diff options
76 files changed, 5044 insertions, 2314 deletions
@@ -26,7 +26,10 @@ install: prosody.install prosodyctl.install prosody.cfg.lua.install util/encodin install -m755 ./prosodyctl.install $(BIN)/prosodyctl install -m644 core/* $(SOURCE)/core install -m644 net/* $(SOURCE)/net - install -m644 util/* $(SOURCE)/util + install -m644 util/*.lua $(SOURCE)/util + install -m644 util/*.so $(SOURCE)/util + install -d $(SOURCE)/util/sasl + install -m644 util/sasl/* $(SOURCE)/util/sasl install -m644 fallbacks/* $(SOURCE)/fallbacks install -m644 plugins/*.lua $(MODULES) install -d $(MODULES)/muc @@ -16,7 +16,7 @@ CC=gcc LD=gcc CFLAGS="-fPIC -Wall" -LFLAGS="-shared" +LDFLAGS="-shared" # Help @@ -26,7 +26,7 @@ Configure Prosody prior to building. --help This help. --ostype=OS Use one of the OS presets. - May be one of: debian, macosx + May be one of: debian, macosx, linux --prefix=DIR Prefix where Prosody should be installed. Default is $PREFIX --sysconfdir=DIR Location where the config file should be installed. @@ -47,8 +47,8 @@ Configure Prosody prior to building. Default is $OPENSSL_LIB --cflags=FLAGS Flags to pass to the compiler Default is $CFLAGS ---lflags=FLAGS Flags to pass to the linker - Default is $LFLAGS +--ldflags=FLAGS Flags to pass to the linker + Default is $LDFLAGS --c-compiler=CC The C compiler to use when building modules. Default is $CC --linker=CC The linker to use when building modules. @@ -107,25 +107,25 @@ do ;; --with-lua-lib=*) LUA_LIBDIR="$value" LUA_LIBDIR_SET=yes - ;; + ;; --with-idn=*) IDN_LIB="$value" - ;; + ;; --with-ssl=*) OPENSSL_LIB="$value" - ;; + ;; --cflags=*) CFLAGS="$value" - ;; - --lflags=*) - LFLAGS="$value" - ;; + ;; + --ldflags=*) + LDFLAGS="$value" + ;; --c-compiler=*) CC="$value" - ;; + ;; --linker=*) LD="$value" - ;; + ;; *) echo "Error: Unknown flag: $1" exit 1 @@ -144,12 +144,20 @@ then fi if [ "$OSTYPE" = "macosx" ] then LUA_INCDIR=/usr/local/include; - LUA_INCDIR_SET=yes + LUA_INCDIR_SET=yes LUA_LIBDIR=/usr/local/lib LUA_LIBDIR_SET=yes CFLAGS="-Wall" - LFLAGS="-bundle -undefined dynamic_lookup" - fi + LDFLAGS="-bundle -undefined dynamic_lookup" + fi + if [ "$OSTYPE" = "linux" ] + then LUA_INCDIR=/usr/local/include; + LUA_INCDIR_SET=yes + LUA_LIBDIR=/usr/local/lib + LUA_LIBDIR_SET=yes + CFLAGS="-Wall -fPIC" + LDFLAGS="-shared" + fi fi if [ "$PREFIX_SET" = "yes" -a ! "$SYSCONFDIR_SET" = "yes" ] @@ -299,7 +307,7 @@ REQUIRE_CONFIG=$REQUIRE_CONFIG IDN_LIB=$IDN_LIB OPENSSL_LIB=$OPENSSL_LIB CFLAGS=$CFLAGS -LFLAGS=$LFLAGS +LDFLAGS=$LDFLAGS CC=$CC LD=$LD diff --git a/core/actions.lua b/core/actions.lua deleted file mode 100644 index 5c2525e0..00000000 --- a/core/actions.lua +++ /dev/null @@ -1,27 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2009 Matthew Wild --- Copyright (C) 2008-2009 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -
-local actions = {};
-
-function register(path, t)
- local curr = actions;
- for comp in path:gmatch("([^/]+)/") do
- if curr[comp] == nil then
- curr[comp] = {};
- end
- curr = curr[comp];
- if type(curr) ~= "table" then
- return nil, "path-taken";
- end
- end
- curr[path:match("/([^/]+)$")] = t;
- return true;
-end
-
-return { actions = actions, register= register };
\ No newline at end of file diff --git a/core/certmanager.lua b/core/certmanager.lua new file mode 100644 index 00000000..e5fabdce --- /dev/null +++ b/core/certmanager.lua @@ -0,0 +1,35 @@ +local configmanager = require "core.configmanager"; +local ssl = ssl; +local ssl_newcontext = ssl and ssl.newcontext; + +local setmetatable = setmetatable; + +local prosody = prosody; + +module "certmanager" + +-- These are the defaults if not overridden in the config +local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; +local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; + +local default_ssl_ctx_mt = { __index = default_ssl_ctx }; +local default_ssl_ctx_in_mt = { __index = default_ssl_ctx_in }; + +-- Global SSL options if not overridden per-host +local default_ssl_config = configmanager.get("*", "core", "ssl"); + +function get_context(host, mode, config) + local ssl_config = config and config.core.ssl or default_ssl_config; + if ssl and ssl_config then + return ssl_newcontext(setmetatable(ssl_config, mode == "client" and default_ssl_ctx_mt or default_ssl_ctx_in_mt)); + end + return nil; +end + +function reload_ssl_config() + default_ssl_config = config.get("*", "core", "ssl"); +end + +prosody.events.add_handler("config-reloaded", reload_ssl_config); + +return _M; diff --git a/core/componentmanager.lua b/core/componentmanager.lua index a16c01d2..a7c24617 100644 --- a/core/componentmanager.lua +++ b/core/componentmanager.lua @@ -14,9 +14,11 @@ local jid_split = require "util.jid".split; local fire_event = require "core.eventmanager".fire_event; local events_new = require "util.events".new; local st = require "util.stanza"; -local hosts = hosts; +local prosody, hosts = prosody, prosody.hosts; +local ssl = ssl; +local uuid_gen = require "util.uuid".generate; -local pairs, type, tostring = pairs, type, tostring; +local pairs, setmetatable, type, tostring = pairs, setmetatable, type, tostring; local components = {}; @@ -73,18 +75,25 @@ end function create_component(host, component, events) -- TODO check for host well-formedness - local ssl_ctx; - if host then + local ssl_ctx, ssl_ctx_in; + if host and ssl then -- We need to find SSL context to use... -- Discussion in prosody@ concluded that -- 1 level back is usually enough by default local base_host = host:gsub("^[^%.]+%.", ""); if hosts[base_host] then ssl_ctx = hosts[base_host].ssl_ctx; + ssl_ctx_in = hosts[base_host].ssl_ctx_in; + elseif prosody.global_ssl_ctx then + -- We have no cert, and no parent host to borrow a cert from + -- Use global/default cert if there is one + ssl_ctx = ssl.newcontext(prosody.global_ssl_ctx); + ssl_ctx_in = ssl.newcontext(setmetatable({ mode = "server" }, { __index = prosody.global_ssl_ctx })); end end return { type = "component", host = host, connected = true, s2sout = {}, - ssl_ctx = ssl_ctx, events = events or events_new() }; + ssl_ctx = ssl_ctx, ssl_ctx_in = ssl_ctx_in, events = events or events_new(), + dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen() }; end function register_component(host, component, session) @@ -93,12 +102,16 @@ function register_component(host, component, session) components[host] = component; hosts[host] = session or create_component(host, component, old_events); - + -- Add events object if not already one if not hosts[host].events then hosts[host].events = old_events or events_new(); end - + + if not hosts[host].dialback_secret then + hosts[host].dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen(); + end + -- add to disco_items if not(host:find("@", 1, true) or host:find("/", 1, true)) and host:find(".", 1, true) then disco_items:set(host:sub(host:find(".", 1, true)+1), host, true); diff --git a/core/configmanager.lua b/core/configmanager.lua index 1fbe83b8..ada14051 100644 --- a/core/configmanager.lua +++ b/core/configmanager.lua @@ -9,8 +9,8 @@ local _G = _G; -local setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type = - setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type; +local setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type, pairs, table = + setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type, pairs, table; local eventmanager = require "core.eventmanager"; @@ -67,7 +67,7 @@ function load(filename, format) if parsers[format] and parsers[format].load then local f, err = io.open(filename); - if f then + if f then local ok, err = parsers[format].load(f:read("*a"), filename); f:close(); if ok then @@ -94,6 +94,15 @@ function addparser(format, parser) end end +-- _M needed to avoid name clash with local 'parsers' +function _M.parsers() + local p = {}; + for format in pairs(parsers) do + table.insert(p, format); + end + return p; +end + -- Built-in Lua parser do local loadstring, pcall, setmetatable = _G.loadstring, _G.pcall, _G.setmetatable; diff --git a/core/hostmanager.lua b/core/hostmanager.lua index f89eaeba..038085c3 100644 --- a/core/hostmanager.lua +++ b/core/hostmanager.lua @@ -9,20 +9,19 @@ local ssl = ssl local hosts = hosts; +local certmanager = require "core.certmanager"; local configmanager = require "core.configmanager"; local eventmanager = require "core.eventmanager"; local modulemanager = require "core.modulemanager"; local events_new = require "util.events".new; +local uuid_gen = require "util.uuid".generate; + if not _G.prosody.incoming_s2s then require "core.s2smanager"; end local incoming_s2s = _G.prosody.incoming_s2s; --- These are the defaults if not overridden in the config -local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; -local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; - local log = require "util.logger".init("hostmanager"); local pairs, setmetatable = pairs, setmetatable; @@ -46,11 +45,12 @@ end eventmanager.add_event_hook("server-starting", load_enabled_hosts); function activate(host, host_config) - hosts[host] = {type = "local", connected = true, sessions = {}, - host = host, s2sout = {}, events = events_new(), - disallow_s2s = configmanager.get(host, "core", "disallow_s2s") - or (configmanager.get(host, "core", "anonymous_login") - and (configmanager.get(host, "core", "disallow_s2s") ~= false)) + hosts[host] = {type = "local", connected = true, sessions = {}, + host = host, s2sout = {}, events = events_new(), + disallow_s2s = configmanager.get(host, "core", "disallow_s2s") + or (configmanager.get(host, "core", "anonymous_login") + and (configmanager.get(host, "core", "disallow_s2s") ~= false)); + dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen(); }; for option_name in pairs(host_config.core) do if option_name:match("_ports$") then @@ -58,14 +58,9 @@ function activate(host, host_config) end end - if ssl then - local ssl_config = host_config.core.ssl or configmanager.get("*", "core", "ssl"); - if ssl_config then - hosts[host].ssl_ctx = ssl.newcontext(setmetatable(ssl_config, { __index = default_ssl_ctx })); - hosts[host].ssl_ctx_in = ssl.newcontext(setmetatable(ssl_config, { __index = default_ssl_ctx_in })); - end - end - + hosts[host].ssl_ctx = certmanager.get_context(host, "client", host_config); -- for outgoing connections + hosts[host].ssl_ctx_in = certmanager.get_context(host, "server", host_config); -- for incoming connections + log((hosts_loaded_once and "info") or "debug", "Activated host: %s", host); eventmanager.fire_event("host-activated", host, host_config); end diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua index c26fdc71..4154e1a7 100644 --- a/core/loggingmanager.lua +++ b/core/loggingmanager.lua @@ -17,6 +17,12 @@ local math_max, rep = math.max, string.rep; local os_date, os_getenv = os.date, os.getenv; local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring; +if os.getenv("__FLUSH_LOG") then + local io_flush = io.flush; + local _io_write = io_write; + io_write = function(...) _io_write(...); io_flush(); end +end + local config = require "core.configmanager"; local eventmanager = require "core.eventmanager"; local logger = require "util.logger"; diff --git a/core/modulemanager.lua b/core/modulemanager.lua index 9cd56187..d8418d83 100644 --- a/core/modulemanager.lua +++ b/core/modulemanager.lua @@ -13,7 +13,6 @@ local log = logger.init("modulemanager"); local eventmanager = require "core.eventmanager"; local config = require "core.configmanager"; local multitable_new = require "util.multitable".new; -local register_actions = require "core.actions".register; local st = require "util.stanza"; local pluginloader = require "util.pluginloader"; @@ -28,7 +27,9 @@ local type = type; local next = next; local rawget = rawget; local error = error; -local tostring = tostring; +local tostring, tonumber = tostring, tonumber; + +local array, set = require "util.array", require "util.set"; local autoload_modules = {"presence", "message", "iq"}; @@ -156,6 +157,7 @@ function load(host, module_name, config) log("error", "Error initializing module '%s' on '%s': %s", module_name, host, err or "nil"); end if success then + hosts[host].events.fire_event("module-loaded", { module = module_name, host = host }); return true; else -- load failed, unloading unload(api_instance.host, module_name); @@ -172,7 +174,7 @@ function is_loaded(host, name) end function unload(host, name, ...) - local mod = get_module(host, name); + local mod = get_module(host, name); if not mod then return nil, "module-not-loaded"; end if module_has_method(mod, "unload") then @@ -197,7 +199,17 @@ function unload(host, name, ...) end end hooks:remove(host, name); + if mod.module.items then -- remove items + for key,t in pairs(mod.module.items) do + for i = #t,1,-1 do + local value = t[i]; + t[i] = nil; + hosts[host].events.fire_event("item-removed/"..key, {source = self, item = value}); + end + end + end modulemap[host][name] = nil; + hosts[host].events.fire_event("module-unloaded", { module = name, host = host }); return true; end @@ -278,7 +290,7 @@ function module_has_method(module, method) end function call_module_method(module, method, ...) - if module_has_method(module, method) then + if module_has_method(module, method) then local f = module.module[method]; return pcall(f, ...); else @@ -287,7 +299,7 @@ function call_module_method(module, method, ...) end ----- API functions exposed to modules ----------- --- Must all be in api.* +-- Must all be in api.