diff options
| -rw-r--r-- | .luacheckrc | 7 | ||||
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | core/configmanager.lua | 51 | ||||
| -rw-r--r-- | core/features.lua | 2 | ||||
| -rw-r--r-- | core/moduleapi.lua | 12 | ||||
| -rw-r--r-- | core/modulemanager.lua | 16 | ||||
| -rw-r--r-- | plugins/mod_admin_shell.lua | 5 | ||||
| -rw-r--r-- | plugins/mod_authz_internal.lua | 2 | ||||
| -rw-r--r-- | plugins/mod_cloud_notify.lua | 653 | ||||
| -rw-r--r-- | plugins/mod_invites.lua | 36 | ||||
| -rw-r--r-- | plugins/mod_pubsub/commands.lib.lua | 16 | ||||
| -rw-r--r-- | plugins/mod_pubsub/mod_pubsub.lua | 4 | ||||
| -rw-r--r-- | plugins/mod_storage_sql.lua | 30 | ||||
| -rwxr-xr-x | prosodyctl | 30 | ||||
| -rw-r--r-- | spec/scansion/admins.txt | 1 | ||||
| -rw-r--r-- | spec/scansion/prosody.cfg.lua | 2 | ||||
| -rw-r--r-- | util-src/signal.c | 85 | ||||
| -rw-r--r-- | util/bitcompat.lua | 2 | ||||
| -rw-r--r-- | util/prosodyctl/shell.lua | 1 | ||||
| -rw-r--r-- | util/sql.lua | 6 | ||||
| -rw-r--r-- | util/sqlite3.lua | 6 | ||||
| -rw-r--r-- | util/startup.lua | 9 |
22 files changed, 927 insertions, 51 deletions
diff --git a/.luacheckrc b/.luacheckrc index 90e18ce5..09225d01 100644 --- a/.luacheckrc +++ b/.luacheckrc @@ -62,9 +62,9 @@ files["plugins/"] = { "module.broadcast", "module.context", "module.could", - "module.depends", "module.default_permission", "module.default_permissions", + "module.depends", "module.fire_event", "module.get_directory", "module.get_host", @@ -116,6 +116,7 @@ files["plugins/"] = { }; globals = { -- Methods that can be set on module API + "module.ready", "module.unload", "module.add_host", "module.load", @@ -140,6 +141,10 @@ files["prosody.cfg.lua"] = { "component", "Include", "include", + "FileContents", + "FileLine", + "FileLines", + "Credential", "RunScript" }; } @@ -46,6 +46,7 @@ TRUNK - New 'keyval+' combined keyval/map store type - Performance improvements in internal archive stores - Ability to use SQLite3 storage using LuaSQLite3 instead of LuaDBI +- SQLCipher support ### Module API @@ -60,6 +61,7 @@ TRUNK - The configuration file now supports referring and appending to options previously set - Direct usage of the Lua API in the config file is deprecated, but can now be accessed via Lua.* instead +- Convenience functions for reading values from files, with variant meant for credentials or secrets ## Changes diff --git a/core/configmanager.lua b/core/configmanager.lua index bd12e169..36df0171 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -161,15 +161,44 @@ do end; }; + -- For reading config values out of files. + local function filereader(basepath, defaultmode) + return function(filename, mode) + local f, err = io.open(resolve_relative_path(basepath, filename)); + if not f then error(err, 2); end + local content, err = f:read(mode or defaultmode); + f:close(); + if not content then error(err, 2); end + return content; + end + end + + -- Collect lines into an array + local function linereader(basepath) + return function(filename) + local ret = {}; + for line in io.lines(resolve_relative_path(basepath, filename)) do + t_insert(ret, line); + end + return ret; + end + end + parser = {}; function parser.load(data, config_file, config_table) local set_options = {}; -- set_options[host.."/"..option_name] = true (when the option has been set already in this file) local warnings = {}; local env; + local config_path = config_file:gsub("[^"..path_sep.."]+$", ""); + -- The ' = true' are needed so as not to set off __newindex when we assign the functions below env = setmetatable({ Host = true, host = true, VirtualHost = true, Component = true, component = true, + FileContents = true, + FileLine = true, + FileLines = true, + Credential = true, Include = true, include = true, RunScript = true }, { __index = function (_, k) if k:match("^ENV_") then @@ -293,7 +322,6 @@ do end local path_pos, glob = file:match("()([^"..path_sep.."]+)$"); local path = file:sub(1, math_max(path_pos-2,0)); - local config_path = config_file:gsub("[^"..path_sep.."]+$", ""); if #path > 0 then path = resolve_relative_path(config_path, path); else @@ -308,7 +336,7 @@ do return; end -- Not a wildcard, so resolve (potentially) relative path and run through config parser - file = resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file); + file = resolve_relative_path(config_path, file); local f, err = io.open(file); if f then local ret, err = parser.load(f:read("*a"), file, config_table); @@ -325,7 +353,24 @@ do env.include = env.Include; function env.RunScript(file) - return dofile(resolve_relative_path(config_file:gsub("[^"..path_sep.."]+$", ""), file)); + return dofile(resolve_relative_path(config_path, file)); + end + + env.FileContents = filereader(config_path, "*a"); + env.FileLine = filereader(config_path, "*l"); + env.FileLines = linereader(config_path); + + if _G.prosody.paths.credentials then + env.Credential = filereader(_G.prosody.paths.credentials, "*a"); + elseif _G.prosody.process_type == "prosody" then + env.Credential = function() error("Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set", 2) end + else + env.Credential = function() + t_insert(warnings, ("%s:%d: Credential() requires the $CREDENTIALS_DIRECTORY environment variable to be set") + :format(config_file, get_line_number(config_file))); + return nil; + end + end local chunk, err = envload(data, "@"..config_file, env); diff --git a/core/features.lua b/core/features.lua index 75cfa1d7..cd6618db 100644 --- a/core/features.lua +++ b/core/features.lua @@ -8,6 +8,8 @@ return { "mod_server_info"; -- mod_flags bundled "mod_flags"; + -- mod_cloud_notify bundled + "mod_cloud_notify"; -- Roles, module.may and per-session authz "permissions"; -- prosody.