber.org/protocol/httpbind\1body", default_ns = "jabber:client" }; +local stream_callbacks = { stream_ns = "http://jabber.org/protocol/httpbind", stream_tag = "body", default_ns = "jabber:client" }; local BOSH_DEFAULT_HOLD = tonumber(module:get_option("bosh_default_hold")) or 1; local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; @@ -34,6 +34,22 @@ local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 3 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; +local cross_domain = module:get_option("cross_domain_bosh"); +if cross_domain then + default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; + default_headers["Access-Control-Allow-Headers"] = "Content-Type"; + default_headers["Access-Control-Max-Age"] = "7200"; + + if cross_domain == true then + default_headers["Access-Control-Allow-Origin"] = "*"; + elseif type(cross_domain) == "table" then + cross_domain = table.concat(cross_domain, ", "); + end + if type(cross_domain) == "string" then + default_headers["Access-Control-Allow-Origin"] = cross_domain; + end +end + local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local os_time = os.time; @@ -64,9 +80,13 @@ end function handle_request(method, body, request) if (not body) or request.method ~= "POST" then - return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; + if request.method == "OPTIONS" then + return { headers = default_headers, body = "" }; + else + return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; + end end - if not method then + if not method then log("debug", "Request %s suffered error %s", tostring(request.id), body); return; end @@ -192,14 +212,15 @@ function stream_callbacks.streamopened(request, attr) -- Send creation response local features = st.stanza("stream:features"); + hosts[session.host].events.fire_event("stream-features", { origin = session, features = features }); fire_event("stream-features", session, features); --xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh' - local response = st.stanza("body", { xmlns = xmlns_bosh, - inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", - sid = sid, authid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", + local response = st.stanza("body", { xmlns = xmlns_bosh, + inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", + sid = sid, authid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", ["xmlns:xmpp"] = "urn:xmpp:xbosh", ["xmlns:stream"] = "http://etherx.jabber.org/streams" }):add_child(features); request:send{ headers = default_headers, body = tostring(response) }; - + request.sid = sid; return; end @@ -238,6 +259,7 @@ function stream_callbacks.streamopened(request, attr) if session.notopen then local features = st.stanza("stream:features"); + hosts[session.host].events.fire_event("stream-features", { origin = session, features = features }); fire_event("stream-features", session, features); session.send(features); session.notopen = nil; @@ -255,7 +277,7 @@ function stream_callbacks.handlestanza(request, stanza) if stanza.attr.xmlns == xmlns_bosh then stanza.attr.xmlns = nil; end - session.ip = request.handler.ip(); + session.ip = request.handler:ip(); core_process_stanza(session, stanza); end end @@ -299,7 +321,14 @@ function on_timer() end end -local ports = module:get_option("bosh_ports") or { 5280 }; -httpserver.new_from_config(ports, handle_request, { base = "http-bind" }); -server.addtimer(on_timer); +local function setup() + local ports = module:get_option("bosh_ports") or { 5280 }; + httpserver.new_from_config(ports, handle_request, { base = "http-bind" }); + server.addtimer(on_timer); +end +if prosody.start_time then -- already started + setup(); +else + prosody.events.add_handler("server-started", setup); +end diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index 8a7454cd..7efb4f9c 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -14,25 +14,14 @@ local hosts = _G.hosts; local t_concat = table.concat; -local lxp = require "lxp"; -local logger = require "util.logger"; local config = require "core.configmanager"; -local connlisteners = require "net.connlisteners"; local cm_register_component = require "core.componentmanager".register_component; local cm_deregister_component = require "core.componentmanager".deregister_component; -local uuid_gen = require "util.uuid".generate; local sha1 = require "util.hashes".sha1; local st = require "util.stanza"; -local init_xmlhandlers = require "core.xmlhandlers"; - -local sessions = {}; local log = module._log; -local component_listener = { default_port = 5347; default_mode = "*a"; default_interface = config.get("*", "core", "component_interface") or "127.0.0.1" }; - -local xmlns_component = 'jabber:component:accept'; - --- Handle authentication attempts by components function handle_component_auth(session, stanza) log("info", "Handling component auth"); @@ -80,4 +69,4 @@ function handle_component_auth(session, stanza) session.send(st.stanza("handshake")); end -module:add_handler("component", "handshake", xmlns_component, handle_component_auth); +module:add_handler("component", "handshake", "jabber:component:accept", handle_component_auth); diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua index fe1e0c67..c2e84f2b 100644 --- a/plugins/mod_compression.lua +++ b/plugins/mod_compression.lua @@ -12,6 +12,7 @@ local tostring = tostring; local xmlns_compression_feature = "http://jabber.org/features/compress" local xmlns_compression_protocol = "http://jabber.org/protocol/compress" +local xmlns_stream = "http://etherx.jabber.org/streams"; local compression_stream_feature = st.stanza("compression", {xmlns=xmlns_compression_feature}):tag("method"):text("zlib"):up(); local compression_level = module:get_option("compression_level"); @@ -26,22 +27,149 @@ if not compression_level or compression_level < 1 or compression_level > 9 then return; end -module:add_event_hook("stream-features", - function (session, features) +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if not origin.compressed then + -- FIXME only advertise compression support when TLS layer has no compression enabled + features:add_child(compression_stream_feature); + end +end); + +module:hook("s2s-stream-features", function(event) + local origin, features = event.origin, event.features; + -- FIXME only advertise compression support when TLS layer has no compression enabled + if not origin.compressed then + features:add_child(compression_stream_feature); + end +end); + +-- Hook to activate compression if remote server supports it. +module:hook_stanza(xmlns_stream, "features", + function (session, stanza) if not session.compressed then - -- FIXME only advertise compression support when TLS layer has no compression enabled - features:add_child(compression_stream_feature); + -- does remote server support compression? + local comp_st = stanza:child_with_name("compression"); + if comp_st then + -- do we support the mechanism + for a in comp_st:children() do + local algorithm = a[1] + if algorithm == "zlib" then + session.sends2s(st.stanza("compress", {xmlns=xmlns_compression_protocol}):tag("method"):text("zlib")) + session.log("info", "Enabled compression using zlib.") + return true; + end + end + session.log("debug", "Remote server supports no compression algorithm we support.") + end + end + end +, 250); + + +-- returns either nil or a fully functional ready to use inflate stream +local function get_deflate_stream(session) + local status, deflate_stream = pcall(zlib.deflate, compression_level); + if status == false then + local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); + (session.sends2s or session.send)(error_st); + session.log("error", "Failed to create zlib.deflate filter."); + module:log("error", "%s", tostring(deflate_stream)); + return + end + return deflate_stream +end + +-- returns either nil or a fully functional ready to use inflate stream +local function get_inflate_stream(session) + local status, inflate_stream = pcall(zlib.inflate); + if status == false then + local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); + (session.sends2s or session.send)(error_st); + session.log("error", "Failed to create zlib.inflate filter."); + module:log("error", "%s", tostring(inflate_stream)); + return + end + return inflate_stream +end + +-- setup compression for a stream +local function setup_compression(session, deflate_stream) + local old_send = (session.sends2s or session.send); + + local new_send = function(t) + --TODO: Better code injection in the sending process + session.log(t) + local status, compressed, eof = pcall(deflate_stream, tostring(t), 'sync'); + if status == false then + session:close({ + condition = "undefined-condition"; + text = compressed; + extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); + }); + module:log("warn", "%s", tostring(compressed)); + return; + end + session.conn:write(compressed); + end; + + if session.sends2s then session.sends2s = new_send + elseif session.send then session.send = new_send end +end + +-- setup decompression for a stream +local function setup_decompression(session, inflate_stream) + local old_data = session.data + session.data = function(conn, data) + local status, decompressed, eof = pcall(inflate_stream, data); + if status == false then + session:close({ + condition = "undefined-condition"; + text = decompressed; + extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); + }); + module:log("warn", "%s", tostring(decompressed)); + return; end + old_data(conn, decompressed); + end; +end + +module:add_handler({"s2sout_unauthed", "s2sout"}, "compressed", xmlns_compression_protocol, + function(session ,stanza) + session.log("debug", "Activating compression...") + -- create deflate and inflate streams + local deflate_stream = get_deflate_stream(session); + if not deflate_stream then return end + + local inflate_stream = get_inflate_stream(session); + if not inflate_stream then return end + + -- setup compression for session.w + setup_compression(session, deflate_stream); + + -- setup decompression for session.data + setup_decompression(session, inflate_stream); + local session_reset_stream = session.reset_stream; + session.reset_stream = function(session) + session_reset_stream(session); + setup_decompression(session, inflate_stream); + return true; + end; + session:reset_stream(); + local default_stream_attr = {xmlns = "jabber:server", ["xmlns:stream"] = "http://etherx.jabber.org/streams", + ["xmlns:db"] = 'jabber:server:dialback', version = "1.0", to = session.to_host, from = session.from_host}; + session.sends2s("<?xml version='1.0'?>"); + session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + session.compressed = true; end ); --- TODO Support compression on S2S level too. -module:add_handler({"c2s_unauthed", "c2s"}, "compress", xmlns_compression_protocol, +module:add_handler({"c2s_unauthed", "c2s", "s2sin_unauthed", "s2sin"}, "compress", xmlns_compression_protocol, function(session, stanza) -- fail if we are already compressed if session.compressed then local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); - session.send(error_st); + (session.sends2s or session.send)(error_st); session.log("debug", "Client tried to establish another compression layer."); return; end @@ -50,78 +178,38 @@ module:add_handler({"c2s_unauthed", "c2s"}, "compress", xmlns_compression_protoc local method = stanza:child_with_name("method"); method = method and (method[1] or ""); if method == "zlib" then + session.log("debug", "zlib compression enabled."); + -- create deflate and inflate streams - local status, deflate_stream = pcall(zlib.deflate, compression_level); - if status == false then - local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); - session.send(error_st); - session.log("error", "Failed to create zlib.deflate filter."); - module:log("error", "%s", tostring(deflate_stream)); - return - end + local deflate_stream = get_deflate_stream(session); + if not deflate_stream then return end - local status, inflate_stream = pcall(zlib.inflate); - if status == false then - local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); - session.send(error_st); - session.log("error", "Failed to create zlib.inflate filter."); - module:log("error", "%s", tostring(inflate_stream)); - return - end + local inflate_stream = get_inflate_stream(session); + if not inflate_stream then return end - session.log("debug", "zlib compression enabled."); - session.send(st.stanza("compressed", {xmlns=xmlns_compression_protocol})); + (session.sends2s or session.send)(st.stanza("compressed", {xmlns=xmlns_compression_protocol})); session:reset_stream(); - - -- setup compression for session.w - local old_send = session.send; - session.send = function(t) - local status, compressed, eof = pcall(deflate_stream, tostring(t), 'sync'); - if status == false then - session:close({ - condition = "undefined-condition"; - text = compressed; - extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); - }); - module:log("warn", "%s", tostring(compressed)); - return; - end - old_send(compressed); - end; + -- setup compression for session.w + setup_compression(session, deflate_stream); -- setup decompression for session.data - local function setup_decompression(session) - local old_data = session.data - session.data = function(conn, data) - local status, decompressed, eof = pcall(inflate_stream, data); - if status == false then - session:close({ - condition = "undefined-condition"; - text = decompressed; - extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); - }); - module:log("warn", "%s", tostring(decompressed)); - return; - end - old_data(conn, decompressed); - end; - end - setup_decompression(session); + setup_decompression(session, inflate_stream); local session_reset_stream = session.reset_stream; session.reset_stream = function(session) session_reset_stream(session); - setup_decompression(session); + setup_decompression(session, inflate_stream); return true; end; session.compressed = true; elseif method then session.log("debug", "%s compression selected, but we don't support it.", tostring(method)); local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("unsupported-method"); - session.send(error_st); + (session.sends2s or session.send)(error_st); else - session.send(st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed")); + (session.sends2s or session.send)(st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed")); end end ); + diff --git a/plugins/mod_console.lua b/plugins/mod_console.lua index a33302d9..e87ef536 100644 --- a/plugins/mod_console.lua +++ b/plugins/mod_console.lua @@ -33,11 +33,11 @@ end console = {}; function console:new_session(conn) - local w = function(s) conn.write(s:gsub("\n", "\r\n")); end; + local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; local session = { conn = conn; send = function (t) w(tostring(t)); end; print = function (t) w("| "..tostring(t).."\n"); end; - disconnect = function () conn.close(); end; + disconnect = function () conn:close(); end; }; session.env = setmetatable({}, default_env_mt); @@ -53,81 +53,82 @@ end local sessions = {}; -function console_listener.listener(conn, data) +function console_listener.onconnect(conn) + -- Handle new connection + local session = console:new_session(conn); + sessions[conn] = session; + printbanner(session); + session.send(string.char(0)); +end + +function console_listener.onincoming(conn, data) local session = sessions[conn]; - - if not session then - -- Handle new connection - session = console:new_session(conn); - sessions[conn] = session; - printbanner(session); - end - if data then - -- Handle data - (function(session, data) - local useglobalenv; - - if data:match("^>") then - data = data:gsub("^>", ""); - useglobalenv = true; - elseif data == "\004" then - commands["bye"](session, data); + + -- Handle data + (function(session, data) + local useglobalenv; + + if data:match("^>") then + data = data:gsub("^>", ""); + useglobalenv = true; + elseif data == "\004" then + commands["bye"](session, data); + return; + else + local command = data:lower(); + command = data:match("^%w+") or data:match("%p"); + if commands[command] then + commands[command](session, data); return; - else - local command = data:lower(); - command = data:match("^%w+") or data:match("%p"); - if commands[command] then - commands[command](session, data); - return; - end end + end - session.env._ = data; - - local chunkname = "=console"; - local chunk, err = loadstring("return "..data, chunkname); + session.env._ = data; + + local chunkname = "=console"; + local chunk, err = loadstring("return "..data, chunkname); + if not chunk then + chunk, err = loadstring(data, chunkname); if not chunk then - chunk, err = loadstring(data, chunkname); - if not chunk then - err = err:gsub("^%[string .-%]:%d+: ", ""); - err = err:gsub("^:%d+: ", ""); - err = err:gsub("'<eof>'", "the end of the line"); - session.print("Sorry, I couldn't understand that... "..err); - return; - end - end - - setfenv(chunk, (useglobalenv and redirect_output(_G, session)) or session.env or nil); - - local ranok, taskok, message = pcall(chunk); - - if not (ranok or message or useglobalenv) and commands[data:lower()] then - commands[data:lower()](session, data); - return; - end - - if not ranok then - session.print("Fatal error while running command, it did not complete"); - session.print("Error: "..taskok); - return; - end - - if not message then - session.print("Result: "..tostring(taskok)); - return; - elseif (not taskok) and message then - session.print("Command completed with a problem"); - session.print("Message: "..tostring(message)); + err = err:gsub("^%[string .-%]:%d+: ", ""); + err = err:gsub("^:%d+: ", ""); + err = err:gsub("'<eof>'", "the end of the line"); + session.print("Sorry, I couldn't understand that... "..err); return; end - - session.print("OK: "..tostring(message)); - end)(session, data); - end + end + + setfenv(chunk, (useglobalenv and redirect_output(_G, session)) or session.env or nil); + + local ranok, taskok, message = pcall(chunk); + + if not (ranok or message or useglobalenv) and commands[data:lower()] then + commands[data:lower()](session, data); + return; + end + + if not ranok then + session.print("Fatal error while running command, it did not complete"); + session.print("Error: "..taskok); + return; + end + + if not message then + session.print("Result: "..tostring(taskok)); + return; + elseif (not taskok) and message then + session.print("Command completed with a problem"); + session.print("Message: "..tostring(message)); + return; + end + + session.print("OK: "..tostring(message)); + end)(session, data); + session.send(string.char(0)); end -function console_listener.disconnect(conn, err) +function console_listener.ondisconnect(conn, err) local session = sessions[conn]; if session then session.disconnect(); @@ -149,7 +150,7 @@ commands.quit, commands.exit = commands.bye, commands.bye; commands["!"] = function (session, data) if data:match("^!!") then session.print("!> "..session.env._); - return console_listener.listener(session.conn, session.env._); + return console_listener.onincoming(session.conn, session.env._); end local old, new = data:match("^!(.-[^\\])!(.-)!$"); if old and new then @@ -159,7 +160,7 @@ commands["!"] = function (session, data) return; end session.print("!> "..res); - return console_listener.listener(session.conn, res); + return console_listener.onincoming(session.conn, res); end session.print("Sorry, not sure what you want"); end @@ -479,7 +480,7 @@ function def_env.s2s:show(match_jid) for remotehost, session in pairs(host_session.s2sout) do if (not match_jid) or remotehost:match(match_jid) or host:match(match_jid) then count_out = count_out + 1; - print(" "..host.." -> "..remotehost..(session.secure and " (encrypted)" or "")); + print(" "..host.." -> "..remotehost..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); if session.sendq then print(" There are "..#session.sendq.." queued outgoing stanzas for this connection"); end @@ -516,7 +517,7 @@ function def_env.s2s:show(match_jid) -- Pft! is what I say to list comprehensions or (session.hosts and #array.collect(keys(session.hosts)):filter(subhost_filter)>0)) then count_in = count_in + 1; - print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.secure and " (encrypted)" or "")); + print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); if session.type == "s2sin_unauthed" then print(" Connection not yet authenticated"); end diff --git a/plugins/mod_disco.lua b/plugins/mod_disco.lua index 8181c85b..ee0043f1 100644 --- a/plugins/mod_disco.lua +++ b/plugins/mod_disco.lua @@ -7,8 +7,30 @@ -- local componentmanager_get_children = require "core.componentmanager".get_children; +local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed; +local jid_split = require "util.jid".split; +local jid_bare = require "util.jid".bare; local st = require "util.stanza" +local disco_items = module:get_option("disco_items") or {}; +do -- validate disco_items + for _, item in ipairs(disco_items) do + local err; + if type(item) ~= "table" then + err = "item is not a table"; + elseif type(item[1]) ~= "string" then + err = "item jid is not a string"; + elseif item[2] and type(item[2]) ~= "string" then + err = "item name is not a string"; + end + if err then + module:log("error", "option disco_items is malformed: %s", err); + disco_items = {}; -- TODO clean up data instead of removing it? + break; + end + end +end + module:add_identity("server", "im", "Prosody"); -- FIXME should be in the non-existing mod_router module:add_feature("http://jabber.org/protocol/disco#info"); module:add_feature("http://jabber.org/protocol/disco#items"); @@ -47,6 +69,37 @@ module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function(eve for jid in pairs(componentmanager_get_children(module.host)) do reply:tag("item", {jid = jid}):up(); end + for _, item in ipairs(disco_items) do + reply:tag("item", {jid=item[1], name=item[2]}):up(); + end origin.send(reply); return true; end); +module:hook("iq/bare/http://jabber.org/protocol/disco#info:query", function(event) + local origin, stanza = event.origin, event.stanza; + if stanza.attr.type ~= "get" then return; end + local node = stanza.tags[1].attr.node; + if node and node ~= "" then return; end -- TODO fire event? + local username = jid_split(stanza.attr.to) or origin.username; + if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then + local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info'}); + if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account + module:fire_event("account-disco-info", { session = origin, stanza = reply }); + origin.send(reply); + return true; + end +end); +module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(event) + local origin, stanza = event.origin, event.stanza; + if stanza.attr.type ~= "get" then return; end + local node = stanza.tags[1].attr.node; + if node and node ~= "" then return; end -- TODO fire event? + local username = jid_split(stanza.attr.to) or origin.username; + if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then + local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#items'}); + if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account + module:fire_event("account-disco-items", { session = origin, stanza = reply }); + origin.send(reply); + return true; + end +end); diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua index 9534be80..d4604b1e 100644 --- a/plugins/mod_groups.lua +++ b/plugins/mod_groups.lua @@ -7,8 +7,8 @@ -- -local groups = { default = {} }; -local members = { [false] = {} }; +local groups; +local members; local groups_file; @@ -20,7 +20,7 @@ local module_host = module:get_host(); function inject_roster_contacts(username, host, roster) module:log("warn", "Injecting group members to roster"); local bare_jid = username.."