* -- Returns the name of the current module function api:get_name() @@ -400,6 +412,85 @@ function api:get_option(name, default_value) return value; end +function api:get_option_string(name, default_value) + local value = self:get_option(name, default_value); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + if value == nil then + return nil; + end + return tostring(value); +end + +function api:get_option_number(name, ...) + local value = self:get_option(name, ...); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + local ret = tonumber(value); + if value ~= nil and ret == nil then + self:log("error", "Config option '%s' not understood, expecting a number", name); + end + return ret; +end + +function api:get_option_boolean(name, ...) + local value = self:get_option(name, ...); + if type(value) == "table" then + if #value > 1 then + self:log("error", "Config option '%s' does not take a list, using just the first item", name); + end + value = value[1]; + end + if value == nil then + return nil; + end + local ret = value == true or value == "true" or value == 1 or nil; + if ret == nil then + ret = (value == false or value == "false" or value == 0); + if ret then + ret = false; + else + ret = nil; + end + end + if ret == nil then + self:log("error", "Config option '%s' not understood, expecting true/false", name); + end + return ret; +end + +function api:get_option_array(name, ...) + local value = self:get_option(name, ...); + + if value == nil then + return nil; + end + + if type(value) ~= "table" then + return array{ value }; -- Assume any non-list is a single-item list + end + + return array():append(value); -- Clone +end + +function api:get_option_set(name, ...) + local value = self:get_option_array(name, ...); + + if value == nil then + return nil; + end + + return set.new(value); +end + local t_remove = _G.table.remove; local module_items = multitable_new(); function api:add_item(key, value) @@ -440,19 +531,4 @@ function api:get_host_items(key) return result; end --------------------------------------------------------------------- - -local actions = {}; - -function actions.load(params) - --return true, "Module loaded ("..params.module.." on "..params.host..")"; - return load(params.host, params.module); -end - -function actions.unload(params) - return unload(params.host, params.module); -end - -register_actions("/modules", actions); - return _M; diff --git a/core/objectmanager.lua b/core/objectmanager.lua deleted file mode 100644 index e96cbd90..00000000 --- a/core/objectmanager.lua +++ /dev/null @@ -1,68 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2009 Matthew Wild --- Copyright (C) 2008-2009 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -
-local new_multitable = require "util.multitable".new;
-local t_insert = table.insert;
-local t_concat = table.concat;
-local tostring = tostring;
-local unpack = unpack;
-local pairs = pairs;
-local error = error;
-local type = type;
-local _G = _G;
-
-local data = new_multitable();
-
-module "objectmanager"
-
-function set(...)
- return data:set(...);
-end
-function remove(...)
- return data:remove(...);
-end
-function get(...)
- return data:get(...);
-end
-
-local function get_path(path)
- if type(path) == "table" then return path; end
- local s = {};
- for part in tostring(path):gmatch("[%w_]+") do
- t_insert(s, part);
- end
- return s;
-end
-
-function get_object(path)
- path = get_path(path)
- return data:get(unpack(path)), path;
-end
-function set_object(path, object)
- path = get_path(path);
- data:set(unpack(path), object);
-end
-
-data:set("ls", function(_dir)
- local obj, dir = get_object(_dir);
- if not obj then error("object not found: " .. t_concat(dir, '/')); end
- local r = {};
- if type(obj) == "table" then
- for key, val in pairs(obj) do
- r[key] = type(val);
- end
- end
- return r;
-end);
-data:set("get", get_object);
-data:set("set", set_object);
-data:set("echo", function(...) return {...}; end);
-data:set("_G", _G);
-
-return _M;
diff --git a/core/s2smanager.lua b/core/s2smanager.lua index 3613707c..d8ceb4ef 100644 --- a/core/s2smanager.lua +++ b/core/s2smanager.lua @@ -36,8 +36,6 @@ local log = logger_init("s2smanager"); local sha256_hash = require "util.hashes".sha256; -local dialback_secret = uuid_gen(); - local adns, dns = require "net.adns", require "net.dns"; local config = require "core.configmanager"; local connect_timeout = config.get("*", "core", "s2s_timeout") or 60; @@ -52,7 +50,7 @@ module "s2smanager" local function compare_srv_priorities(a,b) return a.priority < b.priority or a.weight < b.weight; end -local function bounce_sendq(session) +local function bounce_sendq(session, reason) local sendq = session.sendq; if sendq then session.log("info", "sending error replies for "..#sendq.." queued stanzas because of failed outgoing connection to "..tostring(session.to_host)); @@ -70,6 +68,9 @@ local function bounce_sendq(session) reply.attr.type = "error"; reply:tag("error", {type = "cancel"}) :tag("remote-server-not-found", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); + if reason then + reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):text("Connection failed: "..reason):up(); + end core_process_stanza(dummy, reply); end sendq[i] = nil; @@ -79,15 +80,15 @@ local function bounce_sendq(session) end function send_to_host(from_host, to_host, data) + if not hosts[from_host] then + log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); + return false; + end local host = hosts[from_host].s2sout[to_host]; if host then -- We have a connection to this host already - if host.type == "s2sout_unauthed" and data.name ~= "db:verify" and ((not data.xmlns) or data.xmlns == "jabber:client" or data.xmlns == "jabber:server") then + if host.type == "s2sout_unauthed" and (data.name ~= "db:verify" or not host.dialback_key) and ((not data.xmlns) or data.xmlns == "jabber:client" or data.xmlns == "jabber:server") then (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); - if not host.notopen and not host.dialback_key and host.sends2s then - host.log("debug", "dialback had not been initiated"); - initiate_dialback(host); - end -- Queue stanza until we are able to send it if host.sendq then t_insert(host.sendq, {tostring(data), st.reply(data)}); @@ -110,6 +111,7 @@ function send_to_host(from_host, to_host, data) else log("debug", "opening a new outgoing connection for this stanza"); local host_session = new_outgoing(from_host, to_host); + -- Store in buffer host_session.sendq = { {tostring(data), st.reply(data)} }; log("debug", "stanza [%s] queued until connection complete", tostring(data.name)); @@ -131,7 +133,7 @@ function new_incoming(conn) open_sessions = open_sessions + 1; local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$")); session.log = log; - session.sends2s = function (t) log("debug", "sending: %s", tostring(t)); w(tostring(t)); end + session.sends2s = function (t) log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)")); w(conn, tostring(t)); end incoming_s2s[session] = true; add_task(connect_timeout, function () if session.conn ~= conn or @@ -139,16 +141,17 @@ function new_incoming(conn) return; -- Ok, we're connect[ed|ing] end -- Not connected, need to close session and clean up - (session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", + (session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", session.from_host or "(unknown)", session.to_host or "(unknown)"); session:close("connection-timeout"); end); return session; end -function new_outgoing(from_host, to_host) - local host_session = { to_host = to_host, from_host = from_host, host = from_host, - notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; +function new_outgoing(from_host, to_host, connect) + local host_session = { to_host = to_host, from_host = from_host, host = from_host, + notopen = true, type = "s2sout_unauthed", direction = "outgoing", + open_stream = session_open_stream }; hosts[from_host].s2sout[to_host] = host_session; @@ -159,10 +162,12 @@ function new_outgoing(from_host, to_host) host_session.log = log; end - -- This is the first call, can't fail (the first step is DNS lookup) - attempt_connection(host_session); + if connect ~= false then + -- Kick the connection attempting machine into life + attempt_connection(host_session); + end - if not host_session.sends2s then + if not host_session.sends2s then -- A sends2s which buffers data (until the stream is opened) -- note that data in this buffer will be sent before the stream is authed -- and will not be ack'd in any way, successful or otherwise @@ -176,7 +181,6 @@ function new_outgoing(from_host, to_host) buffer[#buffer+1] = data; log("debug", "Buffered item %d: %s", #buffer, tostring(data)); end - end return host_session; @@ -187,6 +191,10 @@ function attempt_connection(host_session, err) local from_host, to_host = host_session.from_host, host_session.to_host; local connect_host, connect_port = idna_to_ascii(to_host), 5269; + if not connect_host then + return false; + end + if not err then -- This is our first attempt log("debug", "First attempt to connect to %s, starting with SRV lookup...", to_host); host_session.connecting = true; @@ -217,7 +225,7 @@ function attempt_connection(host_session, err) if not ok then if not attempt_connection(host_session, err) then -- No more attempts will be made - destroy_session(host_session); + destroy_session(host_session, err); end end end, "_xmpp-server._tcp."..connect_host..".", "SRV"); @@ -277,7 +285,7 @@ function try_connect(host_session, connect_host, connect_port) log("debug", "DNS lookup failed to get a response for %s", connect_host); if not attempt_connection(host_session, "name resolution failed") then -- Retry if we can log("debug", "No other records to try for %s - destroying", host_session.to_host); - destroy_session(host_session); -- End of the line, we can't + destroy_session(host_session, "DNS resolution failed"); -- End of the line, we can't end end end, connect_host, "A", "IN"); @@ -288,7 +296,7 @@ function try_connect(host_session, connect_host, connect_port) adns.cancel(handle, true); end end); - + return true; end @@ -299,6 +307,11 @@ function make_connect(host_session, connect_host, connect_port) local from_host, to_host = host_session.from_host, host_session.to_host; local conn, handler = socket.tcp() + + if not conn then + log("warn", "Failed to create outgoing connection, system error: %s", handler); + return false, handler; + end conn:settimeout(0); local success, err = conn:connect(connect_host, connect_port); @@ -308,7 +321,7 @@ function make_connect(host_session, connect_host, connect_port) end local cl = connlisteners_get("xmppserver"); - conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1, hosts[from_host].ssl_ctx, false ); + conn = wrapclient(conn, connect_host, connect_port, cl, cl.default_mode or 1 ); host_session.conn = conn; -- Register this outgoing connection so that xmppserver_listener knows about it @@ -316,9 +329,10 @@ function make_connect(host_session, connect_host, connect_port) cl.register_outgoing(conn, host_session); local w, log = conn.write, host_session.log; - host_session.sends2s = function (t) log("debug", "sending: %s", tostring(t)); w(tostring(t)); end + host_session.sends2s = function (t) log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?")); w(conn, tostring(t)); end + + host_session:open_stream(from_host, to_host); - conn.write(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0' xml:lang='en'>]], from_host, to_host)); log("debug", "Connection attempt in progress..."); add_task(connect_timeout, function () if host_session.conn ~= conn or @@ -327,13 +341,20 @@ function make_connect(host_session, connect_host, connect_port) return; -- Ok, we're connect[ed|ing] end -- Not connected, need to close session and clean up - (host_session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", + (host_session.log or log)("warn", "Destroying incomplete session %s->%s due to inactivity", host_session.from_host or "(unknown)", host_session.to_host or "(unknown)"); host_session:close("connection-timeout"); end); return true; end +function session_open_stream(session, from, to) + session.sends2s(st.stanza("stream:stream", { + xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', + ["xmlns:stream"]='http://etherx.jabber.org/streams', + from=from, to=to, version='1.0', ["xml:lang"]='en'}):top_tag()); +end + function streamopened(session, attr) local send = session.sends2s; @@ -345,7 +366,6 @@ function streamopened(session, attr) end if session.version >= 1.0 and not (attr.to and attr.from) then - (session.log or log)("warn", "Remote of stream "..(session.from_host or "(unknown)").."->"..(session.to_host or "(unknown)") .." failed to specify to (%s) and/or from (%s) hostname as per RFC", tostring(attr.to), tostring(attr.from)); end @@ -357,17 +377,17 @@ function streamopened(session, attr) session.streamid = uuid_gen(); (session.log or log)("debug", "incoming s2s received <stream:stream>"); - send("<?xml version='1.0'?>"); - send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', - ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.to_host, version=(session.version > 0 and "1.0" or nil) }):top_tag()); if session.to_host and not hosts[session.to_host] then -- Attempting to connect to a host we don't serve session:close({ condition = "host-unknown"; text = "This host does not serve "..session.to_host }); return; end + send("<?xml version='1.0'?>"); + send(stanza("stream:stream", { xmlns='jabber:server', ["xmlns:db"]='jabber:server:dialback', + ["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.to_host, to=session.from_host, version=(session.version > 0 and "1.0" or nil) }):top_tag()); if session.version >= 1.0 then local features = st.stanza("stream:features"); - + if session.to_host then hosts[session.to_host].events.fire_event("s2s-stream-features", { session = session, features = features }); else @@ -384,7 +404,7 @@ function streamopened(session, attr) -- Send unauthed buffer -- (stanzas which are fine to send before dialback) - -- Note that this is *not* the stanza queue (which + -- Note that this is *not* the stanza queue (which -- we can only send if auth succeeds) :) local send_buffer = session.send_buffer; if send_buffer and #send_buffer > 0 then @@ -406,7 +426,6 @@ function streamopened(session, attr) end end end - session.notopen = nil; end @@ -426,7 +445,7 @@ function initiate_dialback(session) end function generate_dialback(id, to, from) - return sha256_hash(id..to..from..dialback_secret, true); + return sha256_hash(id..to..from..hosts[from].dialback_secret, true); end function verify_dialback(id, to, from, key) @@ -434,6 +453,16 @@ function verify_dialback(id, to, from, key) end function make_authenticated(session, host) + if not session.secure then + local local_host = session.direction == "incoming" and session.to_host or session.from_host; + if config.get(local_host, "core", "s2s_require_encryption") then + session:close({ + condition = "policy-violation", + text = "Encrypted server-to-server communication is required but was not " + ..