* namespace diff --git a/core/moduleapi.lua b/core/moduleapi.lua index fa5086cf..b93536b5 100644 --- a/core/moduleapi.lua +++ b/core/moduleapi.lua @@ -431,8 +431,16 @@ function api:handle_items(item_type, added_cb, removed_cb, existing) self:hook("item-added/"..item_type, added_cb); self:hook("item-removed/"..item_type, removed_cb); if existing ~= false then - for _, item in ipairs(self:get_host_items(item_type)) do - added_cb({ item = item }); + local modulemanager = require"prosody.core.modulemanager"; + local modules = modulemanager.get_modules(self.host); + + for _, module in pairs(modules) do + local mod = module.module; + if mod.items and mod.items[item_type] then + for _, item in ipairs(mod.items[item_type]) do + added_cb({ source = mod; item = item }); + end + end end end end diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 873e08e5..b8ba2f35 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -26,7 +26,7 @@ local xpcall = require "prosody.util.xpcall".xpcall; local debug_traceback = debug.traceback; local setmetatable, rawget = setmetatable, rawget; local ipairs, pairs, type, t_insert = ipairs, pairs, type, table.insert; -local lua_version = _VERSION:match("5%.%d$"); +local lua_version = _VERSION:match("5%.%d+$"); local autoload_modules = { prosody.platform, @@ -66,6 +66,20 @@ local loader = pluginloader.init({ end end + if metadata.lua then + local supported = false; + for supported_lua_version in metadata.lua:gmatch("[^, ]+") do + if supported_lua_version == lua_version then + supported = true; + break; + end + end + if not supported then + log("warn", "Not loading module, we have Lua %s but the module requires one of (%s): %s", lua_version, metadata.lua, path); + return; -- Don't load this module + end + end + if metadata.conflicts then local conflicts_features = set.new(array.collect(metadata.conflicts:gmatch("[^, ]+"))); local conflicted_features = set.intersection(conflicts_features, core_features); diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 4f8e6094..974ed8d9 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -191,7 +191,6 @@ local function request_repl_input(session, input_type) pending_inputs:set(input_id, nil); end); session.send(st.stanza("repl-request-input", { type = input_type, id = input_id })); - module:log("warn", "REQUESTED INPUT %s", input_type); return p; end @@ -2543,7 +2542,7 @@ local host_commands = {}; local function new_item_handlers(command_host) local function on_command_added(event) local command = event.item; - local mod_name = command._provided_by and ("mod_"..command._provided_by) or "<unknown module>"; + local mod_name = event.source and ("mod_"..event.source.name) or "<unknown module>"; if not schema.validate(command_metadata_schema, command) or type(command.handler) ~= "function" then module:log("warn", "Ignoring command added by %s: missing or invalid data", mod_name); return; @@ -2630,7 +2629,7 @@ local function new_item_handlers(command_host) module = command._provided_by; }; - module:log("debug", "Shell command added by mod_%s: %s:%s()", mod_name, command.section, command.name); + module:log("debug", "Shell command added by %s: %s:%s()", mod_name, command.section, command.name); end local function on_command_removed(event) diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua index 6006b447..7a06c904 100644 --- a/plugins/mod_authz_internal.lua +++ b/plugins/mod_authz_internal.lua @@ -8,7 +8,7 @@ local roles = require "prosody.util.roles"; local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize; local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize; local host = module.host; -local host_suffix = host:gsub("^[^%.]+%.", ""); +local host_suffix = module:get_option_string("parent_host", (host:gsub("^[^%.]+%.", ""))); local hosts = prosody.hosts; local is_anon_host = module:get_option_string("authentication") == "anonymous"; diff --git a/plugins/mod_cloud_notify.lua b/plugins/mod_cloud_notify.lua new file mode 100644 index 00000000..987be84f --- /dev/null +++ b/plugins/mod_cloud_notify.lua @@ -0,0 +1,653 @@ +-- XEP-0357: Push (aka: My mobile OS vendor won't let me have persistent TCP connections) +-- Copyright (C) 2015-2016 Kim Alvefur +-- Copyright (C) 2017-2019 Thilo Molitor +-- +-- This file is MIT/X11 licensed. + +local os_time = os.time; +local st = require"util.stanza"; +local jid = require"util.jid"; +local dataform = require"util.dataforms".new; +local hashes = require"util.hashes"; +local random = require"util.random"; +local cache = require"util.cache"; +local watchdog = require "util.watchdog"; + +local xmlns_push = "urn:xmpp:push:0"; + +-- configuration +local include_body = module:get_option_boolean("push_notification_with_body", false); +local include_sender = module:get_option_boolean("push_notification_with_sender", false); +local max_push_errors = module:get_option_number("push_max_errors", 16); +local max_push_devices = module:get_option_number("push_max_devices", 5); +local dummy_body = module:get_option_string("push_notification_important_body", "New Message!"); +local extended_hibernation_timeout = module:get_option_number("push_max_hibernation_timeout", 72*3600); -- use same timeout like ejabberd + +local host_sessions = prosody.hosts[module.host].sessions; +local push_errors = module:shared("push_errors"); +local id2node = {}; +local id2identifier = {}; + +-- For keeping state across reloads while caching reads +-- This uses util.cache for caching the most recent devices and removing all old devices when max_push_devices is reached +local push_store = (function() + local store = module:open_store(); + local push_services = {}; + local api = {}; + --luacheck: ignore 212/self + function api:get(user) + if not push_services[user] then + local loaded, err = store:get(user); + if not loaded and err then + module:log("warn", "Error reading push notification storage for user '%s': %s", user, tostring(err)); + push_services[user] = cache.new(max_push_devices):table(); + return push_services[user], false; + end + if loaded then + push_services[user] = cache.new(max_push_devices):table(); + -- copy over plain table loaded from disk into our cache + for k, v in pairs(loaded) do push_services[user][k] = v; end + else + push_services[user] = cache.new(max_push_devices):table(); + end + end + return push_services[user], true; + end + function api:flush_to_disk(user) + local plain_table = {}; + for k, v in pairs(push_services[user]) do plain_table[k] = v; end + local ok, err = store:set(user, plain_table); + if not ok then + module:log("error", "Error writing push notification storage for user '%s': %s", user, tostring(err)); + return false; + end + return true; + end + function api:set_identifier(user, push_identifier, data) + local services = self:get(user); + services[push_identifier] = data; + end + return api; +end)(); + + +-- Forward declarations, as both functions need to reference each other +local