diff options
58 files changed, 2723 insertions, 324 deletions
diff --git a/.luacheckrc b/.luacheckrc index 90e18ce5..09225d01 100644 --- a/.luacheckrc +++ b/.luacheckrc @@ -62,9 +62,9 @@ files["plugins/"] = { "module.broadcast", "module.context", "module.could", - "module.depends", "module.default_permission", "module.default_permissions", + "module.depends", "module.fire_event", "module.get_directory", "module.get_host", @@ -116,6 +116,7 @@ files["plugins/"] = { }; globals = { -- Methods that can be set on module API + "module.ready", "module.unload", "module.add_host", "module.load", @@ -140,6 +141,10 @@ files["prosody.cfg.lua"] = { "component", "Include", "include", + "FileContents", + "FileLine", + "FileLines", + "Credential", "RunScript" }; } diff --git a/.semgrep.yml b/.semgrep.yml index 22bfcfea..c475859d 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -28,3 +28,12 @@ rules: message: Use :get_text() to read text, or pass a value here to add text severity: WARNING languages: [lua] +- id: require-unprefixed-module + patterns: + - pattern: require("$X") + - metavariable-regex: + metavariable: $X + regex: '^(core|net|util)\.' + message: Prefix required module path with 'prosody.' + severity: ERROR + languages: [lua] @@ -1,12 +1,17 @@ TRUNK ===== +13.0.x +====== + ## New ### Administration - Add 'watch log' command to follow live debug logs at runtime (even if disabled) - mod_announce: Add shell commands to send messages to all users, online users, or limited by roles +- New mod_account_activity plugin records last login/logout time of a user account +- New 'prosodyctl check features' recommends configuration improvements ### Networking @@ -30,6 +35,7 @@ TRUNK - muc_room_allow_public = false restricts to admins - Commands to show occupants and affiliations in the Shell - Save 'reason' text supplied with affiliation change +- Owners can set MUC avatars (functionality previously in community module mod_vcard_muc) ### Security and authentication @@ -46,6 +52,7 @@ TRUNK - New 'keyval+' combined keyval/map store type - Performance improvements in internal archive stores - Ability to use SQLite3 storage using LuaSQLite3 instead of LuaDBI +- SQLCipher support ### Module API @@ -55,11 +62,13 @@ TRUNK - Method for retrieving integer settings from config - It is now easy for modules to expose a Prosody shell command, by adding a shell-command item - Modules can now implement a module.ready method which will be called after server initialization +- module:depends() now accepts a second parameter 'soft' to enable soft dependencies ### Configuration - The configuration file now supports referring and appending to options previously set - Direct usage of the Lua API in the config file is deprecated, but can now be accessed via Lua.* instead +- Convenience functions for reading values from files, with variant meant for credentials or secrets ## Changes @@ -75,6 +84,8 @@ TRUNK - Support for the roster *group* access_model in mod_pep - Support for systemd socket activation in server_epoll - mod_invites_adhoc gained a command for creating password resets +- mod_cloud_notify imported from community modules for push notification support +- mod_http_altconnect imported from community modules, simplifying web clients ## Removed diff --git a/core/certmanager.lua b/core/certmanager.lua index 9e0ace6a..1c9cefed 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -189,10 +189,6 @@ local core_defaults = { single_ecdh_use = tls.features.options.single_ecdh_use; no_renegotiation = tls.features.options.no_renegotiation; }; - verifyext = { - "lsec_continue", -- Continue past certificate verification errors - "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates - }; curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1"; curveslist = { "X25519", diff --git a/core/configmanager.lua b/core/configmanager.lua index bd12e169..023545d7 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -18,6 +18,8 @@ local resolve_relative_path = require"prosody.util.paths".resolve_relative_path; local glob_to_pattern = require"prosody.util.paths".glob_to_pattern; local path_sep = package.config:sub(1,1); local get_traceback_table = require "prosody.util.debug".get_traceback_table; +local errors = require "prosody.util.error"; +local log = require "prosody.util.logger".init("config"); local encodings = deps.softreq"prosody.util.encodings"; local nameprep = encodings and encodings.stringprep.nameprep or function (host) return host:lower(); end @@ -32,6 +34,7 @@ local parser = nil; local config_mt = { __index = function (t, _) return rawget(t, "*"); end}; local config = setmetatable({ ["*"] = { } }, config_mt); +local delayed_warnings = {}; local files = {}; -- When host not found, use global @@ -42,6 +45,10 @@ function _M.getconfig() end function _M.get(host, key) + if host and key and delayed_warnings[host.."/"..key] then + local warning = delayed_warnings[host.."/"..key]; + log("warn", "%s", warning.text); + end return config[host][key]; end function _M.rawget(host, key) @@ -161,15 +168,44 @@ do end; }; + -- For reading config values out of files. + local function filereader(basepath, defaultmode) + return function(filename, mode) + local f, err = io.open(resolve_relative_path(basepath, filename)); + if not f then error(err, 2); end + local content, err = f:read(mode or defaultmode); + f:close(); + if not content then error(err, 2); end + return content; + end + end + + -- Collect lines into an array + local function linereader(basepath) + return function(filename) + local ret = {}; + for line in io.lines(resolve_relative_path(basepath, filename)) do + t_insert(ret, line); + end + return ret; + end + end + parser = {}; function parser.load(data, config_file, config_table) local set_options = {}; -- set_options[host.."/"..option_name] = true (when the option has been set already in this file) local warnings = {}; local env; + local config_path = config_file:gsub("[^"..path_sep.."]+$", ""); + -- The ' = true' are needed so as not to set off __newindex when we assign the functions below env = setmetatable({ Host = true, host = true, VirtualHost = true, Component = true, component = true, + FileContents = true, + FileLine = true, + FileLines = true, + Credential = true, Include = true, include = true, RunScript = true }, { __index = function (_, k) if k:match("^ENV_") then @@ -214,6 +250,10 @@ do t_insert(warnings, ("%s:%d: Duplicate option '%s'"):format(config_file, get_line_number(config_file), k)); end set_options[option_path] = true; + if errors.is_error(v) then + delayed_warnings[option_path] = v; + return; + end set(config_table, env.__currenthost or "*", k, v); end }); @@ -293,7 +333,6 @@ do end local path_pos, glob = file:match("()([^"..path_sep.."]+)$"); local path = file:sub(1, math_max(path_pos-2,0)); - local config_path = config_file:gsub("[^"..path_sep.."]+$", ""); if #path > 0 then path = resolve_relative_path(config_path, path); else @@ -308,7 +347,7 @@ do return; end -- Not a wildcard, so resolve (potentially) relative path and run through config parser - file = resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file); + file = resolve_relative_path(config_path, file); local f, err = io.open(file); if f then local ret, err = parser.load(f:read("*a"), file, config_table); @@ -325,7 +364,26 @@ do env.include = env.Include; function env.RunScript(file) - return dofile(resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file)); + return dofile(resolve_relative_path(config_path, file)); + end + + env.FileContents = filereader(config_path, "*a"); + env.FileLine = filereader(config_path, "*l"); + env.FileLines = linereader(config_path); + + if _G.prosody.paths.credentials then + env.Credential = filereader(_G.prosody.paths.credentials, "*a"); + elseif _G.prosody.process_type == "prosody" then + env.Credential = function() error("Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set", 2) end + else + env.Credential = function() + return errors.new({ + type = "continue", + text = ("%s:%d: Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set") + :format(config_file, get_line_number(config_file)); + }); + end + end local chunk, err = envload(data, "@"..config_file, env); diff --git a/core/features.lua b/core/features.lua index 99edde51..8e155f70 100644 --- a/core/features.lua +++ b/core/features.lua @@ -6,6 +6,14 @@ return { "mod_bookmarks"; -- mod_server_info bundled "mod_server_info"; + -- mod_flags bundled + "mod_flags"; + -- mod_cloud_notify bundled + "mod_cloud_notify"; + -- mod_muc has built-in vcard support + "muc_vcard"; + -- mod_http_altconnect bundled + "http_altconnect"; -- Roles, module.may and per-session authz "permissions"; -- prosody.* namespace diff --git a/core/moduleapi.lua b/core/moduleapi.lua index fa5086cf..50524b32 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -136,10 +136,14 @@ function api:require(lib) return f(); end -function api:depends(name) +function api:depends(name, soft) local modulemanager = require"prosody.core.modulemanager"; if self:get_option_inherited_set("modules_disabled", {}):contains(name) then - error("Dependency on disabled module mod_"..name); + if not soft then + error("Dependency on disabled module mod_"..name); + end + self:log("debug", "Not loading disabled soft dependency mod_%s", name); + return nil, "disabled"; end if not self.dependencies then self.dependencies = {}; @@ -431,8 +435,16 @@ function api:handle_items(item_type, added_cb, removed_cb, existing) self:hook("item-added/"..item_type, added_cb); self:hook("item-removed/"..item_type, removed_cb); if existing ~= false then - for _, item in ipairs(self:get_host_items(item_type)) do - added_cb({ item = item }); + local modulemanager = require"prosody.core.modulemanager"; + local modules = modulemanager.get_modules(self.host); + + for _, module in pairs(modules) do + local mod = module.module; + if mod.items and mod.items[item_type] then + for _, item in ipairs(mod.items[item_type]) do + added_cb({ source = mod; item = item }); + end + end end end end diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 873e08e5..7295ba25 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -26,10 +26,9 @@ local xpcall = require "prosody.util.xpcall".xpcall; local debug_traceback = debug.traceback; local setmetatable, rawget = setmetatable, rawget; local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; -local lua_version = _VERSION:match("5%.%d$"); +local lua_version = _VERSION:match("5%.%d+$"); local autoload_modules = { - prosody.platform, "presence", "message", "iq", @@ -66,6 +65,20 @@ local loader = pluginloader.init({ end end + if metadata.lua then + local supported = false; + for supported_lua_version in metadata.lua:gmatch("[^, ]+") do + if supported_lua_version == lua_version then + supported = true; + break; + end + end + if not supported then + log("warn", "Not loading module, we have Lua %s but the module requires one of (%s): %s", lua_version, metadata.lua, path); + return; -- Don't load this module + end + end + if metadata.conflicts then local conflicts_features = set.new(array.collect(metadata.conflicts:gmatch("[^, ]+"))); local conflicted_features = set.intersection(conflicts_features, core_features); diff --git a/core/usermanager.lua b/core/usermanager.lua index 793e7af6..3cd6f16d 100644 --- a/core/usermanager.lua +++ b/core/usermanager.lua @@ -244,7 +244,7 @@ local function add_user_secondary_role(user, host, role_name) local role, err = hosts[host].authz.add_user_secondary_role(user, role_name); if role then prosody.events.fire_event("user-role-added", { - username = user, host = host, role = role; + username = user, host = host, role_name = role_name, role = role; }); end return role, err; diff --git a/doc/doap.xml b/doc/doap.xml index cf150c36..9173a9cb 100644 --- a/doc/doap.xml +++ b/doc/doap.xml @@ -245,7 +245,7 @@ <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0090.html"/> <xmpp:version>1.2</xmpp:version> <xmpp:since>0.1.0</xmpp:since> - <xmpp:until>trunk</xmpp:until> + <xmpp:until>13.0.0</xmpp:until> <xmpp:status>removed</xmpp:status> <xmpp:note>mod_time</xmpp:note> </xmpp:SupportedXep> @@ -734,6 +734,15 @@ </implements> <implements> <xmpp:SupportedXep> + <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0357.html"/> + <xmpp:version>0.4.1</xmpp:version> + <xmpp:since>13.0.0</xmpp:since> + <xmpp:status>complete</xmpp:status> + <xmpp:note>mod_cloud_notify</xmpp:note> + </xmpp:SupportedXep> + </implements> + <implements> + <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0359.html"/> <xmpp:version>0.7.0</xmpp:version> <xmpp:status>complete</xmpp:status> @@ -831,7 +840,7 @@ <implements> <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0421.html"/> - <xmpp:version>0.2.0</xmpp:version> + <xmpp:version>1.0.0</xmpp:version> <xmpp:since>0.12.0</xmpp:since> <xmpp:status>complete</xmpp:status> <xmpp:note>mod_muc</xmpp:note> @@ -848,7 +857,7 @@ <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0440.html"/> <xmpp:version>0.4.2</xmpp:version> - <xmpp:since>trunk</xmpp:since> + <xmpp:since>13.0.0</xmpp:since> <xmpp:status>complete</xmpp:status> </xmpp:SupportedXep> </implements> @@ -872,7 +881,7 @@ <xmpp:SupportedXep> <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0478.html"/> <xmpp:version>0.2.0</xmpp:version> - <xmpp:since>trunk</xmpp:since> + <xmpp:since>13.0.0</xmpp:since> </xmpp:SupportedXep> </implements> </Project> diff --git a/net/adns.lua b/net/adns.lua index 2ecd7f53..59f19302 100644 --- a/net/adns.lua +++ b/net/adns.lua @@ -74,11 +74,17 @@ local function new_async_socket(sock, resolver) return handler; end +local function measure(_qclass, _qtype) + return measure; +end + function async_resolver_methods:lookup(handler, qname, qtype, qclass) local resolver = self._resolver; + local m = measure(qclass or "IN", qtype or "A"); return coroutine.wrap(function (peek) if peek then log("debug", "Records for %s already cached, using those...", qname); + m(); handler(peek); return; end @@ -89,6 +95,7 @@ function async_resolver_methods:lookup(handler, qname, qtype, qclass) log("debug", "Reply for %s (%s)", qname, coroutine.running()); end if ok then + m(); ok, err = pcall(handler, resolver:peek(qname, qtype, qclass)); else log("error", "Error sending DNS query: %s", err); @@ -129,4 +136,5 @@ return { end; resolver = new_async_resolver; new_async_socket = new_async_socket; + instrument = function(measure_) measure = measure_; end; }; diff --git a/net/httpserver.lua b/net/httpserver.lua deleted file mode 100644 index 0dfd862e..00000000 --- a/net/httpserver.lua +++ /dev/null @@ -1,17 +0,0 @@ --- COMPAT w/pre-0.9 -local log = require "prosody.util.logger".init("net.httpserver"); -local traceback = debug.traceback; - -local _ENV = nil; --- luacheck: std none - -local function fail() - log("error", "Attempt to use legacy HTTP API. For more info see https://prosody.im/doc/developers/legacy_http"); - log("error", "Legacy HTTP API usage, %s", traceback("", 2)); -end - -return { - new = fail; - new_from_config = fail; - set_default_handler = fail; -}; diff --git a/net/server_epoll.lua b/net/server_epoll.lua index b4477375..dd309b05 100644 --- a/net/server_epoll.lua +++ b/net/server_epoll.lua @@ -657,6 +657,7 @@ interface.send = interface.write; -- Close, possibly after writing is done function interface:close() + local status, err; if self.writebuffer and #self.writebuffer ~= 0 then self._connected = false; self:set(false, true); -- Flush final buffer contents @@ -665,6 +666,24 @@ function interface:close() self.write, self.send = noop, noop; -- No more writing self:debug("Close after writing remaining buffered data"); self.ondrain = interface.close; + elseif self.conn.shutdown and self._tls then + status, err = self.conn:shutdown(); + self.onreadable = interface.close; + self.onwritable = interface.close; + if err == nil then + if status == true then + self._tls = false; + end + return self:close(); + elseif err == "wantread" then + self:set(true, nil); + self:setreadtimeout(); + elseif err == "wantwrite" then + self:set(nil, true); + self:setwritetimeout(); + else + self._tls = false; + end else self:debug("Closing now"); self.write, self.send = noop, noop; @@ -675,6 +694,8 @@ function interface:close() end function interface:destroy() + -- make sure tls sockets aren't put in blocking mode + if self.conn.shutdown and self._tls then self.conn:shutdown(); end self:del(); self:setwritetimeout(false); self:setreadtimeout(false); diff --git a/net/unbound.lua b/net/unbound.lua index 176a6156..557a37fc 100644 --- a/net/unbound.lua +++ b/net/unbound.lua @@ -20,7 +20,6 @@ local libunbound = require"lunbound"; local promise = require"prosody.util.promise"; local new_id = require "prosody.util.id".short; -local gettime = require"socket".gettime; local dns_utils = require"prosody.util.dns"; local classes, types, errors = dns_utils.classes, dns_utils.types, dns_utils.errors; local parsers = dns_utils.parsers; @@ -116,21 +115,26 @@ local function prep_answer(a) return setmetatable(a, answer_mt); end +local function measure(_qclass, _qtype) + return measure; +end + local function lookup(callback, qname, qtype, qclass) if not unbound then initialize(); end qtype = qtype and s_upper(qtype) or "A"; qclass = qclass and s_upper(qclass) or "IN"; local ntype, nclass = types[qtype], classes[qclass]; - local startedat = gettime(); + + local m; local ret; local log_query = logger.init("unbound.query"..new_id()); local function callback_wrapper(a, err) - local gotdataat = gettime(); + m(); waiting_queries[ret] = nil; if a then prep_answer(a); - log_query("debug", "Results for %s %s %s: %s (%s, %f sec)", qname, qclass, qtype, a.rcode == 0 and (#a .. " items") or a.status, - a.secure and "Secure" or a.bogus or "Insecure", gotdataat - startedat); -- Insecure as in unsigned + log_query("debug", "Results for %s %s %s: %s (%s)", qname, qclass, qtype, a.rcode == 0 and (#a .. " items") or a.status, + a.secure and "Secure" or a.bogus or "Insecure"); -- Insecure as in unsigned else log_query("error", "Results for %s %s %s: %s", qname, qclass, qtype, tostring(err)); end @@ -138,6 +142,7 @@ local function lookup(callback, qname, qtype, qclass) if not ok then log_query("error", "Error in callback: %s", cerr); end end log_query("debug", "Resolve %s %s %s", qname, qclass, qtype); + m = measure(qclass, qtype); local err; ret, err = unbound:resolve_async(callback_wrapper, qname, ntype, nclass); if