((session.direction == "outgoing" and "offered") or "used") + }); + end + end if session.type == "s2sout_unauthed" then session.type = "s2sout"; elseif session.type == "s2sin_unauthed" then @@ -479,12 +508,12 @@ function mark_connected(session) end end -function destroy_session(session) +function destroy_session(session, reason) (session.log or log)("info", "Destroying "..tostring(session.direction).." session "..tostring(session.from_host).."->"..tostring(session.to_host)); if session.direction == "outgoing" then hosts[session.from_host].s2sout[session.to_host] = nil; - bounce_sendq(session); + bounce_sendq(session, reason); elseif session.direction == "incoming" then incoming_s2s[session] = nil; end diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index 08e70d44..8d520d12 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -10,7 +10,6 @@ local tonumber, tostring = tonumber, tostring; local ipairs, pairs, print, next= ipairs, pairs, print, next; -local collectgarbage = collectgarbage; local format = import("string", "format"); local hosts = hosts; @@ -25,6 +24,7 @@ local uuid_generate = require "util.uuid".generate; local rm_load_roster = require "core.rostermanager".load_roster; local config_get = require "core.configmanager".get; local nameprep = require "util.encodings".stringprep.nameprep; +local resourceprep = require "util.encodings".stringprep.resourceprep; local fire_event = require "core.eventmanager".fire_event; local add_task = require "util.timer".add_task; @@ -50,8 +50,8 @@ function new_session(conn) open_sessions = open_sessions + 1; log("debug", "open sessions now: ".. open_sessions); local w = conn.write; - session.send = function (t) w(tostring(t)); end - session.ip = conn.ip(); + session.send = function (t) w(conn, tostring(t)); end + session.ip = conn:ip(); local conn_name = "c2s"..tostring(conn):match("[a-f0-9]+$"); session.log = logger.init(conn_name); @@ -106,7 +106,8 @@ function bind_resource(session, resource) if session.resource then return nil, "cancel", "already-bound", "Cannot bind multiple resources on a single connection"; end -- We don't support binding multiple resources - resource = resource or uuid_generate(); + resource = resourceprep(resource); + resource = resource ~= "" and resource or uuid_generate(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing if not hosts[session.host].sessions[session.username] then @@ -201,22 +202,32 @@ function streamclosed(session) end function send_to_available_resources(user, host, stanza) + local jid = user.."@"..host; local count = 0; - local to = stanza.attr.to; - stanza.attr.to = nil; - local h = hosts[host]; - if h and h.type == "local" then - local u = h.sessions[user]; - if u then - for k, session in pairs(u.sessions) do - if session.presence then - session.send(stanza); - count = count + 1; - end + local user = bare_sessions[jid]; + if user then + for k, session in pairs(user.sessions) do + if session.presence then + session.send(stanza); + count = count + 1; + end + end + end + return count; +end + +function send_to_interested_resources(user, host, stanza) + local jid = user.."@"..host; + local count = 0; + local user = bare_sessions[jid]; + if user then + for k, session in pairs(user.sessions) do + if session.interested then + session.send(stanza); + count = count + 1; end end end - stanza.attr.to = to; return count; end diff --git a/core/stanza_router.lua b/core/stanza_router.lua index 00c37ed7..12133a8e 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -98,7 +98,7 @@ function core_process_stanza(origin, stanza) return; -- FIXME what should we do here? does this work with subdomains? end end - core_post_stanza(origin, stanza); + core_post_stanza(origin, stanza, origin.full_jid); else local h = hosts[stanza.attr.to or origin.host or origin.to_host]; if h then @@ -119,7 +119,7 @@ function core_process_stanza(origin, stanza) end end -function core_post_stanza(origin, stanza) +function core_post_stanza(origin, stanza, preevents) local to = stanza.attr.to; local node, host, resource = jid_split(to); local to_bare = node and (node.."@"..host) or host; -- bare JID @@ -143,7 +143,7 @@ function core_post_stanza(origin, stanza) end local event_data = {origin=origin, stanza=stanza}; - if origin.full_jid == stanza.attr.from then -- c2s connection + if preevents then -- c2s connection if hosts[origin.host].events.fire_event('pre-'..stanza.name..to_type, event_data) then return; end -- do preprocessing end local h = hosts[to_bare] or hosts[host or origin.host]; @@ -180,7 +180,7 @@ function core_route_stanza(origin, stanza) local xmlns = stanza.attr.xmlns; --stanza.attr.xmlns = "jabber:server"; stanza.attr.xmlns = nil; - log("debug", "sending s2s stanza: %s", tostring(stanza)); + log("debug", "sending s2s stanza: %s", tostring(stanza.top_tag and stanza:top_tag()) or stanza); send_s2s(origin.host, host, stanza); -- TODO handle remote routing errors stanza.attr.xmlns = xmlns; -- reset else @@ -191,6 +191,6 @@ function core_route_stanza(origin, stanza) log("debug", "Routing outgoing stanza for %s to %s", from_host, host); send_s2s(from_host, host, stanza); else - log("warn", "received stanza from unhandled connection type: %s", origin.type); + log("warn", "received %s stanza from unhandled connection type: %s", tostring(stanza.name), tostring(origin.type)); end end diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua index d679af97..77f00bea 100644 --- a/core/xmlhandlers.lua +++ b/core/xmlhandlers.lua @@ -12,8 +12,6 @@ require "util.stanza" local st = stanza; local tostring = tostring; -local pairs = pairs; -local ipairs = ipairs; local t_insert = table.insert; local t_concat = table.concat; @@ -24,103 +22,92 @@ local error = error; module "xmlhandlers" local ns_prefixes = { - ["http://www.w3.org/XML/1998/namespace"] = "xml"; - } + ["http://www.w3.org/XML/1998/namespace"] = "xml"; +}; + +local xmlns_streams = "http://etherx.jabber.org/streams"; + +local ns_separator = "\1"; +local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$"; function init_xmlhandlers(session, stream_callbacks) - local ns_stack = { "" }; - local curr_tag; - local chardata = {}; - local xml_handlers = {}; - local log = session.log or default_log; - - local cb_streamopened = stream_callbacks.streamopened; - local cb_streamclosed = stream_callbacks.streamclosed; - local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end; - local cb_handlestanza = stream_callbacks.handlestanza; - - local stream_tag = stream_callbacks.stream_tag; - local stream_default_ns = stream_callbacks.default_ns; - - local stanza - function xml_handlers:StartElement(tagname, attr) - if stanza and #chardata > 0 then - -- We have some character data in the buffer - stanza:text(t_concat(chardata)); - chardata = {}; - end - local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$"); - if not name then - curr_ns, name = "", curr_ns; - end + local chardata = {}; + local xml_handlers = {}; + local log = session.log or default_log; + + local cb_streamopened = stream_callbacks.streamopened; + local cb_streamclosed = stream_callbacks.streamclosed; + local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end; + local cb_handlestanza = stream_callbacks.handlestanza; + + local stream_ns = stream_callbacks.stream_ns or xmlns_streams; + local stream_tag = stream_ns..ns_separator..