handle_push_success, handle_push_error; + +function handle_push_error(event) + local stanza = event.stanza; + local error_type, condition, error_text = stanza:get_error(); + local node = id2node[stanza.attr.id]; + local identifier = id2identifier[stanza.attr.id]; + if node == nil then + module:log("warn", "Received push error with unrecognised id: %s", stanza.attr.id); + return false; -- unknown stanza? Ignore for now! + end + local from = stanza.attr.from; + local user_push_services = push_store:get(node); + local found, changed = false, false; + + for push_identifier, _ in pairs(user_push_services) do + if push_identifier == identifier then + found = true; + if user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and error_type ~= "wait" then + push_errors[push_identifier] = push_errors[push_identifier] + 1; + module:log("info", "Got error <%s:%s:%s> for identifier '%s': " + .."error count for this identifier is now at %s", error_type, condition, error_text or "", push_identifier, + tostring(push_errors[push_identifier])); + if push_errors[push_identifier] >= max_push_errors then + module:log("warn", "Disabling push notifications for identifier '%s'", push_identifier); + -- remove push settings from sessions + if host_sessions[node] then + for _, session in pairs(host_sessions[node].sessions) do + if session.push_identifier == push_identifier then + session.push_identifier = nil; + session.push_settings = nil; + session.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + end + -- save changed global config + changed = true; + user_push_services[push_identifier] = nil + push_errors[push_identifier] = nil; + -- unhook iq handlers for this identifier (if possible) + module:unhook("iq-error/host/"..stanza.attr.id, handle_push_error); + module:unhook("iq-result/host/"..stanza.attr.id, handle_push_success); + id2node[stanza.attr.id] = nil; + id2identifier[stanza.attr.id] = nil; + end + elseif user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and error_type == "wait" then + module:log("debug", "Got error <%s:%s:%s> for identifier '%s': " + .."NOT increasing error count for this identifier", error_type, condition, error_text or "", push_identifier); + else + module:log("debug", "Unhandled push error <%s:%s:%s> from %s for identifier '%s'", + error_type, condition, error_text or "", from, push_identifier + ); + end + end + end + if changed then + push_store:flush_to_disk(node); + elseif not found then + module:log("warn", "Unable to find matching registration for push error <%s:%s:%s> from %s", error_type, condition, error_text or "", from); + end + return true; +end + +function handle_push_success(event) + local stanza = event.stanza; + local node = id2node[stanza.attr.id]; + local identifier = id2identifier[stanza.attr.id]; + if node == nil then return false; end -- unknown stanza? Ignore for now! + local from = stanza.attr.from; + local user_push_services = push_store:get(node); + + for push_identifier, _ in pairs(user_push_services) do + if push_identifier == identifier then + if user_push_services[push_identifier] and user_push_services[push_identifier].jid == from and push_errors[push_identifier] > 0 then + push_errors[push_identifier] = 0; + -- unhook iq handlers for this identifier (if possible) + module:unhook("iq-error/host/"..stanza.attr.id, handle_push_error); + module:unhook("iq-result/host/"..stanza.attr.id, handle_push_success); + id2node[stanza.attr.id] = nil; + id2identifier[stanza.attr.id] = nil; + module:log("debug", "Push succeeded, error count for identifier '%s' is now at %s again", + push_identifier, tostring(push_errors[push_identifier]) + ); + end + end + end + return true; +end + +-- http://xmpp.org/extensions/xep-0357.html#disco +local function account_dico_info(event) + (event.reply or event.stanza):tag("feature", {var=xmlns_push}):up(); +end +module:hook("account-disco-info", account_dico_info); + +-- http://xmpp.org/extensions/xep-0357.html#enabling +local function push_enable(event) + local origin, stanza = event.origin, event.stanza; + local enable = stanza.tags[1]; + origin.log("debug", "Attempting to enable push notifications"); + -- MUST contain a 'jid' attribute of the XMPP Push Service being enabled + local push_jid = enable.attr.jid; + -- SHOULD contain a 'node' attribute + local push_node = enable.attr.node; + -- CAN contain a 'include_payload' attribute + local include_payload = enable.attr.include_payload; + if not push_jid then + origin.log("debug", "Push notification enable request missing the 'jid' field"); + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing jid")); + return true; + end + if push_jid == stanza.attr.from then + origin.log("debug", "Push notification enable request 'jid' field identical to our own"); + origin.send(st.error_reply(stanza, "modify", "bad-request", "JID must be different from ours")); + return true; + end + local publish_options = enable:get_child("x", "jabber:x:data"); + if not publish_options then + -- Could be intentional + origin.log("debug", "No publish options in request"); + end + local push_identifier = push_jid .. "<" .. (push_node or ""); + local push_service = { + jid = push_jid; + node = push_node; + include_payload = include_payload; + options = publish_options and st.preserialize(publish_options); + timestamp = os_time(); + client_id = origin.client_id; + resource = not origin.client_id and origin.resource or nil; + language = stanza.attr["xml:lang"]; + }; + local allow_registration = module:fire_event("cloud_notify/registration", { + origin = origin, stanza = stanza, push_info = push_service; + }); + if allow_registration == false then + return true; -- Assume error reply already sent + end + push_store:set_identifier(origin.username, push_identifier, push_service); + local ok = push_store:flush_to_disk(origin.username); + if not ok then + origin.send(st.error_reply(stanza, "wait", "internal-server-error")); + else + origin.push_identifier = push_identifier; + origin.push_settings = push_service; + origin.first_hibernated_push = nil; + origin.log("info", "Push notifications enabled for %s (%s)", tostring(stanza.attr.from), tostring(origin.push_identifier)); + origin.send(st.reply(stanza)); + end + return true; +end +module:hook("iq-set/self/"..xmlns_push..":enable", push_enable); + +-- http://xmpp.org/extensions/xep-0357.html#disabling +local function push_disable(event) + local origin, stanza = event.origin, event.stanza; + local push_jid = stanza.tags[1].attr.jid; -- MUST include a 'jid' attribute + local push_node = stanza.tags[1].attr.node; -- A 'node' attribute MAY be included + if not push_jid then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing jid")); + return true; + end + local user_push_services = push_store:get(origin.username); + for key, push_info in pairs(user_push_services) do + if push_info.jid == push_jid and (not push_node or push_info.node == push_node) then + origin.log("info", "Push notifications disabled (%s)", tostring(key)); + if origin.push_identifier == key then + origin.push_identifier = nil; + origin.push_settings = nil; + origin.