@"..host; - if not members[bare_jid] then return; end -- Not a member of any groups + if not members[bare_jid] and not members[false] then return; end -- Not a member of any groups local function import_jids_to_roster(group_name) for jid in pairs(groups[group_name]) do @@ -39,13 +39,23 @@ function inject_roster_contacts(username, host, roster) end -- Find groups this JID is a member of - for _, group_name in ipairs(members[bare_jid]) do - import_jids_to_roster(group_name); + if members[bare_jid] then + for _, group_name in ipairs(members[bare_jid]) do + module:log("debug", "Importing group %s", group_name); + import_jids_to_roster(group_name); + end end -- Import public groups - for _, group_name in ipairs(members[false]) do - import_jids_to_roster(group_name); + if members[false] then + for _, group_name in ipairs(members[false]) do + module:log("debug", "Importing group %s", group_name); + import_jids_to_roster(group_name); + end + end + + if roster[false] then + roster[false].version = true; end end @@ -57,6 +67,7 @@ function remove_virtual_contacts(username, host, datastore, data) new_roster[jid] = contact; end end + new_roster[false].version = nil; -- Version is void return username, host, datastore, new_roster; end @@ -71,20 +82,23 @@ function module.load() datamanager.add_callback(remove_virtual_contacts); groups = { default = {} }; - members = { [false] = {} }; + members = { }; local curr_group = "default"; for line in io.lines(groups_file) do if line:match("^%s*%[.-%]%s*$") then curr_group = line:match("^%s*%[(.-)%]%s*$"); if curr_group:match("^%+") then curr_group = curr_group:gsub("^%+", ""); + if not members[false] then + members[false] = {}; + end members[false][#members[false]+1] = curr_group; -- Is a public group end module:log("debug", "New group: %s", tostring(curr_group)); groups[curr_group] = groups[curr_group] or {}; else -- Add JID - local jid = jid_prep(line); + local jid = jid_prep(line:match("%S+")); if jid then module:log("debug", "New member of %s: %s", tostring(curr_group), tostring(jid)); groups[curr_group][jid] = true; diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua index a554be08..c55bd20f 100644 --- a/plugins/mod_httpserver.lua +++ b/plugins/mod_httpserver.lua @@ -76,6 +76,13 @@ local function handle_default_request(method, body, request) return serve_file(path); end -local ports = config.get(module.host, "core", "http_ports") or { 5280 }; -httpserver.set_default_handler(handle_default_request); -httpserver.new_from_config(ports, handle_file_request, { base = "files" }); +local function setup() + local ports = config.get(module.host, "core", "http_ports") or { 5280 }; + httpserver.set_default_handler(handle_default_request); + httpserver.new_from_config(ports, handle_file_request, { base = "files" }); +end +if prosody.start_time then -- already started + setup(); +else + prosody.events.add_handler("server-started", setup); +end diff --git a/plugins/mod_iq.lua b/plugins/mod_iq.lua index f13e9768..b3001fe5 100644 --- a/plugins/mod_iq.lua +++ b/plugins/mod_iq.lua @@ -53,6 +53,18 @@ module:hook("iq/bare", function(data) end end); +module:hook("iq/self", function(data) + -- IQ to bare JID recieved + local origin, stanza = data.origin, data.stanza; + + if stanza.attr.type == "get" or stanza.attr.type == "set" then + return module:fire_event("iq/self/"..stanza.tags[1].attr.xmlns..":"..stanza.tags[1].name, data); + else + module:fire_event("iq/self/"..stanza.attr.id, data); + return true; + end +end); + module:hook("iq/host", function(data) -- IQ to a local host recieved local origin, stanza = data.origin, data.stanza; diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 3593ad38..0134d736 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -19,11 +19,12 @@ local nodeprep = require "util.encodings".stringprep.nodeprep; local resourceprep = require "util.encodings".stringprep.resourceprep; module:add_feature("jabber:iq:auth"); -module:add_event_hook("stream-features", function (session, features) - if secure_auth_only and not session.secure then +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if secure_auth_only and not origin.secure then -- Sorry, not offering to insecure streams! return; - elseif not session.username then + elseif not origin.username then features:tag("auth", {xmlns='http://jabber.org/features/iq-auth'}):up(); end end); diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index faa7251b..aa46d2d3 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -277,3 +277,21 @@ module:hook("iq/bare/disco", function(event) end end end); + +module:hook("account-disco-info", function(event) + local stanza = event.stanza; + stanza:tag('identity', {category='pubsub', type='pep'}):up(); + stanza:tag('feature', {var='http://jabber.org/protocol/pubsub#publish'}):up(); +end); + +module:hook("account-disco-items", function(event) + local session, stanza = event.session, event.stanza; + local bare = session.username..'@'..session.host; + local user_data = data[bare]; + + if user_data then + for node, _ in pairs(user_data) do + stanza:tag('item', {jid=bare, node=node}):up(); -- TODO we need to handle queries to these nodes + end + end +end); diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 9155289d..c38f7eba 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -7,7 +7,7 @@ -- -local want_pposix_version = "0.3.1"; +local want_pposix_version = "0.3.3"; local pposix = assert(require "util.pposix"); if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end @@ -26,6 +26,9 @@ local prosody = _G.prosody; module.host = "*"; -- we're a global module +local umask = module:get_option("umask") or "027"; +pposix.umask(umask); + -- Allow switching away from root, some people like strange ports. module:add_event_hook("server-started", function () local uid = module:get_option("setuid"); @@ -160,4 +163,11 @@ if signal.signal then prosody.reload_config(); prosody.reopen_logfiles(); end); + + signal.signal("SIGINT", function () + module:log("info", "Received SIGINT"); + prosody.unlock_globals(); + prosody.shutdown("Received SIGINT"); + prosody.lock_globals(); + end); end diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 108ab0d3..5ad3bfdf 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -38,23 +38,42 @@ function core_route_stanza(origin, stanza) _core_route_stanza(origin, stanza); end -local function select_top_resources(user) - local priority = 0; - local recipients = {}; - for _, session in pairs(user.sessions) do -- find resource with greatest priority - if session.presence then - -- TODO check active privacy list for session +local select_top_resources; +local bare_message_delivery_policy = module:get_option("bare_message_delivery_policy") or "priority"; +if bare_message_delivery_policy == "broadcast" then + function select_top_resources(user) + local recipients = {}; + for _, session in pairs(user.sessions) do -- find resources with non-negative priority local p = session.priority; - if p > priority then - priority = p; - recipients = {session}; - elseif p == priority then + if p and p >= 0 then t_insert(recipients, session); end end + return recipients; + end +else + if bare_message_delivery_policy ~= "priority" then + module:log("warn", "Invalid value for config option bare_message_delivery_policy"); + end + function select_top_resources(user) + local priority = 0; + local recipients = {}; + for _, session in pairs(user.sessions) do -- find resource with greatest priority + if session.presence then + -- TODO check active privacy list for session + local p = session.priority; + if p > priority then + priority = p; + recipients = {session}; + elseif p == priority then + t_insert(recipients, session); + end + end + end + return recipients; end - return recipients; end + local function recalc_resource_map(user) if user then user.top_resources = select_top_resources(user); diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua index a1b7acff..77b4dd12 100644 --- a/plugins/mod_privacy.lua +++ b/plugins/mod_privacy.lua @@ -1,31 +1,476 @@ -- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain +-- Copyright (C) 2009-2010 Matthew Wild +-- Copyright (C) 2009-2010 Waqas Hussain +-- Copyright (C) 2009 Thilo Cestonaro -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- - +local prosody = prosody; local st = require "util.stanza"; local datamanager = require "util.datamanager"; +local bare_sessions, full_sessions = bare_sessions, full_sessions; +local util_Jid = require "util.jid"; +local jid_bare = util_Jid.bare; +local jid_split = util_Jid.split; +local load_roster = require "core.rostermanager".load_roster; +local to_number = tonumber; + +function isListUsed(origin, name, privacy_lists) + local user = bare_sessions[origin.username.."@"..origin.host]; + if user then + for resource, session in pairs(user.sessions) do + if resource ~= origin.resource then + if session.activePrivacyList == name then + return true; + elseif session.activePrivacyList == nil and privacy_lists.default == name then + return true; + end + end + end + end +end + +function isAnotherSessionUsingDefaultList(origin) + local user = bare_sessions[origin.username.."@"..origin.host]; + if user then + for resource, session in pairs(user.sessions) do + if resource ~= origin.resource and session.activePrivacyList == nil then + return true; + end + end + end +end + +function sendUnavailable(origin, to, from) +--[[ example unavailable presence stanza +<presence from="node@host/resource" type="unavailable" to="node@host" > + <status>Logged out</status> +</presence> +]]-- + local presence = st.presence({from=from, type="unavailable"}); + presence:tag("status"):text("Logged out"); + + local node, host = jid_bare(to); + local bare = node .. "@" .. host; + + local user = bare_sessions[bare]; + if user then + for resource, session in pairs(user.sessions) do + presence.attr.to = session.full_jid; + module:log("debug", "send unavailable to: %s; from: %s", tostring(presence.attr.to), tostring(presence.attr.from)); + origin.send(presence); + end + end +end + +function declineList(privacy_lists, origin, stanza, which) + if which == "default" then + if isAnotherSessionUsingDefaultList(origin) then + return { "cancel", "conflict", "Another session is online and using the default list."}; + end + privacy_lists.default = nil; + origin.send(st.reply(stanza)); + elseif which == "active" then + origin.activePrivacyList = nil; + origin.send(st.reply(stanza)); + else + return {"modify", "bad-request", "Neither default nor active list specifed to decline."}; + end + return true; +end + +function activateList(privacy_lists, origin, stanza, which, name) + local list = privacy_lists.lists[name]; + + if which == "default" and list then + if isAnotherSessionUsingDefaultList(origin) then + return {"cancel", "conflict", "Another session is online and using the default list."}; + end + privacy_lists.default = name; + origin.send(st.reply(stanza)); + elseif which == "active" and list then + origin.activePrivacyList = name; + origin.send(st.reply(stanza)); + else + return {"modify", "bad-request", "Either not active or default given or unknown list name specified."}; + end + return true; +end + +function deleteList(privacy_lists, origin, stanza, name) + local list = privacy_lists.lists[name]; + + if list then + if isListUsed(origin, name, privacy_lists) then + return {"cancel", "conflict", "Another session is online and using the list which should be deleted."}; + end + if privacy_lists.default == name then + privacy_lists.default = nil; + end + if origin.activePrivacyList == name then + origin.activePrivacyList = nil; + end + privacy_lists.lists[name] = nil; + origin.send(st.reply(stanza)); + return true; + end + return {"modify", "bad-request", "Not existing list specifed to be deleted."}; +end + +function createOrReplaceList (privacy_lists, origin, stanza, name, entries, roster) + local bare_jid = origin.username.."@"..origin.host; + + if privacy_lists.lists == nil then + privacy_lists.lists = {}; + end + + local list = {}; + privacy_lists.lists[name] = list; + + local orderCheck = {}; + list.name = name; + list.items = {}; + + for _,item in ipairs(entries) do + if to_number(item.attr.order) == nil or to_number(item.attr.order) < 0 or orderCheck[item.attr.order] ~= nil then + return {"modify", "bad-request", "Order attribute not valid."}; + end + + if item.attr.type ~= nil and item.attr.type ~= "jid" and item.attr.type ~= "subscription" and item.attr.type ~= "group" then + return {"modify", "bad-request", "Type attribute not valid."}; + end + + local tmp = {}; + orderCheck[item.attr.order] = true; + + tmp["type"] = item.attr.type; + tmp["value"] = item.attr.value; + tmp["action"] = item.attr.action; + tmp["order"] = to_number(item.attr.order); + tmp["presence-in"] = false; + tmp["presence-out"] = false; + tmp["message"] = false; + tmp["iq"] = false; + + if #item.tags > 0 then + for _,tag in ipairs(item.tags) do + tmp[tag.name] = true; + end + end + + if tmp.type == "group" then + local found = false; + local roster = load_roster(origin.username, origin.host); + for jid,item in pairs(roster) do + if item.groups ~= nil then + for group in pairs(item.groups) do + if group == tmp.value then + found = true; + break; + end + end + if found == true then + break; + end + end + end + if found == false then + return {"cancel", "item-not-found", "Specifed roster group not existing."}; + end + elseif tmp.type == "subscription" then + if tmp.value ~= "both" and + tmp.value ~= "to" and + tmp.value ~= "from" and + tmp.value ~= "none" then + return {"cancel", "bad-request", "Subscription value must be both, to, from or none."}; + end + end + + if tmp.action ~= "deny" and tmp.action ~= "allow" then + return {"cancel", "bad-request", "Action must be either deny or allow."}; + end + list.items[#list.items + 1] = tmp; + end + + table.sort(list, function(a, b) return a.order < b.order; end); + + origin.send(st.reply(stanza)); + if bare_sessions[bare_jid] ~= nil then + local iq = st.iq ( { type = "set", id="push1" } ); + iq:tag ("query", { xmlns = "jabber:iq:privacy" } ); + iq:tag ("list", { name = list.name } ):up(); + iq:up(); + for resource, session in pairs(bare_sessions[bare_jid].sessions) do + iq.attr.to = bare_jid.."/"..resource + session.send(iq); + end + else + return {"cancel", "bad-request", "internal error."}; + end + return true; +end + +function getList(privacy_lists, origin, stanza, name) + local reply = st.reply(stanza); + reply:tag("query", {xmlns="jabber:iq:privacy"}); + + if name == nil then + if privacy_lists.lists then + if origin.ActivePrivacyList then + reply:tag("active", {name=origin.activePrivacyList}):up(); + end + if privacy_lists.default then + reply:tag("default", {name=privacy_lists.default}):up(); + end + for name,list in pairs(privacy_lists.lists) do + reply:tag("list", {name=name}):up(); + end + end + else + local list = privacy_lists.lists[name]; + if list then + reply = reply:tag("list", {name=list.name}); + for _,item in ipairs(list.items) do + reply:tag("item", {type=item.type, value=item.value, action=item.action, order=item.order}); + if item["message"] then reply:tag("message"):up(); end + if item["iq"] then reply:tag("iq"):up(); end + if item["presence-in"] then reply:tag("presence-in"):up(); end + if item["presence-out"] then reply:tag("presence-out"):up(); end + reply:up(); + end + else + return {"cancel", "item-not-found", "Unknown list specified."}; + end + end + + origin.send(reply); + return true; +end module:hook("iq/bare/jabber:iq:privacy:query", function(data) local origin, stanza = data.origin, data.stanza; - if not stanza.attr.to then -- only service requests to own bare JID + if stanza.attr.to == nil then -- only service requests to own bare JID local query = stanza.tags[1]; -- the query element - local privacy_lists = datamanager.load(origin.username, origin.host, "privacy") or {}; + local valid = false; + local privacy_lists = datamanager.load(origin.username, origin.host, "privacy") or { lists = {} }; + + if privacy_lists.lists[1] then -- Code to migrate from old privacy lists format, remove in 0.8 + module:log("info", "Upgrading format of stored privacy lists for %s@%s", origin.username, origin.host); + local lists = privacy_lists.lists; + for idx, list in ipairs(lists) do + lists[list.name] = list; + lists[idx] = nil; + end + end + if stanza.attr.type == "set" then - -- TODO + if #query.tags == 1 then -- the <query/> element MUST NOT include more than one child element + for _,tag in ipairs(query.tags) do + if tag.name == "active" or tag.name == "default" then + if tag.attr.name == nil then -- Client declines the use of active / default list + valid = declineList(privacy_lists, origin, stanza, tag.name); + else -- Client requests change of active / default list + valid = activateList(privacy_lists, origin, stanza, tag.name, tag.attr.name); + end + elseif tag.name == "list" and tag.attr.name then -- Client adds / edits a privacy list + if #tag.tags == 0 then -- Client removes a privacy list + valid = deleteList(privacy_lists, origin, stanza, tag.attr.name); + else -- Client edits a privacy list + valid = createOrReplaceList(privacy_lists, origin, stanza, tag.attr.name, tag.tags); + end + end + end + end elseif stanza.attr.type == "get" then - if #query.tags == 0 then -- Client requests names of privacy lists from server - -- TODO - elseif #query.tags == 1 and query.tags[1].name == "list" then -- Client requests a privacy list from server - -- TODO - else - origin.send(st.error_reply(stanza, "modify", "bad-request")); + local name = nil; + local listsToRetrieve = 0; + if #query.tags >= 1 then + for _,tag in ipairs(query.tags) do + if tag.name == "list" then -- Client requests a privacy list from server + name = tag.attr.name; + listsToRetrieve = listsToRetrieve + 1; + end + end + end + if listsToRetrieve == 0 or listsToRetrieve == 1 then + valid = getList(privacy_lists, origin, stanza, name); + end + end + + if valid ~= true then + valid = valid or { "cancel", "bad-request", "Couldn't understand request" }; + if valid[1] == nil then + valid[1] = "cancel"; end + if valid[2] == nil then + valid[2] = "bad-request"; + end + origin.send(st.error_reply(stanza, valid[1], valid[2], valid[3])); + else + datamanager.store(origin.username, origin.host, "privacy", privacy_lists); end + return true; end end); + +function checkIfNeedToBeBlocked(e, session) + local origin, stanza = e.origin, e.stanza; + local privacy_lists = datamanager.load(session.username, session.host, "privacy") or {}; + local bare_jid = session.username.."@"..session.host; + local to = stanza.attr.to; + local from = stanza.attr.from; + + local is_to_user = bare_jid == jid_bare(to); + local is_from_user = bare_jid == jid_bare(from); + + module:log("debug", "stanza: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from)); + + if privacy_lists.lists == nil or + not (session.activePrivacyList or privacy_lists.default) + then + return; -- Nothing to block, default is Allow all + end + if is_from_user and is_to_user then + module:log("debug", "Not blocking communications between user's resources"); + return; -- from one of a user's resource to another => HANDS OFF! + end + + local item; + local listname = session.activePrivacyList; + if listname == nil then + listname = privacy_lists.default; -- no active list selected, use default list + end + local list = privacy_lists.lists[listname]; + if not list then + module:log("debug", "given privacy list not found. name: %s", listname); + return; + end + for _,item in ipairs(list.items) do + local apply = false; + local block = false; + if ( + (stanza.name == "message" and item.message) or + (stanza.name == "iq" and item.iq) or + (stanza.name == "presence" and is_to_user and item["presence-in"]) or + (stanza.name == "presence" and is_from_user and item["presence-out"]) or + (item.message == false and item.iq == false and item["presence-in"] == false and item["presence-out"] == false) + ) then + apply = true; + end + if apply then + local evilJid = {}; + apply = false; + if is_to_user then + module:log("debug", "evil jid is (from): %s", from); + evilJid.node, evilJid.host, evilJid.resource = jid_split(from); + else + module:log("debug", "evil jid is (to): %s", to); + evilJid.node, evilJid.host, evilJid.resource = jid_split(to); + end + if item.type == "jid" and + (evilJid.node and evilJid.host and evilJid.resource and item.value == evilJid.node.."@"..evilJid.host.."/"..evilJid.resource) or + (evilJid.node and evilJid.host and item.value == evilJid.node.."@"..evilJid.host) or + (evilJid.host and evilJid.resource and item.value == evilJid.host.."