(stream_callbacks.stream_tag or "stream"); + local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error"); + + local stream_default_ns = stream_callbacks.default_ns; + + local stanza; + function xml_handlers:StartElement(tagname, attr) + if stanza and #chardata > 0 then + -- We have some character data in the buffer + stanza:text(t_concat(chardata)); + chardata = {}; + end + local curr_ns,name = tagname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end - if curr_ns ~= stream_default_ns then - attr.xmlns = curr_ns; - end - - -- FIXME !!!!! - for i=1,#attr do - local k = attr[i]; - attr[i] = nil; - local ns, nm = k:match("^([^\1]*)\1?(.*)$"); - if ns and nm then - ns = ns_prefixes[ns]; - if ns then - attr[ns..":"..nm] = attr[k]; - attr[k] = nil; - end - end - end - - if not stanza then --if we are not currently inside a stanza - if session.notopen then - if tagname == stream_tag then - if cb_streamopened then - cb_streamopened(session, attr); - end - else - -- Garbage before stream? - cb_error(session, "no-stream"); - end - return; - end - if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then - cb_error(session, "invalid-top-level-element"); - end - - stanza = st.stanza(name, attr); - curr_tag = stanza; - else -- we are inside a stanza, so add a tag - attr.xmlns = nil; - if curr_ns ~= stream_default_ns then - attr.xmlns = curr_ns; - end - stanza:tag(name, attr); - end + if curr_ns ~= stream_default_ns then + attr.xmlns = curr_ns; end - function xml_handlers:CharacterData(data) - if stanza then - t_insert(chardata, data); + + -- FIXME !!!!! + for i=1,#attr do + local k = attr[i]; + attr[i] = nil; + local ns, nm = k:match(ns_pattern); + if nm ~= "" then + ns = ns_prefixes[ns]; + if ns then + attr[ns..":"..nm] = attr[k]; + attr[k] = nil; + end end end - function xml_handlers:EndElement(tagname) - local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$"); - if not name then - curr_ns, name = "", curr_ns; - end - if (not stanza) or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then + + if not stanza then --if we are not currently inside a stanza + if session.notopen then if tagname == stream_tag then - if cb_streamclosed then - cb_streamclosed(session); + if cb_streamopened then + cb_streamopened(session, attr); end - elseif name == "error" then - cb_error(session, "stream-error", stanza); else - cb_error(session, "parse-error", "unexpected-element-close", name); + -- Garbage before stream? + cb_error(session, "no-stream"); end - stanza, chardata = nil, {}; return; end + if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then + cb_error(session, "invalid-top-level-element"); + end + + stanza = st.stanza(name, attr); + else -- we are inside a stanza, so add a tag + attr.xmlns = nil; + if curr_ns ~= stream_default_ns then + attr.xmlns = curr_ns; + end + stanza:tag(name, attr); + end + end + function xml_handlers:CharacterData(data) + if stanza then + t_insert(chardata, data); + end + end + function xml_handlers:EndElement(tagname) + if stanza then if #chardata > 0 then -- We have some character data in the buffer stanza:text(t_concat(chardata)); @@ -128,12 +115,30 @@ function init_xmlhandlers(session, stream_callbacks) end -- Complete stanza if #stanza.last_add == 0 then - cb_handlestanza(session, stanza); + if tagname ~= stream_error_tag then + cb_handlestanza(session, stanza); + else + cb_error(session, "stream-error", stanza); + end stanza = nil; else stanza:up(); end + else + if tagname == stream_tag then + if cb_streamclosed then + cb_streamclosed(session); + end + else + local curr_ns,name = tagname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + cb_error(session, "parse-error", "unexpected-element-close", name); + end + stanza, chardata = nil, {}; end + end return xml_handlers; end diff --git a/doc/lxmppd_core_rostermanager.txt b/doc/lxmppd_core_rostermanager.txt deleted file mode 100644 index 4f501158..00000000 --- a/doc/lxmppd_core_rostermanager.txt +++ /dev/null @@ -1,9 +0,0 @@ -lxmppd -> core -> rostermanager.lua - requires "util.datamanager" - module "rostermanager" - -function log(type, message) - logs a message of type "rostermanager" - -function getroster(username, host) - Retrieves the user's roster from the server and loads it with the datamanager
\ No newline at end of file diff --git a/doc/lxmppd_core_stanz_dispatch.txt b/doc/lxmppd_core_stanz_dispatch.txt deleted file mode 100644 index 15bb730b..00000000 --- a/doc/lxmppd_core_stanz_dispatch.txt +++ /dev/null @@ -1,27 +0,0 @@ -lxmppd -> core -> stanza_dispatch - requires "util.stanza" - requires "core.usermanager" - -function init_stanza_dispatcher(session) - Initialises the stanza dispatcher which handles different stanza according - to their type and XML namespace, dispatching to required handlers. - - iq_handlers["jabber:iq:auth"] - A list of handlers for "jabber:iq:auth" stanzas -- authentication - (request) stanzas. - - function (stanza) - If one of username, password and resource are missing then it ????. - If not, then it validates the credentials and replies with the - appropriate stanza. - - iq_handlers["jabber:iq:roster"] - A list of handlers for "jabber:iq:roster" stanzas -- roster management - - function (stanza) - Parses the type of stanza for roster management and does what is - requested (roster retrieval, etc.) - - function (stanza) - Validates the stanza and calls the required handler - diff --git a/net/adns.lua b/net/adns.lua index b0c9a625..005bc606 100644 --- a/net/adns.lua +++ b/net/adns.lua @@ -14,6 +14,8 @@ local log = require "util.logger".init("adns"); local t_insert, t_remove = table.insert, table.remove; local coroutine, tostring, pcall = coroutine, tostring, pcall; +local function dummy_send(sock, data, i, j) return (j-i)+1; end + module "adns" function lookup(handler, qname, qtype, qclass) @@ -43,33 +45,33 @@ function cancel(handle, call_handler) end function new_async_socket(sock, resolver) - local newconn, peername = {}, "<unknown>"; + local peername = "<unknown>"; local listener = {}; - function listener.incoming(conn, data) - dns.feed(sock, data); + local handler = {}; + function listener.onincoming(conn, data) + dns.feed(handler, data); end - function listener.disconnect(conn, err) + function listener.ondisconnect(conn, err) log("warn", "DNS socket for %s disconnected: %s", peername, err); local servers = resolver.server; - if resolver.socketset[newconn.handler] == resolver.best_server and resolver.best_server == #servers then + if resolver.socketset[conn] == resolver.best_server and resolver.best_server == #servers then log("error", "Exhausted all %d configured DNS servers, next lookup will try %s again", #servers, servers[1]); end resolver:servfail(conn); -- Let