ret then @@ -225,6 +230,8 @@ local wrapper = { }; } +_M.instrument = function(measure_) measure = measure_; end; + function _M.resolver() return wrapper; end return _M; diff --git a/plugins/mod_account_activity.lua b/plugins/mod_account_activity.lua new file mode 100644 index 00000000..1b1208e7 --- /dev/null +++ b/plugins/mod_account_activity.lua @@ -0,0 +1,152 @@ +local jid = require "prosody.util.jid"; +local time = os.time; + +local store = module:open_store(nil, "keyval+"); + +module:hook("authentication-success", function(event) + local session = event.session; + if session.username then + store:set_key(session.username, "timestamp", time()); + end +end); + +module:hook("resource-unbind", function(event) + local session = event.session; + if session.username then + store:set_key(session.username, "timestamp", time()); + end +end); + +local user_sessions = prosody.hosts[module.host].sessions; +function get_last_active(username) --luacheck: ignore 131/get_last_active + if user_sessions[username] then + return os.time(), true; -- Currently connected + else + local last_activity = store:get(username); + if not last_activity then return nil; end + return last_activity.timestamp; + end +end + +module:add_item("shell-command", { + section = "user"; + section_desc = "View user activity data"; + name = "activity"; + desc = "View the last recorded user activity for an account"; + args = { { name = "jid"; type = "string" } }; + host_selector = "jid"; + handler = function(self, userjid) --luacheck: ignore 212/self + local username = jid.prepped_split(userjid); + local last_timestamp, is_online = get_last_active(username); + if not last_timestamp then + return true, "No activity"; + end + + return true, ("%s (%s)"):format(os.date("%Y-%m-%d %H:%M:%S", last_timestamp), (is_online and "online" or "offline")); + end; +}); + +module:add_item("shell-command", { + section = "user"; + section_desc = "View user activity data"; + name = "list_inactive"; + desc = "List inactive user accounts"; + args = { + { name = "host"; type = "string" }; + { name = "duration"; type = "string" }; + }; + host_selector = "host"; + handler = function(self, host, duration) --luacheck: ignore 212/self + local um = require "prosody.core.usermanager"; + local duration_sec = require "prosody.util.human.io".parse_duration(duration or ""); + if not duration_sec then + return false, ("Invalid duration %q - try something like \"30d\""):format(duration); + end + + local now = os.time(); + local n_inactive, n_unknown = 0, 0; + + for username in um.users(host) do + local last_active = store:get_key(username, "timestamp"); + if not last_active then + local created_at = um.get_account_info(username, host).created; + if created_at and (now - created_at) > duration_sec then + self.session.print(username, ""); + n_inactive = n_inactive + 1; + elseif not created_at then + n_unknown = n_unknown + 1; + end + elseif (now - last_active) > duration_sec then + self.session.print(username, os.date("%Y-%m-%dT%T", last_active)); + n_inactive = n_inactive + 1; + end + end + + if n_unknown > 0 then + return true, ("%d accounts inactive since %s (%d unknown)"):format(n_inactive, os.date("%Y-%m-%dT%T", now - duration_sec), n_unknown); + end + return true, ("%d accounts inactive since %s"):format(n_inactive, os.date("%Y-%m-%dT%T", now - duration_sec)); + end; +}); + +module:add_item("shell-command", { + section = "migrate"; + section_desc = "Perform data migrations"; + name = "account_activity_lastlog2"; + desc = "Migrate account activity information from mod_lastlog2"; + args = { { name = "host"; type = "string" } }; + host_selector = "host"; + handler = function(self, host) --luacheck: ignore 212/host + local lastlog2 = module:open_store("lastlog2", "keyval+"); + local n_updated, n_errors, n_skipped = 0, 0, 0; + + local async = require "prosody.util.async"; + + local p = require "prosody.util.promise".new(function (resolve) + local async_runner = async.runner(function () + local n = 0; + for username in lastlog2:items() do + n = n + 1; + if n % 100 == 0 then + self.session.print(("Processed %d..."):format(n)); + async.sleep(0); + end + local lastlog2_data = lastlog2:get(username); + if lastlog2_data then + local current_data, err = store:get(username); + if not current_data then + if not err then + current_data = {}; + else + n_errors = n_errors + 1; + end + end + if current_data then + local imported_timestamp = current_data.timestamp; + local latest; + for k, v in pairs(lastlog2_data) do + if k ~= "registered" and (not latest or v.timestamp > latest) then + latest = v.timestamp; + end + end + if latest and (not imported_timestamp or imported_timestamp < latest) then + local ok, err = store:set_key(username, "timestamp", latest); + if ok then + n_updated = n_updated + 1; + else + self.session.print(("WW: Failed to import %q: %s"):format(username, err)); + n_errors = n_errors + 1; + end + else + n_skipped = n_skipped + 1; + end + end + end + end + return resolve(("%d accounts imported, %d errors, %d skipped"):format(n_updated, n_errors, n_skipped)); + end); + async_runner:run(true); + end); + return p; + end; +}); diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 0b8d3c43..3301ed9b 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -25,6 +25,8 @@ local _G = _G; local prosody = _G.prosody; local unpack = table.unpack; +local cache = require "prosody.util.cache"; +local new_short_id = require "prosody.util.id".short; local iterators = require "prosody.util.iterators"; local keys, values = iterators.keys, iterators.values; local jid_bare, jid_split, jid_join, jid_resource, jid_compare = import("prosody.util.jid", "bare", "prepped_split", "join", "resource", "compare"); @@ -139,7 +141,7 @@ Built-in roles are: prosody:registered - Registered user prosody:member - Provisioned user prosody:admin - Host administrator - prosody:operator - Server administrator + prosody:operator - Server administrator Roles can be assigned using the user management commands (see 'help user'). ]]; @@ -170,6 +172,47 @@ local function send_repl_output(session, line, attr) return session.send(st.stanza("repl-output", attr):text(tostring(line))); end +local function request_repl_input(session, input_type) + if input_type ~= "password" then + return promise.reject("internal error - unsupported input type "..tostring(input_type)); + end + local pending_inputs = session.pending_inputs; + if not pending_inputs then + pending_inputs = cache.new(5, function (input_id, input_promise) --luacheck: ignore 212/input_id + input_promise.reject(); + end); + session.pending_inputs = pending_inputs; + end + + local input_id = new_short_id(); + local p = promise.new(function (resolve, reject) + pending_inputs:set(input_id, { resolve = resolve, reject = reject }); + end):finally(function () + pending_inputs:set(input_id, nil); + end); + session.send(st.stanza("repl-request-input", { type = input_type, id = input_id })); + return p; +end + +module:hook("admin-disconnected", function (event) + local pending_inputs = event.session.pending_inputs; + if not pending_inputs then return; end + for input_promise in pending_inputs:values() do + input_promise.reject(); + end +end); + +module:hook("admin/repl-requested-input", function (event) + local input_id = event.stanza.attr.id; + local input_promise = event.origin.pending_inputs:get(input_id); + if not input_promise then + event.origin.send(st.stanza("repl-result", { type = "error" }):text("Internal error - unexpected input")); + return true; + end + input_promise.resolve(event.stanza:get_text()); + return true; +end); + function console:new_session(admin_session) local session = { send = function (t) @@ -185,6 +228,9 @@ function console:new_session(admin_session) write = function (t) return send_repl_output(admin_session, t, { eol = "0" }); end; + request_input = function (input_type) + return request_repl_input(admin_session, input_type); + end; serialize = tostring; disconnect = function () admin_session:close(); end; is_connected = function () @@ -266,25 +312,33 @@ local function handle_line(event) end end - local taskok, message = chunk(); + local function send_result(taskok, message) + if not message then + if type(taskok) ~= "string" and useglobalenv then + taskok = session.serialize(taskok); + end + result:text("Result: "..tostring(taskok)); + elseif (not taskok) and message then + result.attr.type = "error"; + result:text("Error: "..tostring(message)); + else + result:text("OK: "..tostring(message)); + end - if promise.is_promise(taskok) then - taskok, message = async.wait_for(taskok); + event.origin.send(result); end - if not message then - if type(taskok) ~= "string" and useglobalenv then - taskok = session.serialize(taskok); - end - result:text("Result: "..tostring(taskok)); - elseif (not taskok) and message then - result.attr.type = "error"; - result:text("Error: "..tostring(message)); + local taskok, message = chunk(); + + if promise.is_promise(taskok) then + taskok:next(function (resolved_message) + send_result(true, resolved_message); + end, function (rejected_message) + send_result(nil, rejected_message); + end); else - result:text("OK: "..tostring(message)); + send_result(taskok, message); end - - event.origin.send(result); end module:hook("admin/repl-input", function (event) @@ -295,7 +349,7 @@ module:hook("admin/repl-input", function (event) return true; end); -local function describe_command(s) +local function describe_command(s, hidden) local section, name, args, desc = s:match("^([%w_]+):([%w_]+)%(([^)]*)%) %- (.+)$"); if not section then error("Failed to parse command description: "..s); @@ -306,9 +360,14 @@ local function describe_command(s) args = array.collect(args:gmatch("[%w_]+")):map(function (arg_name) return { name = arg_name }; end); + hidden = hidden; }; end +local function hidden_command(s) + return describe_command(s, true); +end + -- Console commands -- -- These are simple commands, not valid standalone in Lua @@ -401,10 +460,12 @@ def_env.help = setmetatable({}, { end for command, command_help in it.sorted_pairs(section_help.commands or {}) do - c = c + 1; - local args = command_help.args:pluck("name"):concat(", "); - local desc = command_help.desc or command_help.module and ("Provided by mod_"..command_help.module) or ""; - print(("%s:%s(%s) - %s"):format(section_name, command, args, desc)); + if not command_help.hidden then + c = c + 1; + local args = array.pluck(command_help.args, "name"):concat(", "); + local desc = command_help.desc or command_help.module and ("Provided by mod_"..command_help.module) or ""; + print(("%s:%s(%s) - %s"):format(section_name, command, args, desc)); + end end elseif help_topics[section_name] then local topic = help_topics[section_name]; @@ -1670,12 +1731,13 @@ function def_env.user:create(jid, password, role) role = module:get_option_string("default_provisioned_role", "prosody:member"); end - local ok, err = um.create_user_with_role(username, password, host, role); - if not ok then - return nil, "Could not create user: "..err; - end - - return true, ("Created %s with role '%s'"):format(jid, role); + return promise.resolve(password or self.session.request_input("password")):next(function (password_) + local ok, err = um.create_user_with_role(username, password_, host, role); + if not ok then + return promise.reject("Could not create user: "..err); + end + return ("Created %s with role '%s'"):format(jid, role); + end); end describe_command [[user:disable(jid) - Disable the specified user account, preventing login]] @@ -1734,17 +1796,19 @@ function def_env.user:password(jid, password) elseif not um.user_exists(username, host) then return nil, "No such user"; end - local ok, err = um.set_password(username, password, host, nil); - if ok then - return true, "User password changed"; - else - return nil, "Could not change password for user: "..err; - end + + return promise.resolve(password or self.session.request_input("password")):next(function (password_) + local ok, err = um.set_password(username, password_, host, nil); + if ok then + return "User password changed"; + else + return promise.reject("Could not change password for user: "..err); + end + end); end -describe_command [[user:roles(jid, host) - Show current roles for an user]] +describe_command [[user:role(jid, host) - Show primary role for a user]] function def_env.user:role(jid, host) - local print = self.session.print; local username, userhost = jid_split(jid); if host == nil then host = userhost; end if not prosody.hosts[host] then @@ -1756,22 +1820,27 @@ function def_env.user:role(jid, host) local primary_role = um.get_user_role(username, host); local secondary_roles = um.get_user_secondary_roles(username, host); + local primary_role_desc = primary_role and primary_role.name or "<none>"; + print(primary_role and primary_role.name or "<none>"); - local count = primary_role and 1 or 0; + local n_secondary = 0; for role_name in pairs(secondary_roles or {}) do - count = count + 1; + n_secondary = n_secondary + 1; print(role_name.." (secondary)"); end - return true, count == 1 and "1 role" or count.." roles"; + if n_secondary > 0 then + return true, primary_role_desc.." (primary)"; + end + return true, primary_role_desc; end def_env.user.roles = def_env.user.role; -describe_command [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]] --- user:setrole("someone@example.com", "example.com", "prosody:admin") --- user:setrole("someone@example.com", "prosody:admin") -function def_env.user:setrole(jid, host, new_role) +describe_command [[user:set_role(jid, host, role) - Set primary role of a user (see 'help roles')]] +-- user:set_role("someone@example.com", "example.com", "prosody:admin") +-- user:set_role("someone@example.com", "prosody:admin") +function def_env.user:set_role(jid, host, new_role) local username, userhost = jid_split(jid); if new_role == nil then host, new_role = userhost, host; end if not prosody.hosts[host] then @@ -1786,7 +1855,7 @@ function def_env.user:setrole(jid, host, new_role) end end -describe_command [[user:addrole(jid, host, role) - Add a secondary role to a user]] +hidden_command [[user:addrole(jid, host, role) - Add a secondary role to a user]] function def_env.user:addrole(jid, host, new_role) local username, userhost = jid_split(jid); if new_role == nil then host, new_role = userhost, host; end @@ -1797,10 +1866,14 @@ function def_env.user:addrole(jid, host, new_role) elseif userhost ~= host then return nil, "Can't add roles outside users own host" end - return um.add_user_secondary_role(username, host, new_role); + local role, err = um.add_user_secondary_role(username, host, new_role); + if not role then + return nil, err; + end + return true, "Role added"; end -describe_command [[user:delrole(jid, host, role) - Remove a secondary role from a user]] +hidden_command [[user:delrole(jid, host, role) - Remove a secondary role from a user]] function def_env.user:delrole(jid, host, role_name) local username, userhost = jid_split(jid); if role_name == nil then host, role_name = userhost, host; end @@ -1811,7 +1884,11 @@ function def_env.user:delrole(jid, host, role_name) elseif userhost ~= host then return nil, "Can't remove roles outside users own host" end - return um.remove_user_secondary_role(username, host, role_name); + local ok, err = um.remove_user_secondary_role(username, host, role_name); + if not ok then + return nil, err; + end + return true, "Role removed"; end describe_command [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] @@ -2431,12 +2508,15 @@ describe_command [[stats:show(pattern) - Show internal statistics, optionally fi -- Undocumented currently, you can append :histogram() or :cfgraph() to stats:show() for rendered graphs. function def_env.stats:show(name_filter) local statsman = require "prosody.core.statsmanager" + local metric_registry = statsman.get_metric_registry(); + if not metric_registry then + return nil, [[Statistics disabled. Try `statistics = "internal"` in the global section of the config file and restart.]]; + end local collect = statsman.collect if collect then -- force collection if in manual mode collect() end - local metric_registry = statsman.get_metric_registry(); local displayed_stats = new_stats_context(self); for family_name, metric_family in iterators.sorted_pairs(metric_registry:get_metric_families()) do if not name_filter or family_name:match(name_filter) then @@ -2481,7 +2561,7 @@ local host_commands = {}; local function new_item_handlers(command_host) local function on_command_added(event) local command = event.item; - local mod_name = command._provided_by and ("mod_"..command._provided_by) or "<unknown module>"; + local mod_name = event.source and ("mod_"..event.source.name) or "<unknown module>"; if not schema.validate(command_metadata_schema, command) or type(command.handler) ~= "function" then module:log("warn", "Ignoring command added by %s: missing or invalid data", mod_name); return; @@ -2568,7 +2648,7 @@ local function new_item_handlers(command_host) module = command._provided_by; }; - module:log("debug", "Shell command added by mod_%s: %s:%s()", mod_name, command.section, command.name); + module:log("debug", "Shell command added by %s: %s:%s()", mod_name, command.section, command.name); end local function on_command_removed(event) diff --git a/plugins/mod_admin_socket.lua b/plugins/mod_admin_socket.lua index ad6aa5d7..b7b6d5f5 100644 --- a/plugins/mod_admin_socket.lua +++ b/plugins/mod_admin_socket.lua @@ -54,7 +54,12 @@ end); local conn, sock; -local listeners = adminstream.server(sessions, fire_admin_event).listeners; +local admin_server = adminstream.server(sessions, fire_admin_event); +local listeners = admin_server.listeners; + +module:hook_object_event(admin_server.events, "disconnected", function (event) + return module:fire_event("admin-disconnected", event); +end); local function accept_connection() module:log("debug", "accepting..."); diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 07091a04..f683d90c 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -8,7 +8,7 @@ local roles = require "prosody.util.roles"; local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; local host = module.host; -local host_suffix = host:gsub("^[^%.]+%.", ""); +local host_suffix = module:get_option_string("parent_host", (host:gsub("^[^%.]