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if origin.hibernating_watchdog and origin.original_smacks_callback and origin.original_smacks_timeout then + -- restore old smacks watchdog + origin.hibernating_watchdog:cancel(); + origin.hibernating_watchdog = watchdog.new(origin.original_smacks_timeout, origin.original_smacks_callback); + end + end + user_push_services[key] = nil; + push_errors[key] = nil; + for stanza_id, identifier in pairs(id2identifier) do + if identifier == key then + module:unhook("iq-error/host/"..stanza_id, handle_push_error); + module:unhook("iq-result/host/"..stanza_id, handle_push_success); + id2node[stanza_id] = nil; + id2identifier[stanza_id] = nil; + end + end + end + end + local ok = push_store:flush_to_disk(origin.username); + if not ok then + origin.send(st.error_reply(stanza, "wait", "internal-server-error")); + else + origin.send(st.reply(stanza)); + end + return true; +end +module:hook("iq-set/self/"..xmlns_push..":disable", push_disable); + +-- urgent stanzas should be delivered without delay +local function is_urgent(stanza) + -- TODO + if stanza.name == "message" then + if stanza:get_child("propose", "urn:xmpp:jingle-message:0") then + return true, "jingle call"; + end + end +end + +-- is this push a high priority one (this is needed for ios apps not using voip pushes) +local function is_important(stanza) + local st_name = stanza and stanza.name or nil; + if not st_name then return false; end -- nonzas are never important here + if st_name == "presence" then + return false; -- same for presences + elseif st_name == "message" then + -- unpack carbon copied message stanzas + local carbon = stanza:find("{urn:xmpp:carbons:2}/{urn:xmpp:forward:0}/{jabber:client}message"); + local stanza_direction = carbon and stanza:child_with_name("sent") and "out" or "in"; + if carbon then stanza = carbon; end + local st_type = stanza.attr.type; + + -- headline message are always not important + if st_type == "headline" then return false; end + + -- carbon copied outgoing messages are not important + if carbon and stanza_direction == "out" then return false; end + + -- We can't check for body contents in encrypted messages, so let's treat them as important + -- Some clients don't even set a body or an empty body for encrypted messages + + -- check omemo https://xmpp.org/extensions/inbox/omemo.html + if stanza:get_child("encrypted", "eu.siacs.conversations.axolotl") or stanza:get_child("encrypted", "urn:xmpp:omemo:0") then return true; end + + -- check xep27 pgp https://xmpp.org/extensions/xep-0027.html + if stanza:get_child("x", "jabber:x:encrypted") then return true; end + + -- check xep373 pgp (OX) https://xmpp.org/extensions/xep-0373.html + if stanza:get_child("openpgp", "urn:xmpp:openpgp:0") then return true; end + + -- XEP-0353: Jingle Message Initiation (incoming call request) + if stanza:get_child("propose", "urn:xmpp:jingle-message:0") then return true; end + + local body = stanza:get_child_text("body"); + + -- groupchat subjects are not important here + if st_type == "groupchat" and stanza:get_child_text("subject") then + return false; + end + + -- empty bodies are not important + return body ~= nil and body ~= ""; + end + return false; -- this stanza wasn't one of the above cases --> it is not important, too +end + +local push_form = dataform { + { name = "FORM_TYPE"; type = "hidden"; value = "urn:xmpp:push:summary"; }; + { name = "message-count"; type = "text-single"; }; + { name = "pending-subscription-count"; type = "text-single"; }; + { name = "last-message-sender"; type = "jid-single"; }; + { name = "last-message-body"; type = "text-single"; }; +}; + +-- http://xmpp.org/extensions/xep-0357.html#publishing +local function handle_notify_request(stanza, node, user_push_services, log_push_decline) + local pushes = 0; + if not #user_push_services then return pushes end + + for push_identifier, push_info in pairs(user_push_services) do + local send_push = true; -- only send push to this node when not already done for this stanza or if no stanza is given at all + if stanza then + if not stanza._push_notify then stanza._push_notify = {}; end + if stanza._push_notify[push_identifier] then + if log_push_decline then + module:log("debug", "Already sent push notification for %s@%s to %s (%s)", node, module.host, push_info.jid, tostring(push_info.node)); + end + send_push = false; + end + stanza._push_notify[push_identifier] = true; + end + + if send_push then + -- construct push stanza + local stanza_id = hashes.sha256(random.bytes(8), true); + local push_notification_payload = st.stanza("notification", { xmlns = xmlns_push }); + local form_data = { + -- hardcode to 1 because other numbers are just meaningless (the XEP does not specify *what exactly* to count) + ["message-count"] = "1"; + }; + if stanza and include_sender then + form_data["last-message-sender"] = stanza.attr.from; + end + if stanza and include_body then + form_data["last-message-body"] = stanza:get_child_text("body"); + elseif stanza and dummy_body and is_important(stanza) then + form_data["last-message-body"] = tostring(dummy_body); + end + + push_notification_payload:add_child(push_form:form(form_data)); + + local push_publish = st.iq({ to = push_info.jid, from = module.host, type = "set", id = stanza_id }) + :tag("pubsub", { xmlns = "http://jabber.org/protocol/pubsub" }) + :tag("publish", { node = push_info.node }) + :tag("item") + :add_child(push_notification_payload) + :up() + :up(); + + if push_info.options then + push_publish:tag("publish-options"):add_child(st.deserialize(push_info.options)); + end + -- send out push + module:log("debug", "Sending %s push notification for %s@%s to %s (%s)", + form_data["last-message-body"] and "important" or "unimportant", + node, module.host, push_info.jid, tostring(push_info.node) + ); + -- module:log("debug", "PUSH STANZA: %s", tostring(push_publish)); + local push_event = { + notification_stanza = push_publish; + notification_payload = push_notification_payload; + original_stanza = stanza; + username = node; + push_info = push_info; + push_summary = form_data; + important = not not form_data["last-message-body"]; + }; + + if module:fire_event("cloud_notify/push", push_event) then + module:log("debug", "Push was blocked by event handler: %s", push_event.reason or "Unknown reason"); + else + -- handle push errors for this node + if push_errors[push_identifier] == nil then + push_errors[push_identifier] = 0; + end + module:hook("iq-error/host/"..stanza_id, handle_push_error); + module:hook("iq-result/host/"..stanza_id, handle_push_success); + id2node[stanza_id] = node; + id2identifier[stanza_id] = push_identifier; + module:send(push_publish); + pushes = pushes + 1; + end + end + end + return pushes; +end + +-- small helper function to extract relevant push settings +local function get_push_settings(stanza, session) + local to = stanza.attr.to; + local node = to and jid.split(to) or session.username; + local user_push_services = push_store:get(node); + return node, user_push_services; +end + +-- publish on offline message +module:hook("message/offline/handle", function(event) + local node, user_push_services = get_push_settings(event.stanza, event.origin); + module:log("debug", "Invoking cloud handle_notify_request() for offline stanza"); + handle_notify_request(event.stanza, node, user_push_services, true); +end, 1); + +-- publish on bare groupchat +-- this picks up MUC messages when there are no devices connected +module:hook("message/bare/groupchat", function(event) + module:log("debug", "Invoking cloud handle_notify_request() for bare groupchat stanza"); + local node, user_push_services = get_push_settings(event.stanza, event.origin); + handle_notify_request(event.stanza, node, user_push_services, true); +end, 1); + + +local function process_stanza_queue(queue, session, queue_type) + if not session.push_identifier then return; end + local user_push_services = {[session.push_identifier] = session.push_settings}; + local notified = { unimportant = false; important = false } + for i=1, #queue do + local stanza = queue[i]; + -- fast ignore of already pushed stanzas + if stanza and not (stanza._push_notify and stanza._push_notify[session.push_identifier]) then + local node = get_push_settings(stanza, session); + local stanza_type = "unimportant"; + if dummy_body and is_important(stanza) then stanza_type = "important"; end + if not notified[stanza_type] then -- only notify if we didn't try to push for this stanza type already + -- session.log("debug", "Invoking cloud handle_notify_request() for smacks queued stanza: %d", i); + if handle_notify_request(stanza, node, user_push_services, false) ~= 0 then + if session.hibernating and not session.first_hibernated_push then + -- if important stanzas are treated differently (pushed with last-message-body field set to dummy string) + -- if the message was important (e.g. had a last-message-body field) OR if we treat all pushes equally, + -- then record the time of first push in the session for the smack module which will extend its hibernation + -- timeout based on the value of session.first_hibernated_push + if not dummy_body or (dummy_body and is_important(stanza)) then + session.first_hibernated_push = os_time(); + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog (--> the start of our original timeout will be delayed until first push) + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + session.log("debug", "Cloud handle_notify_request() > 0, not notifying for other %s queued stanzas of type %s", queue_type, stanza_type); + notified[stanza_type] = true + end + end + end + if notified.unimportant and notified.important then break; end -- stop processing the queue if all push types are exhausted + end +end + +-- publish on unacked smacks message (use timer to send out push for all stanzas submitted in a row only once) +local function process_stanza(session, stanza) + if session.push_identifier then + session.log("debug", "adding new stanza to push_queue"); + if not session.push_queue then session.push_queue = {}; end + local queue = session.push_queue; + queue[#queue+1] = st.clone(stanza); + if not session.awaiting_push_timer then -- timer not already running --> start new timer + session.log("debug", "Invoking cloud handle_notify_request() for newly smacks queued stanza (in a moment)"); + session.awaiting_push_timer = module:add_timer(1.0, function () + session.log("debug", "Invoking cloud handle_notify_request() for newly smacks queued stanzas (now in timer)"); + process_stanza_queue(session.push_queue, session, "push"); + session.push_queue = {}; -- clean up queue after push + session.awaiting_push_timer = nil; + end); + end + end + return stanza; +end + +local function process_smacks_stanza(event) + local session = event.origin; + local stanza = event.stanza; + if not session.push_identifier then + session.log("debug", "NOT invoking cloud handle_notify_request() for newly smacks queued stanza (session.push_identifier is not set: %s)", + session.push_identifier + ); + else + process_stanza(session, stanza) + end +end + +-- smacks hibernation is started +local function hibernate_session(event) + local session = event.origin; + local queue = event.queue; + session.first_hibernated_push = nil; + if session.push_identifier and session.hibernating_watchdog then -- check for prosody 0.12 mod_smacks + -- save old watchdog callback and timeout + session.original_smacks_callback = session.hibernating_watchdog.callback; + session.original_smacks_timeout = session.hibernating_watchdog.timeout; + -- cancel old watchdog and create a new watchdog with extended timeout + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(extended_hibernation_timeout, function() + session.log("debug", "Push-extended smacks watchdog triggered"); + if session.original_smacks_callback then + session.log("debug", "Calling