the magic commence end - newconn.handler, newconn._socket = server.wrapclient(sock, "dns", 53, listener); - if not newconn.handler then + handler = server.wrapclient(sock, "dns", 53, listener); + if not handler then log("warn", "handler is nil"); end - if not newconn._socket then - log("warn", "socket is nil"); - end - newconn.handler.settimeout = function () end - newconn.handler.setsockname = function (_, ...) return sock:setsockname(...); end - newconn.handler.setpeername = function (_, ...) peername = (...); local ret = sock:setpeername(...); _.setsend(sock.send); return ret; end - newconn.handler.connect = function (_, ...) return sock:connect(...) end - newconn.handler.send = function (_, data) _.write(data); return _.sendbuffer(); end - return newconn.handler; + + handler.settimeout = function () end + handler.setsockname = function (_, ...) return sock:setsockname(...); end + handler.setpeername = function (_, ...) peername = (...); local ret = sock:setpeername(...); _:set_send(dummy_send); return ret; end + handler.connect = function (_, ...) return sock:connect(...) end + --handler.send = function (_, data) _:write(data); return _.sendbuffer and _.sendbuffer(); end + handler.send = function (_, data) return sock:send(data); end + return handler; end dns:socket_wrapper_set(new_async_socket); diff --git a/net/connlisteners.lua b/net/connlisteners.lua index 230d92a4..ee54f049 100644 --- a/net/connlisteners.lua +++ b/net/connlisteners.lua @@ -53,17 +53,17 @@ function start(name, udata) error("No such connection module: "..name.. (err and (" ("..err..")") or ""), 0); end - if udata then - if (udata.type == "ssl" or udata.type == "tls") and not udata.ssl then - error("No SSL context supplied for a "..tostring(udata.type):upper().." connection!", 0); - elseif udata.ssl and udata.type == "tcp" then - error("SSL context supplied for a TCP connection!", 0); - end + local interface = (udata and udata.interface) or h.default_interface or "*"; + local port = (udata and udata.port) or h.default_port or error("Can't start listener "..name.." because no port was specified, and it has no default port", 0); + local mode = (udata and udata.mode) or h.default_mode or 1; + local ssl = (udata and udata.ssl) or nil; + local autossl = udata and udata.type == "ssl"; + + if autossl and not ssl then + return nil, "no ssl context"; end - return server.addserver(h, - (udata and udata.port) or h.default_port or error("Can't start listener "..name.." because no port was specified, and it has no default port", 0), - (udata and udata.interface) or h.default_interface or "*", (udata and udata.mode) or h.default_mode or 1, (udata and udata.ssl) or nil, 99999999, udata and udata.type == "ssl"); + return server.addserver(interface, port, h, mode, autossl and ssl or nil); end return _M; diff --git a/net/dns.lua b/net/dns.lua index 04b2cf22..01807d9d 100644 --- a/net/dns.lua +++ b/net/dns.lua @@ -183,7 +183,7 @@ end function dns.random(...) -- - - - - - - - - - - - - - - - - - - dns.random - math.randomseed(10000*socket.gettime()); + math.randomseed(math.floor(10000*socket.gettime())); dns.random = math.random; return dns.random(...); end @@ -723,29 +723,29 @@ function resolver:receive(rset) -- - - - - - - - - - - - - - - - - receive for i,sock in pairs(rset) do if self.socketset[sock] then - local packet = sock:receive(); + local packet = sock.receive(); if packet then response = self:decode(packet); - if response then + if response and self.active[response.header.id] + and self.active[response.header.id][response.question.raw] then --print('received response'); --self.print(response); - for i,section in pairs({ 'answer', 'authority', 'additional' }) do - for j,rr in pairs(response[section]) do + for j,rr in pairs(response.answer) do + if rr.name:sub(-#response.question[1].name, -1) == response.question[1].name then self:remember(rr, response.question[1].type) end end -- retire the query local queries = self.active[response.header.id]; - if queries[response.question.raw] then - queries[response.question.raw] = nil; - end + queries[response.question.raw] = nil; + if not next(queries) then self.active[response.header.id] = nil; end if not next(self.active) then self:closeall(); end -- was the query on the wanted list? - local q = response.question; + local q = response.question[1]; local cos = get(self.wanted, q.class, q.type, q.name); if cos then for co in pairs(cos) do @@ -768,21 +768,18 @@ function resolver:feed(sock, packet) self.time = socket.gettime(); local response = self:decode(packet); - if response then + if response and self.active[response.header.id] + and self.active[response.header.id][response.question.raw] then --print('received response'); --self.print(response); - for i,section in pairs({ 'answer', 'authority', 'additional' }) do - for j,rr in pairs(response[section]) do - self:remember(rr, response.question[1].type); - end + for j,rr in pairs(response.answer) do + self:remember(rr, response.question[1].type); end -- retire the query local queries = self.active[response.header.id]; - if queries[response.question.raw] then - queries[response.question.raw] = nil; - end + queries[response.question.raw] = nil; if not next(queries) then self.active[response.header.id] = nil; end if not next(self.active) then self:closeall(); end diff --git a/net/http.lua b/net/http.lua index 9d2f9b96..9b1954da 100644 --- a/net/http.lua +++ b/net/http.lua @@ -30,7 +30,7 @@ function urldecode(s) return s and (s:gsub("%%(%x%x)", function (c) return char( local function expectbody(reqt, code) if reqt.method == "HEAD" then return nil end - if code == 204 or code == 304 then return nil end + if code == 204 or code == 304 or code == 301 then return nil end if code >= 100 and code < 200 then return nil end return 1 end @@ -152,7 +152,7 @@ function request(u, ex, callback) end req.handler, req.conn = server.wrapclient(socket.tcp(), req.host, req.port or 80, listener, "*a"); - req.write = req.handler.write; + req.write = function (...) return req.handler:write(...); end req.conn:settimeout(0); local ok, err = req.conn:connect(req.host, req.port or 80); if not ok and err ~= "timeout" then @@ -200,7 +200,7 @@ end function destroy_request(request) if request.conn then request.handler.close() - listener.disconnect(request.conn, "closed"); + listener.ondisconnect(request.conn, "closed"); end end diff --git a/net/httpclient_listener.lua b/net/httpclient_listener.lua index 69b7946b..6517de44 100644 --- a/net/httpclient_listener.lua +++ b/net/httpclient_listener.lua @@ -15,7 +15,7 @@ local buffers = {}; -- Buffers of partial lines local httpclient = { default_port = 80, default_mode = "*a" }; -function httpclient.listener(conn, data) +function httpclient.onincoming(conn, data) local request = requests[conn]; if not request then @@ -28,7 +28,7 @@ function httpclient.listener(conn, data) end end -function httpclient.disconnect(conn, err) +function httpclient.ondisconnect(conn, err) local request = requests[conn]; if request then request:reader(nil); diff --git a/net/httpserver.lua b/net/httpserver.lua index ddb4475c..addbfac0 100644 --- a/net/httpserver.lua +++ b/net/httpserver.lua @@ -36,42 +36,38 @@ end local function send_response(request, response) -- Write status line local resp; - if response.body then - local body = tostring(response.body); + if response.body or response.headers then + local body = response.body and tostring(response.body); log("debug", "Sending response to %s", request.id); - resp = { "HTTP/1.0 ", response.status or "200 OK", "\r\n"}; + resp = { "HTTP/1.0 "..