+%.", ""))); local hosts = prosody.hosts; local is_anon_host = module:get_option_string("authentication") == "anonymous"; @@ -18,8 +18,8 @@ local is_component = hosts[host].type == "component"; local host_user_role, server_user_role, public_user_role; if is_component then host_user_role = module:get_option_string("host_user_role", "prosody:registered"); - server_user_role = module:get_option_string("server_user_role"); - public_user_role = module:get_option_string("public_user_role"); + server_user_role = module:get_option_string("server_user_role", "prosody:guest"); + public_user_role = module:get_option_string("public_user_role", "prosody:guest"); end local role_store = module:open_store("account_roles"); @@ -161,7 +161,7 @@ end function set_user_role(user, role_name) local role = role_registry[role_name]; if not role then - return error("Cannot assign default user an unknown role: "..tostring(role_name)); + return error("Cannot assign user an unknown role: "..tostring(role_name)); end local keys_update = { _default = role_name; @@ -180,14 +180,19 @@ function set_user_role(user, role_name) end function add_user_secondary_role(user, role_name) - if not role_registry[role_name] then - return error("Cannot assign default user an unknown role: "..tostring(role_name)); + local role = role_registry[role_name]; + if not role then + return error("Cannot assign user an unknown role: "..tostring(role_name)); end - role_map_store:set(user, role_name, true); + local ok, err = role_map_store:set(user, role_name, true); + if not ok then + return nil, err; + end + return role; end function remove_user_secondary_role(user, role_name) - role_map_store:set(user, role_name, nil); + return role_map_store:set(user, role_name, nil); end function get_user_secondary_roles(user) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 091a7d81..fc2c92ae 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -557,6 +557,8 @@ function module.add_host(module) ["POST /"] = handle_POST; }; }); + + module:depends("http_altconnect", true); end if require"prosody.core.modulemanager".get_modules_for_host("*"):contains(module.name) then diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index e29ea6a0..a9417368 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -273,6 +273,7 @@ local function disconnect_user_sessions(reason, leave_resource) if not (hosts[host] and hosts[host].type == "local") then return -- not a local VirtualHost so no sessions end + module:log("debug", "Disconnecting %s sessions of %s@%s (%s)", not leave_resource and "all" or "other", username, host, reason.text); local user = hosts[host].sessions[username]; if user and user.sessions then for r, session in pairs(user.sessions) do diff --git a/plugins/mod_cloud_notify.lua b/plugins/mod_cloud_notify.lua new file mode 100644 index 00000000..1c660e93 --- /dev/null +++ b/plugins/mod_cloud_notify.lua @@ -0,0 +1,653 @@ +-- XEP-0357: Push (aka: My mobile OS vendor won't let me have persistent TCP connections) +-- Copyright (C) 2015-2016 Kim Alvefur +-- Copyright (C) 2017-2019 Thilo Molitor +-- +-- This file is MIT/X11 licensed. + +local os_time = os.time; +local st = require"prosody.util.stanza"; +local jid = require"prosody.util.jid"; +local dataform = require"prosody.util.dataforms".new; +local hashes = require"prosody.util.hashes"; +local random = require"prosody.util.random"; +local cache = require"prosody.util.cache"; +local watchdog = require "prosody.util.watchdog"; + +local xmlns_push = "urn:xmpp:push:0"; + +-- configuration +local include_body = module:get_option_boolean("push_notification_with_body", false); +local include_sender = module:get_option_boolean("push_notification_with_sender", false); +local max_push_errors = module:get_option_number("push_max_errors", 16); +local max_push_devices = module:get_option_number("push_max_devices", 5); +local dummy_body = module:get_option_string("push_notification_important_body", "New Message!"); +local extended_hibernation_timeout = module:get_option_number("push_max_hibernation_timeout", 72*3600); -- use same timeout like ejabberd + +local host_sessions = prosody.hosts[module.host].sessions; +local push_errors = module:shared("push_errors"); +local id2node = {}; +local id2identifier = {}; + +-- For keeping state across reloads while caching reads +-- This uses util.cache for caching the most recent devices and removing all old devices when max_push_devices is reached +local push_store = (function() + local store = module:open_store(); + local push_services = {}; + local api = {}; + --luacheck: ignore 212/self + function api:get(user) + if not push_services[user] then + local loaded, err = store:get(user); + if not loaded and err then + module:log("warn", "Error reading push notification storage for user '%s': %s", user, tostring(err)); + push_services[user] = cache.new(max_push_devices):table(); + return push_services[user], false; + end + if loaded then + push_services[user] = cache.new(max_push_devices):table(); + -- copy over plain table loaded from disk into our cache + for k, v in pairs(loaded) do push_services[user][k] = v; end + else + push_services[user] = cache.new(max_push_devices):table(); + end + end + return push_services[user], true; + end + function api:flush_to_disk(user) + local plain_table = {}; + for k, v in pairs(push_services[user]) do plain_table[k] = v; end + local ok, err = store:set(user, plain_table); + if not ok then + module:log("error", "Error writing push notification storage for user '%s': %s", user, tostring(err)); + return false; + end + return true; + end + function api:set_identifier(user, push_identifier, data) + local services = self:get(user); + services[push_identifier] = data; + end + return api; +end)(); + + +-- Forward declarations, as both functions need to reference each other +local handle_push_success, handle_push_error; + +function handle_push_error(event) + local stanza = event.stanza; + local error_type, condition, error_text = stanza:get_error(); + local node = id2node[stanza.attr.id]; + local identifier = id2identifier[stanza.attr.id]; + if node == nil then + module:log("warn", "Received push error with unrecognised id: %s", stanza.attr.id); + return false; -- unknown stanza? Ignore for now! + end + local from = stanza.attr.from; + local user_push_services = push_store:get(node); + local found, changed = false, false; + + for push_identifier, _ in pairs(user_push_services) do + if push_identifier == identifier then + found = true; + if user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and error_type ~= "wait" then + push_errors[push_identifier] = push_errors[push_identifier] + 1; + module:log("info", "Got error <%s:%s:%s> for identifier '%s': " + .."error count for this identifier is now at %s", error_type, condition, error_text or "", push_identifier, + tostring(push_errors[push_identifier])); + if push_errors[push_identifier] >= max_push_errors then + module:log("warn", "Disabling push notifications for identifier '%s'", push_identifier); + -- remove push settings from sessions + if host_sessions[node] then + for _, session in pairs(host_sessions[node].sessions) do + if session.push_identifier == push_identifier then + session.push_identifier = nil; + session.push_settings = nil; + session.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + end + -- save changed global config + changed = true; + user_push_services[push_identifier] = nil + push_errors[push_identifier] = nil; + -- unhook iq handlers for this identifier (if possible) + module:unhook("iq-error/host/"..stanza.attr.id, handle_push_error); + module:unhook("iq-result/host/"..stanza.attr.id, handle_push_success); + id2node[stanza.attr.id] = nil; + id2identifier[stanza.attr.id] = nil; + end + elseif user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and error_type == "wait" then + module:log("debug", "Got error <%s:%s:%s> for identifier '%s': " + .."NOT increasing error count for this identifier", error_type, condition, error_text or "", push_identifier); + else + module:log("debug", "Unhandled push error <%s:%s:%s> from %s for identifier '%s'", + error_type, condition, error_text or "", from, push_identifier + ); + end + end + end + if changed then + push_store:flush_to_disk(node); + elseif not found then + module:log("warn", "Unable to find matching registration for push error <%s:%s:%s> from %s", error_type, condition, error_text or "", from); + end + return true; +end + +function handle_push_success(event) + local stanza = event.stanza; + local node = id2node[stanza.attr.id]; + local identifier = id2identifier[stanza.attr.id]; + if node == nil then return false; end -- unknown stanza? Ignore for now! + local from = stanza.attr.from; + local user_push_services = push_store:get(node); + + for push_identifier, _ in pairs(user_push_services) do + if push_identifier == identifier then + if user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and push_errors[push_identifier] > 0 then + push_errors[push_identifier] = 0; + -- unhook iq handlers for this identifier (if possible) + module:unhook("iq-error/host/"..stanza.attr.id, handle_push_error); + module:unhook("iq-result/host/"..stanza.attr.id, handle_push_success); + id2node[stanza.attr.id] = nil; + id2identifier[stanza.attr.id] = nil; + module:log("debug", "Push succeeded, error count for identifier '%s' is now at %s again", + push_identifier, tostring(push_errors[push_identifier]) + ); + end + end + end + return true; +end + +-- http://xmpp.org/extensions/xep-0357.html#disco +local function account_dico_info(event) + (event.reply or event.stanza):tag("feature", {var=xmlns_push}):up(); +end +module:hook("account-disco-info", account_dico_info); + +-- http://xmpp.org/extensions/xep-0357.html#enabling +local function push_enable(event) + local origin, stanza = event.origin, event.stanza; + local enable = stanza.tags[1]; + origin.log("debug", "Attempting to enable push notifications"); + -- MUST contain a 'jid' attribute of the XMPP Push Service being enabled + local push_jid = enable.attr.jid; + -- SHOULD contain a 'node' attribute + local push_node = enable.attr.node; + -- CAN contain a 'include_payload' attribute + local include_payload = enable.attr.include_payload; + if not push_jid then + origin.log("debug", "Push notification enable request missing the 'jid' field"); + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing jid")); + return true; + end + if push_jid == stanza.attr.from then + origin.log("debug", "Push notification enable request 'jid' field identical to our own"); + origin.send(st.error_reply(stanza, "modify", "bad-request", "JID must be different from ours")); + return true; + end + local publish_options = enable:get_child("x", "jabber:x:data"); + if not publish_options then + -- Could be intentional + origin.log("debug", "No publish options in request"); + end + local push_identifier = push_jid .. "<" .. (push_node or ""); + local push_service = { + jid = push_jid; + node = push_node; + include_payload = include_payload; + options = publish_options and st.preserialize(publish_options); + timestamp = os_time(); + client_id = origin.client_id; + resource = not origin.client_id and origin.resource or nil; + language = stanza.attr["xml:lang"]; + }; + local allow_registration = module:fire_event("cloud_notify/registration", { + origin = origin, stanza = stanza, push_info = push_service; + }); + if allow_registration == false then + return true; -- Assume error reply already sent + end + push_store:set_identifier(origin.username, push_identifier, push_service); + local ok = push_store:flush_to_disk(origin.username); + if not ok then + origin.send(st.error_reply(stanza, "wait", "internal-server-error")); + else + origin.push_identifier = push_identifier; + origin.push_settings = push_service; + origin.first_hibernated_push = nil; + origin.log("info", "Push notifications enabled for %s (%s)", tostring(stanza.attr.from), tostring(origin.push_identifier)); + origin.send(st.reply(stanza)); + end + return true; +end +module:hook("iq-set/self/"..xmlns_push..":enable", push_enable); + +-- http://xmpp.org/extensions/xep-0357.html#disabling +local function push_disable(event) + local origin, stanza = event.origin, event.stanza; + local push_jid = stanza.tags[1].attr.jid; -- MUST include a 'jid' attribute + local push_node = stanza.tags[1].attr.node; -- A 'node' attribute MAY be included + if not push_jid then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing jid")); + return true; + end + local user_push_services = push_store:get(origin.username); + for key, push_info in pairs(user_push_services) do + if push_info.jid == push_jid and (not push_node or push_info.node == push_node) then + origin.log("info", "Push notifications disabled (%s)", tostring(key)); + if origin.push_identifier == key then + origin.push_identifier = nil; + origin.push_settings = nil; + origin.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if origin.hibernating_watchdog and origin.original_smacks_callback and origin.original_smacks_timeout then + -- restore old smacks watchdog + origin.hibernating_watchdog:cancel(); + origin.hibernating_watchdog = watchdog.new(origin.original_smacks_timeout, origin.original_smacks_callback); + end + end + user_push_services[key] = nil; + push_errors[key] = nil; + for stanza_id, identifier in pairs(id2identifier) do + if identifier == key then + module:unhook("iq-error/host/"..stanza_id, handle_push_error); + module:unhook("iq-result/host/"..stanza_id, handle_push_success); + id2node[stanza_id] = nil; + id2identifier[stanza_id] = nil; + end + end + end + end + local ok = push_store:flush_to_disk(origin.username); + if not ok then + origin.send(st.error_reply(stanza, "wait", "internal-server-error")); + else + origin.send(st.reply(stanza)); + end + return true; +end +module:hook("iq-set/self/"..xmlns_push..":disable", push_disable); + +-- urgent stanzas should be delivered without delay +local function is_urgent(stanza) + -- TODO + if stanza.name == "message" then + if stanza:get_child("propose", "urn:xmpp:jingle-message:0") then + return true, "jingle call"; + end + end +end + +-- is this push a high priority one (this is needed for ios apps not using voip pushes) +local function is_important(stanza) + local st_name = stanza and stanza.name or nil; + if not st_name then return false; end -- nonzas are never important here + if st_name == "presence" then + return false; -- same for presences + elseif st_name == "message" then + -- unpack carbon copied message stanzas + local carbon = stanza:find("{urn:xmpp:carbons:2}/{urn:xmpp:forward:0}/{jabber:client}message"); + local stanza_direction = carbon and stanza:child_with_name("sent") and "out" or "in"; + if carbon then stanza = carbon; end + local st_type = stanza.attr.type; + + -- headline message are always not important + if st_type == "headline" then return false; end + + -- carbon copied outgoing messages are not important + if carbon and stanza_direction == "out" then return false; end + + -- We can't check for body contents in encrypted messages, so let's treat them as important + -- Some clients don't even set a body or an empty body for encrypted messages + + -- check omemo https://xmpp.org/extensions/inbox/omemo.html + if stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or stanza:get_child("encrypted", "urn:xmpp:omemo:0") then return true; end + + -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html + if stanza:get_child("x", "jabber:x:encrypted") then return true; end + + -- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html + if stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then return true; end + + -- XEP-0353: Jingle Message Initiation (incoming call request) + if stanza:get_child("propose", "urn:xmpp:jingle-message:0") then return true; end + + local body = stanza:get_child_text("body"); + + -- groupchat subjects are not important here + if st_type == "groupchat" and stanza:get_child_text("subject") then + return false; + end + + -- empty bodies are not important + return body ~= nil and body ~= ""; + end + return false; -- this stanza wasn't one of the above cases --> it is not important, too +end + +local push_form = dataform { + { name = "FORM_TYPE"; type = "hidden"; value = "urn:xmpp:push:summary"; }; + { name = "message-count"; type = "text-single"; }; + { name = "pending-subscription-count"; type = "text-single"; }; + { name = "last-message-sender"; type = "jid-single"; }; + { name = "last-message-body"; type = "text-single"; }; +}; + +-- http://xmpp.org/extensions/xep-0357.html#publishing +local function handle_notify_request(stanza, node, user_push_services, log_push_decline) + local pushes = 0; + if not #user_push_services then return pushes end + + for push_identifier, push_info in pairs(user_push_services) do + local send_push = true; -- only send push to this node when not already done for this stanza or if no stanza is given at all + if stanza then + if not stanza._push_notify then stanza._push_notify = {}; end + if stanza._push_notify[push_identifier] then + if log_push_decline then + module:log("debug", "Already sent push notification for %s@%s to %s (%s)", node, module.host, push_info.jid, tostring(push_info.node)); + end + send_push = false; + end + stanza._push_notify[push_identifier] = true; + end + + if send_push then + -- construct push stanza + local stanza_id = hashes.sha256(random.bytes(8), true); + local push_notification_payload = st.stanza("notification", { xmlns = xmlns_push }); + local form_data = { + -- hardcode to 1 because other numbers are just meaningless (the XEP does not specify *what exactly* to count) + ["message-count"] = "1"; + }; + if stanza and include_sender then + form_data["last-message-sender"] = stanza.attr.from; + end + if stanza and include_body then + form_data["last-message-body"] = stanza:get_child_text("body"); + elseif stanza and dummy_body and is_important(stanza) then + form_data["last-message-body"] = tostring(dummy_body); + end + + push_notification_payload:add_child(push_form:form(form_data)); + + local push_publish = st.iq({ to = push_info.jid, from = module.host, type = "set", id = stanza_id }) + :tag("pubsub", { xmlns = "http://jabber.org/protocol/pubsub" }) + :tag("publish", { node = push_info.node }) + :tag("item") + :add_child(push_notification_payload) + :up() + :up(); + + if push_info.options then + push_publish:tag("publish-options"):add_child(st.deserialize(push_info.options)); + end + -- send out push + module:log("debug", "Sending %s push notification for %s@%s to %s (%s)", + form_data["last-message-body"] and "important" or "unimportant", + node, module.host, push_info.jid, tostring(push_info.node) + ); + -- module:log("debug", "PUSH STANZA: %s", tostring(push_publish)); + local push_event = { + notification_stanza = push_publish; + notification_payload = push_notification_payload; + original_stanza = stanza; + username = node; + push_info = push_info; + push_summary = form_data; + important = not not form_data["last-message-body"]; + }; + + if module:fire_event("cloud_notify/push", push_event) then + module:log("debug", "Push was blocked by event handler: %s", push_event.reason or "Unknown reason"); + else + -- handle push errors for this node + if push_errors[push_identifier] == nil then + push_errors[push_identifier] = 0; + end + module:hook("iq-error/host/"..stanza_id, handle_push_error); + module:hook("iq-result/host/"..stanza_id, handle_push_success); + id2node[stanza_id] = node; + id2identifier[stanza_id] = push_identifier; + module:send(push_publish); + pushes = pushes + 1; + end + end + end + return pushes; +end + +-- small helper function to extract relevant push settings +local function get_push_settings(stanza, session) + local to = stanza.attr.to; + local node = to and jid.split(to) or session.username; + local user_push_services = push_store:get(node); + return node, user_push_services; +end + +-- publish on offline message +module:hook("message/offline/handle", function(event) + local node, user_push_services = get_push_settings(event.stanza, event.origin); + module:log("debug", "Invoking cloud handle_notify_request() for offline stanza"); + handle_notify_request(event.stanza, node, user_push_services, true); +end, 1); + +-- publish on bare groupchat +-- this picks up MUC messages when there are no devices connected +module:hook("message/bare/groupchat", function(event) + module:log("debug", "Invoking cloud handle_notify_request() for bare groupchat stanza"); + local node, user_push_services = get_push_settings(event.stanza, event.origin); + handle_notify_request(event.stanza, node, user_push_services, true); +end, 1); + + +local function process_stanza_queue(queue, session, queue_type) + if not session.push_identifier then return; end + local user_push_services = {[session.push_identifier] = session.push_settings}; + local notified = { unimportant = false; important = false } + for i=1, #queue do + local stanza = queue[i]; + -- fast ignore of already pushed stanzas + if stanza and not (stanza._push_notify and stanza._push_notify[session.push_identifier]) then + local node = get_push_settings(stanza, session); + local stanza_type = "unimportant"; + if dummy_body and is_important(stanza) then stanza_type = "important"; end + if not notified[stanza_type] then -- only notify if we didn't try to push for this stanza type already + -- session.log("debug", "Invoking cloud handle_notify_request() for smacks queued stanza: %d", i); + if handle_notify_request(stanza, node, user_push_services, false) ~= 0 then + if session.hibernating and not session.first_hibernated_push then + -- if important stanzas are treated differently (pushed with last-message-body field set to dummy string) + -- if the message was important (e.g. had a last-message-body field) OR if we treat all pushes equally, + -- then record the time of first push in the session for the smack module which will extend its hibernation + -- timeout based on the value of session.first_hibernated_push + if not dummy_body or (dummy_body and is_important(stanza)) then + session.first_hibernated_push = os_time(); + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog (--> the start of our original timeout will be delayed until first push) + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + session.log("debug", "Cloud handle_notify_request() > 0, not notifying for other %s queued stanzas of type %s", queue_type, stanza_type); + notified[stanza_type] = true + end + end + end + if notified.unimportant and notified.important then break; end -- stop processing the queue if all push types are exhausted + end +end + +-- publish on unacked smacks message (use timer to send out push for all stanzas submitted in a row only once) +local function process_stanza(session, stanza) + if session.push_identifier then + session.log("debug", "adding new stanza to push_queue"); + if not session.push_queue then session.push_queue = {}; end + local queue = session.push_queue; + queue[#queue+1] = st.clone(stanza); + if not session.awaiting_push_timer then -- timer not already running --> start new timer + session.log("debug", "Invoking cloud handle_notify_request() for newly smacks queued stanza (in a moment)"); + session.awaiting_push_timer = module:add_timer(1.0, function () + session.log("debug", "Invoking cloud handle_notify_request() for newly smacks queued stanzas (now in timer)"); + process_stanza_queue(session.push_queue, session, "push"); + session.push_queue = {}; -- clean up queue after push + session.awaiting_push_timer = nil; + end); + end + end + return stanza; +end + +local function process_smacks_stanza(event) + local session = event.origin; + local stanza = event.stanza; + if not session.push_identifier then + session.log("debug", "NOT invoking cloud handle_notify_request() for newly smacks queued stanza (session.push_identifier is not set: %s)", + session.push_identifier + ); + else + process_stanza(session, stanza) + end +end + +-- smacks hibernation is started +local function hibernate_session(event) + local session = event.origin; + local queue = event.queue; + session.first_hibernated_push = nil; + if session.push_identifier and session.hibernating_watchdog then -- check for prosody 0.12 mod_smacks + -- save old watchdog callback and timeout + session.original_smacks_callback = session.hibernating_watchdog.callback; + session.original_smacks_timeout = session.hibernating_watchdog.timeout; + -- cancel old watchdog and create a new watchdog with extended timeout + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(extended_hibernation_timeout, function() + session.log("debug", "Push-extended smacks watchdog triggered"); + if session.original_smacks_callback then + session.log("debug", "Calling original smacks watchdog handler"); + session.original_smacks_callback(); + end + end); + end + -- process unacked stanzas + process_stanza_queue(queue, session, "smacks"); +end + +-- smacks hibernation is ended +local function restore_session(event) + local session = event.resumed; + if session then -- older smacks module versions send only the "intermediate" session in event.session and no session.resumed one + if session.awaiting_push_timer then + session.awaiting_push_timer:stop(); + session.awaiting_push_timer = nil; + end + session.first_hibernated_push = nil; + -- the extended smacks watchdog will be canceled by the smacks module, no need to anything here + end +end + +-- smacks ack is delayed +local function ack_delayed(event) + local session = event.origin; + local queue = event.queue; + local stanza = event.stanza; + if not session.push_identifier then return; end + if stanza then process_stanza(session, stanza); return; end -- don't iterate through smacks queue if we know which stanza triggered this + for i=1, #queue do + local queued_stanza = queue[i]; + -- process unacked stanzas (handle_notify_request() will only send push requests for new stanzas) + process_stanza(session, queued_stanza); + end +end + +-- archive message added +local function archive_message_added(event) + -- event is: { origin = origin, stanza = stanza, for_user = store_user, id = id } + -- only notify for new mam messages when at least one device is online + if not event.for_user or not host_sessions[event.for_user] then return; end + local stanza = event.stanza; + local user_session = host_sessions[event.for_user].sessions; + local to = stanza.attr.to; + to = to and jid.split(to) or event.origin.username; + + -- only notify if the stanza destination is the mam user we store it for + if event.for_user == to then + local user_push_services = push_store:get(to); + + -- Urgent stanzas are time-sensitive (e.g. calls) and should + -- be pushed immediately to avoid getting stuck in the smacks + -- queue in case of dead connections, for example + local is_urgent_stanza, urgent_reason = is_urgent(event.stanza); + + local notify_push_services; + if is_urgent_stanza then + module:log("debug", "Urgent push for %s (%s)", to, urgent_reason); + notify_push_services = user_push_services; + else + -- only notify nodes with no active sessions (smacks is counted as active and handled separate) + notify_push_services = {}; + for identifier, push_info in pairs(user_push_services) do + local identifier_found = nil; + for _, session in pairs(user_session) do + if session.push_identifier == identifier then + identifier_found = session; + break; + end + end + if identifier_found then + identifier_found.log("debug", "Not cloud notifying '%s' of new MAM stanza (session still alive)", identifier); + else + notify_push_services[identifier] = push_info; + end + end + end + + handle_notify_request(event.stanza, to, notify_push_services, true); + end +end + +module:hook("smacks-hibernation-start", hibernate_session); +module:hook("smacks-hibernation-end", restore_session); +module:hook("smacks-ack-delayed", ack_delayed); +module:hook("smacks-hibernation-stanza-queued", process_smacks_stanza); +module:hook("archive-message-added", archive_message_added); + +local function send_ping(event) + local user = event.user; + local push_services = event.push_services or push_store:get(user); + module:log("debug", "Handling event 'cloud-notify-ping' for user '%s'", user); + local retval = handle_notify_request(nil, user, push_services, true); + module:log("debug", "handle_notify_request() returned %s", tostring(retval)); +end +-- can be used by other modules to ping one or more (or all) push endpoints +module:hook("cloud-notify-ping", send_ping); + +module:log("info", "Module loaded"); +function module.unload() + module:log("info", "Unloading module"); + -- cleanup some settings, reloading this module can cause process_smacks_stanza() to stop working otherwise + for user, _ in pairs(host_sessions) do + for _, session in pairs(host_sessions[user].sessions) do + if session.awaiting_push_timer then session.awaiting_push_timer:stop(); end + session.awaiting_push_timer = nil; + session.push_queue = nil; + session.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + module:log("info", "Module unloaded"); +end diff --git a/plugins/mod_cron.lua b/plugins/mod_cron.lua index 29c1aa93..77bdd7e5 100644 --- a/plugins/mod_cron.lua +++ b/plugins/mod_cron.lua @@ -8,6 +8,10 @@ local cron_spread_factor = module:get_option_number("cron_spread_factor", 0); local active_hosts = {} +if prosody.process_type == "prosodyctl" then + return; -- Yes, it happens... +end + function module.add_host(host_module) local last_run_times = host_module:open_store("cron", "map"); @@ -74,7 +78,7 @@ module:add_item("shell-command", { args = {}; handler = function(self, filter_host) local format_table = require("prosody.util.human.io").table; - local it = require("util.iterators"); + local it = require("prosody.util.iterators"); local row = format_table({ { title = "Host"; width = "2p" }; { title = "Task"; width = "3p" }; diff --git a/plugins/mod_flags.lua b/plugins/mod_flags.lua new file mode 100644 index 00000000..694b608b --- /dev/null +++ b/plugins/mod_flags.lua @@ -0,0 +1,157 @@ +local jid_node = require "prosody.util.jid".node; + +local flags = module:open_store("account_flags", "keyval+"); + +-- API + +function add_flag(username, flag, comment) + local flag_data = { + when = os.time(); + comment = comment; + }; + + local ok, err = flags:set_key(username, flag, flag_data); + if not ok then + return nil, err; + end + + module:fire_event("user-flag-added/"..flag, { + user = username; + flag = flag; + data = flag_data; + }); + + return true; +end + +function remove_flag(username, flag) + local ok, err = flags:set_key(username, flag, nil); + if not ok then + return nil, err; + end + + module:fire_event("user-flag-removed/"..flag, { + user = username; + flag = flag; + }); + + return true; +end + +function has_flag(username, flag) -- luacheck: ignore 131/has_flag + local ok, err = flags:get_key(username, flag); + if not ok and err then + error("Failed to check flags for user: "..err); + end + return not not ok; +end + +function get_flag_info(username, flag) -- luacheck: ignore 131/get_flag_info + return flags:get_key(username, flag); +end + +-- Shell commands + +local function get_username(jid) + return (assert(jid_node(jid), "please supply a valid user JID")); +end + +module:add_item("shell-command", { + section = "flags"; + section_desc = "View and manage flags on user accounts"; + name = "list"; + desc = "List flags for the given user account"; + args = { + { name = "jid", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid) --luacheck: ignore 212/self + local c = 0; + + local user_flags, err = flags:get(get_username(jid)); + + if not user_flags and err then + return false, "Unable to list flags: "..err; + end + + if user_flags then + local print = self.session.print; + + for flag_name, flag_data in pairs(user_flags) do + print(flag_name, os.date("%Y-%m-%d %R", flag_data.when), flag_data.comment); + c = c + 1; + end + end + + return true, ("%d flags listed"):format(c); + end; +}); + +module:add_item("shell-command", { + section = "flags"; + section_desc = "View and manage flags on user accounts"; + name = "add"; + desc = "Add a flag to the given user account, with optional comment"; + args = { + { name = "jid", type = "string" }; + { name = "flag", type = "string" }; + { name = "comment", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, flag, comment) --luacheck: ignore 212/self + local username = get_username(jid); + + local ok, err = add_flag(username, flag, comment); + if not ok then + return false, "Failed to add flag: "..err; + end + + return true, "Flag added"; + end; +}); + +module:add_item("shell-command", { + section = "flags"; + section_desc = "View and manage flags on user accounts"; + name = "remove"; + desc = "Remove a flag from the given user account"; + args = { + { name = "jid", type = "string" }; + { name = "flag", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, flag) --luacheck: ignore 212/self + local username = get_username(jid); + + local ok, err = remove_flag(username, flag); + if not ok then + return false, "Failed to remove flag: "..err; + end + + return true, "Flag removed"; + end; +}); + +module:add_item("shell-command", { + section = "flags"; + section_desc = "View and manage flags on user accounts"; + name = "find"; + desc = "Find all user accounts with a given flag on the specified host"; + args = { + { name = "host", type = "string" }; + { name = "flag", type = "string" }; + }; + host_selector = "host"; + handler = function(self, host, flag) --luacheck: ignore 212/self 212/host + local users_with_flag = flags:get_key_from_all(flag); + + local print = self.session.print; + local c = 0; + for user, flag_data in pairs(users_with_flag) do + print(user, os.date("%Y-%m-%d %R", flag_data.when), flag_data.comment); + c = c + 1; + end + + return true, ("%d accounts listed"):format(c); + end; +}); diff --git a/plugins/mod_http_altconnect.lua b/plugins/mod_http_altconnect.lua new file mode 100644 index 00000000..9252433e --- /dev/null +++ b/plugins/mod_http_altconnect.lua @@ -0,0 +1,52 @@ +-- mod_http_altconnect +-- XEP-0156: Discovering Alternative XMPP Connection Methods + +module:depends"http"; + +local mm = require "prosody.core.modulemanager"; +local json = require"prosody.util.json"; +local st = require"prosody.util.stanza"; +local array = require"prosody.util.array"; + +local advertise_bosh = module:get_option_boolean("advertise_bosh", true); +local advertise_websocket = module:get_option_boolean("advertise_websocket", true); + +local function get_supported() + local uris = array(); + if advertise_bosh and (mm.is_loaded(module.host, "bosh") or mm.is_loaded("*", "bosh")) then + uris:push({ rel = "urn:xmpp:alt-connections:xbosh", href = module:http_url("bosh", "/http-bind") }); + end + if advertise_websocket and (mm.is_loaded(module.host, "websocket") or mm.is_loaded("*", "websocket")) then + uris:push({ rel = "urn:xmpp:alt-connections:websocket", href = module:http_url("websocket", "xmpp-websocket"):gsub("^http", "ws") }); + end + return uris; +end + + +local function GET_xml(event) + local response = event.response; + local xrd = st.stanza("XRD", { xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0' }); + local uris = get_supported(); + for _, method in ipairs(uris) do + xrd:tag("Link", method):up(); + end + response.headers.content_type = "application/xrd+xml" + response.headers.access_control_allow_origin = "*"; + return '<?xml version="1.0" encoding="UTF-8"?