original smacks watchdog handler"); + session.original_smacks_callback(); + end + end); + end + -- process unacked stanzas + process_stanza_queue(queue, session, "smacks"); +end + +-- smacks hibernation is ended +local function restore_session(event) + local session = event.resumed; + if session then -- older smacks module versions send only the "intermediate" session in event.session and no session.resumed one + if session.awaiting_push_timer then + session.awaiting_push_timer:stop(); + session.awaiting_push_timer = nil; + end + session.first_hibernated_push = nil; + -- the extended smacks watchdog will be canceled by the smacks module, no need to anything here + end +end + +-- smacks ack is delayed +local function ack_delayed(event) + local session = event.origin; + local queue = event.queue; + local stanza = event.stanza; + if not session.push_identifier then return; end + if stanza then process_stanza(session, stanza); return; end -- don't iterate through smacks queue if we know which stanza triggered this + for i=1, #queue do + local queued_stanza = queue[i]; + -- process unacked stanzas (handle_notify_request() will only send push requests for new stanzas) + process_stanza(session, queued_stanza); + end +end + +-- archive message added +local function archive_message_added(event) + -- event is: { origin = origin, stanza = stanza, for_user = store_user, id = id } + -- only notify for new mam messages when at least one device is online + if not event.for_user or not host_sessions[event.for_user] then return; end + local stanza = event.stanza; + local user_session = host_sessions[event.for_user].sessions; + local to = stanza.attr.to; + to = to and jid.split(to) or event.origin.username; + + -- only notify if the stanza destination is the mam user we store it for + if event.for_user == to then + local user_push_services = push_store:get(to); + + -- Urgent stanzas are time-sensitive (e.g. calls) and should + -- be pushed immediately to avoid getting stuck in the smacks + -- queue in case of dead connections, for example + local is_urgent_stanza, urgent_reason = is_urgent(event.stanza); + + local notify_push_services; + if is_urgent_stanza then + module:log("debug", "Urgent push for %s (%s)", to, urgent_reason); + notify_push_services = user_push_services; + else + -- only notify nodes with no active sessions (smacks is counted as active and handled separate) + notify_push_services = {}; + for identifier, push_info in pairs(user_push_services) do + local identifier_found = nil; + for _, session in pairs(user_session) do + if session.push_identifier == identifier then + identifier_found = session; + break; + end + end + if identifier_found then + identifier_found.log("debug", "Not cloud notifying '%s' of new MAM stanza (session still alive)", identifier); + else + notify_push_services[identifier] = push_info; + end + end + end + + handle_notify_request(event.stanza, to, notify_push_services, true); + end +end + +module:hook("smacks-hibernation-start", hibernate_session); +module:hook("smacks-hibernation-end", restore_session); +module:hook("smacks-ack-delayed", ack_delayed); +module:hook("smacks-hibernation-stanza-queued", process_smacks_stanza); +module:hook("archive-message-added", archive_message_added); + +local function send_ping(event) + local user = event.user; + local push_services = event.push_services or push_store:get(user); + module:log("debug", "Handling event 'cloud-notify-ping' for user '%s'", user); + local retval = handle_notify_request(nil, user, push_services, true); + module:log("debug", "handle_notify_request() returned %s", tostring(retval)); +end +-- can be used by other modules to ping one or more (or all) push endpoints +module:hook("cloud-notify-ping", send_ping); + +module:log("info", "Module loaded"); +function module.unload() + module:log("info", "Unloading module"); + -- cleanup some settings, reloading this module can cause process_smacks_stanza() to stop working otherwise + for user, _ in pairs(host_sessions) do + for _, session in pairs(host_sessions[user].sessions) do + if session.awaiting_push_timer then session.awaiting_push_timer:stop(); end + session.awaiting_push_timer = nil; + session.push_queue = nil; + session.first_hibernated_push = nil; + -- check for prosody 0.12 mod_smacks + if session.hibernating_watchdog and session.original_smacks_callback and session.original_smacks_timeout then + -- restore old smacks watchdog + session.hibernating_watchdog:cancel(); + session.hibernating_watchdog = watchdog.new(session.original_smacks_timeout, session.original_smacks_callback); + end + end + end + module:log("info", "Module unloaded"); +end diff --git a/plugins/mod_invites.lua b/plugins/mod_invites.lua index 5ee9430a..1dfc8804 100644 --- a/plugins/mod_invites.lua +++ b/plugins/mod_invites.lua @@ -6,6 +6,14 @@ local jid_split = require "prosody.util.jid".split; local argparse = require "prosody.util.argparse"; local human_io = require "prosody.util.human.io"; +local url_escape = require "util.http".urlencode; +local render_url = require "util.interpolation".new("%b{}", url_escape, { + urlescape = url_escape; + noscheme = function (urlstring) + return (urlstring:gsub("^[^:]+:", "")); + end; +}); + local default_ttl = module:get_option_period("invite_expiry", "1 week"); local token_storage; @@ -202,6 +210,34 @@ function use(token) --luacheck: ignore 131/use return invite and invite:use(); end +-- Point at e.g. a deployment of https://github.com/modernxmpp/easy-xmpp-invitation +-- This URL must always be absolute, as it is shared standalone +local invite_url_template = module:get_option_string("invites_page"); +local invites_page_supports = module:get_option_set("invites_page_supports", { "account", "contact", "account-and-contact" }); + +local function add_landing_url(invite) + if not invite_url_template or invite.landing_page then return; end + + -- Determine whether this type of invitation is supported by the landing page + local invite_type; + if invite.type == "register" then + invite_type = "account"; + elseif invite.type == "roster" then + if invite.allow_registration then + invite_type = "account-and-contact"; + else + invite_type = "contact-only"; + end + end + if not invites_page_supports:contains(invite_type) then + return; -- Invitation type unsupported + end + + invite.landing_page = render_url(invite_url_template, { host = module.host, invite = invite }); +end + +module:hook("invite-created", add_landing_url, -1); + --- shell command module:add_item("shell-command", { section = "invite"; diff --git a/plugins/mod_pubsub/commands.lib.lua b/plugins/mod_pubsub/commands.lib.lua index 59bddec8..d07b226f 100644 --- a/plugins/mod_pubsub/commands.lib.lua +++ b/plugins/mod_pubsub/commands.lib.lua @@ -7,22 +7,6 @@ local function add_commands(get_service) module:add_item("shell-command", { section = "pubsub"; section_desc = "Manage publish/subscribe nodes"; - name = "create_node"; - desc = "Create a node with the specified name"; - args = { - { name = "service_jid", type = "string" }; - { name = "node_name", type = "string" }; - }; - host_selector = "service_jid"; - - handler = function (self, service_jid, node_name) --luacheck: ignore 212/self - return get_service(service_jid):create(node_name, true); - end; - }); - - module:add_item("shell-command", { - section = "pubsub"; - section_desc = "Manage publish/subscribe nodes"; name = "list_nodes"; desc = "List nodes on a pubsub service"; args = { diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 413047e0..5a590893 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -184,7 +184,7 @@ module:hook("host-disco-items", function (event) if not ok then return; end - for node, node_obj in pairs(ret) do + for node in pairs(ret) do local ok, meta = service:get_node_metadata(node, stanza.attr.from); if ok then reply:tag("item", { jid = module.host, node = node, name = meta.title }):up(); @@ -208,7 +208,7 @@ local function get_affiliation(jid, _, action) -- Only one affiliation is allowed to create nodes by default return "owner"; end - if module:may(":service-admin", bare_jid) then + if module:could(":service-admin", bare_jid) then return admin_aff; end end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 3f606160..fa0588b2 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -14,11 +14,11 @@ local t_concat = table.concat; local have_dbisql, dbisql = pcall(require, "prosody.util.sql"); local have_sqlite, sqlite = pcall(require, "prosody.util.sqlite3"); if not have_dbisql then - module:log("debug", "Could not load LuaDBI, error was: %s", dbisql) + module:log("debug", "Could not load LuaDBI: %s", dbisql) dbisql = nil; end if not have_sqlite then - module:log("debug", "Could not load LuaSQLite3, error was: %s", sqlite) + module:log("debug", "Could not load LuaSQLite3: %s", sqlite) sqlite = nil; end if not (have_dbisql or have_sqlite) then @@ -38,6 +38,20 @@ local function iterator(result) end, result, nil; end +-- COMPAT Support for UPSERT is not in all versions of all compatible databases. +local function has_upsert(engine) + if engine.params.driver == "SQLite3" then + -- SQLite3 >= 3.24.0 + return (engine.sqlite_version[2] or 0) >= 24; + elseif engine.params.driver == "PostgreSQL" then + -- PostgreSQL >= 9.5 + -- Versions without support have long since reached end of life. + return true; + end + -- We don't support UPSERT on MySQL/MariaDB, they seem to have a completely different syntax, uncertaint from which versions. + return false +end + local default_params = { driver = "SQLite3" }; local engine; @@ -225,7 +239,7 @@ function map_store:set_keys(username, keydatas) LIMIT 1; ]]; for key, data in pairs(keydatas) do - if type(key) == "string" and key ~= "" and engine.params.driver ~= "MySQL" and data ~= self.remove then + if type(key) == "string" and key ~= "" and has_upsert(engine) and data ~= self.remove then local t, value = assert(serialize(data)); engine:insert(upsert_sql, host, username or "", self.store, key, t, value, t, value); elseif type(key) == "string" and key ~= "" then @@ -933,6 +947,14 @@ function module.load() local opt, val = option:match("^([^=]+)=(.*)$"); compile_options[opt or option] = tonumber(val) or val or true; end + -- COMPAT Need to check SQLite3 version because SQLCipher 3.x was based on SQLite3 prior to 3.24.0 when UPSERT was introduced + for row in engine:select("SELECT sqlite_version()") do + local version = {}; + for n in row[1]:gmatch("%d+") do + table.insert(version, tonumber(n)); + end + engine.sqlite_version = version; + end engine.sqlite_compile_options = compile_options; local journal_mode = "delete"; @@ -1003,7 +1025,7 @@ function module.command(arg) end print(""); print("Ensure you have working backups of the above databases before continuing! "); - if not hi.show_yesno("Continue with the database upgrade? [yN]") then + if false == hi.show_yesno("Continue with the database upgrade? [yN]") then print("Ok, no upgrade. But you do have backups, don't you? ...don't you?? :-)"); return; end @@ -78,8 +78,6 @@ local read_password = human_io.read_password; local call_luarocks = prosodyctl.call_luarocks; local error_messages = prosodyctl.error_messages; -local jid_split = require "prosody.util.jid".prepped_split; - local prosodyctl_timeout = (configmanager.get("*", "prosodyctl_timeout") or 5) * 2; ----------------------- local commands = {}; @@ -475,6 +473,28 @@ function commands.about(arg) print(""); end +function commands.version(arg) + local flags = { short_params = { h = "help"; ["?"] = "help", v = "verbose" } }; + local opts = parse_args(arg, flags); + if opts.help then + show_usage("version [-v]", [[Show current Prosody version, or more]]); + return 0; + elseif opts.verbose then + return commands.about(arg); + end + + print("Prosody "..