/"..evilJid.resource) or + (evilJid.host and item.value == evilJid.host) then + apply = true; + block = (item.action == "deny"); + elseif item.type == "group" then + local roster = load_roster(session.username, session.host); + local groups = roster[evilJid.node .. "@" .. evilJid.host].groups; + for group in pairs(groups) do + if group == item.value then + apply = true; + block = (item.action == "deny"); + break; + end + end + elseif item.type == "subscription" and evilJid.node ~= nil and evilJid.host ~= nil then -- we need a valid bare evil jid + local roster = load_roster(session.username, session.host); + if roster[evilJid.node .. "@" .. evilJid.host].subscription == item.value then + apply = true; + block = (item.action == "deny"); + end + elseif item.type == nil then + apply = true; + block = (item.action == "deny"); + end + end + if apply then + if block then + module:log("debug", "stanza blocked: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from)); + if stanza.name == "message" then + origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif stanza.name == "iq" and (stanza.attr.type == "get" or stanza.attr.type == "set") then + origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); + end + return true; -- stanza blocked ! + else + module:log("debug", "stanza explicitly allowed!") + return; + end + end + end +end + +function preCheckIncoming(e) + local session; + if e.stanza.attr.to ~= nil then + local node, host, resource = jid_split(e.stanza.attr.to); + if node == nil or host == nil then + return; + end + if resource == nil then + local prio = 0; + local session_; + if bare_sessions[node.."@"..host] ~= nil then + for resource, session_ in pairs(bare_sessions[node.."@"..host].sessions) do + if session_.priority ~= nil and session_.priority > prio then + session = session_; + prio = session_.priority; + end + end + end + else + session = full_sessions[node.."@"..host.."/"..resource]; + end + if session ~= nil then + return checkIfNeedToBeBlocked(e, session); + else + module:log("debug", "preCheckIncoming: Couldn't get session for jid: %s@%s/%s", tostring(node), tostring(host), tostring(resource)); + end + end +end + +function preCheckOutgoing(e) + local session = e.origin; + if e.stanza.attr.from == nil then + e.stanza.attr.from = session.username .. "@" .. session.host; + if session.resource ~= nil then + e.stanza.attr.from = e.stanza.attr.from .. "/" .. session.resource; + end + end + return checkIfNeedToBeBlocked(e, session); +end + +module:hook("pre-message/full", preCheckOutgoing, 500); +module:hook("pre-message/bare", preCheckOutgoing, 500); +module:hook("pre-message/host", preCheckOutgoing, 500); +module:hook("pre-iq/full", preCheckOutgoing, 500); +module:hook("pre-iq/bare", preCheckOutgoing, 500); +module:hook("pre-iq/host", preCheckOutgoing, 500); +module:hook("pre-presence/full", preCheckOutgoing, 500); +module:hook("pre-presence/bare", preCheckOutgoing, 500); +module:hook("pre-presence/host", preCheckOutgoing, 500); + +module:hook("message/full", preCheckIncoming, 500); +module:hook("message/bare", preCheckIncoming, 500); +module:hook("message/host", preCheckIncoming, 500); +module:hook("iq/full", preCheckIncoming, 500); +module:hook("iq/bare", preCheckIncoming, 500); +module:hook("iq/host", preCheckIncoming, 500); +module:hook("presence/full", preCheckIncoming, 500); +module:hook("presence/bare", preCheckIncoming, 500); +module:hook("presence/host", preCheckIncoming, 500); diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua new file mode 100644 index 00000000..190d30be --- /dev/null +++ b/plugins/mod_proxy65.lua @@ -0,0 +1,279 @@ +-- Copyright (C) 2009 Thilo Cestonaro +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +--[[ +* to restart the proxy in the console: e.g. +module:unload("proxy65"); +> server.removeserver(<proxy65_port>); +module:load("proxy65", <proxy65_jid>); +]]-- + +if module:get_host_type() ~= "component" then + error("proxy65 should be loaded as a component, please see http://prosody.im/doc/components", 0); +end + +local jid_split, jid_join = require "util.jid".split, require "util.jid".join; +local st = require "util.stanza"; +local componentmanager = require "core.componentmanager"; +local config_get = require "core.configmanager".get; +local connlisteners = require "net.connlisteners"; +local sha1 = require "util.hashes".sha1; +local server = require "net.server"; + +local host, name = module:get_host(), "SOCKS5 Bytestreams Service"; +local sessions, transfers, component, replies_cache = {}, {}, nil, {}; + +local proxy_port = config_get(host, "core", "proxy65_port") or 5000; +local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; +local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; +local proxy_acl = config_get(host, "core", "proxy65_acl"); +local max_buffer_size = 4096; + +local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; + +function connlistener.onincoming(conn, data) + local session = sessions[conn] or {}; + + if session.setup == nil and data ~= nil and data:sub(1):byte() == 0x05 and data:len() > 2 then + local nmethods = data:sub(2):byte(); + local methods = data:sub(3); + local supported = false; + for i=1, nmethods, 1 do + if(methods:sub(i):byte() == 0x00) then -- 0x00 == method: NO AUTH + supported = true; + break; + end + end + if(supported) then + module:log("debug", "new session found ... ") + session.setup = true; + sessions[conn] = session; + conn:write(string.char(5, 0)); + end + return; + end + if session.setup then + if session.sha ~= nil and transfers[session.sha] ~= nil then + local sha = session.sha; + if transfers[sha].activated == true and transfers[sha].target ~= nil then + if transfers[sha].initiator == conn then + transfers[sha].target:write(data); + else + transfers[sha].initiator:write(data); + end + return; + end + end + if data ~= nil and data:len() == 0x2F and -- 40 == length of SHA1 HASH, and 7 other bytes => 47 => 0x2F + data:sub(1):byte() == 0x05 and -- SOCKS5 has 5 in first byte + data:sub(2):byte() == 0x01 and -- CMD must be 1 + data:sub(3):byte() == 0x00 and -- RSV must be 0 + data:sub(4):byte() == 0x03 and -- ATYP must be 3 + data:sub(5):byte() == 40 and -- SHA1 HASH length must be 40 (0x28) + data:sub(-2):byte() == 0x00 and -- PORT must be 0, size 2 byte + data:sub(-1):byte() == 0x00 + then + local sha = data:sub(6, 45); -- second param is not count! it's the ending index (included!) + if transfers[sha] == nil then + transfers[sha] = {}; + transfers[sha].activated = false; + transfers[sha].target = conn; + session.sha = sha; + module:log("debug", "target connected ... "); + elseif transfers[sha].target ~= nil then + transfers[sha].initiator = conn; + session.sha = sha; + module:log("debug", "initiator connected ... "); + server.link(conn, transfers[sha].target, max_buffer_size); + server.link(transfers[sha].target, conn, max_buffer_size); + end + conn:write(string.char(5, 0, 0, 3, sha:len()) .. sha .. string.char(0, 0)); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) + conn:lock_read(true) + else + module:log("warn", "Neither data transfer nor initial connect of a participator of a transfer.") + conn:close(); + end + else + if data ~= nil then + module:log("warn", "unknown connection with no authentication data -> closing it"); + conn:close(); + end + end +end + +function connlistener.ondisconnect(conn, err) + local session = sessions[conn]; + if session then + if session.sha and transfers[session.sha] then + local initiator, target = transfers[session.sha].initiator, transfers[session.sha].target; + if initiator == conn and target ~= nil then + target:close(); + elseif target == conn and initiator ~= nil then + initiator:close(); + end + transfers[session.sha] = nil; + end + -- Clean up any session-related stuff here + sessions[conn] = nil; + end +end + +local function get_disco_info(stanza) + local reply = replies_cache.disco_info; + if reply == nil then + reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#info") + :tag("identity", {category='proxy', type='bytestreams', name=name}):up() + :tag("feature", {var="http://jabber.org/protocol/bytestreams"}); + replies_cache.disco_info = reply; + end + + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + return reply; +end + +local function get_disco_items(stanza) + local reply = replies_cache.disco_items; + if reply == nil then + reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#items"); + replies_cache.disco_items = reply; + end + + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + return reply; +end + +local function get_stream_host(origin, stanza) + local reply = replies_cache.stream_host; + local err_reply = replies_cache.stream_host_err; + local sid = stanza.tags[1].attr.sid; + local allow = false; + local jid_node, jid_host, jid_resource = jid_split(stanza.attr.from); + + if stanza.attr.from == nil then + jid_node = origin.username; + jid_host = origin.host; + jid_resource = origin.resource; + end + + if proxy_acl and #proxy_acl > 0 then + if host ~= nil then -- at least a domain is needed. + for _, acl in ipairs(proxy_acl) do + local acl_node, acl_host, acl_resource = jid_split(acl); + if ((acl_node ~= nil and acl_node == jid_node) or acl_node == nil) and + ((acl_host ~= nil and acl_host == jid_host) or acl_host == nil) and + ((acl_resource ~= nil and acl_resource == jid_resource) or acl_resource == nil) then + allow = true; + end + end + end + else + allow = true; + end + if allow == true then + if reply == nil then + reply = st.iq({type="result", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); + replies_cache.stream_host = reply; + end + else + module:log("warn", "Denying use of proxy for %s", tostring(jid_join(jid_node, jid_host, jid_resource))); + if err_reply == nil then + err_reply = st.iq({type="error", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("error", {code='403', type='auth'}) + :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); + replies_cache.stream_host_err = err_reply; + end + reply = err_reply; + end + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + reply.tags[1].attr.sid = sid; + return reply; +end + +module.unload = function() + componentmanager.deregister_component(host); + connlisteners.deregister(module.host .. ':proxy65'); +end + +local function set_activation(stanza) + local from, to, sid, reply = nil; + from = stanza.attr.from; + if stanza.tags[1] ~= nil and tostring(stanza.tags[1].name) == "query" then + if stanza.tags[1].attr ~= nil then + sid = stanza.tags[1].attr.sid; + end + if stanza.tags[1].tags[1] ~= nil and tostring(stanza.tags[1].tags[1].name) == "activate" then + to = stanza.tags[1].tags[1][1]; + end + end + if from ~= nil and to ~= nil and sid ~= nil then + reply = st.iq({type="result", from=host, to=from}); + reply.attr.id = stanza.attr.id; + end + return reply, from, to, sid; +end + +function handle_to_domain(origin, stanza) + local to_node, to_host, to_resource = jid_split(stanza.attr.to); + if to_node == nil then + local type = stanza.attr.type; + if type == "error" or type == "result" then return; end + if stanza.name == "iq" and type == "get" then + local xmlns = stanza.tags[1].attr.xmlns + if xmlns == "http://jabber.org/protocol/disco#info" then + origin.send(get_disco_info(stanza)); + return true; + elseif xmlns == "http://jabber.org/protocol/disco#items" then + origin.send(get_disco_items(stanza)); + return true; + elseif xmlns == "http://jabber.org/protocol/bytestreams" then + origin.send(get_stream_host(origin, stanza)); + return true; + else + origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); + return true; + end + elseif stanza.name == "iq" and type == "set" then + module:log("debug", "Received activation request from %s", stanza.attr.from); + local reply, from, to, sid = set_activation(stanza); + if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then + local sha = sha1(sid .. from .. to, true); + if transfers[sha] == nil then + module:log("error", "transfers[sha]: nil"); + elseif(transfers[sha] ~= nil and transfers[sha].initiator ~= nil and transfers[sha].target ~= nil) then + origin.send(reply); + transfers[sha].activated = true; + transfers[sha].target:lock_read(false); + transfers[sha].initiator:lock_read(false); + else + module:log("debug", "Both parties were not yet connected"); + local message = "Neither party is connected to the proxy"; + if transfers[sha].initiator then + message = "The recipient is not connected to the proxy"; + elseif transfers[sha].target then + message = "The sender (you) is not connected to the proxy"; + end + origin.send(st.error_reply(stanza, "cancel", "not-allowed", message)); + end + else + module:log("error", "activation failed: sid: %s, initiator: %s, target: %s", tostring(sid), tostring(from), tostring(to)); + end + end + end + return; +end + +if not connlisteners.register(module.host .. ':proxy65', connlistener) then + module:log("error", "mod_proxy65: Could not establish a connection listener. Check your configuration please."); + module:log("error", "Possibly two proxy65 components are configured to share the same port."); +end + +connlisteners.start(module.host .. ':proxy65'); +component = componentmanager.register_component(host, handle_to_domain); diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 2a25d1d0..b8d142f7 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -12,6 +12,7 @@ local st = require "util.stanza"; local datamanager = require "util.datamanager"; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_create_user = require "core.usermanager".create_user; +local usermanager_set_password = require "core.usermanager".set_password; local datamanager_store = require "util.datamanager".store; local os_time = os.time; local nodeprep = require "util.encodings".stringprep.nodeprep; @@ -34,7 +35,7 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) local username, host = session.username, session.host; --session.send(st.error_reply(stanza, "cancel", "not-allowed")); --return; - usermanager_create_user(username, nil, host); -- Disable account + usermanager_set_password(username, host, nil); -- Disable account -- FIXME the disabling currently allows a different user to recreate the account -- we should add an in-memory account block mode when we have threading session.send(st.reply(stanza)); @@ -69,7 +70,7 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) username = nodeprep(table.concat(username)); password = table.concat(password); if username == session.username then - if usermanager_create_user(username, password, session.host) then -- password change -- TODO is this the right way? + if usermanager_set_password(username, session.host, password) then session.send(st.reply(stanza)); else -- TODO unable to write file, file may be locked, etc, what's the correct error? diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua index 755d263d..ddf02f2f 100644 --- a/plugins/mod_roster.lua +++ b/plugins/mod_roster.lua @@ -23,12 +23,12 @@ local core_post_stanza = core_post_stanza; module:add_feature("jabber:iq:roster"); local rosterver_stream_feature = st.stanza("ver", {xmlns="urn:xmpp:features:rosterver"}):tag("optional"):up(); -module:add_event_hook("stream-features", - function (session, features) - if session.username then - features:add_child(rosterver_stream_feature); - end - end); +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if origin.username then + features:add_child(rosterver_stream_feature); + end +end); module:add_iq_handler("c2s", "jabber:iq:roster", function (session, stanza) @@ -36,9 +36,10 @@ module:add_iq_handler("c2s", "jabber:iq:roster", if stanza.attr.type == "get" then local roster = st.reply(stanza); - local ver = stanza.tags[1].attr.ver + local client_ver = tonumber(stanza.tags[1].attr.ver); + local server_ver = tonumber(session.roster[false].version or 1); - if (not ver) or tonumber(ver) ~= (session.roster[false].version or 1) then + if not (client_ver and server_ver) or client_ver ~= server_ver then roster:query("jabber:iq:roster"); -- Client does not support versioning, or has stale roster for jid in pairs(session.roster) do @@ -55,7 +56,7 @@ module:add_iq_handler("c2s", "jabber:iq:roster", roster:up(); -- move out from item end end - roster.tags[1].attr.ver = tostring(session.roster[false].version or "1"); + roster.tags[1].attr.ver = server_ver; end session.send(roster); session.interested = true; -- resource is interested in roster updates diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 85481ad7..c0360553 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -21,11 +21,12 @@ local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_get_password = require "core.usermanager".get_password; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; -local jid_split = require "util.jid".split +local jid_split = require "util.jid".split; local md5 = require "util.hashes".md5; local config = require "core.configmanager"; -local secure_auth_only = config.get(module:get_host(), "core", "c2s_require_encryption") or config.get(module:get_host(), "core", "require_encryption"); +local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local sasl_backend = module:get_option("sasl_backend") or "builtin"; local log = module._log; @@ -33,7 +34,48 @@ local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; -local new_sasl = require "util.sasl".new; +local new_sasl; +if sasl_backend == "builtin" then + new_sasl = require "util.sasl".new; +elseif sasl_backend == "cyrus" then + prosody.unlock_globals(); --FIXME: Figure out why this is needed and + -- why cyrussasl isn't caught by the sandbox + local ok, cyrus = pcall(require, "util.sasl_cyrus"); + prosody.lock_globals(); + if ok then + local cyrus_new = cyrus.new; + new_sasl = function(realm) + return cyrus_new(realm, module:get_option("cyrus_service_name") or "xmpp"); + end + else + module:log("error", "Failed to load Cyrus SASL because: %s", cyrus); + error("Failed to load Cyrus SASL"); + end +else + module:log("error", "Unknown SASL backend: %s", sasl_backend); + error("Unknown SASL backend"); +end + +local default_authentication_profile = { + plain = function(username, realm) + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + local password = usermanager_get_password(prepped_username, realm); + if not password then + return "", nil; + end + return password, true; + end +}; + +local anonymous_authentication_profile = { + anonymous = function(username, realm) + return true; -- for normal usage you should always return true here + end +}; local function build_reply(status, ret, err_msg) local reply = st.stanza(status, {xmlns = xmlns_sasl}); @@ -54,50 +96,18 @@ end local function handle_status(session, status) if status == "failure" then - session.sasl_handler = nil; + session.sasl_handler = session.sasl_handler:clean_clone(); elseif status == "success" then local username = nodeprep(session.sasl_handler.username); - session.sasl_handler = nil; if not username then -- TODO move this to sessionmanager module:log("warn", "SASL succeeded but we didn't get a username!"); session.sasl_handler = nil; session:reset_stream(); return; - end - sm_make_authenticated(session, username); - session:reset_stream(); - end -end - -local function credentials_callback(mechanism, ...) - if mechanism == "PLAIN" then - local username, hostname, password = ...; - username = nodeprep(username); - if not username then - return false; - end - local response = usermanager_validate_credentials(hostname, username, password, mechanism); - if response == nil then - return false; - else - return response; - end - elseif mechanism == "DIGEST-MD5" then - local function func(x) return x; end - local node, domain, realm, decoder = ...; - local prepped_node = nodeprep(node); - if not prepped_node then - return func, nil; - end - local password = usermanager_get_password(prepped_node, domain); - if password then - if decoder then - node, realm, password = decoder(node), decoder(realm), decoder(password); - end - return func, md5(node..":"..realm..":"..password); - else - return func, nil; end + sm_make_authenticated(session, session.sasl_handler.username); + session.sasl_handler = nil; + session:reset_stream(); end end @@ -111,8 +121,8 @@ local function sasl_handler(session, stanza) elseif stanza.attr.mechanism == "ANONYMOUS" then return session.send(build_reply("failure", "mechanism-too-weak")); end - session.sasl_handler = new_sasl(stanza.attr.mechanism, session.host, credentials_callback); - if not session.sasl_handler then + local valid_mechanism = session.sasl_handler:select(stanza.attr.mechanism); + if not valid_mechanism then return session.send(build_reply("failure", "invalid-mechanism")); end if secure_auth_only and not session.secure then @@ -131,7 +141,7 @@ local function sasl_handler(session, stanza) return; end end - local status, ret, err_msg = session.sasl_handler:feed(text); + local status, ret, err_msg = session.sasl_handler:process(text); handle_status(session, status); local s = build_reply(status, ret, err_msg); log("debug", "sasl reply: %s", tostring(s)); @@ -145,54 +155,55 @@ module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; -module:add_event_hook("stream-features", - function (session, features) - if not session.username then - if secure_auth_only and not session.secure then - return; - end - features:tag("mechanisms", mechanisms_attr); - -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. - if config.get(session.host or "*", "core", "anonymous_login") then - features:tag("mechanism"):text("ANONYMOUS"):up(); - else - local mechanisms = usermanager_get_supported_methods(session.host or "*"); - for k, v in pairs(mechanisms) do - features:tag("mechanism"):text(k):up(); - end - end - features:up(); - else - features:tag("bind", bind_attr):tag("required"):up():up(); - features:tag("session", xmpp_session_attr):tag("optional"):up():up(); - end - end); - -module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", - function (session, stanza) - log("debug", "Client requesting a resource bind"); - local resource; - if stanza.attr.type == "set" then - local bind = stanza.tags[1]; - if bind and bind.attr.xmlns == xmlns_bind then - resource = bind:child_with_name("resource"); - if resource then - resource = resource[1]; - end - end +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if not origin.username then + if secure_auth_only and not origin.secure then + return; + end + local realm = module:get_option("sasl_realm") or origin.host; + if module:get_option("anonymous_login") then + origin.sasl_handler = new_sasl(realm, anonymous_authentication_profile); + else + origin.sasl_handler = new_sasl(realm, default_authentication_profile); + if not (module:get_option("allow_unencrypted_plain_auth")) and not origin.secure then + origin.sasl_handler:forbidden({"PLAIN"}); end - local success, err_type, err, err_msg = sm_bind_resource(session, resource); - if not success then - session.send(st.error_reply(stanza, err_type, err, err_msg)); - else - session.send(st.reply(stanza) - :tag("bind", { xmlns = xmlns_bind}) - :tag("jid"):text(session.full_jid)); + end + features:tag("mechanisms", mechanisms_attr); + for k, v in pairs(origin.sasl_handler:mechanisms()) do + features:tag("mechanism"):text(v):up(); + end + features:up(); + else + features:tag("bind", bind_attr):tag("required"):up():up(); + features:tag("session", xmpp_session_attr):tag("optional"):up():up(); + end +end); + +module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", function(session, stanza) + log("debug", "Client requesting a resource bind"); + local resource; + if stanza.attr.type == "set" then + local bind = stanza.tags[1]; + if bind and bind.attr.xmlns == xmlns_bind then + resource = bind:child_with_name("resource"); + if resource then + resource = resource[1]; end - end); + end + end + local success, err_type, err, err_msg = sm_bind_resource(session, resource); + if not success then + session.send(st.error_reply(stanza, err_type, err, err_msg)); + else + session.send(st.reply(stanza) + :tag("bind", { xmlns = xmlns_bind}) + :tag("jid"):text(session.full_jid)); + end +end); -module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", - function (session, stanza) - log("debug", "Client requesting a session"); - session.send(st.reply(stanza)); - end); +module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", function(session, stanza) + log("debug", "Client requesting a session"); + session.send(st.reply(stanza)); +end); diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index f68552fa..8b96aa15 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -8,105 +8,82 @@ local st = require "util.stanza"; -local xmlns_stream = 'http://etherx.jabber.org/streams'; -local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; - local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local secure_s2s_only = module:get_option("s2s_require_encryption"); +local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; -local host = hosts[module.host]; - +local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local starttls_attr = { xmlns = xmlns_starttls }; +local starttls_proceed = st.stanza("proceed", starttls_attr); +local starttls_failure = st.stanza("failure", starttls_attr); +local c2s_feature = st.stanza("starttls", starttls_attr); +local s2s_feature = st.stanza("starttls", starttls_attr); +if secure_auth_only then c2s_feature:tag("required"):up(); end +if secure_s2s_only then s2s_feature:tag("required"):up(); end ---- Client-to-server TLS handling -module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, - function (session, stanza) - if session.conn.starttls and host.ssl_ctx_in then - session.send(st.stanza("proceed", starttls_attr)); - session:reset_stream(); - if session.host and hosts[session.host].ssl_ctx_in then - session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); - end - session.conn.starttls(); - session.log("info", "TLS negotiation started..."); - session.secure = false; - else - session.log("warn", "Attempt to start TLS, but TLS is not available on this connection"); - (session.sends2s or session.send)(st.stanza("failure", starttls_attr)); - session:close(); - end - end); +local global_ssl_ctx = prosody.global_ssl_ctx; -module:add_event_hook("stream-features", - function (session, features) - if session.conn.starttls then - features:tag("starttls", starttls_attr); - if secure_auth_only then - features:tag("required"):up():up(); - else - features:up(); - end - end - end); ---- +local host = hosts[module.host]; --- Stop here if the user doesn't want to allow s2s encryption -if module:get_option("s2s_allow_encryption") == false then - return; +local function can_do_tls(session) + if session.type == "c2s_unauthed" then + return session.conn.starttls and host.ssl_ctx_in; + elseif session.type == "s2sin_unauthed" and allow_s2s_tls then + return session.conn.starttls and host.ssl_ctx_in; + elseif session.direction == "outgoing" and allow_s2s_tls then + return session.conn.starttls and host.ssl_ctx; + end + return false; end ---- Server-to-server TLS handling -module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, - function (session, stanza) - if session.conn.starttls and host.ssl_ctx_in then - session.sends2s(st.stanza("proceed", starttls_attr)); - session:reset_stream(); - if session.to_host and hosts[session.to_host].ssl_ctx_in then - session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); - end - session.conn.starttls(); - session.log("info", "TLS negotiation started for incoming s2s..."); - session.secure = false; - else - session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection"); - (session.sends2s or session.send)(st.stanza("failure", starttls_attr)); - session:close(); - end - end); - +-- Hook <starttls/> +module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) + local origin = event.origin; + if can_do_tls(origin) then + (origin.sends2s or origin.send)(starttls_proceed); + origin:reset_stream(); + local host = origin.to_host or origin.host; + local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx; + origin.conn:starttls(ssl_ctx); + origin.log("info", "TLS negotiation started for %s...", origin.type); + origin.secure = false; + else + origin.log("warn", "Attempt to start TLS, but TLS is not available on this %s connection", origin.type); + (origin.sends2s or origin.send)(starttls_failure); + origin:close(); + end + return true; +end); -module:hook("s2s-stream-features", - function (data) - local session, features = data.session, data.features; - if session.to_host and session.conn.starttls then - features:tag("starttls", starttls_attr); - if secure_s2s_only then - features:tag("required"):up():up(); - else - features:up(); - end - end - end); +-- Advertize stream feature +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if can_do_tls(origin) then + features:add_child(c2s_feature); + end +end); +module:hook("s2s-stream-features", function(event) + local origin, features = event.origin, event.features; + if can_do_tls(origin) then + features:add_child(s2s_feature); + end +end); -- For s2sout connections, start TLS if we can -module:hook_stanza(xmlns_stream, "features", - function (session, stanza) - module:log("debug", "Received features element"); - if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then - module:log("%s is offering TLS, taking up the offer...", session.to_host); - session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); - return true; - end - end, 500); +module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) + module:log("debug", "Received features element"); + if can_do_tls(session) and stanza:child_with_ns(xmlns_starttls) then + module:log("%s is offering TLS, taking up the offer...", session.to_host); + session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); + return true; + end +end, 500); -module:hook_stanza(xmlns_starttls, "proceed", - function (session, stanza) - module:log("debug", "Proceeding with TLS on s2sout..."); - local format, to_host, from_host = string.format, session.to_host, session.from_host; - local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; - session.conn.set_sslctx(ssl_ctx); - session:reset_stream(); - session.conn.starttls(true); - session.secure = false; - return true; - end); +module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) + module:log("debug", "Proceeding with TLS on s2sout..."); + session:reset_stream(); + local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; + session.conn:starttls(ssl_ctx, true); + session.secure = false; + return true; +end); diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua deleted file mode 100644 index 92f296c5..00000000 --- a/plugins/mod_xmlrpc.lua +++ /dev/null @@ -1,128 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - - -module.host = "*" -- Global module - -local httpserver = require "net.httpserver"; -local st = require "util.stanza"; -local pcall = pcall; -local unpack = unpack; -local tostring = tostring; -local is_admin = require "core.usermanager".is_admin; -local jid_split = require "util.jid".split; -local jid_bare = require "util.jid".bare; -local b64_decode = require "util.encodings".base64.decode; -local get_method = require "core.objectmanager".get_object; -local validate_credentials = require "core.usermanager".validate_credentials; - -local translate_request = require "util.xmlrpc".translate_request; -local create_response = require "util.xmlrpc".create_response; -local create_error_response = require "util.xmlrpc".create_error_response; - -local entity_map = setmetatable({ - ["amp"] = "&"; - ["gt"] = ">"; - ["lt"] = "<"; - ["apos"] = "'"; - ["quot"] = "\""; -}, {__index = function(_, s) - if s:sub(1,1) == "#" then - if s:sub(2,2) == "x" then - return string.char(tonumber(s:sub(3), 16)); - else - return string.char(tonumber(s:sub(2))); - end - end - end -}); -local function xml_unescape(str) - return (str:gsub("&(.-);", entity_map)); -end -local function parse_xml(xml) - local stanza = st.stanza("root"); - local regexp = "<([^>]*)>([^<]*)"; - for elem, text in xml:gmatch(regexp) do - --print("[<"..elem..">|"..text.."]"); - if elem:sub(1,1) == "!" or elem:sub(1,1) == "?" then -- neglect comments and processing-instructions - elseif elem:sub(1,1) == "/" then -- end tag - elem = elem:sub(2); - stanza:up(); -- TODO check for start-end tag name match - elseif elem:sub(-1,-1) == "/" then -- empty tag - elem = elem:sub(1,-2); - stanza:tag(elem):up(); - else -- start tag - stanza:tag(elem); - end - if #text ~= 0 then -- text - stanza:text(xml_unescape(text)); - end - end - return stanza.tags[1]; -end - -local function handle_xmlrpc_request(jid, method, args) - local is_secure_call = (method:sub(1,7) == "secure/"); - if not is_admin(jid) and not is_secure_call then - return create_error_response(401, "not authorized"); - end - method = get_method(method); - if not method then return create_error_response(404, "method not found"); end - args = args or {}; - if is_secure_call then table.insert(args, 1, jid); end - local success, result = pcall(method, unpack(args)); - if success then - success, result = pcall(create_response, result or "nil"); - if success then - return result; - end - return create_error_response(500, "Error in creating response: "..result); - end - return create_error_response(0, tostring(result):gsub("^[^:]+:%d+: ", "")); -end - -local function handle_xmpp_request(origin, stanza) - local query = stanza.tags[1]; - if query.name == "query" then - if #query.tags == 1 then - local success, method, args = pcall(translate_request, query.tags[1]); - if success then - local result = handle_xmlrpc_request(jid_bare(stanza.attr.from), method, args); - origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result)); - else - origin.send(st.error_reply(stanza, "modify", "bad-request", method)); - end - else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end - else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end -end -module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request); -module:add_feature("jabber:iq:rpc"); --- TODO add <identity category='automation' type='rpc'/> to disco replies - -local default_headers = { ['Content-Type'] = 'text/xml' }; -local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "<html><body>Authentication required</body></html>"; }; -local function handle_http_request(method, body, request) - -- authenticate user - local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth - local node, host = jid_split(username); - if not validate_credentials(host, node, password) then - return unauthorized_response; - end - -- parse request - local stanza = body and parse_xml(body); - if (not stanza) or request.method ~= "POST" then - return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>"; - end - -- execute request - local success, method, args = pcall(translate_request, stanza); - if success then - return { headers = default_headers; body = tostring(handle_xmlrpc_request(node.."@"..host, method, args)) }; - end - return "<html><body>Error parsing XML-RPC request: "..tostring(method).."</body></html>"; -end -httpserver.new{ port = 9000, base = "xmlrpc", handler = handle_http_request } diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 680b902a..de23aebb 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -16,7 +16,6 @@ local muc_name = module:get_option("name"); if type(muc_name) ~= "string" then muc_name = "Prosody Chatrooms"; end local restrict_room_creation = module:get_option("restrict_room_creation"); if restrict_room_creation and restrict_room_creation ~= true then restrict_room_creation = nil; end -local history_length = 20; local muc_new_room = module:require "muc".new_room; local register_component = require "core.componentmanager".register_component; diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 75289cc1..18c80325 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -59,19 +59,12 @@ local kickable_error_conditions = { ["service-unavailable"] = true; ["malformed error"] = true; }; + local function get_error_condition(stanza) - for _, tag in ipairs(stanza.tags) do - if tag.name == "error" and (not(tag.attr.xmlns) or tag.attr.xmlns == "jabber:client") then - for _, cond in ipairs(tag.tags) do - if cond.attr.xmlns == "urn:ietf:params:xml:ns:xmpp-stanzas" then - return cond.name; - end - end - return "malformed error"; - end - end - return "malformed error"; + local _, condition = stanza:get_error(); + return condition or "malformed error"; end + local function is_kickable_error(stanza) local cond = get_error_condition(stanza); return kickable_error_conditions[cond] and cond; @@ -89,17 +82,6 @@ local function getTag(stanza, path) return getUsingPath(stanza, path); end local function getText(stanza, path) return getUsingPath(stanza, path, true); end ----------- ---[[function get_room_disco_info(room, stanza) - return st.iq({type='result', id=stanza.attr.id, from=stanza.attr.to, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#info") - :tag("identity", {category='conference', type='text', name=room._data["name"]):up() - :tag("feature", {var="http://jabber.org/protocol/muc"}); -- TODO cache disco reply -end -function get_room_disco_items(room, stanza) - return st.iq({type='result', id=stanza.attr.id, from=stanza.attr.to, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#items"); -end -- TODO allow non-private rooms]] - --- - local room_mt = {}; room_mt.__index = room_mt; @@ -183,12 +165,12 @@ function room_mt:send_history(to) end end -local function room_get_disco_info(self, stanza) +function room_mt:get_disco_info(stanza) return st.reply(stanza):query("http://jabber.org/protocol/disco#info") :tag("identity", {category="conference", type="text"}):up() :tag("feature", {var="http://jabber.org/protocol/muc"}); end -local function room_get_disco_items(self, stanza) +function room_mt:get_disco_items(stanza) local reply = st.reply(stanza):query("http://jabber.org/protocol/disco#items"); for room_jid in pairs(self._occupants) do reply:tag("item", {jid = room_jid, name = room_jid:match("/(.*)")}):up(); @@ -206,6 +188,16 @@ function room_mt:set_subject(current_nick, subject) return true; end +local function build_unavailable_presence_from_error(stanza) + local type, condition, text = stanza:get_error(); + local error_message = "Kicked: "..condition:gsub("%-", " "); + if text then + error_message = error_message..": "..text; + end + return st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) + :tag('status'):text(error_message); +end + function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc local from, to = stanza.attr.from, stanza.attr.to; local room = jid_bare(to); @@ -219,8 +211,7 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc if type == "error" then -- error, kick em out! if current_nick then log("debug", "kicking %s from %s", current_nick, room); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=from, to=to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); end elseif type == "unavailable" then -- unavailable if current_nick then @@ -328,6 +319,11 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc :tag("item", {affiliation=affiliation or "none", role=role or "none"}):up() :tag("status", {code='110'})); end + if self._data.whois == 'anyone' then -- non-anonymous? + self:_route_stanza(st.stanza("message", {from=to, to=from, type='groupchat'}) + :tag("x", {xmlns='http://jabber.org/protocol/muc#user'}) + :tag("status", {code='100'})); + end self:send_history(from); else -- banned local reply = st.error_reply(stanza, "auth", "forbidden"):up(); @@ -367,8 +363,7 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc origin.send(st.error_reply(stanza, "modify", "bad-request")); elseif current_nick and stanza.name == "message" and type == "error" and is_kickable_error(stanza) then log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable else -- private stanza local o_data = self._occupants[to]; if o_data then @@ -389,51 +384,112 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc end end -function room_mt:handle_form(origin, stanza) - if self:get_affiliation(stanza.attr.from) ~= "owner" then origin.send(st.error_reply(stanza, "auth", "forbidden")); return; end - if stanza.attr.type == "get" then - local title = "Configuration for "..self.jid; - origin.send(st.reply(stanza):query("http://jabber.org/protocol/muc#owner") - :tag("x", {xmlns='jabber:x:data', type='form'}) - :tag("title"):text(title):up() - :tag("instructions"):text(title):up() - :tag("field", {type='hidden', var='FORM_TYPE'}):tag("value"):text("http://jabber.org/protocol/muc#roomconfig"):up():up() - :tag("field", {type='boolean', label='Make Room Persistent?', var='muc#roomconfig_persistentroom'}) - :tag("value"):text(self._data.persistent and "1" or "0"):up() +function room_mt:send_form(origin, stanza) + local title = "Configuration for "..self.jid; + origin.send(st.reply(stanza):query("http://jabber.org/protocol/muc#owner") + :tag("x", {xmlns='jabber:x:data', type='form'}) + :tag("title"):text(title):up() + :tag("instructions"):text(title):up() + :tag("field", {type='hidden', var='FORM_TYPE'}):tag("value"):text("http://jabber.org/protocol/muc#roomconfig"):up():up() + :tag("field", {type='boolean', label='Make Room Persistent?', var='muc#roomconfig_persistentroom'}) + :tag("value"):text(self._data.persistent and "1" or "0"):up() + :up() + :tag("field", {type='boolean', label='Make Room Publicly Searchable?', var='muc#roomconfig_publicroom'}) + :tag("value"):text(self._data.hidden and "0" or "1"):up() + :up() + :tag("field", {type='list-single', label='Who May Discover Real JIDs?', var='muc#roomconfig_whois'}) + :tag("value"):text(self._data.whois or 'moderators'):up() + :tag("option", {label = 'Moderators Only'}) + :tag("value"):text('moderators'):up() :up() - :tag("field", {type='boolean', label='Make Room Publicly Searchable?', var='muc#roomconfig_publicroom'}) - :tag("value"):text(self._data.hidden and "0" or "1"):up() + :tag("option", {label = 'Anyone'}) + :tag("value"):text('anyone'):up() :up() - ); - elseif stanza.attr.type == "set" then - local query = stanza.tags[1]; - local form; - for _, tag in ipairs(query.tags) do if tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then form = tag; break; end end - if not form then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); return; end - if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end - if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - local fields = {}; - for _, field in pairs(form.tags) do - if field.name == "field" and field.attr.var and field.tags[1].name == "value" and #field.tags[1].tags == 0 then - fields[field.attr.var] = field.tags[1][1] or ""; - end + :up() + ); +end + +local valid_whois = { + moderators = true, + anyone = true, +} + +function room_mt:process_form(origin, stanza) + local query = stanza.tags[1]; + local form; + for _, tag in ipairs(query.tags) do if tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then form = tag; break; end end + if not form then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); return; end + if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end + if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + local fields = {}; + for _, field in pairs(form.tags) do + if field.name == "field" and field.attr.var and field.tags[1].name == "value" and #field.tags[1].tags == 0 then + fields[field.attr.var] = field.tags[1][1] or ""; end - if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + end + if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + + local dirty = false - local persistent = fields['muc#roomconfig_persistentroom']; - if persistent == "0" or persistent == "false" then persistent = nil; elseif persistent == "1" or persistent == "true" then persistent = true; - else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - self._data.persistent = persistent; - module:log("debug", "persistent=%s", tostring(persistent)); + local persistent = fields['muc#roomconfig_persistentroom']; + if persistent == "0" or persistent == "false" then persistent = nil; elseif persistent == "1" or persistent == "true" then persistent = true; + else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + dirty = dirty or (self._data.persistent ~= persistent) + self._data.persistent = persistent; + module:log("debug", "persistent=%s", tostring(persistent)); - local public = fields['muc#roomconfig_publicroom']; - if public == "0" or public == "false" then public = nil; elseif public == "1" or public == "true" then public = true; - else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - self._data.hidden = not public and true or nil; + local public = fields['muc#roomconfig_publicroom']; + if public == "0" or public == "false" then public = nil; elseif public == "1" or public == "true" then public = true; + else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + dirty = dirty or (self._data.hidden ~= (not public and true or nil)) + self._data.hidden = not public and true or nil; - if self.save then self:save(true); end - origin.send(st.reply(stanza)); + local whois = fields['muc#roomconfig_whois']; + if not valid_whois[whois] then + origin.send(st.error_reply(stanza, 'cancel', 'bad-request')); + return; end + local whois_changed = self._data.whois ~= whois + self._data.whois = whois + module:log('debug', 'whois=%s', tostring(whois)) + + if self.save then self:save(true); end + origin.send(st.reply(stanza)); + + if dirty or whois_changed then + local msg = st.message({type='groupchat', from=self.jid}) + :tag('x', {xmlns='http://jabber.org/protocol/muc#user'}):up() + + if dirty then + msg.tags[1]:tag('status', {code = '104'}) + end + if whois_changed then + local code = (whois == 'moderators') and 173 or 172 + msg.tags[1]:tag('status', {code = code}) + end + + self:broadcast_message(msg, false) + end +end + +function