>' .. tostring(xrd); +end + +local function GET_json(event) + local response = event.response; + local jrd = { links = get_supported() }; + response.headers.content_type = "application/json" + response.headers.access_control_allow_origin = "*"; + return json.encode(jrd); +end; + +module:provides("http", { + default_path = "/.well-known"; + route = { + ["GET /host-meta"] = GET_xml; + ["GET /host-meta.json"] = GET_json; + }; +}); diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 48972067..705420d0 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -224,6 +224,7 @@ function handle_slot_request(event) end total_storage_usage = total_storage_usage + filesize; + persist_stats:set(nil, "total", total_storage_usage); module:log("debug", "Total storage usage: %s / %s", B(total_storage_usage), B(total_storage_limit)); local cached_quota = quota_cache:get(uploader); diff --git a/plugins/mod_invites.lua b/plugins/mod_invites.lua index 5ee9430a..c93afaa8 100644 --- a/plugins/mod_invites.lua +++ b/plugins/mod_invites.lua @@ -6,6 +6,14 @@ local jid_split = require "prosody.util.jid".split; local argparse = require "prosody.util.argparse"; local human_io = require "prosody.util.human.io"; +local url_escape = require "prosody.util.http".urlencode; +local render_url = require "prosody.util.interpolation".new("%b{}", url_escape, { + urlescape = url_escape; + noscheme = function (urlstring) + return (urlstring:gsub("^[^:]+:", "")); + end; +}); + local default_ttl = module:get_option_period("invite_expiry", "1 week"); local token_storage; @@ -202,6 +210,34 @@ function use(token) --luacheck: ignore 131/use return invite and invite:use(); end +-- Point at e.g. a deployment of https://github.com/modernxmpp/easy-xmpp-invitation +-- This URL must always be absolute, as it is shared standalone +local invite_url_template = module:get_option_string("invites_page"); +local invites_page_supports = module:get_option_set("invites_page_supports", { "account", "contact", "account-and-contact" }); + +local function add_landing_url(invite) + if not invite_url_template or invite.landing_page then return; end + + -- Determine whether this type of invitation is supported by the landing page + local invite_type; + if invite.type == "register" then + invite_type = "account"; + elseif invite.type == "roster" then + if invite.allow_registration then + invite_type = "account-and-contact"; + else + invite_type = "contact-only"; + end + end + if not invites_page_supports:contains(invite_type) then + return; -- Invitation type unsupported + end + + invite.landing_page = render_url(invite_url_template, { host = module.host, invite = invite }); +end + +module:hook("invite-created", add_landing_url, -1); + --- shell command module:add_item("shell-command", { section = "invite"; @@ -222,6 +258,24 @@ module:add_item("shell-command", { module:add_item("shell-command", { section = "invite"; section_desc = "Create and manage invitations"; + name = "create_reset"; + desc = "Create a password reset link for the specified user"; + args = { { name = "user_jid", type = "string" }, { name = "duration", type = "string" } }; + host_selector = "user_jid"; + + handler = function (self, user_jid, duration) --luacheck: ignore 212/self + local username = jid_split(user_jid); + local duration_sec = require "prosody.util.human.io".parse_duration(duration or "1d"); + local invite, err = create_account_reset(username, duration_sec); + if not invite then return nil, err; end + self.session.print(invite.landing_page or invite.uri); + return true, ("Password reset link for %s valid until %s"):format(user_jid, os.date("%Y-%m-%d %T", invite.expires)); + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; name = "create_contact"; desc = "Create an invitation to become contacts with the specified user"; args = { { name = "user_jid", type = "string" }, { name = "allow_registration" } }; @@ -235,6 +289,146 @@ module:add_item("shell-command", { end; }); +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "show"; + desc = "Show details of an account invitation token"; + args = { { name = "host", type = "string" }, { name = "token", type = "string" } }; + host_selector = "host"; + + handler = function (self, host, token) --luacheck: ignore 212/self 212/host + local invite, err = get_account_invite_info(token); + if not invite then return nil, err; end + + local print = self.session.print; + + if invite.type == "roster" then + print("Invitation to register and become a contact of "..invite.jid); + elseif invite.type == "register" then + local jid_user, jid_host = jid_split(invite.jid); + if invite.additional_data and invite.additional_data.allow_reset then + print("Password reset for "..invite.additional_data.allow_reset.."@"..jid_host); + elseif jid_user then + print("Invitation to register on "..jid_host.." with username '"..jid_user.."'"); + else + print("Invitation to register on "..jid_host); + end + else + print("Unknown invitation type"); + end + + if invite.inviter then + print("Creator:", invite.inviter); + end + + print("Created:", os.date("%Y-%m-%d %T", invite.created_at)); + print("Expires:", os.date("%Y-%m-%d %T", invite.expires)); + + print(""); + + if invite.uri then + print("XMPP URI:", invite.uri); + end + + if invite.landing_page then + print("Web link:", invite.landing_page); + end + + if invite.additional_data then + print(""); + if invite.additional_data.roles then + if invite.additional_data.roles[1] then + print("Role:", invite.additional_data.roles[1]); + end + if invite.additional_data.roles[2] then + print("Secondary roles:", table.concat(invite.additional_data.roles, ", ", 2, #invite.additional_data.roles)); + end + end + if invite.additional_data.groups then + print("Groups:", table.concat(invite.additional_data.groups, ", ")); + end + if invite.additional_data.note then + print("Comment:", invite.additional_data.note); + end + end + + return true, "Invitation valid"; + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "delete"; + desc = "Delete/revoke an invitation token"; + args = { { name = "host", type = "string" }, { name = "token", type = "string" } }; + host_selector = "host"; + + handler = function (self, host, token) --luacheck: ignore 212/self 212/host + local invite, err = delete_account_invite(token); + if not invite then return nil, err; end + return true, "Invitation deleted"; + end; +}); + +module:add_item("shell-command", { + section = "invite"; + section_desc = "Create and manage invitations"; + name = "list"; + desc = "List pending invitations which allow account registration"; + args = { { name = "host", type = "string" } }; + host_selector = "host"; + + handler = function (self, host) -- luacheck: ignore 212/host + local print_row = human_io.table({ + { + title = "Token"; + key = "invite"; + width = 24; + mapper = function (invite) + return invite.token; + end; + }; + { + title = "Expires"; + key = "invite"; + width = 20; + mapper = function (invite) + return os.date("%Y-%m-%dT%T", invite.expires); + end; + }; + { + title = "Description"; + key = "invite"; + width = "100%"; + mapper = function (invite) + if invite.type == "roster" then + return "Contact with "..invite.jid; + elseif invite.type == "register" then + local jid_user, jid_host = jid_split(invite.jid); + if invite.additional_data and invite.additional_data.allow_reset then + return "Password reset for "..invite.additional_data.allow_reset.."@"..jid_host; + end + if jid_user then + return "Register on "..jid_host.." with username "..jid_user; + end + return "Register on "..jid_host; + end + end; + }; + }, self.session.width); + + self.session.print(print_row()); + local count = 0; + for _, invite in pending_account_invites() do + count = count + 1; + self.session.print(print_row({ invite = invite })); + end + return true, ("%d pending invites"):format(count); + end; +}); + local subcommands = {}; --- prosodyctl command diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 33eee2ec..b0dfe423 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -531,3 +531,6 @@ module:hook_global("user-deleted", function(event) recipients[username] = nil; end); +module:require("mod_pubsub/commands").add_commands(function (service_jid) + return get_pep_service((jid_split(service_jid))); +end); diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index f939fa00..c3d6bc04 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -54,11 +54,12 @@ function handle_normal_presence(origin, stanza) if priority < -128 then priority = -128 end if priority > 127 then priority = 127 end else priority = 0; end + + local node, host = origin.username, origin.host; + local roster = origin.roster; if full_sessions[origin.full_jid] then -- if user is still connected origin.send(stanza); -- reflect their presence back to them end - local roster = origin.roster; - local node, host = origin.username, origin.host; local user = bare_sessions[node.."@"..host]; for _, res in pairs(user and user.sessions or NULL) do -- broadcast to all resources if res ~= origin and res.presence then -- to resource @@ -72,6 +73,13 @@ function handle_normal_presence(origin, stanza) core_post_stanza(origin, stanza, true); end end + + -- It's possible that after the network activity above, the origin + -- has been disconnected (particularly if something happened while + -- sending the reflection). So we abort further presence processing + -- in that case. + if not origin.type then return; end + stanza.attr.to = nil; if stanza.attr.type == nil and not origin.presence then -- initial presence module:fire_event("presence/initial", { origin = origin, stanza = stanza } ); diff --git a/plugins/mod_pubsub/commands.lib.lua b/plugins/mod_pubsub/commands.lib.lua new file mode 100644 index 00000000..d07b226f --- /dev/null +++ b/plugins/mod_pubsub/commands.lib.lua @@ -0,0 +1,239 @@ +local it = require "prosody.util.iterators"; +local st = require "prosody.util.stanza"; + +local pubsub_lib = module:require("mod_pubsub/pubsub"); + +local function add_commands(get_service) + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "list_nodes"; + desc = "List nodes on a pubsub service"; + args = { + { name = "service_jid", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + local nodes = select(2, assert(service:get_nodes(true))); + local count = 0; + for node_name in pairs(nodes) do + count = count + 1; + self.session.print(node_name); + end + return true, ("%d nodes"):format(count); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "list_items"; + desc = "List items on a pubsub node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + local items = select(2, assert(service:get_items(node_name, true))); + + local count = 0; + for item_name in pairs(items) do + count = count + 1; + self.session.print(item_name); + end + return true, ("%d items"):format(count); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "get_item"; + desc = "Show item content on a pubsub node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + { name = "item_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name, item_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + local items = select(2, assert(service:get_items(node_name, true))); + + if not items[item_name] then + return false, "Item not found"; + end + + self.session.print(items[item_name]); + + return true; + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "get_node_config"; + desc = "Get the current configuration for a node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + { name = "option_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name, option_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + local config = select(2, assert(service:get_node_config(node_name, true))); + + local config_form = pubsub_lib.node_config_form:form(config, "submit"); + + local count = 0; + if option_name then + count = 1; + local field = config_form:get_child_with_attr("field", nil, "var", option_name); + if not field then + return false, "option not found"; + end + self.session.print(field:get_child_text("value")); + else + local opts = {}; + for field in config_form:childtags("field") do + opts[field.attr.var] = field:get_child_text("value"); + end + for k, v in it.sorted_pairs(opts) do + count = count + 1; + self.session.print(k, v); + end + end + + return true, ("Showing %d config options"):format(count); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "set_node_config_option"; + desc = "Set a config option on a pubsub node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + { name = "option_name", type = "string" }; + { name = "option_value", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name, option_name, option_value) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + local config = select(2, assert(service:get_node_config(node_name, true))); + + local new_config_form = st.stanza("x", { xmlns = "jabber:x:data" }) + :tag("field", { var = option_name }) + :text_tag("value", option_value) + :up(); + + local new_config = pubsub_lib.node_config_form:data(new_config_form, config); + + assert(service:set_node_config(node_name, true, new_config)); + + local applied_config = select(2, assert(service:get_node_config(node_name, true))); + + local applied_config_form = pubsub_lib.node_config_form:form(applied_config, "submit"); + local applied_field = applied_config_form:get_child_with_attr("field", nil, "var", option_name); + if not applied_field then + return false, "Unknown config field: "..option_name; + end + return true, "Applied config: "..applied_field:get_child_text("value"); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "delete_item"; + desc = "Delete a single item from a node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + { name = "item_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name, item_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + return assert(service:retract(node_name, true, item_name)); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "delete_all_items"; + desc = "Delete all items from a node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + { name = "notify_subscribers", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name, notify_subscribers) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + return assert(service:purge(node_name, true, notify_subscribers == "true")); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "create_node"; + desc = "Create a new node"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + return assert(service:create(node_name, true)); + end; + }); + + module:add_item("shell-command", { + section = "pubsub"; + section_desc = "Manage publish/subscribe nodes"; + name = "delete_node"; + desc = "Delete a node entirely"; + args = { + { name = "service_jid", type = "string" }; + { name = "node_name", type = "string" }; + }; + host_selector = "service_jid"; + + handler = function (self, service_jid, node_name) --luacheck: ignore 212/self + -- luacheck: ignore 431/service + local service = get_service(service_jid); + return assert(service:delete(node_name, true)); + end; + }); +end + +return { + add_commands = add_commands; +} diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index c17d9e63..5a590893 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -184,8 +184,11 @@ module:hook("host-disco-items", function (event) if not ok then return; end - for node, node_obj in pairs(ret) do - reply:tag("item", { jid = module.host, node = node, name = node_obj.config.title }):up(); + for node in pairs(ret) do + local ok, meta = service:get_node_metadata(node, stanza.attr.from); + if ok then + reply:tag("item", { jid = module.host, node = node, name = meta.title }):up(); + end end end); @@ -205,7 +208,7 @@ local function get_affiliation(jid, _, action) -- Only one affiliation is allowed to create nodes by default return "owner"; end - if module:may(":service-admin", bare_jid) then + if module:could(":service-admin", bare_jid) then return admin_aff; end end @@ -274,41 +277,4 @@ local function get_service(service_jid) return assert(assert(prosody.hosts[service_jid], "Unknown pubsub service").modules.pubsub, "Not a pubsub service").service; end -module:add_item("shell-command", { - section = "pubsub"; - section_desc = "Manage publish/subscribe nodes"; - name = "create_node"; - desc = "Create a node with the specified name"; - args = { - { name = "service_jid", type = "string" }; - { name = "node_name", type = "string" }; - }; - host_selector = "service_jid"; - - handler = function (self, service_jid, node_name) --luacheck: ignore 212/self - return get_service(service_jid):create(node_name, true); - end; -}); - -module:add_item("shell-command", { - section = "pubsub"; - section_desc = "Manage publish/subscribe nodes"; - name = "list_nodes"; - desc = "List nodes on a pubsub service"; - args = { - { name = "service_jid", type = "string" }; - }; - host_selector = "service_jid"; - - handler = function (self, service_jid) --luacheck: ignore 212/self - -- luacheck: ignore 431/service - local service = get_service(service_jid); - local nodes = select(2, assert(service:get_nodes(true))); - local count = 0; - for node_name in pairs(nodes) do - count = count + 1; - self.session.print(node_name); - end - return true, ("%d nodes"):format(count); - end; -}); +module:require("commands").add_commands(get_service); diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua index 82016d27..5ffdfe1a 100644 --- a/plugins/mod_roster.lua +++ b/plugins/mod_roster.lua @@ -15,10 +15,11 @@ local jid_prep = require "prosody.util.jid".prep; local tonumber = tonumber; local pairs = pairs; -local rm_load_roster = require "prosody.core.rostermanager".load_roster; -local rm_remove_from_roster = require "prosody.core.rostermanager".remove_from_roster; -local rm_add_to_roster = require "prosody.core.rostermanager".add_to_roster; -local rm_roster_push = require "prosody.core.rostermanager".roster_push; +local rostermanager = require "prosody.core.rostermanager"; +local rm_load_roster = rostermanager.load_roster; +local rm_remove_from_roster = rostermanager.remove_from_roster; +local rm_add_to_roster = rostermanager.add_to_roster; +local rm_roster_push = rostermanager.roster_push; module:add_feature("jabber:iq:roster"); @@ -147,3 +148,168 @@ module:hook_global("user-deleted", function(event) end end end, 300); + +-- API/commands + +-- Make a *one-way* subscription. User will see when contact is online, +-- contact will not see when user is online. +function subscribe(user_jid, contact_jid) + local user_username, user_host = jid_split(user_jid); + local contact_username, contact_host = jid_split(contact_jid); + + -- Update user's roster to say subscription request is pending. Bare hosts (e.g. components) don't have rosters. + if user_username ~= nil then + rostermanager.set_contact_pending_out(user_username, user_host, contact_jid); + end + + if prosody.hosts[contact_host] then -- Sending to a local host? + -- Update contact's roster to say subscription request is pending... + rostermanager.set_contact_pending_in(contact_username, contact_host, user_jid); + -- Update contact's roster to say subscription request approved... + rostermanager.subscribed(contact_username, contact_host, user_jid); + -- Update user's roster to say subscription request approved. Bare hosts (e.g. components) don't have rosters. + if user_username ~= nil then + rostermanager.process_inbound_subscription_approval(user_username, user_host, contact_jid); + end + else + -- Send a subscription request + local sub_request = st.presence({ from = user_jid, to = contact_jid, type = "subscribe" }); + module:send(sub_request); + end + + return true; +end + +-- Make a mutual subscription between jid1 and jid2. Each JID will see +-- when the other one is online. +function subscribe_both(jid1, jid2) + local ok1, err1 = subscribe(jid1, jid2); + local ok2, err2 = subscribe(jid2, jid1); + return ok1 and ok2, err1 or err2; +end + +-- Unsubscribes user from contact (not contact from user, if subscribed). +function unsubscribe(user_jid, contact_jid) + local user_username, user_host = jid_split(user_jid); + local contact_username, contact_host = jid_split(contact_jid); + + -- Update user's roster to say subscription is cancelled... + rostermanager.unsubscribe(user_username, user_host, contact_jid); + if prosody.hosts[contact_host] then -- Local host? + -- Update contact's roster to say subscription is cancelled... + rostermanager.unsubscribed(contact_username, contact_host, user_jid); + end + return true; +end + +-- Cancel any subscription in either direction. +function unsubscribe_both(jid1, jid2) + local ok1 = unsubscribe(jid1, jid2); + local ok2 = unsubscribe(jid2, jid1); + return ok1 and ok2; +end + +module:add_item("shell-command", { + section = "roster"; + section_desc = "View and manage user rosters (contact lists)"; + name = "show"; + desc = "Show a user's current roster"; + args = { + { name = "jid", type = "string" }; + { name = "sub", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, sub) --luacheck: ignore 212/self + local print = self.session.print; + local it = require "prosody.util.iterators"; + + local roster = assert(rm_load_roster(jid_split(jid))); + + local function sort_func(a, b) + if type(a) == "string" and type(b) == "string" then + return a < b; + else + return a == false; + end + end + + local count = 0; + if sub == "pending" then + local pending_subs = roster[false].pending or {}; + for pending_jid in it.sorted_pairs(pending_subs) do + print(pending_jid); + end + else + for contact, item in it.sorted_pairs(roster, sort_func) do + if contact and (not sub or sub == item.subscription) then + count = count + 1; + print(contact, ("sub=%s\task=%s"):format(item.subscription or "none", item.ask or "none")); + end + end + end + + return true, ("Showing %d entries"):format(count); + end; +}); + +module:add_item("shell-command", { + section = "roster"; + section_desc = "View and manage user rosters (contact lists)"; + name = "subscribe"; + desc = "Subscribe a user to another JID"; + args = { + { name = "jid", type = "string" }; + { name = "contact", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, contact) --luacheck: ignore 212/self + return subscribe(jid, contact); + end; +}); + +module:add_item("shell-command", { + section = "roster"; + section_desc = "View and manage user rosters (contact lists)"; + name = "subscribe_both"; + desc = "Subscribe a user and a contact JID to each other"; + args = { + { name = "jid", type = "string" }; + { name = "contact", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, contact) --luacheck: ignore 212/self + return subscribe_both(jid, contact); + end; +}); + + +module:add_item("shell-command", { + section = "roster"; + section_desc = "View and manage user rosters (contact lists)"; + name = "unsubscribe"; + desc = "Unsubscribe a user from another JID"; + args = { + { name = "jid", type = "string" }; + { name = "contact", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, contact) --luacheck: ignore 212/self + return unsubscribe(jid, contact); + end; +}); + +module:add_item("shell-command", { + section = "roster"; + section_desc = "View and manage user rosters (contact lists)"; + name = "unsubscribe_both"; + desc = "Unubscribe a user and a contact JID from each other"; + args = { + { name = "jid", type = "string" }; + { name = "contact", type = "string" }; + }; + host_selector = "jid"; + handler = function(self, jid, contact) --luacheck: ignore 212/self + return unsubscribe_both(jid, contact); + end; +}); + diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 8eb1565e..84ae34b5 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -1097,6 +1097,10 @@ module:provides("net", { -- FIXME This only applies to Direct TLS, which we don't use yet. -- This gets applied for real in mod_tls verify = { "peer", "client_once", }; + verifyext = { + "lsec_continue", -- Continue past certificate verification errors + "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates + }; }; multiplex = { protocol = "xmpp-server"; @@ -1111,6 +1115,10 @@ module:provides("net", { encryption = "ssl"; ssl_config = { verify = { "peer", "client_once", }; + verifyext = { + "lsec_continue", -- Continue past certificate verification errors + "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates + }; }; multiplex = { protocol = "xmpp-server"; diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index b6cd31c8..9544e913 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -15,11 +15,11 @@ local base64 = require "prosody.util.encodings".base64; local set = require "prosody.util.set"; local errors = require "prosody.util.error"; local hex = require "prosody.util.hex"; -local pem2der = require"util.x509".pem2der; -local hashes = require"util.hashes"; +local pem2der = require"prosody.util.x509".pem2der; +local hashes = require "prosody.util.hashes"; local ssl = require "ssl"; -- FIXME Isolate LuaSec from the rest of the code -local certmanager = require "core.certmanager"; +local certmanager = require "prosody.core.certmanager"; local pm_get_tls_config_at = require "prosody.core.portmanager".get_tls_config_at; local usermanager_get_sasl_handler = require "prosody.core.usermanager".get_sasl_handler; diff --git a/plugins/mod_smacks.lua b/plugins/mod_smacks.lua index 2b131031..65d410e0 100644 --- a/plugins/mod_smacks.lua +++ b/plugins/mod_smacks.lua @@ -541,13 +541,17 @@ module:hook("pre-resource-unbind", function (event) return end - prosody.main_thread:run(function () - session.log("debug", "Destroying session for hibernating too long"); - save_old_session(session); - session.resumption_token = nil; - sessionmanager.destroy_session(session, "Hibernating too long"); - sessions_expired(1); - end); + session.thread:run({ + event = "callback"; + name = "mod_smacks/destroy_hibernating"; + callback = function () + session.log("debug", "Destroying session for hibernating too long"); + save_old_session(session); + session.resumption_token = nil; + sessionmanager.destroy_session(session, "Hibernating too long"); + sessions_expired(1); + end; + }); end); if session.conn then local conn = session.conn; diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 3f606160..ff44adba 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -14,11 +14,11 @@ local t_concat = table.concat; local have_dbisql, dbisql = pcall(require, "prosody.util.sql"); local have_sqlite, sqlite = pcall(require, "prosody.util.sqlite3"); if not have_dbisql then - module:log("debug", "Could not load LuaDBI, error was: %s", dbisql) + module:log("debug", "Could not load LuaDBI: %s", dbisql) dbisql = nil; end if not have_sqlite then - module:log("debug", "Could not load LuaSQLite3, error was: %s", sqlite) + module:log("debug", "Could not load LuaSQLite3: %s", sqlite) sqlite = nil; end if not (have_dbisql or have_sqlite) then @@ -38,6 +38,20 @@ local function iterator(result) end, result, nil; end +-- COMPAT Support for UPSERT is not in all versions of all compatible databases. +local function has_upsert(engine) + if engine.params.driver == "SQLite3" then + -- SQLite3 >= 3.24.0 + return engine.sqlite_version and (engine.sqlite_version[2] or 0) >= 24; + elseif engine.params.driver == "PostgreSQL" then + -- PostgreSQL >= 9.5 + -- Versions without support have long since reached end of life. + return true; + end + -- We don't support UPSERT on MySQL/MariaDB, they seem to have a completely different syntax, uncertaint from which versions. + return false +end + local default_params = { driver = "SQLite3" }; local engine; @@ -225,7 +239,7 @@ function map_store:set_keys(username, keydatas) LIMIT 1; ]]; for key, data in pairs(keydatas) do - if type(key) == "string" and key ~= "" and engine.params.driver ~= "MySQL" and data ~= self.remove then + if type(key) == "string" and key ~= "" and has_upsert(engine) and data ~= self.remove then local t, value = assert(serialize(data)); engine:insert(upsert_sql, host, username or "", self.store, key, t, value, t, value); elseif type(key) == "string" and key ~= "" then @@ -933,6 +947,14 @@ function module.load() local opt, val = option:match("^([^=]+)=(.*)$"); compile_options[opt or option] = tonumber(val) or val or true; end + -- COMPAT Need to check SQLite3 version because SQLCipher 3.x was based on SQLite3 prior to 3.24.0 when UPSERT was introduced + for row in engine:select("SELECT sqlite_version()") do + local version = {}; + for n in row[1]:gmatch("%d+") do + table.insert(version, tonumber(n)); + end + engine.sqlite_version = version; + end engine.sqlite_compile_options = compile_options; local journal_mode = "delete"; @@ -1003,7 +1025,7 @@ function module.command(arg) end print(""); print("Ensure you have working backups of the above databases before continuing! "); - if not hi.show_yesno("Continue with the database upgrade? [yN]") then + if false == hi.show_yesno("Continue with the database upgrade? [yN]") then print("Ok, no upgrade. But you do have backups, don't you? ...don't you?? :-)"); return; end diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 95b0f8d6..4760788b 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -133,7 +133,7 @@ local function clear_expired_grant_tokens(grant, now) now = now or os.time(); for secret, token_info in pairs(grant.tokens) do local expires = token_info.expires; - if expires and expires < now then + if expires and expires <= now then grant.tokens[secret] = nil; updated = true; end @@ -155,7 +155,7 @@ local function _get_validated_grant_info(username, grant) module:log("debug", "Token grant %s of %s issued before last password change, invalidating it now", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "not-authorized"; - elseif grant.expires and grant.expires < now then + elseif grant.expires and grant.expires <= now then module:log("debug", "Token grant %s of %s expired, cleaning up", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -169,14 +169,14 @@ local function _get_validated_grant_info(username, grant) local found_expired = false for secret_hash, token_info in pairs(grant.tokens) do - if token_info.expires and token_info.expires < now then + if token_info.expires and token_info.expires <= now then module:log("debug", "Token %s of grant %s of %s has expired, cleaning it up", secret_hash:sub(-8), grant.id, username); grant.tokens[secret_hash] = nil; found_expired = true; end end - if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then + if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime <= now then module:log("debug", "Token %s of %s grant has no tokens, discarding", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -212,7 +212,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token -- Check expiry local now = os.time(); - if token_info.expires and token_info.expires < now then + if token_info.expires and token_info.expires <= now then module:log("debug", "Token has expired, cleaning it up"); grant.tokens[secret_hash] = nil; token_store:set_key(token_user, token_id, grant); diff --git a/plugins/mod_vcard.lua b/plugins/mod_vcard.lua index ea6839bb..dfd43363 100644 --- a/plugins/mod_vcard.lua +++ b/plugins/mod_vcard.lua @@ -6,13 +6,24 @@ -- COPYING file in the source package for more information. -- +local base64 = require "prosody.util.encodings".base64; +local jid = require "prosody.util.jid"; +local sha1 = require "prosody.util.hashes".sha1; local st = require "prosody.util.stanza" local jid_split = require "prosody.util.jid".split; -local vcards = module:open_store(); +local store_name = module:get_option_string("vcard_store_name"); + +local is_component = module:get_host_type() == "component"; +if is_component and not store_name and module:get_option_string("component_module") == "muc" then + store_name = "vcard_muc"; +end + +local vcards = module:open_store(store_name); module:add_feature("vcard-temp"); + local function handle_vcard(event) local session, stanza = event.origin, event.stanza; local to = stanza.attr.to; @@ -21,7 +32,7 @@ local function handle_vcard(event) if to then local node = jid_split(to); vCard = st.deserialize(vcards:get(node)); -- load vCard for user or server - else + elseif not is_component then vCard = st.deserialize(vcards:get(session.username));-- load user's own vCard end if vCard then @@ -30,9 +41,11 @@ local function handle_vcard(event) session.send(st.error_reply(stanza, "cancel", "item-not-found")); end else -- stanza.attr.type == "set" - if not to then - if vcards:set(session.username, st.preserialize(stanza.tags[1])) then + if not to or (is_component and event.allow_vcard_modification) then + local node = is_component and jid.node(stanza.attr.to) or session.username; + if vcards:set(node, st.preserialize(stanza.tags[1])) then session.send(st.reply(stanza)); + module:fire_event("vcard-updated", event); else -- TODO unable to write file, file may be locked, etc, what's the correct error? session.send(st.error_reply(stanza, "wait", "internal-server-error")); @@ -46,3 +59,14 @@ end module:hook("iq/bare/vcard-temp:vCard", handle_vcard); module:hook("iq/host/vcard-temp:vCard", handle_vcard); + +function get_avatar_hash(username) + local vcard = st.deserialize(vcards:get(username)); + if not vcard then return end + local photo = vcard:get_child("PHOTO"); + if not photo then return end + + local photo_b64 = photo:get_child_text("BINVAL"); + local photo_raw = photo_b64 and base64.decode(photo_b64); + return (sha1(photo_raw, true)); +end diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 7120f3cc..dfc1a215 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -367,6 +367,8 @@ function module.add_host(module) }; }); + module:depends("http_altconnect", true); + module:hook("c2s-read-timeout", keepalive, -0.9); end diff --git a/plugins/muc/hats.lib.lua b/plugins/muc/hats.lib.lua index 7eb71eb4..7ccf194e 100644 --- a/plugins/muc/hats.lib.lua +++ b/plugins/muc/hats.lib.lua @@ -1,7 +1,7 @@ local st = require "prosody.util.stanza"; local muc_util = module:require "muc/util"; -local hats_compat = module:get_option_boolean("muc_hats_compat", true); -- COMPAT for pre-XEP namespace, TODO reconsider default for next release +local hats_compat = module:get_option_boolean("muc_hats_compat", false); -- COMPAT for pre-XEP namespace local xmlns_hats_legacy = "xmpp:prosody.im/protocol/hats:1"; local xmlns_hats = "urn:xmpp:hats:0"; diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 1dc99f07..2ce6e19a 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -116,6 +116,10 @@ module:depends "muc_unique" module:require "muc/hats"; module:require "muc/lock"; +if module:get_option_boolean("muc_vcard", true) ~= false then + module:require "muc/vcard"; +end + module:default_permissions("prosody:admin", { ":automatic-ownership"; ":create-room"; diff --git a/plugins/muc/occupant_id.lib.lua b/plugins/muc/occupant_id.lib.lua index b1081c9b..2252799d 100644 --- a/plugins/muc/occupant_id.lib.lua +++ b/plugins/muc/occupant_id.lib.lua @@ -1,4 +1,4 @@ --- Implementation of https://xmpp.org/extensions/inbox/occupant-id.html +-- Implementation of https://xmpp.org/extensions/xep-0421.html -- XEP-0421: Anonymous unique occupant identifiers for MUCs -- (C) 2020 Maxime “pep” Buquet <pep@bouah.net> diff --git a/plugins/muc/restrict_pm.lib.lua b/plugins/muc/restrict_pm.lib.lua index e0b25cc8..3c91b921 100644 --- a/plugins/muc/restrict_pm.lib.lua +++ b/plugins/muc/restrict_pm.lib.lua @@ -1,7 +1,7 @@ -- Based on code from mod_muc_restrict_pm in prosody-modules@d82c0383106a -- by Nicholas George <wirlaburla@worlio.com> -local st = require "util.stanza"; +local st = require "prosody.util.stanza"; local muc_util = module:require "muc/util"; local valid_roles = muc_util.valid_roles; diff --git a/plugins/muc/vcard.lib.lua b/plugins/muc/vcard.lib.lua new file mode 100644 index 00000000..f9f97721 --- /dev/null +++ b/plugins/muc/vcard.lib.lua @@ -0,0 +1,82 @@ +local mod_vcard = module:depends("vcard"); + +local jid = require "prosody.util.jid"; +local st = require "prosody.util.stanza"; + +-- This must be the same event that mod_vcard hooks +local vcard_event = "iq/bare/vcard-temp:vCard"; +local advertise_hashes = module:get_option("muc_avatar_advertise_hashes"); + +--luacheck: ignore 113/get_room_from_jid + +local function get_avatar_hash(room) + if room.avatar_hash then return room.avatar_hash; end + + local room_node = jid.split(room.jid); + local hash = mod_vcard.get_avatar_hash(room_node); + room.avatar_hash = hash; + + return hash; +end + +local function send_avatar_hash(room, to) + local hash = get_avatar_hash(room); + if not hash and to then return; end -- Don't announce when no avatar + + local presence_vcard = st.presence({to = to, from = room.jid}) + :tag("x", { xmlns = "vcard-temp:x:update" }) + :tag("photo"):text(hash):up(); + + if to == nil then + if not advertise_hashes or advertise_hashes == "presence" then + room:broadcast_message(presence_vcard); + end + if not advertise_hashes or advertise_hashes == "message" then + room:broadcast_message(st.message({ from = room.jid, type = "groupchat" }) + :tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }) + :tag("status", { code = "104" })); + end + + else + module:send(presence_vcard); + end +end + +module:hook(vcard_event, function (event) + local stanza = event.stanza; + local to = stanza.attr.to; + + if stanza.attr.type ~= "set" then + return; + end + + local room = get_room_from_jid(to); + if not room then + return; + end + + local sender_affiliation = room:get_affiliation(stanza.attr.from); + if sender_affiliation == "owner" then + event.allow_vcard_modification = true; + end +end, 10); + +if advertise_hashes ~= "none" then + module:hook("muc-occupant-joined", function (event) + send_avatar_hash(event.room, event.stanza.attr.from); + end); + module:hook("vcard-updated", function (event) + local room = get_room_from_jid(event.stanza.attr.to); + send_avatar_hash(room, nil); + end); +end + +module:hook("muc-disco#info", function (event) + event.reply:tag("feature", { var = "vcard-temp" }):up(); + + table.insert(event.form, { + name = "muc#roominfo_avatarhash", + type = "text-multi", + }); + event.formdata["muc#roominfo_avatarhash"] = get_avatar_hash(event.room); +end); diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index 267a650c..65eedc7d 