(prosody.version or "(unknown version)")); +end + +function commands.lua_paths() + local function shell_escape(s) + return "'" .. tostring(s):gsub("'",[['\'']]) .. "'"; + end + + print("LUA_PATH="..shell_escape(package.path)); + print("LUA_CPATH="..shell_escape(package.cpath)); +end + function commands.reload(arg) local opts = parse_args(arg, only_help); if opts.help then @@ -620,7 +640,7 @@ local command_runner = async.runner(function () if not commands[command] then -- Show help for all commands function show_usage(usage, desc) - print(string.format(" %-11s %s", usage, desc)); + print(string.format(" %-14s %s", usage, desc)); end print("prosodyctl - Manage a Prosody server"); @@ -629,7 +649,7 @@ local command_runner = async.runner(function () print(""); print("Where COMMAND may be one of:"); - local hidden_commands = require "prosody.util.set".new{ "register", "unregister" }; + local hidden_commands = require "prosody.util.set".new{ "register", "unregister", "lua_paths" }; local commands_order = { "Process management:", "start"; "stop"; "restart"; "reload"; "status"; @@ -639,8 +659,8 @@ local command_runner = async.runner(function () "Plugin management:", "install"; "remove"; "list"; "Informative:", - "about", "check", + "version", "Other:", "cert", }; diff --git a/spec/scansion/admins.txt b/spec/scansion/admins.txt new file mode 100644 index 00000000..db9fa85a --- /dev/null +++ b/spec/scansion/admins.txt @@ -0,0 +1 @@ +admin@localhost diff --git a/spec/scansion/prosody.cfg.lua b/spec/scansion/prosody.cfg.lua index 58889fd7..91c86644 100644 --- a/spec/scansion/prosody.cfg.lua +++ b/spec/scansion/prosody.cfg.lua @@ -1,6 +1,6 @@ --luacheck: ignore -admins = { "admin@localhost" } +admins = FileLines("admins.txt") network_backend = ENV_PROSODY_NETWORK_BACKEND or "epoll" network_settings = Lua.require"prosody.util.json".decode(ENV_PROSODY_NETWORK_SETTINGS or "{}") diff --git a/util-src/signal.c b/util-src/signal.c index 76d25d6f..52bdf735 100644 --- a/util-src/signal.c +++ b/util-src/signal.c @@ -30,10 +30,14 @@ #define _GNU_SOURCE #endif +#ifdef __linux__ +#define HAVE_SIGNALFD +#endif + #include <signal.h> #include <stdlib.h> -#ifdef __linux__ #include <unistd.h> +#ifdef HAVE_SIGNALFD #include <sys/signalfd.h> #endif @@ -372,18 +376,35 @@ static int l_kill(lua_State *L) { #endif -#ifdef __linux__ struct lsignalfd { int fd; sigset_t mask; +#ifndef HAVE_SIGNALFD + int write_fd; +#endif }; +#ifndef HAVE_SIGNALFD +#define MAX_SIGNALFD 32 +struct lsignalfd signalfds[MAX_SIGNALFD]; +static int signalfd_num = 0; +static void signal2fd(int sig) { + for(int i = 0; i < signalfd_num; i++) { + if(sigismember(&signalfds[i].mask, sig)) { + write(signalfds[i].write_fd, &sig, sizeof(sig)); + } + } +} +#endif + static int l_signalfd(lua_State *L) { struct lsignalfd *sfd = lua_newuserdata(L, sizeof(struct lsignalfd)); + int sig = luaL_checkinteger(L, 1); sigemptyset(&sfd->mask); - sigaddset(&sfd->mask, luaL_checkinteger(L, 1)); + sigaddset(&sfd->mask, sig); +#ifdef HAVE_SIGNALFD if (sigprocmask(SIG_BLOCK, &sfd->mask, NULL) != 0) { lua_pushnil(L); return 1; @@ -396,6 +417,30 @@ static int l_signalfd(lua_State *L) { return 1; } +#else + + if(signalfd_num >= MAX_SIGNALFD) { + lua_pushnil(L); + return 1; + } + + if(signal(sig, signal2fd) == SIG_ERR) { + lua_pushnil(L); + return 1; + } + + int pipefd[2]; + + if(pipe(pipefd) == -1) { + lua_pushnil(L); + return 1; + } + + sfd->fd = pipefd[0]; + sfd->write_fd = pipefd[1]; + signalfds[signalfd_num++] = *sfd; +#endif + luaL_setmetatable(L, "signalfd"); return 1; } @@ -414,14 +459,28 @@ static int l_signalfd_getfd(lua_State *L) { static int l_signalfd_read(lua_State *L) { struct lsignalfd *sfd = luaL_checkudata(L, 1, "signalfd"); +#ifdef HAVE_SIGNALFD struct signalfd_siginfo siginfo; if(read(sfd->fd, &siginfo, sizeof(siginfo)) < 0) { return 0; } + lua_pushinteger(L, siginfo.ssi_signo); return 1; + +#else + int signo; + + if(read(sfd->fd, &signo, sizeof(int)) < 0) { + return 0; + } + + lua_pushinteger(L, signo); + return 1; +#endif + } static int l_signalfd_close(lua_State *L) { @@ -432,11 +491,25 @@ static int l_signalfd_close(lua_State *L) { return 1; } +#ifndef HAVE_SIGNALFD + + if(close(sfd->write_fd) != 0) { + lua_pushboolean(L, 0); + return 1; + } + + for(int i = signalfd_num; i > 0; i--) { + if(signalfds[i].fd == sfd->fd) { + signalfds[i] = signalfds[signalfd_num--]; + } + } + +#endif + sfd->fd = -1; lua_pushboolean(L, 1); return 1; } -#endif static const struct luaL_Reg lsignal_lib[] = { {"signal", l_signal}, @@ -444,9 +517,7 @@ static const struct luaL_Reg lsignal_lib[] = { #if defined(__unix__) || defined(__APPLE__) {"kill", l_kill}, #endif -#ifdef __linux__ {"signalfd", l_signalfd}, -#endif {NULL, NULL} }; @@ -454,7 +525,6 @@ int luaopen_prosody_util_signal(lua_State *L) { luaL_checkversion(L); int i = 0; -#ifdef __linux__ luaL_newmetatable(L, "signalfd"); lua_pushcfunction(L, l_signalfd_close); lua_setfield(L, -2, "__gc"); @@ -469,7 +539,6 @@ int luaopen_prosody_util_signal(lua_State *L) { } lua_setfield(L, -2, "__index"); lua_pop(L, 1); -#endif /* add the library */ lua_newtable(L); diff --git a/util/bitcompat.lua b/util/bitcompat.lua index 43fd0f6e..537914a7 100644 --- a/util/bitcompat.lua +++ b/util/bitcompat.lua @@ -3,7 +3,7 @@ -- First try the bit32 lib -- Lua 5.3 has it with compat enabled -- Lua 5.2 has it by default -if _G.bit32 then +if rawget(_G, "bit32") then return _G.bit32; end diff --git a/util/prosodyctl/shell.lua b/util/prosodyctl/shell.lua index c1cd8f46..d6d885d8 100644 --- a/util/prosodyctl/shell.lua +++ b/util/prosodyctl/shell.lua @@ -180,5 +180,4 @@ end return { shell = start; - check_host = check_host; }; diff --git a/util/sql.lua b/util/sql.lua index c897d734..2f0ec493 100644 --- a/util/sql.lua +++ b/util/sql.lua @@ -84,6 +84,12 @@ function engine:connect() dbh:autocommit(false); -- don't commit automatically self.conn = dbh; self.prepared = {}; + if params.password then + local ok, err = self:execute(("PRAGMA key='%s'"):format(dbh:quote(params.password))); + if not ok then + return ok, err; + end + end local ok, err = self:set_encoding(); if not ok then return ok, err; diff --git a/util/sqlite3.lua b/util/sqlite3.lua index 470eb46d..fec2d162 100644 --- a/util/sqlite3.lua +++ b/util/sqlite3.lua @@ -114,6 +114,12 @@ function engine:connect() if not dbh then return nil, err; end self.conn = dbh; self.prepared = {}; + if params.password then + local ok, err = self:execute(("PRAGMA key='%s'"):format((params.password:gsub("'", "''")))); + if not ok then + return ok, err; + end + end local ok, err = self:set_encoding(); if not ok then return ok, err; diff --git a/util/startup.lua b/util/startup.lua index caae895d..c54fa56d 100644 --- a/util/startup.lua +++ b/util/startup.lua @@ -266,8 +266,13 @@ function startup.init_global_state() full_sessions = prosody.full_sessions; hosts = prosody.hosts; - prosody.paths = { source = CFG_SOURCEDIR, config = CFG_CONFIGDIR or ".", - plugins = CFG_PLUGINDIR or "plugins", data = "data" }; + prosody.paths = { + source = CFG_SOURCEDIR; + config = CFG_CONFIGDIR or "."; + plugins = CFG_PLUGINDIR or "plugins"; + data = "data"; + credentials = os.getenv("CREDENTIALS_DIRECTORY"); + }; prosody.arg = _G.arg; |