room_mt:destroy(newjid, reason, password) + local pr = st.presence({type = "unavailable"}) + :tag("x", {xmlns = "http://jabber.org/protocol/muc#user"}) + :tag("item", { affiliation='none', role='none' }):up() + :tag("destroy", {jid=newjid}) + if reason then pr:tag("reason"):text(reason):up(); end + if password then pr:tag("password"):text(password):up(); end + for nick, occupant in pairs(self._occupants) do + pr.attr.from = nick; + for jid in pairs(occupant.sessions) do + pr.attr.to = jid; + self:_route_stanza(pr); + self._jid_nick[jid] = nil; + end + self._occupants[nick] = nil; + end + self._data.persistent = nil; + if self.save then self:save(true); end end function room_mt:handle_to_room(origin, stanza) -- presence changes and groupchat messages, along with disco/etc @@ -441,9 +497,9 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha local xmlns = stanza.tags[1] and stanza.tags[1].attr.xmlns; if stanza.name == "iq" then if xmlns == "http://jabber.org/protocol/disco#info" and type == "get" then - origin.send(room_get_disco_info(self, stanza)); + origin.send(self:get_disco_info(stanza)); elseif xmlns == "http://jabber.org/protocol/disco#items" and type == "get" then - origin.send(room_get_disco_items(self, stanza)); + origin.send(self:get_disco_items(stanza)); elseif xmlns == "http://jabber.org/protocol/muc#admin" then local actor = stanza.attr.from; local affiliation = self:get_affiliation(actor); @@ -519,7 +575,30 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha origin.send(st.error_reply(stanza, "cancel", "bad-request")); end elseif xmlns == "http://jabber.org/protocol/muc#owner" and (type == "get" or type == "set") and stanza.tags[1].name == "query" then - self:handle_form(origin, stanza); + if self:get_affiliation(stanza.attr.from) ~= "owner" then + origin.send(st.error_reply(stanza, "auth", "forbidden")); + elseif stanza.attr.type == "get" then + self:send_form(origin, stanza); + elseif stanza.attr.type == "set" then + local child = stanza.tags[1].tags[1]; + if not child then + origin.send(st.error_reply(stanza, "auth", "bad-request")); + elseif child.name == "destroy" then + local newjid = child.attr.jid; + local reason, password; + for _,tag in ipairs(child.tags) do + if tag.name == "reason" then + reason = #tag.tags == 0 and tag[1]; + elseif tag.name == "password" then + password = #tag.tags == 0 and tag[1]; + end + end + self:destroy(newjid, reason, password); + origin.send(st.reply(stanza)); + else + self:process_form(origin, stanza); + end + end elseif type == "set" or type == "get" then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end @@ -551,8 +630,7 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha elseif stanza.name == "message" and type == "error" and is_kickable_error(stanza) then local current_nick = self._jid_nick[stanza.attr.from]; log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable elseif stanza.name == "presence" then -- hack - some buggy clients send presence updates to the room rather than their nick local to = stanza.attr.to; local current_nick = self._jid_nick[stanza.attr.from]; @@ -707,13 +785,11 @@ function room_mt:_route_stanza(stanza) local from_occupant = self._occupants[stanza.attr.from]; if stanza.name == "presence" then if to_occupant and from_occupant then - if to_occupant.role == "moderator" or jid_bare(to_occupant.jid) == jid_bare(from_occupant.jid) then - for i=#stanza.tags,1,-1 do - local tag = stanza.tags[i]; - if tag.name == "x" and tag.attr.xmlns == "http://jabber.org/protocol/muc#user" then - muc_child = tag; - break; - end + if self._data.whois == 'anyone' then + muc_child = stanza:get_child("x", "http://jabber.org/protocol/muc#user"); + else + if to_occupant.role == "moderator" or jid_bare(to_occupant.jid) == jid_bare(from_occupant.jid) then + muc_child = stanza:get_child("x", "http://jabber.org/protocol/muc#user"); end end end @@ -746,7 +822,9 @@ function _M.new_room(jid) jid = jid; _jid_nick = {}; _occupants = {}; - _data = {}; + _data = { + whois = 'moderators', + }; _affiliations = {}; }, room_mt); end @@ -16,6 +16,7 @@ CFG_DATADIR=os.getenv("PROSODY_DATADIR"); -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +-- Tell Lua where to find our libraries if CFG_SOURCEDIR then package.path = CFG_SOURCEDIR.."/?.lua;"..package.path; package.cpath = CFG_SOURCEDIR.."/?.so;"..package.cpath; @@ -24,42 +25,22 @@ end package.path = package.path..";"..(CFG_SOURCEDIR or ".").."/fallbacks/?.lua"; package.cpath = package.cpath..";"..(CFG_SOURCEDIR or ".").."/fallbacks/?.so"; +-- Substitute ~ with path to home directory in data path if CFG_DATADIR then if os.getenv("HOME") then CFG_DATADIR = CFG_DATADIR:gsub("^~", os.getenv("HOME")); end end --- Required to be able to find packages installed with luarocks -if not pcall(require, "luarocks.loader") then -- Try LuaRocks 2.x - pcall(require, "luarocks.require") -- Try LuaRocks 1.x -end - --- Replace require with one that doesn't pollute _G -do - local _realG = _G; - local _real_require = require; - function require(...) - local curr_env = getfenv(2); - local curr_env_mt = getmetatable(getfenv(2)); - local _realG_mt = getmetatable(_realG); - if curr_env_mt and curr_env_mt.__index and not curr_env_mt.__newindex and _realG_mt then - local old_newindex - old_newindex, _realG_mt.__newindex = _realG_mt.__newindex, curr_env; - local ret = _real_require(...); - _realG_mt.__newindex = old_newindex; - return ret; - end - return _real_require(...); - end -end - - +-- Load the config-parsing module config = require "core.configmanager" +-- -- -- -- +-- Define the functions we call during startup, the +-- actual startup happens right at the end, where these +-- functions get called + function read_config() - -- TODO: Check for other formats when we add support for them - -- Use lfs? Make a new conf/ dir? local filenames = {}; local filename; @@ -69,7 +50,9 @@ function read_config() table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]); end else - table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + for _, format in ipairs(config.parsers()) do + table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format); + end end for _,_filename in ipairs(filenames) do filename = _filename; @@ -104,16 +87,69 @@ function read_config() end function load_libraries() - -- Initialize logging - require "core.loggingmanager" - - -- Check runtime dependencies - require "util.dependencies" - -- Load socket framework server = require "net.server" end +function init_logging() + -- Initialize logging + require "core.loggingmanager" +end + +function check_dependencies() + -- Check runtime dependencies + if not require "util.dependencies".check_dependencies() then + os.exit(1); + end +end + +function sandbox_require() + -- Replace require() with one that doesn't pollute _G, required + -- for neat sandboxing of modules + local _realG = _G; + local _real_require = require; + function require(...) + local curr_env = getfenv(2); + local curr_env_mt = getmetatable(getfenv(2)); + local _realG_mt = getmetatable(_realG); + if curr_env_mt and curr_env_mt.__index and not curr_env_mt.__newindex and _realG_mt then + local old_newindex + old_newindex, _realG_mt.__newindex = _realG_mt.__newindex, curr_env; + local ret = _real_require(...); + _realG_mt.__newindex = old_newindex; + return ret; + end + return _real_require(...); + end +end + +function set_function_metatable() + local mt = {}; + function mt.__index(f, upvalue) + local i, name, value = 0; + repeat + i = i + 1; + name, value = debug.getupvalue(f, i); + until name == upvalue or name == nil; + return value; + end + function mt.__newindex(f, upvalue, value) + local i, name = 0; + repeat + i = i + 1; + name = debug.getupvalue(f, i); + until name == upvalue or name == nil; + if name then + debug.setupvalue(f, i, value); + end + end + function mt.__tostring(f) + local info = debug.getinfo(f); + return ("function(%s:%d)"):format(info.short_src:match("[^\\/]*$"), info.linedefined); + end + debug.setmetatable(function() end, mt); +end + function init_global_state() bare_sessions = {}; full_sessions = {}; @@ -177,29 +213,28 @@ function init_global_state() end -- Load SSL settings from config, and create a ctx table - local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); - if global_ssl_ctx then - local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; - setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); - end + local certmanager = require "core.certmanager"; + local global_ssl_ctx = certmanager.create_context("*", "server"); + prosody.global_ssl_ctx = global_ssl_ctx; local cl = require "net.connlisteners"; function prosody.net_activate_ports(option, listener, default, conntype) conntype = conntype or (global_ssl_ctx and "tls") or "tcp"; + local ports_option = option and option.."_ports" or "ports"; if not cl.get(listener) then return; end - local ports = config.get("*", "core", option.."_ports") or default; + local ports = config.get("*", "core", ports_option) or default; if type(ports) == "number" then ports = {ports} end; if type(ports) ~= "table" then - log("error", "core."..option.." is not a table"); + log("error", "core."..ports_option.." is not a table"); else for _, port in ipairs(ports) do port = tonumber(port); if type(port) ~= "number" then - log("error", "Non-numeric "..option.."_ports: "..tostring(port)); + log("error", "Non-numeric "..ports_option..": "..tostring(port)); else local ok, err = cl.start(listener, { - ssl = conntype ~= "tcp" and global_ssl_ctx, + ssl = conntype == "ssl" and global_ssl_ctx, port = port, interface = (option and config.get("*", "core", option.."_interface")) or cl.get(listener).default_interface @@ -300,15 +335,23 @@ function init_data_store() end function prepare_to_start() + log("debug", "Prosody is using the %s backend for connection handling", server.get_backend()); -- Signal to modules that we are ready to start eventmanager.fire_event("server-starting"); prosody.events.fire_event("server-starting"); -- start listening on sockets - prosody.net_activate_ports("c2s", "xmppclient", {5222}); - prosody.net_activate_ports("s2s", "xmppserver", {5269}); - prosody.net_activate_ports("component", "xmppcomponent", {5347}, "tcp"); - prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); + if config.get("*", "core", "ports") then + prosody.net_activate_ports(nil, "multiplex", {5222, 5269}); + if config.get("*", "core", "ssl_ports") then + prosody.net_activate_ports("ssl", "multiplex", {5223}, "ssl"); + end + else + prosody.net_activate_ports("c2s", "xmppclient", {5222}); + prosody.net_activate_ports("s2s", "xmppserver", {5269}); + prosody.net_activate_ports("component", "xmppcomponent", {5347}, "tcp"); + prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); + end prosody.start_time = os.time(); end @@ -395,7 +438,14 @@ function cleanup() server.setquitting(true); end +-- Are you ready? :) +-- These actions are in a strict order, as many depend on +-- previous steps to have already been performed read_config(); +init_logging(); +check_dependencies(); +sandbox_require(); +set_function_metatable(); load_libraries(); init_global_state(); read_version(); diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index c43d1131..a17eb877 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -22,8 +22,13 @@ -- Example: admins = { "user1@example.com", "user2@example.net" } admins = { } +-- Enable use of libevent for better performance under high load +-- For more information see: http://prosody.im/doc/libevent +--use_libevent = true; + -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. +-- Documentation on modules can be found at: http://prosody.im/doc/modules modules_enabled = { -- Generally required @@ -32,11 +37,13 @@ modules_enabled = { "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery - + -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards - + --"privacy"; -- Support privacy lists + --"compression"; -- Stream compression + -- Nice to have "legacyauth"; -- Legacy authentication. Only used by some old clients and bots. "version"; -- Replies to server version requests @@ -45,12 +52,16 @@ modules_enabled = { "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more "register"; -- Allow users to register on this server using a client and change passwords - + -- Other specific functionality --"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. --"console"; -- Opens admin telnet interface on localhost port 5582 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"httpserver"; -- Serve static files from a directory over HTTP + --"groups"; -- Shared roster support + --"announce"; -- Send announcement to all online users + --"welcome"; -- Welcome users who register accounts + --"watchregistrations"; -- Alert admins of registrations }; -- These modules are auto-loaded, should you @@ -73,6 +84,15 @@ ssl = { certificate = "certs/localhost.cert"; } +-- Require encryption on client/server connections? +--c2s_require_encryption = false +--s2s_require_encryption = false + +-- Logging configuration +-- For advanced logging see http://prosody.im/doc/logging +log = "prosody.log"; +debug = false; -- Log debug messages? + ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. @@ -89,7 +109,7 @@ VirtualHost "example.com" ssl = { key = "certs/example.com.key"; certificate = "certs/example.com.crt"; - } + } ------ Components ------ -- You can specify components to add hosts that provide special services, @@ -99,6 +119,9 @@ VirtualHost "example.com" ---Set up a MUC (multi-user chat) room server on conference.example.com: --Component "conference.example.com" "muc" +-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: +--Component "proxy.example.com" "proxy65" + ---Set up an external component (default component port is 5347) --Component "gateway.example.com" -- component_secret = "password" @@ -29,12 +29,6 @@ if CFG_DATADIR then end end --- Required to be able to find packages installed with luarocks -if not pcall(require, "luarocks.loader") then -- Try LuaRocks 2.x - pcall(require, "luarocks.require") -- Try LuaRocks 1.x -end - - config = require "core.configmanager" do @@ -63,13 +57,21 @@ do end end +require "core.loggingmanager" + +if not require "util.dependencies".check_dependencies() then + os.exit(1); +end + +prosody = { hosts = {}, events = events, platform = "posix" }; + local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data"; require "util.datamanager".set_data_path(data_path); -- Switch away from root and into the prosody user -- local switched_user, current_uid; -local want_pposix_version = "0.3.1"; +local want_pposix_version = "0.3.3"; local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then @@ -92,6 +94,9 @@ if ok and pposix then print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); end end + + -- Set our umask to protect data files + pposix.umask(config.get("*", "core", "umask") or "027"); else print("Error: Unable to load pposix module. Check that Prosody is installed correctly.") print("For more help send the below error to us through http://prosody.im/discuss"); @@ -111,8 +116,7 @@ local error_messages = setmetatable({ local events = require "util.events".new(); -hosts = {}; -prosody = { hosts = hosts, events = events }; +hosts = prosody.hosts; for hostname, config in pairs(config.getconfig()) do hosts[hostname] = { events = events }; @@ -335,21 +339,23 @@ function commands.start(arg) local ok, ret = prosodyctl.start(); if ok then - local i=1; - while true do - local ok, running = prosodyctl.isrunning(); - if ok and running then - break; - elseif i == 5 then - show_message("Still waiting..."); - elseif i >= prosodyctl_timeout then - show_message("Prosody is still not running. Please give it some time or check your log files for errors."); - return 2; + if config.get("*", "core", "daemonize") ~= false then + local i=1; + while true do + local ok, running = prosodyctl.isrunning(); + if ok and running then + break; + elseif i == 5 then + show_message("Still waiting..."); + elseif i >= prosodyctl_timeout then + show_message("Prosody is still not running. Please give it some time or check your log files for errors."); + return 2; + end + socket.sleep(0.5); + i = i + 1; end - socket.sleep(0.5); - i = i + 1; + show_message("Started"); end - show_message("Started"); return 0; end @@ -427,6 +433,19 @@ function commands.stop(arg) return 1; end +function commands.restart(arg) + if arg[1] == "--help" then + show_usage([[restart]], [[Restart a running Prosody server]]); + return 1; + end + + local ret = commands.stop(arg); + if ret == 0 then + ret = commands.start(arg); + end + return ret; +end + -- ejabberdctl compatibility function commands.register(arg) @@ -480,6 +499,36 @@ function commands.unregister(arg) return 1; end +local http_errors = { + [404] = "Plugin not found, did you type the address correctly?" + }; + +function commands.addplugin(arg) + if not arg[1] or arg[1] == "--help" then + show_usage("addplugin URL", "Download and install a plugin from a URL"); + return 1; + end + local url = arg[1]; + if url:match("^http://") then + local http = require "socket.http"; + show_message("Fetching..."); + local code, err = http.request(url); + if not code or not tostring(err):match("^[23]") then + show_message("Failed: "..(http_errors[err] or ("HTTP error "..err))); + return 1; + end + if url:match("%.lua$") then + local ok, err = datamanager.store(url:match("/mod_([^/]+)$"), "*", "plugins", {code}); + if not ok then + show_message("Failed to save to data store: "..err); + return 1; + end + end + show_message("Saved. Don't forget to load the module using the config file or admin console!"); + else + show_message("Sorry, I don't understand how to fetch plugins from there."); + end +end --------------------- @@ -530,8 +579,8 @@ if not commands[command] then -- Show help for all commands print(""); print("Where COMMAND may be one of:\n"); - local hidden_commands = require "util.set".new{ "register", "unregister" }; - local commands_order = { "adduser", "passwd", "deluser" }; + local hidden_commands = require "util.set".new{ "register", "unregister", "addplugin" }; + local commands_order = { "adduser", "passwd", "deluser", "start", "stop", "restart" }; local done = {}; diff --git a/tests/modulemanager_option_conversion.lua b/tests/modulemanager_option_conversion.lua new file mode 100644 index 00000000..7dceeaed --- /dev/null +++ b/tests/modulemanager_option_conversion.lua @@ -0,0 +1,55 @@ +package.path = "../?.lua;"..package.path; + +local api = require "core.modulemanager".api; + +local module = setmetatable({}, {__index = api}); +local opt = nil; +function module:log() end +function module:get_option(name) + if name == "opt" then + return opt; + else + return nil; + end +end + +function test_value(value, returns) + opt = value; + assert(module:get_option_number("opt") == returns.number, "number doesn't match"); + assert(module:get_option_string("opt") == returns.string, "string doesn't match"); + assert(module:get_option_boolean("opt") == returns.boolean, "boolean doesn't match"); + + if type(returns.array) == "table" then + local target_array, returned_array = returns.array, module:get_option_array("opt"); + assert(#target_array == #returned_array, "array length doesn't match"); + for i=1,#target_array do + assert(target_array[i] == returned_array[i], "array item doesn't match"); + end + else + assert(module:get_option_array("opt") == returns.array, "array is returned (not nil)"); + end + + if type(returns.set) == "table" then + local target_items, returned_items = set.new(returns.set), module:get_option_set("opt"); + assert(target_items == returned_items, "set doesn't match"); + else + assert(module:get_option_set("opt") == returns.set, "set is returned (not nil)"); + end +end + +test_value(nil, {}); + +test_value(true, { boolean = true, string = "true", array = {true}, set = {true} }); +test_value(false, { boolean = false, string = "false", array = {false}, set = {false} }); +test_value("true", { boolean = true, string = "true", array = {"true"}, set = {"true"} }); +test_value("false", { boolean = false, string = "false", array = {"false"}, set = {"false"} }); +test_value(1, { boolean = true, string = "1", array = {1}, set = {1}, number = 1 }); +test_value(0, { boolean = false, string = "0", array = {0}, set = {0}, number = 0 }); + +test_value("hello world", { string = "hello world", array = {"hello world"}, set = {"hello world"} }); +test_value(1234, { string = "1234", number = 1234, array = {1234}, set = {1234} }); + +test_value({1, 2, 3}, { boolean = true, string = "1", number = 1, array = {1, 2, 3}, set = {1, 2, 3} }); +test_value({1, 2, 3, 3, 4}, {boolean = true, string = "1", number = 1, array = {1, 2, 3, 3, 4}, set = {1, 2, 3, 4} }); +test_value({0, 1, 2, 3}, { boolean = false, string = "0", number = 0, array = {0, 1, 2, 3}, set = {0, 1, 2, 3} }); + diff --git a/tests/test.lua b/tests/test.lua index 370ba091..38ef6191 100644 --- a/tests/test.lua +++ b/tests/test.lua @@ -16,7 +16,7 @@ function run_all_tests() dotest "core.s2smanager" dotest "core.configmanager" dotest "util.stanza" - + dosingletest("test_sasl.lua", "latin1toutf8"); end @@ -106,7 +106,9 @@ function dosingletest(testname, fname) end function dotest(unitname) - local tests = setmetatable({}, { __index = _realG }); + local _fakeG = setmetatable({}, {__index = _realG}); + _fakeG._G = _fakeG; + local tests = setmetatable({}, { __index = _fakeG }); tests.__unit = unitname; local chunk, err = loadfile("test_"..unitname:gsub("%.", "_")..".lua"); if not chunk then @@ -120,19 +122,20 @@ function dotest(unitname) print("WARNING: ", "Failed to initialise tests for "..unitname, err); return; end - if tests.env then setmetatable(tests.env, { __index = _realG }); end - local unit = setmetatable({}, { __index = setmetatable({ _G = tests.env or _G }, { __index = tests.env or _G }) }); - unit._G = unit; _realG._G = unit; + local unit = setmetatable({}, { __index = setmetatable({ _G = tests.env or _fakeG }, { __index = tests.env or _fakeG }) }); local fn = "../"..unitname:gsub("%.", "/")..".lua"; local chunk, err = loadfile(fn); if not chunk then print("WARNING: ", "Failed to load module: "..unitname, err); return; end - + + local oldmodule, old_M = _fakeG.module, _fakeG._M; + _fakeG.module = function () _M = _G end setfenv(chunk, unit); local success, err = pcall(chunk); + _fakeG.module, _fakeG._M = oldmodule, old_M; if not success then print("WARNING: ", "Failed to initialise module: "..unitname, err); return; @@ -149,6 +152,9 @@ function dotest(unitname) print("WARNING: ", unitname.."."