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -9,6 +9,8 @@ -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- +-- Upgrading from a previous release? Check https://prosody.im/doc/upgrading +-- -- The only thing left to do is rename this file to remove the .dist ending, and fill in the -- blanks. Good luck, and happy Jabbering! @@ -51,6 +53,8 @@ modules_enabled = { "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard -- Nice to have + "account_activity"; -- Record time when an account was last used + "cloud_notify"; -- Push notifications for mobile devices "csi_simple"; -- Simple but effective traffic optimizations for mobile devices "invites"; -- Create and manage invites "invites_adhoc"; -- Allow admins/users to create invitations via their client @@ -75,7 +79,6 @@ modules_enabled = { -- Other specific functionality --"announce"; -- Send announcement to all online users --"groups"; -- Shared roster support - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"mimicking"; -- Prevent address spoofing --"motd"; -- Send a message to users when they log in --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use @@ -92,7 +95,6 @@ modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections - -- "posix"; -- POSIX functionality, sends server to background, etc. } @@ -78,8 +78,6 @@ local read_password = human_io.read_password; local call_luarocks = prosodyctl.call_luarocks; local error_messages = prosodyctl.error_messages; -local jid_split = require "prosody.util.jid".prepped_split; - local prosodyctl_timeout = (configmanager.get("*", "prosodyctl_timeout") or 5) * 2; ----------------------- local commands = {}; @@ -146,38 +144,9 @@ function commands.adduser(arg) show_usage([[adduser JID]], [[Create the specified user account in Prosody]]); return opts.help and 0 or 1; end - local user, host = jid_split(arg[1]); - if not user and host then - show_message [[Failed to understand JID, please supply the JID you want to create]] - show_usage [[adduser user@host]] - return 1; - end - - if not host then - show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; - return 1; - end - - if not prosody.hosts[host] then - show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) - show_warning("The user will not be able to log in until this is changed."); - prosody.hosts[host] = startup.make_host(host); --luacheck: ignore 122 - end - - if prosodyctl.user_exists{ user = user, host = host } then - show_message [[That user already exists]]; - return 1; - end - - local password = read_password(); - if not password then return 1; end - - local ok, msg = prosodyctl.adduser { user = user, host = host, password = password }; - - if ok then return 0; end - show_message(error_messages[msg]) - return 1; + local shell = require "prosody.util.prosodyctl.shell"; + return shell.shell({ ("user:create(%q, nil, %q)"):format(arg[1], "prosody:member") }); end function commands.passwd(arg) @@ -186,38 +155,9 @@ function commands.passwd(arg) show_usage([[passwd JID]], [[Set the password for the specified user account in Prosody]]); return opts.help and 0 or 1; end - local user, host = jid_split(arg[1]); - if not user and host then - show_message [[Failed to understand JID, please supply the JID you want to set the password for]] - show_usage [[passwd user@host]] - return 1; - end - if not host then - show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; - return 1; - end - - if not prosody.hosts[host] then - show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) - show_warning("The user will not be able to log in until this is changed."); - prosody.hosts[host] = startup.make_host(host); --luacheck: ignore 122 - end - - if not prosodyctl.user_exists { user = user, host = host } then - show_message [[That user does not exist, use prosodyctl adduser to create a new user]] - return 1; - end - - local password = read_password(); - if not password then return 1; end - - local ok, msg = prosodyctl.passwd { user = user, host = host, password = password }; - - if ok then return 0; end - - show_message(error_messages[msg]) - return 1; + local shell = require "prosody.util.prosodyctl.shell"; + return shell.shell({ ("user:password(%q, nil)"):format(arg[1]) }); end function commands.deluser(arg) @@ -226,34 +166,9 @@ function commands.deluser(arg) show_usage([[deluser JID]], [[Permanently remove the specified user account from Prosody]]); return opts.help and 0 or 1; end - local user, host = jid_split(arg[1]); - if not user and host then - show_message [[Failed to understand JID, please supply the JID to the user account you want to delete]] - show_usage [[deluser user@host]] - return 1; - end - - if not host then - show_message [[Please specify a JID, including a host. e.g. alice@example.com]]; - return 1; - end - if not prosody.hosts[host] then - show_warning("The host '%s' is not listed in the configuration file (or is not enabled).", host) - prosody.hosts[host] = startup.make_host(host); --luacheck: ignore 122 - end - - if not prosodyctl.user_exists { user = user, host = host } then - show_message [[That user does not exist on this server]] - return 1; - end - - local ok, msg = prosodyctl.deluser { user = user, host = host }; - - if ok then return 0; end - - show_message(error_messages[msg]) - return 1; + local shell = require "prosody.util.prosodyctl.shell"; + return shell.shell({ ("user:delete(%q)"):format(arg[1]) }); end local function has_init_system() --> which @@ -267,15 +182,29 @@ end local function service_command_warning(service_command) if prosody.installed and configmanager.get("*", "prosodyctl_service_warnings") ~= false then - show_warning("WARNING: Use of prosodyctl start/stop/restart/reload is not recommended"); - show_warning(" if Prosody is managed by an init system - use that directly instead."); + show_warning("ERROR: Use of 'prosodyctl %s' is disabled in this installation because", service_command); + local init = has_init_system() - if init == "systemd" then - show_warning(" e.g. systemctl %s prosody", service_command); - elseif init == "rc.d" then - show_warning(" e.g. /etc/init.d/prosody %s", service_command); + if init then + show_warning(" we detected that this system uses %s for managing services.", init); + show_warning(""); + show_warning(" To avoid problems, use that directly instead. For example:"); + show_warning(""); + if init == "systemd" then + show_warning(" systemctl %s prosody", service_command); + elseif init == "rc.d" then + show_warning(" /etc/init.d/prosody %s", service_command); + end + else + show_warning(" it may conflict with your system's service manager."); + show_warning(""); end - show_warning(""); + + show_warning(" Proceeding to use prosodyctl may cause process management issues."); + show_warning(" You can pass --force to override this warning, or set"); + show_warning(" prosodyctl_service_warnings = false in your global config."); + + os.exit(1); end end @@ -285,7 +214,9 @@ function commands.start(arg) show_usage([[start]], [[Start Prosody]]); return 0; end - service_command_warning("start"); + if not opts.force then + service_command_warning("start"); + end local ok, ret = prosodyctl.isrunning(); if not ok then show_message(error_messages[ret]); @@ -386,9 +317,15 @@ function commands.stop(arg) return 0; end - service_command_warning("stop"); + if not opts.force then + service_command_warning("stop"); + end - if not prosodyctl.isrunning() then + local ok, running = prosodyctl.isrunning(); + if not ok then + show_message(error_messages[running]); + return 1; + elseif not running then show_message("Prosody is not running"); return 1; end @@ -397,7 +334,7 @@ function commands.stop(arg) if ok then local i=1; while true do - local ok, running = prosodyctl.isrunning(); + local ok, running = prosodyctl.isrunning(); --luacheck: ignore 421 if ok and not running then break; elseif i == 5 then @@ -424,7 +361,9 @@ function commands.restart(arg) return 1; end - service_command_warning("restart"); + if not opts.force then + service_command_warning("restart"); + end commands.stop(arg); return commands.start(arg); @@ -558,6 +497,28 @@ function commands.about(arg) print(""); end +function commands.version(arg) + local flags = { short_params = { h = "help"; ["?"] = "help", v = "verbose" } }; + local opts = parse_args(arg, flags); + if opts.help then + show_usage("version [-v]", [[Show current Prosody version, or more]]); + return 0; + elseif opts.verbose then + return commands.about(arg); + end + + print("Prosody "..(prosody.version or "(unknown version)")); +end + +function commands.lua_paths() + local function shell_escape(s) + return "'" .. tostring(s):gsub("'",[['\'']]) .. "'"; + end + + print("LUA_PATH="..shell_escape(package.path)); + print("LUA_CPATH="..shell_escape(package.cpath)); +end + function commands.reload(arg) local opts = parse_args(arg, only_help); if opts.help then @@ -565,22 +526,34 @@ function commands.reload(arg) return 0; end - if arg[1] and arg[1]:match"^mod_" then - -- TODO reword the usage text, document - local shell = require "prosody.util.prosodyctl.shell"; - arg[1] = arg[1]:match("^mod_(.*)"); -- strip mod_ prefix - table.insert(arg, 1, "module"); - table.insert(arg, 2, "reload"); - return shell.shell(arg); + local shell = require "prosody.util.prosodyctl.shell"; + if shell.available() then + if arg[1] and arg[1]:match"^mod_" then + -- TODO reword the usage text, document + arg[1] = arg[1]:match("^mod_(.*)"); -- strip mod_ prefix + table.insert(arg, 1, "module"); + table.insert(arg, 2, "reload"); + return shell.shell(arg); + end + return shell.shell({ "config", "reload" }); + elseif arg[1] then + show_message("Admin socket not found - is it enabled and is Prosody running?"); + return 1; end - service_command_warning("reload"); - - if not prosodyctl.isrunning() then + local ok, running = prosodyctl.isrunning(); + if not ok then + show_message(error_messages[running]); + return 1; + elseif not running then show_message("Prosody is not running"); return 1; end + if not opts.force then + service_command_warning("reload"); + end + local ok, ret = prosodyctl.reload(); if ok then @@ -703,7 +676,7 @@ local command_runner = async.runner(function () if not commands[command] then -- Show help for all commands function show_usage(usage, desc) - print(string.format(" %-11s %s", usage, desc)); + print(string.format(" %-14s %s", usage, desc)); end print("prosodyctl - Manage a Prosody server"); @@ -712,7 +685,7 @@ local command_runner = async.runner(function () print(""); print("Where COMMAND may be one of:"); - local hidden_commands = require "prosody.util.set".new{ "register", "unregister" }; + local hidden_commands = require "prosody.util.set".new{ "register", "unregister", "lua_paths" }; local commands_order = { "Process management:", "start"; "stop"; "restart"; "reload"; "status"; @@ -722,8 +695,8 @@ local command_runner = async.runner(function () "Plugin management:", "install"; "remove"; "list"; "Informative:", - "about", "check", + "version", "Other:", "cert", }; diff --git a/spec/scansion/admins.txt b/spec/scansion/admins.txt new file mode 100644 index 00000000..db9fa85a --- /dev/null +++ b/spec/scansion/admins.txt @@ -0,0 +1 @@ +admin@localhost diff --git a/spec/scansion/prosody.cfg.lua b/spec/scansion/prosody.cfg.lua index 58889fd7..91c86644 100644 --- a/spec/scansion/prosody.cfg.lua +++ b/spec/scansion/prosody.cfg.lua @@ -1,6 +1,6 @@ --luacheck: ignore -admins = { "admin@localhost" } +admins = FileLines("admins.txt") network_backend = ENV_PROSODY_NETWORK_BACKEND or "epoll" network_settings = Lua.require"prosody.util.json".decode(ENV_PROSODY_NETWORK_SETTINGS or "{}") diff --git a/tools/dnsregistry.lua b/tools/dnsregistry.lua index 5a258c1a..fa4296da 100644 --- a/tools/dnsregistry.lua +++ b/tools/dnsregistry.lua @@ -19,6 +19,7 @@ for registry in registries:childtags("registry") do local registry_name = registry_mapping[registry.attr.id]; if registry_name then print("\t" .. registry_name .. " = {"); + local duplicates = {}; for record in registry:childtags("record") do local record_name = record:get_child_text("name"); local record_type = record:get_child_text("type"); @@ -37,7 +38,9 @@ for registry in registries:childtags("registry") do elseif registry_name == "types" and record_type and record_code then print(("\t\t[%q] = %d; [%d] = %q;"):format(record_type, record_code, record_code, record_type)) elseif registry_name == "errors" and record_code and record_name then - print(("\t\t[%d] = %q; [%q] = %q;"):format(record_code, record_name, record_name, record_desc or record_name)); + local dup = duplicates[record_code] and "-- " or ""; + print(("\t\t%s[%d] = %q; [%q] = %q;"):format(dup, record_code, record_name, record_name, record_desc or record_name)); + duplicates[record_code] = true; end end print("\t};"); diff --git a/util-src/signal.c b/util-src/signal.c index 76d25d6f..52bdf735 100644 --- a/util-src/signal.c +++ b/util-src/signal.c @@ -30,10 +30,14 @@ #define _GNU_SOURCE #endif +#ifdef __linux__ +#define HAVE_SIGNALFD +#endif + #include <signal.h> #include <stdlib.h> -#ifdef __linux__ #include <unistd.h> +#ifdef HAVE_SIGNALFD #include <sys/signalfd.h> #endif @@ -372,18 +376,35 @@ static int l_kill(lua_State *L) { #endif -#ifdef __linux__ struct lsignalfd { int fd; sigset_t mask; +#ifndef HAVE_SIGNALFD + int write_fd; +#endif }; +#ifndef HAVE_SIGNALFD +#define MAX_SIGNALFD 32 +struct lsignalfd signalfds[MAX_SIGNALFD]; +static int signalfd_num = 0; +static void signal2fd(int sig) { + for(int i = 0; i < signalfd_num; i++) { + if(sigismember(&signalfds[i].mask, sig)) { + write(signalfds[i].write_fd, &sig, sizeof(sig)); + } + } +} +#endif + static int l_signalfd(lua_State *L) { struct lsignalfd *sfd = lua_newuserdata(L, sizeof(struct lsignalfd)); + int sig = luaL_checkinteger(L, 1); sigemptyset(&sfd->mask); - sigaddset(&sfd->mask, luaL_checkinteger(L, 1)); + sigaddset(&sfd->mask, sig); +#ifdef HAVE_SIGNALFD if (sigprocmask(SIG_BLOCK, &sfd->mask, NULL) != 0) { lua_pushnil(L); return 1; @@ -396,6 +417,30 @@ static int l_signalfd(lua_State *L) { return 1; } +#else + + if(signalfd_num >= MAX_SIGNALFD) { + lua_pushnil(L); + return 1; + } + + if(signal(sig, signal2fd) == SIG_ERR) { + lua_pushnil(L); + return 1; + } + + int pipefd[2]; + + if(pipe(pipefd) == -1) { + lua_pushnil(L); + return 1; + } + + sfd->fd = pipefd[0]; + sfd->write_fd = pipefd[1]; + signalfds[signalfd_num++] = *sfd; +#endif + luaL_setmetatable(L, "signalfd"); return 1; } @@ -414,14 +459,28 @@ static int l_signalfd_getfd(lua_State *L) { static int l_signalfd_read(lua_State *L) { struct lsignalfd *sfd = luaL_checkudata(L, 1, "signalfd"); +#ifdef HAVE_SIGNALFD struct signalfd_siginfo siginfo; if(read(sfd->fd, &siginfo, sizeof(siginfo)) < 0) { return 0; } + lua_pushinteger(L, siginfo.ssi_signo); return 1; + +#else + int signo; + + if(read(sfd->fd, &signo, sizeof(int)) < 0) { + return 0; + } + + lua_pushinteger(L, signo); + return 1; +#endif + } static int l_signalfd_close(lua_State *L) { @@ -432,11 +491,25 @@ static int l_signalfd_close(lua_State *L) { return 1; } +#ifndef HAVE_SIGNALFD + + if(close(sfd->write_fd) != 0) { + lua_pushboolean(L, 0); + return 1; + } + + for(int i = signalfd_num; i > 0; i--) { + if(signalfds[i].fd == sfd->fd) { + signalfds[i] = signalfds[signalfd_num--]; + } + } + +#endif + sfd->fd = -1; lua_pushboolean(L, 1); return 1; } -#endif static const struct luaL_Reg lsignal_lib[] = { {"signal", l_signal}, @@ -444,9 +517,7 @@ static const struct luaL_Reg lsignal_lib[] = { #if defined(__unix__) || defined(__APPLE__) {"kill", l_kill}, #endif -#ifdef __linux__ {"signalfd", l_signalfd}, -#endif {NULL, NULL} }; @@ -454,7 +525,6 @@ int luaopen_prosody_util_signal(lua_State *L) { luaL_checkversion(L); int i = 0; -#ifdef __linux__ luaL_newmetatable(L, "signalfd"); lua_pushcfunction(L, l_signalfd_close); lua_setfield(L, -2, "__gc"); @@ -469,7 +539,6 @@ int luaopen_prosody_util_signal(lua_State *L) { } lua_setfield(L, -2, "__index"); lua_pop(L, 1); -#endif /* add the library */ lua_newtable(L); diff --git a/util/adminstream.lua b/util/adminstream.lua index a29222cf..5387c906 100644 --- a/util/adminstream.lua +++ b/util/adminstream.lua @@ -185,9 +185,12 @@ local function new_connection(socket_path, listeners) end local function new_server(sessions, stanza_handler) - local listeners = {}; + local s = { + events = events.new(); + listeners = {}; + }; - function listeners.onconnect(conn) + function s.listeners.onconnect(conn) log("debug", "New connection"); local session = sessionlib.new("admin"); sessionlib.set_id(session); @@ -241,29 +244,28 @@ local function new_server(sessions, stanza_handler) sessions[conn] = session; end - function listeners.onincoming(conn, data) + function s.listeners.onincoming(conn, data) local session = sessions[conn]; if session then session.data(data); end end - function listeners.ondisconnect(conn, err) + function s.listeners.ondisconnect(conn, err) local session = sessions[conn]; if session then session.log("info", "Admin client disconnected: %s", err or "connection closed"); session.conn = nil; sessions[conn] = nil; + s.events.fire_event("disconnected", { session = session }); end end - function listeners.onreadtimeout(conn) + function s.listeners.onreadtimeout(conn) return conn:send(" "); end - return { - listeners = listeners; - }; + return s; end local function new_client() diff --git a/util/bitcompat.lua b/util/bitcompat.lua index 43fd0f6e..537914a7 100644 --- a/util/bitcompat.lua +++ b/util/bitcompat.lua @@ -3,7 +3,7 @@ -- First try the bit32 lib -- Lua 5.3 has it with compat enabled -- Lua 5.2 has it by default -if _G.bit32 then +if rawget(_G, "bit32") then return _G.bit32; end diff --git a/util/dnsregistry.lua b/util/dnsregistry.lua index b65debe0..56c76cac 100644 --- a/util/dnsregistry.lua +++ b/util/dnsregistry.lua @@ -1,5 +1,5 @@ -- Source: https://www.iana.org/assignments/dns-parameters/dns-parameters.xml --- Generated on 2024-10-26 +-- Generated on 2025-02-09 return { classes = { ["IN"] = 1; [1] = "IN"; @@ -72,6 +72,7 @@ return { ["ZONEMD"] = 63; [63] = "ZONEMD"; ["SVCB"] = 64; [64] = "SVCB"; ["HTTPS"] = 65; [65] = "HTTPS"; + ["DSYNC"] = 66; [66] = "DSYNC"; ["SPF"] = 99; [99] = "SPF"; ["NID"] = 104; [104] = "NID"; ["L32"] = 105; [105] = "L32"; diff --git a/util/prosodyctl.lua b/util/prosodyctl.lua index 9cb4b4dd..c6856526 100644 --- a/util/prosodyctl.lua +++ b/util/prosodyctl.lua @@ -40,6 +40,7 @@ local error_messages = setmetatable({ ["unable-to-save-data"] = "Unable to store, perhaps you don't have permission?"; ["no-pidfile"] = "There is no 'pidfile' option in the configuration file, see https://prosody.im/doc/prosodyctl#pidfile for help"; ["invalid-pidfile"] = "The 'pidfile' option in the configuration file is not a string, see https://prosody.im/doc/prosodyctl#pidfile for help"; + ["pidfile-not-locked"] = "Stale pidfile found. Prosody is probably not running."; ["no-posix"] = "The mod_posix module is not enabled in the Prosody config file, see https://prosody.im/doc/prosodyctl for more info"; ["no-such-method"] = "This module has no commands"; ["not-running"] = "Prosody is not running"; @@ -143,8 +144,14 @@ local function getpid() return false, "pidfile-read-failed", err; end + -- Check for a lock on the file local locked, err = lfs.lock(file, "w"); -- luacheck: ignore 211/err if locked then + -- Prosody keeps the pidfile locked while it is running. + -- We successfully locked the file, which means Prosody is not + -- running and the pidfile is stale (somehow it was not + -- cleaned up). We'll abort here, to avoid sending signals to + -- a non-Prosody PID. file:close(); return false, "pidfile-not-locked"; end diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 8d085c85..dc8c75f1 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -70,10 +70,22 @@ local function check_turn_service(turn_service, ping_service) local ip = require "prosody.util.ip"; local stun = require "prosody.net.stun"; + local result = { warnings = {} }; + -- Create UDP socket for communication with the server local sock = assert(require "socket".udp()); - sock:setsockname("*", 0); - sock:setpeername(turn_service.host, turn_service.port); + do + local ok, err = sock:setsockname("*", 0); + if not ok then + result.error = "Unable to perform TURN test: setsockname: "..tostring(err); + return result; + end + ok, err = sock:setpeername(turn_service.host, turn_service.port); + if not ok then + result.error = "Unable to perform TURN test: setpeername: "..tostring(err); + return result; + end + end sock:settimeout(10); -- Helper function to receive a packet @@ -85,8 +97,6 @@ local function check_turn_service(turn_service, ping_service) return stun.new_packet():deserialize(raw_packet); end - local result = { warnings = {} }; - -- Send a "binding" query, i.e. a request for our external IP/port local bind_query = stun.new_packet("binding", "request"); bind_query:add_attribute("software", "prosodyctl check turn"); @@ -315,7 +325,12 @@ local function check(arg) local ok = true; local function contains_match(hayset, needle) for member in hayset do if member:find(needle) then return true end end end local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end - local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end + local function is_user_host(host, conf) return host ~= "*" and conf.component_module == nil; end + local function is_component_host(host, conf) return host ~= "*" and conf.component_module ~= nil; end + local function enabled_hosts() return it.filter(disabled_hosts, it.sorted_pairs(configmanager.getconfig())); end + local function enabled_user_hosts() return it.filter(is_user_host, it.sorted_pairs(configmanager.getconfig())); end + local function enabled_components() return it.filter(is_component_host, it.sorted_pairs(configmanager.getconfig())); end + local checks = {}; function checks.disabled() local disabled_hosts_set = set.new(); @@ -622,6 +637,12 @@ local function check(arg) print(" Both mod_pep_simple and mod_pep are enabled but they conflict"); print(" with each other. Remove one."); end + if all_modules:contains("posix") then + print(""); + print(" mod_posix is loaded in your configuration file, but it has"); + print(" been deprecated. You can safely remove it."); + end + for host, host_config in pairs(config) do --luacheck: ignore 213/host if type(rawget(host_config, "storage")) == "string" and rawget(host_config, "default_storage") then print(""); @@ -780,12 +801,28 @@ local function check(arg) if #invalid_hosts > 0 or #alabel_hosts > 0 then print(""); - print("WARNING: Changing the name of a VirtualHost in Prosody's config file"); - print(" WILL NOT migrate any existing data (user accounts, etc.) to the new name."); + print(" WARNING: Changing the name of a VirtualHost in Prosody's config file"); + print(" WILL NOT migrate any existing data (user accounts, etc.) to the new name."); ok = false; end end + -- Check features + do + local missing_features = {}; + for host in enabled_user_hosts() do + local all_features = checks.features(host, true); + if not all_features then + table.insert(missing_features, host); + end + end + if #missing_features > 0 then + print(""); + print(" Some of your hosts may be missing features due to a lack of configuration."); + print(" For more details, use the 'prosodyctl check features' command."); + end + end + print("Done.\n"); end function checks.dns() @@ -891,7 +928,11 @@ local function check(arg) local unknown_addresses = set.new(); - for jid in enabled_hosts() do + local function is_valid_domain(domain) + return idna.to_ascii(domain) ~= nil; + end + + for jid in it.filter(is_valid_domain, enabled_hosts()) do local all_targets_ok, some_targets_ok = true, false; local node, host = jid_split(jid); @@ -1434,6 +1475,277 @@ local function check(arg) end end end + + function checks.features(check_host, quiet) + if not quiet then + print("Feature report"); + end + + local common_subdomains = { + http_file_share = "share"; + muc = "groups"; + }; + + local recommended_component_modules = { + muc = { "muc_mam" }; + }; + + local function print_feature_status(feature, host) + if quiet then return; end + print("", feature.ok and "OK" or "(!)", feature.name); + if not feature.ok then + if feature.lacking_modules then + table.sort(feature.lacking_modules); + print("", "", "Suggested modules: "); + for _, module in ipairs(feature.lacking_modules) do + print("", "", (" - %s: https://prosody.im/doc/modules/mod_%s"):format(module, module)); + end + end + if feature.lacking_components then + table.sort(feature.lacking_components); + for _, component_module in ipairs(feature.lacking_components) do + local subdomain = common_subdomains[component_module]; + local recommended_mods = recommended_component_modules[component_module]; + if subdomain then + print("", "", "Suggested component:"); + print(""); + print("", "", "", ("-- Documentation: https://prosody.im/doc/modules/mod_%s"):format(component_module)); + print("", "", "", ("Component %q %q"):format(subdomain.."."..host, component_module)); + if recommended_mods then + print("", "", "", " modules_enabled = {"); + table.sort(recommended_mods); + for _, mod in ipairs(recommended_mods) do + print("", "", "", (" %q;"):format(mod)); + end + print("", "", "", " }"); + end + else + print("", "", ("Suggested component: %s"):format(component_module)); + end + end + print(""); + print("", "", "If you have already configured any of these components, they may not be"); + print("", "", "linked correctly to "..host..". For more info see https://prosody.im/doc/components"); + end + if feature.lacking_component_modules then + table.sort(feature.lacking_component_modules, function (a, b) + return a.host < b.host; + end); + for _, problem in ipairs(feature.lacking_component_modules) do + local hostapi = api(problem.host); + local current_modules_enabled = hostapi:get_option_array("modules_enabled", {}); + print("", "", ("Component %q is missing the following modules: %s"):format(problem.host, table.concat(problem.missing_mods))); + print(""); + print("","", "Add the missing modules to your modules_enabled under the Component, like this:"); + print(""); + print(""); + print("", "", "", ("-- Documentation: https://prosody.im/doc/modules/mod_%s"):format(problem.component_module)); + print("", "", "", ("Component %q %q"):format(problem.host, problem.component_module)); + print("", "", "", (" modules_enabled = {")); + for _, mod in ipairs(current_modules_enabled) do + print("", "", "", (" %q;"):format(mod)); + end + for _, mod in ipairs(problem.missing_mods) do + print("", "", "", (" %q; -- Add this!"):format(mod)); + end + print("", "", "", (" }")); + end + end + end + print(""); + end + + local all_ok = true; + + local config = configmanager.getconfig(); + + local f, s, v; + if check_host then + f, s, v = it.values({ check_host }); + else + f, s, v = enabled_user_hosts(); + end + + for host in f, s, v do + local modules_enabled = set.new(config["*"].modules_enabled); + modules_enabled:include(set.new(config[host].modules_enabled)); + + -- { [component_module] = { hostname1, hostname2, ... } } + local host_components = setmetatable({}, { __index = function (t, k) return rawset(t, k, {})[k]; end }); + + do + local hostapi = api(host); + + -- Find implicitly linked components + for other_host in enabled_components() do + local parent_host = other_host:match("^[^.]+%.(.+)$"); + if parent_host == host then + local component_module = configmanager.get(other_host, "component_module"); + if component_module then + table.insert(host_components[component_module], other_host); + end + end + end + + -- And components linked explicitly + for _, disco_item in ipairs(hostapi:get_option_array("disco_items", {})) do + local other_host = disco_item[1]; + local component_module = configmanager.get(other_host, "component_module"); + if component_module then + table.insert(host_components[component_module], other_host); + end + end + end + + local current_feature; + + local function check_module(suggested, alternate, ...) + if set.intersection(modules_enabled, set.new({suggested, alternate, ...})):empty() then + current_feature.lacking_modules = current_feature.lacking_modules or {}; + table.insert(current_feature.lacking_modules, suggested); + end + end + + local function check_component(suggested, alternate, ...) + local found; + for _, component_module in ipairs({ suggested, alternate, ... }) do + found = host_components[component_module][1]; + if found then + local enabled_component_modules = api(found):get_option_inherited_set("modules_enabled"); + local recommended_mods = recommended_component_modules[component_module]; + local missing_mods = {}; + for _, mod in ipairs(recommended_mods) do + if not enabled_component_modules:contains(mod) then + table.insert(missing_mods, mod); + end + end + if #missing_mods > 0 then + if not current_feature.lacking_component_modules then + current_feature.lacking_component_modules = {}; + end + table.insert(current_feature.lacking_component_modules, { + host = found; + component_module = component_module; + missing_mods = missing_mods; + }); + end + end + end + if not found then + current_feature.lacking_components = current_feature.lacking_components or {}; + table.insert(current_feature.lacking_components, suggested); + end + end + + local features = { + { + name = "Basic functionality"; + check = function () + check_module("disco"); + check_module("roster"); + check_module("saslauth"); + check_module("tls"); + check_module("pep"); + end; + }; + { + name = "Multi-device sync"; + check = function () + check_module("carbons"); + check_module("mam"); + check_module("bookmarks"); + end; + }; + { + name = "Mobile optimizations"; + check = function () + check_module("smacks"); + check_module("csi_simple", "csi_battery_saver"); + end; + }; + { + name = "Web connections"; + check = function () + check_module("bosh"); + check_module("websocket"); + end; + }; + { + name = "User profiles"; + check = function () + check_module("vcard_legacy", "vcard"); + end; + }; + { + name = "Blocking"; + check = function () + check_module("blocklist"); + end; + }; + { + name = "Push notifications"; + check = function () + check_module("cloud_notify"); + end; + }; + { + name = "Audio/video calls"; + check = function () + check_module( + "turn_external", + "external_services", + "turncredentials", + "extdisco" + ); + end; + }; + { + name = "File sharing"; + check = function () + check_component("http_file_share", "http_upload", "http_upload_external"); + end; + }; + { + name = "Group chats"; + check = function () + check_component("muc"); + end; + }; + }; + + if not quiet then + print(host); + end + + for _, feature in ipairs(features) do + current_feature = feature; + feature.check(); + feature.ok = ( + not feature.lacking_modules and + not feature.lacking_components and + not feature.lacking_component_modules + ); + -- For improved presentation, we group the (ok) and (not ok) features + if feature.ok then + print_feature_status(feature, host); + end + end + + for _, feature in ipairs(features) do + if not feature.ok then + all_ok = false; + print_feature_status(feature, host); + end + end + + if not quiet then + print(""); + end + end + + return all_ok; + end + if what == nil or what == "all" then local ret; ret = checks.disabled(); diff --git a/util/prosodyctl/shell.lua b/util/prosodyctl/shell.lua index 05f81f15..a0fbb09c 100644 --- a/util/prosodyctl/shell.lua +++ b/util/prosodyctl/shell.lua @@ -1,4 +1,5 @@ local config = require "prosody.core.configmanager"; +local human_io = require "prosody.util.human.io"; local server = require "prosody.net.server"; local st = require "prosody.util.stanza"; local path = require "prosody.util.paths"; @@ -63,6 +64,13 @@ local function printbanner() print("https://prosody.im/doc/console\n"); end +local function check() + local lfs = require "lfs"; + local socket_path = path.resolve_relative_path(prosody.paths.data, config.get("*", "admin_socket") or "prosody.sock"); + local state = lfs.attributes(socket_path, "mode"); + return state == "socket"; +end + local function start(arg) --luacheck: ignore 212/arg local client = adminstream.client(); local opts, err, where = parse_args(arg); @@ -131,6 +139,21 @@ local function start(arg) --luacheck: ignore 212/arg end); client.events.add_handler("received", function (stanza) + if stanza.name ~= "repl-request-input" then + return; + end + if stanza.attr.type == "password" then + local password = human_io.read_password(); + client.send(st.stanza("repl-requested-input", { type = stanza.attr.type, id = stanza.attr.id }):text(password)); + else + io.stderr:write("Internal error - unexpected input request type "..tostring(stanza.attr.type).."\n"); + os.exit(1); + end + return true; + end, 2); + + + client.events.add_handler("received", function (stanza) if stanza.name == "repl-output" or stanza.name == "repl-result" then local result_prefix = stanza.attr.type == "error" and "!" or "|"; local out = result_prefix.." "..stanza:get_text(); @@ -164,4 +187,5 @@ end return { shell = start; + available = check; }; diff --git a/util/sql.lua b/util/sql.lua index c897d734..06550455 100644 --- a/util/sql.lua +++ b/util/sql.lua @@ -84,6 +84,12 @@ function engine:connect() dbh:autocommit(false); -- don't commit automatically self.conn = dbh; self.prepared = {}; + if params.driver == "SQLite3" and params.password then + local ok, err = self:execute(("PRAGMA key='%s'"):format(dbh:quote(params.password))); + if not ok then + return ok, err; + end + end local ok, err = self:set_encoding(); if not ok then return ok, err; diff --git a/util/sqlite3.lua b/util/sqlite3.lua index 470eb46d..fec2d162 100644 --- a/util/sqlite3.lua +++ b/util/sqlite3.lua @@ -114,6 +114,12 @@ function engine:connect() if not dbh then return nil, err; end self.conn = dbh; self.prepared = {}; + if params.password then + local ok, err = self:execute(("PRAGMA key='%s'"):format((params.password:gsub("'", "''")))); + if not ok then + return ok, err; + end + end local ok, err = self:set_encoding(); if not ok then return ok, err; diff --git a/util/startup.lua b/util/startup.lua index caae895d..34c2f733 100644 --- a/util/startup.lua +++ b/util/startup.lua @@ -266,8 +266,13 @@ function startup.init_global_state() full_sessions = prosody.full_sessions; hosts = prosody.hosts; - prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR or ".", - plugins = CFG_PLUGINDIR or "plugins", data = "data" }; + prosody.paths = { + source = CFG_SOURCEDIR; + config = CFG_CONFIGDIR or "."; + plugins = CFG_PLUGINDIR or "plugins"; + data = "data"; + credentials = os.getenv("CREDENTIALS_DIRECTORY"); + }; prosody.arg = _G.arg; @@ -420,6 +425,19 @@ function startup.init_async() async.set_schedule_function(timer.add_task); end +function startup.instrument() + local statsmanager = require "prosody.core.statsmanager"; + local timed = require"prosody.util.openmetrics".timed; + + local adns = require "prosody.net.adns"; + if adns.instrument then + local m = statsmanager.metric("histogram", "prosody_dns", "seconds", "DNS lookups", { "qclass"; "qtype" }, { + buckets = { 1 / 1024; 1 / 256; 1 / 64; 1 / 16; 1 / 4; 1; 4 }; + }); + adns.instrument(function(qclass, qtype) return timed(m:with_labels(qclass, qtype)); end); + end +end + function startup.init_data_store() require "prosody.core.storagemanager"; end @@ -809,12 +827,12 @@ function startup.hook_posix_signals() end); end -function startup.systemd_notify() +function startup.notification_socket() local notify_socket_name = os.getenv("NOTIFY_SOCKET"); if not notify_socket_name then return end local have_unix, unix = pcall(require, "socket.unix"); if not have_unix or type(unix) ~= "table" then - log("error", "LuaSocket without UNIX socket support, can't notify systemd.") + log("error", "LuaSocket without UNIX socket support, can't notify process manager.") return os.exit(1); end log("debug", "Will notify on socket %q", notify_socket_name); @@ -822,7 +840,7 @@ function startup.systemd_notify() local notify_socket = unix.dgram(); local ok, err = notify_socket:setpeername(notify_socket_name); if not ok then - log("error", "Could not connect to systemd notification socket %q: %q", notify_socket_name, err); + log("error", "Could not connect to notification socket %q: %q", notify_socket_name, err); return os.exit(1); end local time = require "prosody.util.time"; @@ -917,13 +935,14 @@ function startup.prosody() startup.load_secondary_libraries(); startup.init_promise(); startup.init_async(); + startup.instrument(); startup.init_http_client(); startup.init_data_store(); startup.init_global_protection(); startup.posix_daemonize(); startup.write_pidfile(); startup.hook_posix_signals(); - startup.systemd_notify(); + startup.notification_socket(); startup.prepare_to_start(); startup.notify_started(); end |