..name.." has no test!"); end else + if verbosity >= 4 then + print("INFO: ", "Testing "..unitname.."."..name); + end local line_hook, line_info = new_line_coverage_monitor(fn); debug.sethook(line_hook, "l") local success, ret = pcall(test, f, unit); diff --git a/tools/ejabberd2prosody.lua b/tools/ejabberd2prosody.lua index d44c929b..a231abd8 100755 --- a/tools/ejabberd2prosody.lua +++ b/tools/ejabberd2prosody.lua @@ -17,6 +17,8 @@ end require "erlparse"; +prosody = {}; + local serialize = require "util.serialization".serialize; local st = require "util.stanza"; package.loaded["util.logger"] = {init = function() return function() end; end} diff --git a/tools/erlparse.lua b/tools/erlparse.lua index 387ffbe6..dc3a2f94 100644 --- a/tools/erlparse.lua +++ b/tools/erlparse.lua @@ -6,16 +6,22 @@ -- COPYING file in the source package for more information. -- - +local string_byte, string_char = string.byte, string.char; +local t_concat, t_insert = table.concat, table.insert; +local type, tonumber, tostring = type, tonumber, tostring; local file = nil; local last = nil; +local line = 1; local function read(expected) local ch; if last then ch = last; last = nil; - else ch = file:read(1); end - if expected and ch ~= expected then error("expected: "..expected.."; got: "..(ch or "nil")); end + else + ch = file:read(1); + if ch == "\n" then line = line + 1; end + end + if expected and ch ~= expected then error("expected: "..expected.."; got: "..(ch or "nil").." on line "..line); end return ch; end local function pushback(ch) @@ -27,21 +33,21 @@ local function peek() return last; end -local _A, _a, _Z, _z, _0, _9, __, _at, _space = string.byte("AaZz09@_ ", 1, 9); +local _A, _a, _Z, _z, _0, _9, __, _at, _space, _minus = string_byte("AaZz09@_ -", 1, 10); local function isLowerAlpha(ch) - ch = string.byte(ch) or 0; + ch = string_byte(ch) or 0; return (ch >= _a and ch <= _z); end local function isNumeric(ch) - ch = string.byte(ch) or 0; - return (ch >= _0 and ch <= _9); + ch = string_byte(ch) or 0; + return (ch >= _0 and ch <= _9) or ch == _minus; end local function isAtom(ch) - ch = string.byte(ch) or 0; + ch = string_byte(ch) or 0; return (ch >= _A and ch <= _Z) or (ch >= _a and ch <= _z) or (ch >= _0 and ch <= _9) or ch == __ or ch == _at; end local function isSpace(ch) - ch = string.byte(ch) or "x"; + ch = string_byte(ch) or "x"; return ch <= _space; end @@ -49,79 +55,85 @@ local escapes = {["\\b"]="\b", ["\\d"]="\d", ["\\e"]="\e", ["\\f"]="\f", ["\\n"] local function readString() read("\""); -- skip quote local slash = nil; - local str = ""; + local str = {}; while true do local ch = read(); if slash then slash = slash..ch; if not escapes[slash] then error("Unknown escape sequence: "..slash); end - str = str..escapes[slash]; + str[#str+1] = escapes[slash]; slash = nil; elseif ch == "\"" then break; elseif ch == "\\" then slash = ch; else - str = str..ch; + str[#str+1] = ch; end end - return str; + return t_concat(str); end local function readAtom1() - local var = read(); + local var = { read() }; while isAtom(peek()) do - var = var..read(); + var[#var+1] = read(); end - return var; + return t_concat(var); end local function readAtom2() - local str = read("'"); + local str = { read("'") }; local slash = nil; while true do local ch = read(); - str = str..ch; + str[#str+1] = ch; if ch == "'" and not slash then break; end end - return str; + return t_concat(str); end local function readNumber() - local num = read(); + local num = { read() }; while isNumeric(peek()) do - num = num..read(); + num[#num+1] = read(); end - return tonumber(num); + return tonumber(t_concat(num)); end local readItem = nil; local function readTuple() local t = {}; - local s = ""; -- string representation + local s = {}; -- string representation read(); -- read {, or [, or < while true do local item = readItem(); if not item then break; end - if type(item) ~= type(0) or item > 255 then + if type(item) ~= "number" or item > 255 then s = nil; elseif s then - s = s..string.char(item); + s[#s+1] = string_char(item); end - table.insert(t, item); + t_insert(t, item); end read(); -- read }, or ], or > - if s and s ~= "" then - return s + if s and #s > 0 then + return t_concat(s) else return t end; end local function readBinary() read("<"); -- read < + -- Discard PIDs + if isNumeric(peek()) then + while peek() ~= ">" do read(); end + read(">"); + return {}; + end local t = readTuple(); read(">") -- read > local ch = peek(); - if type(t) == type("") then + if type(t) == "string" then -- binary is a list of integers return t; - elseif type(t) == type({}) then + elseif type(t) == "table" then if t[1] then -- binary contains string return t[1]; diff --git a/tools/xep227toprosody.lua b/tools/xep227toprosody.lua new file mode 100644 index 00000000..313b2194 --- /dev/null +++ b/tools/xep227toprosody.lua @@ -0,0 +1,261 @@ +#!/usr/bin/env lua +-- Prosody IM +-- Copyright (C) 2008-2009 Matthew Wild +-- Copyright (C) 2008-2009 Waqas Hussain +-- Copyright (C) 2010 Stefan Gehn +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +-- FIXME: XEP-0227 supports XInclude but luaexpat does not +-- +-- XEP-227 elements and their current level of support: +-- Hosts : supported +-- Users : supported +-- Rosters : supported, needs testing +-- Offline Messages : supported, needs testing +-- Private XML Storage : supported, needs testing +-- vCards : supported, needs testing +-- Privacy Lists: UNSUPPORTED +-- http://xmpp.org/extensions/xep-0227.html#privacy-lists +-- mod_privacy uses dm.load(username, host, "privacy"); and stores stanzas 1:1 +-- Incoming Subscription Requests : supported + +package.path = package.path..";../?.lua"; +package.cpath = package.cpath..";../?.so"; -- needed for util.pposix used in datamanager + +-- ugly workaround for getting datamanager to work outside of prosody :( +prosody = { }; +prosody.platform = "unknown"; +if os.getenv("WINDIR") then + prosody.platform = "windows"; +elseif package.config:sub(1,1) == "/" then + prosody.platform = "posix"; +end + +local lxp = require "lxp"; +local st = require "util.stanza"; +local init_xmlhandlers = require "core.xmlhandlers"; +local dm = require "util.datamanager" +dm.set_data_path("data"); + +local ns_separator = "\1"; +local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$"; +local ns_xep227 = "http://www.xmpp.org/extensions/xep-0227.html#ns"; + +----------------------------------------------------------------------- + +function store_vcard(username, host, stanza) + -- create or update vCard for username@host + local ret, err = dm.store(username, host, "vcard", st.preserialize(stanza)); + print("["..(err or "success").."] stored vCard: "..username.."@"..host); +end + +function store_password(username, host, password) + -- create or update account for username@host + local ret, err = dm.store(username, host, "accounts", {password = password}); + print("["..(err or "success").."] stored account: "..username.."@"..host.." = "..password); +end + +function store_roster(username, host, roster_items) + -- fetch current roster-table for username@host if he already has one + local roster = dm.load(username, host, "roster") or {}; + -- merge imported roster-items with loaded roster + for item_tag in roster_items:childtags() do + -- jid for this roster-item + local item_jid = item_tag.attr.jid + -- validate item stanzas + if (item_tag.name == "item") and (item_jid ~= "") then + -- prepare roster item + -- TODO: is the subscription attribute optional? + local item = {subscription = item_tag.attr.subscription, groups = {}}; + -- optional: give roster item a real name + if item_tag.attr.name then + item.name = item_tag.attr.name; + end + -- optional: iterate over group stanzas inside item stanza + for group_tag in item_tag:childtags() do + local group_name = group_tag:get_text(); + if (group_tag.name == "group") and (group_name ~= "") then + item.groups[group_name] = true; + else + print("[error] invalid group stanza: "..group_tag:pretty_print()); + end + end + -- store item in roster + roster[item_jid] = item; + print("[success] roster entry: " ..username.."@"..host.." - "..item_jid); + else + print("[error] invalid roster stanza: " ..item_tag:pretty_print()); + end + + end + -- store merged roster-table + local ret, err = dm.store(username, host, "roster", roster); + print("["..(err or "success").."] stored roster: " ..username.."@"..host); +end + +function store_private(username, host, private_items) + local private = dm.load(username, host, "private") or {}; + for ch in private_items:childtags() do + --print("private :"..ch:pretty_print()); + private[ch.name..":"..ch.attr.xmlns] = st.preserialize(ch); + print("[success] private item: " ..username.."@"..host.." - "..ch.name); + end + local ret, err = dm.store(username, host, "private", private); + print("["..(err or "success").."] stored private: " ..username.."@"..host); +end + +function store_offline_messages(username, host, offline_messages) + -- TODO: maybe use list_load(), append and list_store() instead + -- of constantly reopening the file with list_append()? + for ch in offline_messages:childtags() do + --print("message :"..ch:pretty_print()); + local ret, err = dm.list_append(username, host, "offline", st.preserialize(ch)); + print("["..(err or "success").."] stored offline message: " ..username.."@"..host.." - "..ch.attr.from); + end +end + + +function store_subscription_request(username, host, presence_stanza) + local from_bare = presence_stanza.attr.from; + + -- fetch current roster-table for username@host if he already has one + local roster = dm.load(username, host, "roster") or {}; + + local item = roster[from_bare]; + if item and (item.subscription == "from" or item.subscription == "both") then + return; -- already subscribed, do nothing + end + + -- add to table of pending subscriptions + if not roster.pending then roster.pending = {}; end + roster.pending[from_bare] = true; + + -- store updated roster-table + local ret, err = dm.store(username, host, "roster", roster); + print("["..(err or "success").."] stored subscription request: " ..username.."@"..host.." - "..from_bare); +end + +----------------------------------------------------------------------- + +local curr_host = ""; +local user_name = ""; + + +local cb = { + stream_tag = "user", + stream_ns = ns_xep227, +}; +function cb.streamopened(session, attr) + session.notopen = false; + user_name = attr.name; + store_password(user_name, curr_host, attr.password); +end +function cb.streamclosed(session) + session.notopen = true; + user_name = ""; +end +function cb.handlestanza(session, stanza) + --print("Parsed stanza "..stanza.name.." xmlns: "..(stanza.attr.xmlns or "")); + if (stanza.name == "vCard") and (stanza.attr.xmlns == "vcard-temp") then + store_vcard(user_name, curr_host, stanza); + elseif (stanza.name == "query") then + if (stanza.attr.xmlns == "jabber:iq:roster") then + store_roster(user_name, curr_host, stanza); + elseif (stanza.attr.xmlns == "jabber:iq:private") then + store_private(user_name, curr_host, stanza); + end + elseif (stanza.name == "offline-messages") then + store_offline_messages(user_name, curr_host, stanza); + elseif (stanza.name == "presence") and (stanza.attr.xmlns == "jabber:client") then + store_subscription_request(user_name, curr_host, stanza); + else + print("UNHANDLED stanza "..stanza.name.." xmlns: "..(stanza.attr.xmlns or "")); + end +end + +local user_handlers = init_xmlhandlers({ notopen = true, }, cb); + +----------------------------------------------------------------------- + +local lxp_handlers = { + --count = 0 +}; + +-- TODO: error handling for invalid opening elements if curr_host is empty +function lxp_handlers.StartElement(parser, elementname, attributes) + local curr_ns, name = elementname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + --io.write("+ ", string.rep(" ", count), name, " (", curr_ns, ")", "\n") + --count = count + 1; + if curr_host ~= "" then + -- forward to xmlhandlers + user_handlers:StartElement(elementname, attributes); + elseif (curr_ns == ns_xep227) and (name == "host") then + curr_host = attributes["jid"]; -- start of host element + print("Begin parsing host "..curr_host); + elseif (curr_ns ~= ns_xep227) or (name ~= "server-data") then + io.stderr:write("Unhandled XML element: ", name, "\n"); + os.exit(1); + end +end + +-- TODO: error handling for invalid closing elements if host is empty +function lxp_handlers.EndElement(parser, elementname) + local curr_ns, name = elementname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + --count = count - 1; + --io.write("- ", string.rep(" ", count), name, " (", curr_ns, ")", "\n") + if curr_host ~= "" then + if (curr_ns == ns_xep227) and (name == "host") then + print("End parsing host "..curr_host); + curr_host = "" -- end of host element + else + -- forward to xmlhandlers + user_handlers:EndElement(elementname); + end + elseif (curr_ns ~= ns_xep227) or (name ~= "server-data") then + io.stderr:write("Unhandled XML element: ", name, "\n"); + os.exit(1); + end +end + +function lxp_handlers.CharacterData(parser, string) + if curr_host ~= "" then + -- forward to xmlhandlers + user_handlers:CharacterData(string); + end +end + +----------------------------------------------------------------------- + +local arg = ...; +local help = "/? -? ? /h -h /help -help --help"; +if not arg or help:find(arg, 1, true) then + print([[XEP-227 importer for Prosody + + Usage: xep227toprosody.lua filename.xml + +]]); + os.exit(1); +end + +local file = io.open(arg); +if not file then + io.stderr:write("Could not open file: ", arg, "\n"); + os.exit(0); +end + +local parser = lxp.new(lxp_handlers, ns_separator); +for l in file:lines() do + parser:parse(l); +end +parser:parse(); +parser:close(); +file:close(); diff --git a/util-src/Makefile b/util-src/Makefile index 6cee457b..4b2606dc 100644 --- a/util-src/Makefile +++ b/util-src/Makefile @@ -9,43 +9,21 @@ OPENSSL_LIB?=crypto CC?=gcc LD?=gcc +.SUFFIXES: .c .o .so + +.c.o: + $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o $@ $< + +.o.so: + MACOSX_DEPLOYMENT_TARGET="10.3"; export MACOSX_DEPLOYMENT_TARGET; + $(LD) $(LDFLAGS) -o $@ $< -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn -lcrypto all: encodings.so hashes.so pposix.so signal.so install: encodings.so hashes.so pposix.so signal.so install *.so ../util/ - clean: rm -f *.o rm -f *.so rm -f ../util/*.so - -encodings.o: encodings.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o encodings.o encodings.c -encodings.so: encodings.o - MACOSX_DEPLOYMENT_TARGET="10.3"; export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o encodings.so encodings.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn - - -hashes.o: hashes.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o hashes.o hashes.c -hashes.so: hashes.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o hashes.so hashes.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lcrypto - -pposix.o: pposix.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o pposix.o pposix.c -pposix.so: pposix.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o pposix.so pposix.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) - -lsignal.o: lsignal.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o lsignal.o lsignal.c -signal.so: lsignal.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o signal.so lsignal.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) - diff --git a/util-src/pposix.c b/util-src/pposix.c index db2e85d3..9f16f178 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -2,7 +2,7 @@ -- Copyright (C) 2008-2010 Matthew Wild -- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2009 Tobias Markmann --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -13,9 +13,10 @@ * POSIX support functions for Lua */ -#define MODULE_VERSION "0.3.1" +#define MODULE_VERSION "0.3.3" #include <stdlib.h> +#include <math.h> #include <unistd.h> #include <libgen.h> #include <sys/resource.h> @@ -38,14 +39,14 @@ static int lc_daemonize(lua_State *L) { pid_t pid; - + if ( getppid() == 1 ) { lua_pushboolean(L, 0); lua_pushstring(L, "already-daemonized"); return 2; } - + /* Attempt initial fork */ if((pid = fork()) < 0) { @@ -61,7 +62,7 @@ static int lc_daemonize(lua_State *L) lua_pushnumber(L, pid); return 2; } - + /* and we are the child process */ if(setsid() == -1) { @@ -150,7 +151,7 @@ int facility_constants[] = { exist, the results are undefined. Most portable is to use a string constant. " -- syslog manpage -*/ +*/ char* syslog_ident = NULL; int lc_syslog_open(lua_State* L) @@ -159,12 +160,12 @@ int lc_syslog_open(lua_State* L) facility = facility_constants[facility]; luaL_checkstring(L, 1); - + if(syslog_ident) free(syslog_ident); - + syslog_ident = strdup(lua_tostring(L, 1)); - + openlog(syslog_ident, LOG_PID, facility); return 0; } @@ -264,7 +265,7 @@ int lc_setuid(lua_State* L) { uid = lua_tonumber(L, 1); } - + if(uid>-1) { /* Ok, attempt setuid */ @@ -293,7 +294,7 @@ int lc_setuid(lua_State* L) return 1; } } - + /* Seems we couldn't find a valid UID to switch to */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-uid"); @@ -322,7 +323,7 @@ int lc_setgid(lua_State* L) { gid = lua_tonumber(L, 1); } - + if(gid>-1) { /* Ok, attempt setgid */ @@ -351,20 +352,47 @@ int lc_setgid(lua_State* L) return 1; } } - + /* Seems we couldn't find a valid GID to switch to */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-gid"); return 2; } +int lc_umask(lua_State* L) +{ + char old_mode_string[7]; + mode_t old_mode = umask(strtoul(luaL_checkstring(L, 1), NULL, 8)); + + snprintf(old_mode_string, sizeof(old_mode_string), "%03o", old_mode); + old_mode_string[sizeof(old_mode_string)-1] = 0; + lua_pushstring(L, old_mode_string); + + return 1; +} + +int lc_mkdir(lua_State* L) +{ + int ret = mkdir(luaL_checkstring(L, 1), S_IRUSR | S_IWUSR | S_IXUSR + | S_IRGRP | S_IWGRP | S_IXGRP + | S_IROTH | S_IXOTH); /* mode 775 */ + + lua_pushboolean(L, ret==0); + if(ret) + { + lua_pushstring(L, strerror(errno)); + return 2; + } + return 1; +} + /* Like POSIX's setrlimit()/getrlimit() API functions. - * + * * Syntax: * pposix.setrlimit( resource, soft limit, hard limit) - * + * * Any negative limit will be replace with the current limit by an additional call of getrlimit(). - * + * * Example usage: * pposix.setrlimit("NOFILE", 1000, 2000) */ @@ -393,16 +421,16 @@ int lc_setrlimit(lua_State *L) { lua_pushboolean(L, 0); lua_pushstring(L, "incorrect-arguments"); } - + resource = luaL_checkstring(L, 1); softlimit = luaL_checkinteger(L, 2); hardlimit = luaL_checkinteger(L, 3); - + rid = string2resource(resource); if (rid != -1) { struct rlimit lim; struct rlimit lim_current; - + if (softlimit < 0 || hardlimit < 0) { if (getrlimit(rid, &lim_current)) { lua_pushboolean(L, 0); @@ -410,12 +438,12 @@ int lc_setrlimit(lua_State *L) { return 2; } } - + if (softlimit < 0) lim.rlim_cur = lim_current.rlim_cur; else lim.rlim_cur = softlimit; if (hardlimit < 0) lim.rlim_max = lim_current.rlim_max; else lim.rlim_max = hardlimit; - + if (setrlimit(rid, &lim)) { lua_pushboolean(L, 0); lua_pushstring(L, "setrlimit-failed"); @@ -436,13 +464,13 @@ int lc_getrlimit(lua_State *L) { const char *resource = NULL; int rid = -1; struct rlimit lim; - + if (arguments != 1) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid-arguments"); return 2; } - + resource = luaL_checkstring(L, 1); rid = string2resource(resource); if (rid != -1) { @@ -473,50 +501,40 @@ int lc_abort(lua_State* L) int luaopen_util_pposix(lua_State *L) { - lua_newtable(L); + luaL_Reg exports[] = { + { "abort", lc_abort }, - lua_pushcfunction(L, lc_abort); - lua_setfield(L, -2, "abort"); + { "daemonize", lc_daemonize }, - lua_pushcfunction(L, lc_daemonize); - lua_setfield(L, -2, "daemonize"); + { "syslog_open", lc_syslog_open }, + { "syslog_close", lc_syslog_close }, + { "syslog_log", lc_syslog_log }, + { "syslog_setminlevel", lc_syslog_setmask }, - lua_pushcfunction(L, lc_syslog_open); - lua_setfield(L, -2, "syslog_open"); + { "getpid", lc_getpid }, + { "getuid", lc_getuid }, + { "getgid", lc_getgid }, - lua_pushcfunction(L, lc_syslog_close); - lua_setfield(L, -2, "syslog_close"); + { "setuid", lc_setuid }, + { "setgid", lc_setgid }, - lua_pushcfunction(L, lc_syslog_log); - lua_setfield(L, -2, "syslog_log"); + { "umask", lc_umask }, - lua_pushcfunction(L, lc_syslog_setmask); - lua_setfield(L, -2, "syslog_setminlevel"); + { "mkdir", lc_mkdir }, - lua_pushcfunction(L, lc_getpid); - lua_setfield(L, -2, "getpid"); + { "setrlimit", lc_setrlimit }, + { "getrlimit", lc_getrlimit }, - lua_pushcfunction(L, lc_getuid); - lua_setfield(L, -2, "getuid"); - lua_pushcfunction(L, lc_getgid); - lua_setfield(L, -2, "getgid"); + { NULL, NULL } + }; - lua_pushcfunction(L, lc_setuid); - lua_setfield(L, -2, "setuid"); - lua_pushcfunction(L, lc_setgid); - lua_setfield(L, -2, "setgid"); - - lua_pushcfunction(L, lc_setrlimit); - lua_setfield(L, -2, "setrlimit"); - - lua_pushcfunction(L, lc_getrlimit); - lua_setfield(L, -2, "getrlimit"); + luaL_register(L, "pposix", exports); lua_pushliteral(L, "pposix"); lua_setfield(L, -2, "_NAME"); lua_pushliteral(L, MODULE_VERSION); lua_setfield(L, -2, "_VERSION"); - + return 1; }; diff --git a/util-src/lsignal.c b/util-src/signal.c index fe35e8b7..2d13383f 100644 --- a/util-src/lsignal.c +++ b/util-src/signal.c @@ -1,5 +1,5 @@ /* - * lsignal.h -- Signal Handler Library for Lua + * signal.c -- Signal Handler Library for Lua * * Version: 1.000+changes * diff --git a/util/datamanager.lua b/util/datamanager.lua index 6058cbc6..01c7aab2 100644 --- a/util/datamanager.lua +++ b/util/datamanager.lua @@ -21,13 +21,19 @@ local next = next; local t_insert = table.insert; local append = require "util.serialization".append; local path_separator = "/"; if os.getenv("WINDIR") then path_separator = "\\" end -local lfs_mkdir = require "lfs".mkdir; +local raw_mkdir; + +if prosody.platform == "posix" then + raw_mkdir = require "util.pposix".mkdir; -- Doesn't trample on umask +else + raw_mkdir = require "lfs".mkdir; +end module "datamanager" ---- utils ----- local encode, decode; -do +do local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = char(tonumber("0x"..k)); return t[k]; end }); decode = function (s) @@ -43,7 +49,7 @@ local _mkdir = {}; local function mkdir(path) path = path:gsub("/", path_separator); -- TODO as an optimization, do this during path creation rather than here if not _mkdir[path] then - lfs_mkdir(path); + raw_mkdir(path); _mkdir[path] = true; end return path; @@ -88,7 +94,7 @@ end function getpath(username, host, datastore, ext, create) ext = ext or "dat"; - host = host and encode(host); + host = (host and encode(host)) or "_global"; username = username and encode(username); if username then if create then mkdir(mkdir(mkdir(data_path).."/"..host).."/"..datastore); end diff --git a/util/dependencies.lua b/util/dependencies.lua index 1c8dc375..6024dd63 100644 --- a/util/dependencies.lua +++ b/util/dependencies.lua @@ -6,12 +6,16 @@ -- COPYING file in the source package for more information. -- +module("dependencies", package.seeall) -local fatal; +function softreq(...) local ok, lib = pcall(require, ...); if ok then return lib; else return nil, lib; end end -local function softreq(...) local ok, lib = pcall(require, ...); if ok then return lib; else return nil, lib; end end +-- Required to be able to find packages installed with luarocks +if not softreq "luarocks.loader" then -- LuaRocks 2.x + softreq "luarocks.require"; -- LuaRocks <1.x +end -local function missingdep(name, sources, msg) +function missingdep(name, sources, msg) print(""); print("**************************"); print("Prosody was unable to find "..tostring(name)); @@ -31,89 +35,91 @@ local function missingdep(name, sources, msg) print(""); end -local lxp = softreq "lxp" - -if not lxp then - missingdep("luaexpat", { - ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-expat0"; - ["luarocks"] = "luarocks install luaexpat"; - ["Source"] = "http://www.keplerproject.org/luaexpat/"; - }); - fatal = true; -end - -local socket = softreq "socket" - -if not socket then - missingdep("luasocket", { - ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-socket2"; - ["luarocks"] = "luarocks install luasocket"; - ["Source"] = "http://www.tecgraf.puc-rio.br/~diego/professional/luasocket/"; - }); - fatal = true; -end +function check_dependencies() + local fatal; -local lfs, err = softreq "lfs" -if not lfs then - missingdep("luafilesystem", { - ["luarocks"] = "luarocks install luafilesystem"; - ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-filesystem0"; - ["Source"] = "http://www.keplerproject.org/luafilesystem/"; - }); - fatal = true; -end - -local ssl = softreq "ssl" - -if not ssl then - if config.get("*", "core", "run_without_ssl") then - log("warn", "Running without SSL support because run_without_ssl is defined in the config"); - else + local lxp = softreq "lxp" + + if not lxp then + missingdep("luaexpat", { + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-expat0"; + ["luarocks"] = "luarocks install luaexpat"; + ["Source"] = "http://www.keplerproject.org/luaexpat/"; + }); + fatal = true; + end + + local socket = softreq "socket" + + if not socket then + missingdep("luasocket", { + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-socket2"; + ["luarocks"] = "luarocks install luasocket"; + ["Source"] = "http://www.tecgraf.puc-rio.br/~diego/professional/luasocket/"; + }); + fatal = true; + end + + local lfs, err = softreq "lfs" + if not lfs then + missingdep("luafilesystem", { + ["luarocks"] = "luarocks install luafilesystem"; + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-filesystem0"; + ["Source"] = "http://www.keplerproject.org/luafilesystem/"; + }); + fatal = true; + end + + local ssl = softreq "ssl" + + if not ssl then missingdep("LuaSec", { ["Debian/Ubuntu"] = "http://prosody.im/download/start#debian_and_ubuntu"; ["luarocks"] = "luarocks install luasec"; ["Source"] = "http://www.inf.puc-rio.br/~brunoos/luasec/"; }, "SSL/TLS support will not be available"); + else + local major, minor, veryminor, patched = ssl._VERSION:match("(%d+)%.(%d+)%.?(%d*)(M?)"); + if not major or ((tonumber(major) == 0 and (tonumber(minor) or 0) <= 3 and (tonumber(veryminor) or 0) <= 2) and patched ~= "M") then + log("error", "This version of LuaSec contains a known bug that causes disconnects, see http://prosody.im/doc/depends"); + end end -else - local major, minor, veryminor, patched = ssl._VERSION:match("(%d+)%.(%d+)%.?(%d*)(M?)"); - if not major or ((tonumber(major) == 0 and (tonumber(minor) or 0) <= 3 and (tonumber(veryminor) or 0) <= 2) and patched ~= "M") then - log("error", "This version of LuaSec contains a known bug that causes disconnects, see http://prosody.im/doc/depends"); + + local encodings, err = softreq "util.encodings" + if not encodings then + if err:match("not found") then + missingdep("util.encodings", { ["Windows"] = "Make sure you have encodings.dll from the Prosody distribution in util/"; + ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/encodings.so"; + }); + else + print "***********************************" + print("util/encodings couldn't be loaded. Check that you have a recent version of libidn"); + print "" + print("The full error was:"); + print(err) + print "***********************************" + end + fatal = true; end -end -local encodings, err = softreq "util.encodings" -if not encodings then - if err:match("not found") then - missingdep("util.encodings", { ["Windows"] = "Make sure you have encodings.dll from the Prosody distribution in util/"; - ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/encodings.so"; - }); - else - print "***********************************" - print("util/encodings couldn't be loaded. Check that you have a recent version of libidn"); - print "" - print("The full error was:"); - print(err) - print "***********************************" + local hashes, err = softreq "util.hashes" + if not hashes then + if err:match("not found") then + missingdep("util.hashes", { ["Windows"] = "Make sure you have hashes.dll from the Prosody distribution in util/"; + ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/hashes.so"; + }); + else + print "***********************************" + print("util/hashes couldn't be loaded. Check that you have a recent version of OpenSSL (libcrypto in particular)"); + print "" + print("The full error was:"); + print(err) + print "***********************************" + end + fatal = true; end - fatal = true; + return not fatal; end -local hashes, err = softreq "util.hashes" -if not hashes then - if err:match("not found") then - missingdep("util.hashes", { ["Windows"] = "Make sure you have hashes.dll from the Prosody distribution in util/"; - ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/hashes.so"; - }); - else - print "***********************************" - print("util/hashes couldn't be loaded. Check that you have a recent version of OpenSSL (libcrypto in particular)"); - print "" - print("The full error was:"); - print(err) - print "***********************************" - end - fatal = true; -end -if fatal then os.exit(1); end +return _M; diff --git a/util/events.lua b/util/events.lua index 68954a56..363d2ac6 100644 --- a/util/events.lua +++ b/util/events.lua @@ -47,13 +47,13 @@ function new() _rebuild_index(event); end end; - local function add_plugin(plugin) - for event, handler in pairs(plugin) do + local function add_handlers(handlers) + for event, handler in pairs(handlers) do add_handler(event, handler); end end; - local function remove_plugin(plugin) - for event, handler in pairs(plugin) do + local function remove_handlers(handlers) + for event, handler in pairs(handlers) do remove_handler(event, handler); end end; diff --git a/util/hmac.lua b/util/hmac.lua index 26da1d78..66dd41d8 100644 --- a/util/hmac.lua +++ b/util/hmac.lua @@ -7,20 +7,27 @@ -- local hashes = require "util.hashes" -local xor = require "bit".bxor -local t_insert, t_concat = table.insert, table.concat; local s_char = string.char; +local s_gsub = string.gsub; +local s_rep = string.rep; module "hmac" -local function arraystr(array) - local t = {} - for i = 1,#array do - t_insert(t, s_char(array[i])) - end - - return t_concat(t) +local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; +local function xor(x, y) + local lowx, lowy = x % 16, y % 16; + local hix, hiy = (x - lowx) / 16, (y - lowy) / 16; + local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1]; + local r = hir * 16 + lowr; + return r; +end +local opadc, ipadc = s_char(0x5c), s_char(0x36); +local ipad_map = {}; +local opad_map = {}; +for i=0,255 do + ipad_map[s_char(i)] = s_char(xor(0x36, i)); + opad_map[s_char(i)] = s_char(xor(0x5c, i)); end --[[ @@ -36,31 +43,15 @@ hex return raw hash or hexadecimal string --]] function hmac(key, message, hash, blocksize, hex) - local opad = {} - local ipad = {} - - for i = 1,blocksize do - opad[i] = 0x5c - ipad[i] = 0x36 - end - if #key > blocksize then key = hash(key) end - for i = 1,#key do - ipad[i] = xor(ipad[i],key:sub(i,i):byte()) - opad[i] = xor(opad[i],key:sub(i,i):byte()) - end - - opad = arraystr(opad) - ipad = arraystr(ipad) + local padding = blocksize - #key; + local ipad = s_gsub(key, ".", ipad_map)..s_rep(ipadc, padding); + local opad = s_gsub(key, ".", opad_map)..s_rep(opadc, padding); - if hex then - return hash(opad..hash(ipad..message), true) - else - return hash(opad..hash(ipad..message)) - end + return hash(opad..hash(ipad..message), hex) end function md5(key, message, hex) diff --git a/util/pluginloader.lua b/util/pluginloader.lua index aedec4b4..90138a3e 100644 --- a/util/pluginloader.lua +++ b/util/pluginloader.lua @@ -9,11 +9,19 @@ local plugin_dir = CFG_PLUGINDIR or "./plugins/"; -local io_open = io.open; -local loadstring = loadstring; +local io_open, os_time = io.open, os.time; +local loadstring, pairs = loadstring, pairs; + +local datamanager = require "util.datamanager"; module "pluginloader" +local function load_from_datastore(name) + local content = datamanager.load(name, nil, "plugins"); + if not content or not content[1] then return nil, "Resource not found"; end + return content[1], name; +end + local function load_file(name) local file, err = io_open(plugin_dir..name); if not file then return file, err; end @@ -22,16 +30,36 @@ local function load_file(name) return content, name; end -function load_resource(plugin, resource) +function load_resource(plugin, resource, loader) if not resource then resource = "mod_"..plugin..".lua"; end - local content, err = load_file(plugin.."/"..resource); - if not content then content, err = load_file(resource); end + loader = loader or load_file; + + local content, err = loader(plugin.."/"..resource); + if not content then content, err = loader(resource); end -- TODO add support for packed plugins + + if not content and loader == load_file then + return load_resource(plugin, resource, load_from_datastore); + end + return content, err; end +function store_resource(plugin, resource, content, metadata) + if not resource then + resource = "mod_"..plugin..".lua"; + end + local store = { content }; + if metadata then + for k,v in pairs(metadata) do + store[k] = v; + end + end + datamanager.store(plugin.."/"..resource, nil, "plugins", store); +end + function load_code(plugin, resource) local content, err = load_resource(plugin, resource); if not content then return content, err; end diff --git a/util/prosodyctl.lua b/util/prosodyctl.lua index 8131fed9..04d58d1d 100644 --- a/util/prosodyctl.lua +++ b/util/prosodyctl.lua @@ -109,10 +109,8 @@ function start() end if not CFG_SOURCEDIR then os.execute("./prosody"); - elseif CFG_SOURCEDIR:match("^/usr/local") then - os.execute("/usr/local/bin/prosody"); else - os.execute("prosody"); + os.execute(CFG_SOURCEDIR.."/../../bin/prosody"); end return true; end diff --git a/util/sasl.lua b/util/sasl.lua index f65e7062..eb71956b 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -14,258 +14,140 @@ local md5 = require "util.hashes".md5; local log = require "util.logger".init("sasl"); -local tostring = tostring; local st = require "util.stanza"; -local generate_uuid = require "util.uuid".generate; -local t_insert, t_concat = table.insert, table.concat; -local to_byte, to_char = string.byte, string.char; +local set = require "util.set"; +local array = require "util.array"; local to_unicode = require "util.encodings".idna.to_unicode; + +local tostring = tostring; +local pairs, ipairs = pairs, ipairs; +local t_insert, t_concat = table.insert, table.concat; local s_match = string.match; -local gmatch = string.gmatch -local string = string -local math = require "math" local type = type local error = error -local print = print - -module "sasl" +local setmetatable = setmetatable; +local assert = assert; +local require = require; --- Credentials handler: --- Arguments: ("PLAIN", user, host, password) --- Returns: true (success) | false (fail) | nil (user unknown) -local function new_plain(realm, credentials_handler) - local object = { mechanism = "PLAIN", realm = realm, credentials_handler = credentials_handler} - function object.feed(self, message) - if message == "" or message == nil then return "failure", "malformed-request" end - local response = message - local authorization = s_match(response, "([^%z]*)") - local authentication = s_match(response, "%z([^%z]+)%z") - local password = s_match(response, "%z[^%z]+%z([^%z]+)") +require "util.iterators" +local keys = keys - if authentication == nil or password == nil then return "failure", "malformed-request" end - self.username = authentication - local auth_success = self.credentials_handler("PLAIN", self.username, self.realm, password) - - if auth_success then - return "success" - elseif auth_success == nil then - return "failure", "account-disabled" - else - return "failure", "not-authorized" - end - end - return object -end - --- credentials_handler: --- Arguments: (mechanism, node, domain, realm, decoder) --- Returns: Password encoding, (plaintext) password --- implementing RFC 2831 -local function new_digest_md5(realm, credentials_handler) - --TODO complete support for authzid +local array = require "util.array" +module "sasl" - local function serialize(message) - local data = "" +--[[ +Authentication Backend Prototypes: - if type(message) ~= "table" then error("serialize needs an argument of type table.") end +state = false : disabled +state = true : enabled +state = nil : non-existant - -- testing all possible values - if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end - if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end - if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end - if message["charset"] then data = data..[[charset=]]..message.charset.."," end - if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end - if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end - data = data:gsub(",$", "") - return data +plain: + function(username, realm) + return password, state; end - local function utf8tolatin1ifpossible(passwd) - local i = 1; - while i <= #passwd do - local passwd_i = to_byte(passwd:sub(i, i)); - if passwd_i > 0x7F then - if passwd_i < 0xC0 or passwd_i > 0xC3 then - return passwd; - end - i = i + 1; - passwd_i = to_byte(passwd:sub(i, i)); - if passwd_i < 0x80 or passwd_i > 0xBF then - return passwd; - end - end - i = i + 1; - end +plain-test: + function(username, realm, password) + return true or false, state; + end - local p = {}; - local j = 0; - i = 1; - while (i <= #passwd) do - local passwd_i = to_byte(passwd:sub(i, i)); - if passwd_i > 0x7F then - i = i + 1; - local passwd_i_1 = to_byte(passwd:sub(i, i)); - t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever - else - t_insert(p, to_char(passwd_i)); - end - i = i + 1; - end - return t_concat(p); +digest-md5: + function(username, domain, realm, encoding) -- domain and realm are usually the same; for some broken + -- implementations it's not + return digesthash, state; end - local function latin1toutf8(str) - local p = {}; - for ch in gmatch(str, ".") do - ch = to_byte(ch); - if (ch < 0x80) then - t_insert(p, to_char(ch)); - elseif (ch < 0xC0) then - t_insert(p, to_char(0xC2, ch)); - else - t_insert(p, to_char(0xC3, ch - 64)); - end - end - return t_concat(p); + +digest-md5-test: + function(username, domain, realm, encoding, digesthash) + return true or false, state; end - local function parse(data) - local message = {} - -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") - for k, v in gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder - message[k] = v; - end - return message; +]] + +local method = {}; +method.__index = method; +local mechanisms = {}; +local backend_mechanism = {}; + +-- register a new SASL mechanims +local function registerMechanism(name, backends, f) + assert(type(name) == "string", "Parameter name MUST be a string."); + assert(type(backends) == "string" or type(backends) == "table", "Parameter backends MUST be either a string or a table."); + assert(type(f) == "function", "Parameter f MUST be a function."); + mechanisms[name] = f + for _, backend_name in ipairs(backends) do + if backend_mechanism[backend_name] == nil then backend_mechanism[backend_name] = {}; end + t_insert(backend_mechanism[backend_name], name); end +end - local object = { mechanism = "DIGEST-MD5", realm = realm, credentials_handler = credentials_handler}; - - object.nonce = generate_uuid(); - object.step = 0; - object.nonce_count = {}; - - function object.feed(self, message) - self.step = self.step + 1; - if (self.step == 1) then - local challenge = serialize({ nonce = object.nonce, - qop = "auth", - charset = "utf-8", - algorithm = "md5-sess", - realm = self.realm}); - return "challenge", challenge; - elseif (self.step == 2) then - local response = parse(message); - -- check for replay attack - if response["nc"] then - if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end - end - - -- check for username, it's REQUIRED by RFC 2831 - if not response["username"] then - return "failure", "malformed-request"; - end - self["username"] = response["username"]; - - -- check for nonce, ... - if not response["nonce"] then - return "failure", "malformed-request"; - else - -- check if it's the right nonce - if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end - end - - if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end - if not response["qop"] then response["qop"] = "auth" end - - if response["realm"] == nil or response["realm"] == "" then - response["realm"] = ""; - elseif response["realm"] ~= self.realm then - return "failure", "not-authorized", "Incorrect realm value"; - end +-- create a new SASL object which can be used to authenticate clients +function new(realm, profile, forbidden) + local sasl_i = {profile = profile}; + sasl_i.realm = realm; + local s = setmetatable(sasl_i, method); + if forbidden == nil then forbidden = {} end + s:forbidden(forbidden) + return s; +end - local decoder; - if response["charset"] == nil then - decoder = utf8tolatin1ifpossible; - elseif response["charset"] ~= "utf-8" then - return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; - end +-- get a fresh clone with the same realm, profiles and forbidden mechanisms +function method:clean_clone() + return new(self.realm, self.profile, self:forbidden()) +end - local domain = ""; - local protocol = ""; - if response["digest-uri"] then - protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); - if protocol == nil or domain == nil then return "failure", "malformed-request" end - else - return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." - end +-- set the forbidden mechanisms +function method:forbidden( restrict ) + if restrict then + -- set forbidden + self.restrict = set.new(restrict); + else + -- get forbidden + return array.collect(self.restrict:items()); + end +end - --TODO maybe realm support - self.username = response["username"]; - local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); - if Y == nil then return "failure", "not-authorized" - elseif Y == false then return "failure", "account-disabled" end - local A1 = ""; - if response.authzid then - if response.authzid == self.username or response.authzid == self.username.."@"..self.realm then - -- COMPAT - log("warn", "Client is violating RFC 3920 (section 6.1, point 7)."); - A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; - else - return "failure", "invalid-authzid"; +-- get a list of possible SASL mechanims to use +function method:mechanisms() + local mechanisms = {} + for backend, f in pairs(self.profile) do + if backend_mechanism[backend] then + for _, mechanism in ipairs(backend_mechanism[backend]) do + if not self.restrict:contains(mechanism) then + mechanisms[mechanism] = true; end - else - A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; - end - local A2 = "AUTHENTICATE:"..protocol.."/"..domain; - - local HA1 = md5(A1, true); - local HA2 = md5(A2, true); - - local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; - local response_value = md5(KD, true); - - if response_value == response["response"] then - -- calculate rspauth - A2 = ":"..protocol.."/"..domain; - - HA1 = md5(A1, true); - HA2 = md5(A2, true); - - KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 - local rspauth = md5(KD, true); - self.authenticated = true; - return "challenge", serialize({rspauth = rspauth}); - else - return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." end - elseif self.step == 3 then - if self.authenticated ~= nil then return "success" - else return "failure", "malformed-request" end end end - return object; + self["possible_mechanisms"] = mechanisms; + return array.collect(keys(mechanisms)); end --- Credentials handler: Can be nil. If specified, should take the mechanism as --- the only argument, and return true for OK, or false for not-OK (TODO) -local function new_anonymous(realm, credentials_handler) - local object = { mechanism = "ANONYMOUS", realm = realm, credentials_handler = credentials_handler} - function object.feed(self, message) - return "success" - end - object["username"] = generate_uuid() - return object +-- select a mechanism to use +function method:select(mechanism) + if self.mech_i then + return false; + end + + self.mech_i = mechanisms[mechanism] + if self.mech_i == nil then + return false; + end + return true; end +-- feed new messages to process into the library +function method:process(message) + --if message == "" or message == nil then return "failure", "malformed-request" end + return self.mech_i(self, message); +end -function new(mechanism, realm, credentials_handler) - local object - if mechanism == "PLAIN" then object = new_plain(realm, credentials_handler) - elseif mechanism == "DIGEST-MD5" then object = new_digest_md5(realm, credentials_handler) - elseif mechanism == "ANONYMOUS" then object = new_anonymous(realm, credentials_handler) - else - log("debug", "Unsupported SASL mechanism: "..tostring(mechanism)); - return nil - end - return object +-- load the mechanisms +local load_mechs = {"plain", "digest-md5", "anonymous", "scram"} +for _, mech in ipairs(load_mechs) do + local name = "util.sasl."..mech; + local m = require(name); + m.init(registerMechanism) end return _M; diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua new file mode 100644 index 00000000..65650294 --- /dev/null +++ b/util/sasl/anonymous.lua @@ -0,0 +1,36 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local s_match = string.match; + +local log = require "util.logger".init("sasl"); +local generate_uuid = require "util.uuid".generate; + +module "anonymous" + +--========================= +--SASL ANONYMOUS according to RFC 4505 +local function anonymous(self, message) + local username; + repeat + username = generate_uuid(); + until self.profile.anonymous(username, self.realm); + self["username"] = username; + return "success" +end + +function init(registerMechanism) + registerMechanism("ANONYMOUS", {"anonymous"}, anonymous); +end + +return _M;
\ No newline at end of file diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua new file mode 100644 index 00000000..04acf04d --- /dev/null +++ b/util/sasl/digest-md5.lua @@ -0,0 +1,228 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local tostring = tostring; +local type = type; + +local s_gmatch = string.gmatch; +local s_match = string.match; +local t_concat = table.concat; +local t_insert = table.insert; +local to_byte, to_char = string.byte, string.char; + +local md5 = require "util.hashes".md5; +local log = require "util.logger".init("sasl"); +local generate_uuid = require "util.uuid".generate; + +module "digest-md5" + +--========================= +--SASL DIGEST-MD5 according to RFC 2831 + +local function digest(self, message) + --TODO complete support for authzid + + local function serialize(message) + local data = "" + + -- testing all possible values + if message["realm"] then data = data..[[realm="]]..message.realm..[[",]] end + if message["nonce"] then data = data..[[nonce="]]..message.nonce..[[",]] end + if message["qop"] then data = data..[[qop="]]..message.qop..[[",]] end + if message["charset"] then data = data..[[charset=]]..message.charset.."," end + if message["algorithm"] then data = data..[[algorithm=]]..message.algorithm.."," end + if message["rspauth"] then data = data..[[rspauth=]]..message.rspauth.."," end + data = data:gsub(",$", "") + return data + end + + local function utf8tolatin1ifpossible(passwd) + local i = 1; + while i <= #passwd do + local passwd_i = to_byte(passwd:sub(i, i)); + if passwd_i > 0x7F then + if passwd_i < 0xC0 or passwd_i > 0xC3 then + return passwd; + end + i = i + 1; + passwd_i = to_byte(passwd:sub(i, i)); + if passwd_i < 0x80 or passwd_i > 0xBF then + return passwd; + end + end + i = i + 1; + end + + local p = {}; + local j = 0; + i = 1; + while (i <= #passwd) do + local passwd_i = to_byte(passwd:sub(i, i)); + if passwd_i > 0x7F then + i = i + 1; + local passwd_i_1 = to_byte(passwd:sub(i, i)); + t_insert(p, to_char(passwd_i%4*64 + passwd_i_1%64)); -- I'm so clever + else + t_insert(p, to_char(passwd_i)); + end + i = i + 1; + end + return t_concat(p); + end + local function latin1toutf8(str) + local p = {}; + for ch in s_gmatch(str, ".") do + ch = to_byte(ch); + if (ch < 0x80) then + t_insert(p, to_char(ch)); + elseif (ch < 0xC0) then + t_insert(p, to_char(0xC2, ch)); + else + t_insert(p, to_char(0xC3, ch - 64)); + end + end + return t_concat(p); + end + local function parse(data) + local message = {} + -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") + for k, v in s_gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder + message[k] = v; + end + return message; + end + + if not self.nonce then + self.nonce = generate_uuid(); + self.step = 0; + self.nonce_count = {}; + end + + self.step = self.step + 1; + if (self.step == 1) then + local challenge = serialize({ nonce = self.nonce, + qop = "auth", + charset = "utf-8", + algorithm = "md5-sess", + realm = self.realm}); + return "challenge", challenge; + elseif (self.step == 2) then + local response = parse(message); + -- check for replay attack + if response["nc"] then + if self.nonce_count[response["nc"]] then return "failure", "not-authorized" end + end + + -- check for username, it's REQUIRED by RFC 2831 + if not response["username"] then + return "failure", "malformed-request"; + end + self["username"] = response["username"]; + + -- check for nonce, ... + if not response["nonce"] then + return "failure", "malformed-request"; + else + -- check if it's the right nonce + if response["nonce"] ~= tostring(self.nonce) then return "failure", "malformed-request" end + end + + if not response["cnonce"] then return "failure", "malformed-request", "Missing entry for cnonce in SASL message." end + if not response["qop"] then response["qop"] = "auth" end + + if response["realm"] == nil or response["realm"] == "" then + response["realm"] = ""; + elseif response["realm"] ~= self.realm then + return "failure", "not-authorized", "Incorrect realm value"; + end + + local decoder; + if response["charset"] == nil then + decoder = utf8tolatin1ifpossible; + elseif response["charset"] ~= "utf-8" then + return "failure", "incorrect-encoding", "The client's response uses "..response["charset"].." for encoding with isn't supported by sasl.lua. Supported encodings are latin or utf-8."; + end + + local domain = ""; + local protocol = ""; + if response["digest-uri"] then + protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$"); + if protocol == nil or domain == nil then return "failure", "malformed-request" end + else + return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." + end + + --TODO maybe realm support + self.username = response["username"]; + local Y, state; + if self.profile.plain then + local password, state = self.profile.plain(response["username"], self.realm) + if state == nil then return "failure", "not-authorized" + elseif state == false then return "failure", "account-disabled" end + Y = md5(response["username"]..":"..response["realm"]..":"..password); + elseif self.profile["digest-md5"] then + Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"]) + if state == nil then return "failure", "not-authorized" + elseif state == false then return "failure", "account-disabled" end + elseif self.profile["digest-md5-test"] then + -- TODO + end + --local password_encoding, Y = self.credentials_handler("DIGEST-MD5", response["username"], self.realm, response["realm"], decoder); + --if Y == nil then return "failure", "not-authorized" + --elseif Y == false then return "failure", "account-disabled" end + local A1 = ""; + if response.authzid then + if response.authzid == self.username or response.authzid == self.username.."@"..self.realm then + -- COMPAT + log("warn", "Client is violating RFC 3920 (section 6.1, point 7)."); + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]..":"..response.authzid; + else + return "failure", "invalid-authzid"; + end + else + A1 = Y..":"..response["nonce"]..":"..response["cnonce"]; + end + local A2 = "AUTHENTICATE:"..protocol.."/"..domain; + + local HA1 = md5(A1, true); + local HA2 = md5(A2, true); + + local KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2; + local response_value = md5(KD, true); + + if response_value == response["response"] then + -- calculate rspauth + A2 = ":"..protocol.."/"..domain; + + HA1 = md5(A1, true); + HA2 = md5(A2, true); + + KD = HA1..":"..response["nonce"]..":"..response["nc"]..":"..response["cnonce"]..":"..response["qop"]..":"..HA2 + local rspauth = md5(KD, true); + self.authenticated = true; + --TODO: considering sending the rspauth in a success node for saving one roundtrip; allowed according to http://tools.ietf.org/html/draft-saintandre-rfc3920bis-09#section-7.3.6 + return "challenge", serialize({rspauth = rspauth}); + else + return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated." + end + elseif self.step == 3 then + if self.authenticated ~= nil then return "success" + else return "failure", "malformed-request" end + end +end + +function init(registerMechanism) + registerMechanism("DIGEST-MD5", {"plain"}, digest); +end + +return _M;
\ No newline at end of file diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua new file mode 100644 index 00000000..ae5c777a --- /dev/null +++ b/util/sasl/plain.lua @@ -0,0 +1,67 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local s_match = string.match; +local saslprep = require "util.encodings".stringprep.saslprep; +local log = require "util.logger".init("sasl"); + +module "plain" + +-- ================================ +-- SASL PLAIN according to RFC 4616 +local function plain(self, message) + if not message then + return "failure", "malformed-request"; + end + + local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)"); + + if not authorization then + return "failure", "malformed-request"; + end + + -- SASLprep password and authentication + authentication = saslprep(authentication); + password = saslprep(password); + + if (not password) or (password == "") or (not authentication) or (authentication == "") then + log("debug", "Username or password violates SASLprep."); + return "failure", "malformed-request", "Invalid username or password."; + end + + local correct, state = false, false; + if self.profile.plain then + local correct_password; + correct_password, state = self.profile.plain(authentication, self.realm); + if correct_password == password then correct = true; else correct = false; end + elseif self.profile.plain_test then + correct, state = self.profile.plain_test(authentication, self.realm, password); + end + + self.username = authentication + if not state then + return "failure", "account-disabled"; + end + + if correct then + return "success"; + else + return "failure", "not-authorized", "Unable to authorize you with the authentication credentials you've sent."; + end +end + +function init(registerMechanism) + registerMechanism("PLAIN", {"plain", "plain_test"}, plain); +end + +return _M; diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua new file mode 100644 index 00000000..103e8a90 --- /dev/null +++ b/util/sasl/scram.lua @@ -0,0 +1,158 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local s_match = string.match; +local type = type +local string = string +local base64 = require "util.encodings".base64; +local hmac_sha1 = require "util.hmac".sha1; +local sha1 = require "util.hashes".sha1; +local generate_uuid = require "util.uuid".generate; +local saslprep = require "util.encodings".stringprep.saslprep; +local log = require "util.logger".init("sasl"); +local t_concat = table.concat; +local char = string.char; +local byte = string.byte; + +module "scram" + +--========================= +--SASL SCRAM-SHA-1 according to draft-ietf-sasl-scram-10 +local default_i = 4096 + +local function bp( b ) + local result = "" + for i=1, b:len() do + result = result.."\\"..b:byte(i) + end + return result +end + +local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; + +local result = {}; +local function binaryXOR( a, b ) + for i=1, #a do + local x, y = byte(a, i), byte(b, i); + local lowx, lowy = x % 16, y % 16; + local hix, hiy = (x - lowx) / 16, (y - lowy) / 16; + local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1]; + local r = hir * 16 + lowr; + result[i] = char(r) + end + return t_concat(result); +end + +-- hash algorithm independent Hi(PBKDF2) implementation +local function Hi(hmac, str, salt, i) + local Ust = hmac(str, salt.."\0\0\0\1"); + local res = Ust; + for n=1,i-1 do + local Und = hmac(str, Ust) + res = binaryXOR(res, Und) + Ust = Und + end + return res +end + +local function validate_username(username) + -- check for forbidden char sequences + for eq in username:gmatch("=(.?.?)") do + if eq ~= "2D" and eq ~= "3D" then + return false + end + end + + -- replace =2D with , and =3D with = + username = username:gsub("=2D", ","); + username = username:gsub("=3D", "="); + + -- apply SASLprep + username = saslprep(username); + return username; +end + +local function scram_sha_1(self, message) + if not self.state then self["state"] = {} end + + if not self.state.name then + -- we are processing client_first_message + local client_first_message = message; + self.state["client_first_message"] = client_first_message; + self.state["name"] = client_first_message:match("n=(.+),r=") + self.state["clientnonce"] = client_first_message:match("r=([^,]+)") + + if not self.state.name or not self.state.clientnonce then + return "failure", "malformed-request"; + end + + self.state.name = validate_username(self.state.name); + if not self.state.name then + log("debug", "Username violates either SASLprep or contains forbidden character sequences.") + return "failure", "malformed-request", "Invalid username."; + end + + self.state["servernonce"] = generate_uuid(); + self.state["salt"] = generate_uuid(); + + local server_first_message = "r="..self.state.clientnonce..self.state.servernonce..",s="..base64.encode(self.state.salt)..",i="..default_i; + self.state["server_first_message"] = server_first_message; + return "challenge", server_first_message + else + if type(message) ~= "string" then return "failure", "malformed-request" end + -- we are processing client_final_message + local client_final_message = message; + + self.state["proof"] = client_final_message:match("p=(.+)"); + self.state["nonce"] = client_final_message:match("r=(.+),p="); + self.state["channelbinding"] = client_final_message:match("c=(.+),r="); + if not self.state.proof or not self.state.nonce or not self.state.channelbinding then + return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; + end + + local password, state; + if self.profile.plain then + password, state = self.profile.plain(self.state.name, self.realm) + if state == nil then return "failure", "not-authorized" + elseif state == false then return "failure", "account-disabled" end + password = saslprep(password); + if not password then + log("debug", "Password violates SASLprep."); + return "failure", "not-authorized", "Invalid password." + end + end + + local SaltedPassword = Hi(hmac_sha1, password, self.state.salt, default_i) + local ClientKey = hmac_sha1(SaltedPassword, "Client Key") + local ServerKey = hmac_sha1(SaltedPassword, "Server Key") + local StoredKey = sha1(ClientKey) + local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+") + local ClientSignature = hmac_sha1(StoredKey, AuthMessage) + local ClientProof = binaryXOR(ClientKey, ClientSignature) + local ServerSignature = hmac_sha1(ServerKey, AuthMessage) + + if base64.encode(ClientProof) == self.state.proof then + local server_final_message = "v="..base64.encode(ServerSignature); + self["username"] = self.state.name; + return "success", server_final_message; + else + return "failure", "not-authorized", "The response provided by the client doesn't match the one we calculated."; + end + end +end + +function init(registerMechanism) + registerMechanism("SCRAM-SHA-1", {"plain"}, scram_sha_1); +end + +return _M;
\ No newline at end of file diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua new file mode 100644 index 00000000..b5b0e08d --- /dev/null +++ b/util/sasl_cyrus.lua @@ -0,0 +1,135 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local cyrussasl = require "cyrussasl"; +local log = require "util.logger".init("sasl_cyrus"); +local array = require "util.array"; + +local tostring = tostring; +local pairs, ipairs = pairs, ipairs; +local t_insert, t_concat = table.insert, table.concat; +local s_match = string.match; +local setmetatable = setmetatable + +local keys = keys; + +local print = print +local pcall = pcall +local s_match, s_gmatch = string.match, string.gmatch + +module "sasl_cyrus" + +local method = {}; +method.__index = method; +local initialized = false; + +local function init(service_name) + if not initialized then + local st, errmsg = pcall(cyrussasl.server_init, service_name); + if st then + initialized = true; + else + log("error", "Failed to initialize Cyrus SASL: %s", errmsg); + end + end +end + +-- create a new SASL object which can be used to authenticate clients +function new(realm, service_name) + local sasl_i = {}; + + init(service_name); + + sasl_i.realm = realm; + sasl_i.service_name = service_name; + + local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) + if st then + sasl_i.cyrus = ret; + else + log("error", "Creating SASL server connection failed: %s", ret); + return nil; + end + + if cyrussasl.set_canon_cb then + local c14n_cb = function (user) + local node = s_match(user, "^([^@]+)"); + log("debug", "Canonicalizing username %s to %s", user, node) + return node + end + cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); + end + + cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) + local s = setmetatable(sasl_i, method); + return s; +end + +-- get a fresh clone with the same realm, profiles and forbidden mechanisms +function method:clean_clone() + return new(self.realm, self.service_name) +end + +-- set the forbidden mechanisms +function method:forbidden( restrict ) + log("warn", "Called method:forbidden. NOT IMPLEMENTED.") + return {} +end + +-- get a list of possible SASL mechanims to use +function method:mechanisms() + local mechanisms = {} + local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") + for w in s_gmatch(cyrus_mechs, "[^ ]+") do + mechanisms[w] = true; + end + self.mechs = mechanisms + return array.collect(keys(mechanisms)); +end + +-- select a mechanism to use +function method:select(mechanism) + self.mechanism = mechanism; + if not self.mechs then self:mechanisms(); end + return self.mechs[mechanism]; +end + +-- feed new messages to process into the library +function method:process(message) + local err; + local data; + + if self.mechanism then + err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") + else + err, data = cyrussasl.server_step(self.cyrus, message or "") + end + + self.username = cyrussasl.get_username(self.cyrus) + + if (err == 0) then -- SASL_OK + return "success", data + elseif (err == 1) then -- SASL_CONTINUE + return "challenge", data + elseif (err == -4) then -- SASL_NOMECH + log("debug", "SASL mechanism not available from remote end") + return "failure", "invalid-mechanism", "SASL mechanism not available" + elseif (err == -13) then -- SASL_BADAUTH + return "failure", "not-authorized", cyrussasl.get_message( self.cyrus ) + else + log("debug", "Got SASL error condition %d", err) + return "failure", "undefined-condition", cyrussasl.get_message( self.cyrus ) + end +end + +return _M; diff --git a/util/stanza.lua b/util/stanza.lua index a457e619..08ef2c9a 100644 --- a/util/stanza.lua +++ b/util/stanza.lua @@ -67,7 +67,7 @@ end function stanza_mt:text(text) (self.last_add[#self.last_add] or self):add_direct_child(text); - return self; + return self; end function stanza_mt:up() @@ -97,7 +97,7 @@ end function stanza_mt:get_child(name, xmlns) for _, child in ipairs(self.tags) do - if (not name or child.name == name) + if (not name or child.name == name) and ((not xmlns and self.attr.xmlns == child.attr.xmlns) or child.attr.xmlns == xmlns) then @@ -107,13 +107,13 @@ function stanza_mt:get_child(name, xmlns) end function stanza_mt:child_with_name(name) - for _, child in ipairs(self.tags) do + for _, child in ipairs(self.tags) do if child.name == name then return child; end end end function stanza_mt:child_with_ns(ns) - for _, child in ipairs(self.tags) do + for _, child in ipairs(self.tags) do if child.attr.xmlns == ns then return child; end end end @@ -125,7 +125,6 @@ function stanza_mt:children() local v = a[i] if v then return v; end end, self, i; - end function stanza_mt:childtags() local i = 0; @@ -134,7 +133,6 @@ function stanza_mt:childtags() local v = self.tags[i] if v then return v; end end, self.tags[1], i; - end local xml_escape @@ -193,6 +191,30 @@ function stanza_mt.get_text(t) end end +function stanza_mt.get_error(stanza) + local type, condition, text; + + local error_tag = stanza:get_child("error"); + if not error_tag then + return nil, nil, nil; + end + type = error_tag.attr.type; + + for child in error_tag:children() do + if child.attr.xmlns == xmlns_stanzas then + if not text and child.name == "text" then + text = child:get_text(); + elseif not condition then + condition = child.name; + end + if condition and text then + break; + end + end + end + return type, condition or "undefined-condition", text or ""; +end + function stanza_mt.__add(s1, s2) return s1:add_direct_child(s2); end @@ -322,7 +344,7 @@ if do_pretty_printing then function stanza_mt.pretty_print(t) local children_text = ""; for n, child in ipairs(t) do - if type(child) == "string" then + if type(child) == "string" then children_text = children_text .. xml_escape(child); else children_text = children_text .. child:pretty_print(); diff --git a/util/timer.lua b/util/timer.lua index 05f91be8..fa1dd7c5 100644 --- a/util/timer.lua +++ b/util/timer.lua @@ -8,6 +8,9 @@ local ns_addtimer = require "net.server".addtimer; +local event = require "net.server".event; +local event_base = require "net.server".event_base; + local get_time = os.time; local t_insert = table.insert; local t_remove = table.remove; @@ -19,33 +22,52 @@ local new_data = {}; module "timer" -local function _add_task(delay, func) - local current_time = get_time(); - delay = delay + current_time; - if delay >= current_time then - t_insert(new_data, {delay, func}); - else func(); end -end - -add_task = _add_task; - -ns_addtimer(function() - local current_time = get_time(); - if #new_data > 0 then - for _, d in pairs(new_data) do - t_insert(data, d); +local _add_task; +if not event then + function _add_task(delay, func) + local current_time = get_time(); + delay = delay + current_time; + if delay >= current_time then + t_insert(new_data, {delay, func}); + else + func(); end - new_data = {}; end - - for i, d in pairs(data) do - local t, func = d[1], d[2]; - if t <= current_time then - data[i] = nil; - local r = func(current_time); - if type(r) == "number" then _add_task(r, func); end + + ns_addtimer(function() + local current_time = get_time(); + if #new_data > 0 then + for _, d in pairs(new_data) do + t_insert(data, d); + end + new_data = {}; end + + for i, d in pairs(data) do + local t, func = d[1], d[2]; + if t <= current_time then + data[i] = nil; + local r = func(current_time); + if type(r) == "number" then _add_task(r, func); end + end + end + end); +else + local EVENT_LEAVE = (event.core and event.core.LEAVE) or -1; + function _add_task(delay, func) + local event_handle; + event_handle = event_base:addevent(nil, 0, function () + local ret = func(); + if ret then + return 0, ret; + elseif event_handle then + return EVENT_LEAVE; + end + end + , delay); end -end); +end + +add_task = _add_task; return _M; |