(response.status or "200 OK").."\r\n" }; local h = response.headers; if h then for k, v in pairs(h) do - t_insert(resp, k); - t_insert(resp, ": "); - t_insert(resp, v); - t_insert(resp, "\r\n"); + t_insert(resp, k..": "..v.."\r\n"); end end - if not (h and h["Content-Length"]) then - t_insert(resp, "Content-Length: "); - t_insert(resp, #body); - t_insert(resp, "\r\n"); + if body and not (h and h["Content-Length"]) then + t_insert(resp, "Content-Length: "..#body.."\r\n"); end t_insert(resp, "\r\n"); - if request.method ~= "HEAD" then + if body and request.method ~= "HEAD" then t_insert(resp, body); end + request.write(t_concat(resp)); else -- Response we have is just a string (the body) log("debug", "Sending 200 response to %s", request.id or "<none>"); - resp = { "HTTP/1.0 200 OK\r\n" }; - t_insert(resp, "Connection: close\r\n"); - t_insert(resp, "Content-Length: "); - t_insert(resp, #response); - t_insert(resp, "\r\n\r\n"); + local resp = "HTTP/1.0 200 OK\r\n" + .. "Connection: close\r\n" + .. "Content-Type: text/html\r\n" + .. "Content-Length: "..#response.."\r\n" + .. "\r\n" + .. response; - t_insert(resp, response); + request.write(resp); end - request.write(t_concat(resp)); if not request.stayopen then request:destroy(); end @@ -146,22 +142,29 @@ local function request_reader(request, data, startpos) elseif request.state == "headers" then log("debug", "Reading headers...") local pos = startpos; - local headers = request.headers or {}; + local headers, headers_complete = request.headers; + if not headers then + headers = {}; + request.headers = headers; + end + for line in data:gmatch("(.-)\r\n") do startpos = (startpos or 1) + #line + 2; local k, v = line:match("(%S+): (.+)"); if k and v then headers[k:lower()] = v; --- log("debug", "Header: "..k:lower().." = "..v); + --log("debug", "Header: '"..k:lower().."' = '"..v.."'"); elseif #line == 0 then - request.headers = headers; + headers_complete = true; break; else log("debug", "Unhandled header line: "..line); end end - if not expectbody(request) then + if not headers_complete then return; end + + if not expectbody(request) then call_callback(request); return; end @@ -175,14 +178,17 @@ local function request_reader(request, data, startpos) log("debug", "Reading request line...") local method, path, http, linelen = data:match("^(%S+) (%S+) HTTP/(%S+)\r\n()", startpos); if not method then - return call_callback(request, "invalid-status-line"); + log("warn", "Invalid HTTP status line, telling callback then closing"); + local ret = call_callback(request, "invalid-status-line"); + request:destroy(); + return ret; end request.method, request.path, request.httpversion = method, path, http; request.url = url_parse(request.path); - log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler.serverport()); + log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler:serverport()); if request.onlystatus then if not call_callback(request) then @@ -200,7 +206,7 @@ end -- The default handler for requests default_handler = function (method, body, request) - log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler.serverport()); + log("debug", method.." request for "..tostring(request.path) .. " on port "..request.handler:serverport()); return { status = "404 Not Found", headers = { ["Content-Type"] = "text/html" }, body = "<html><head><title>Page Not Found</title></head><body>Not here :(</body></html>" }; @@ -209,8 +215,8 @@ end function new_request(handler) return { handler = handler, conn = handler.socket, - write = handler.write, state = "request", - server = http_servers[handler.serverport()], + write = function (...) return handler:write(...); end, state = "request", + server = http_servers[handler:serverport()], send = send_response, destroy = destroy_request, id = tostring{}:match("%x+$") @@ -228,9 +234,9 @@ function destroy_request(request) else log("debug", "Request has no destroy callback"); end - request.handler.close() + request.handler:close() if request.conn then - listener.disconnect(request.handler, "closed"); + listener.ondisconnect(request.handler, "closed"); end end end @@ -276,6 +282,7 @@ function new_from_config(ports, handle_request, default_options) if ssl then ssl.mode = "server"; ssl.protocol = "sslv23"; + ssl.options = "no_sslv2"; end new{ port = port, interface = interface, diff --git a/net/httpserver_listener.lua b/net/httpserver_listener.lua index 455191fb..6933b4fe 100644 --- a/net/httpserver_listener.lua +++ b/net/httpserver_listener.lua @@ -16,7 +16,7 @@ local requests = {}; -- Open requests local httpserver = { default_port = 80, default_mode = "*a" }; -function httpserver.listener(conn, data) +function httpserver.onincoming(conn, data) local request = requests[conn]; if not request then @@ -24,7 +24,7 @@ function httpserver.listener(conn, data) requests[conn] = request; -- If using HTTPS, request is secure - if conn.ssl() then + if conn:ssl() then request.secure = true; end end @@ -34,7 +34,7 @@ function httpserver.listener(conn, data) end end -function httpserver.disconnect(conn, err) +function httpserver.ondisconnect(conn, err) local request = requests[conn]; if request and not request.destroyed then request.conn = nil; diff --git a/net/multiplex_listener.lua b/net/multiplex_listener.lua new file mode 100644 index 00000000..bf193ad8 --- /dev/null +++ b/net/multiplex_listener.lua @@ -0,0 +1,46 @@ + +local connlisteners_register = require "net.connlisteners".register; +local connlisteners_get = require "net.connlisteners".get; + +local httpserver_listener = connlisteners_get("httpserver"); +local xmppserver_listener = connlisteners_get("xmppserver"); +local xmppclient_listener = connlisteners_get("xmppclient"); +local xmppcomponent_listener = connlisteners_get("xmppcomponent"); + +local server = { default_mode = "*a" }; + +local buffer = {}; + +function server.onincoming(conn, data) + if not data then return; end + local buf = buffer[conn]; + buffer[conn] = nil; + buf = buf and buf..data or data; + if buf:match("^[a-zA-Z]") then + local listener = httpserver_listener; + conn:setlistener(listener); + listener.onincoming(conn, buf); + elseif buf:match(">") then + local listener; + local xmlns = buf:match("%sxmlns%s*=%s*['\"]([^'\"]*)"); + if xmlns == "jabber:server" then + listener = xmppserver_listener; + elseif xmlns == "jabber:component:accept" then + listener = xmppcomponent_listener; + else + listener = xmppclient_listener; + end + conn:setlistener(listener); + listener.onincoming(conn, buf); + elseif #buf > 1024 then + conn:close(); + else + buffer[conn] = buf; + end +end + +function server.ondisconnect(conn, err) + buffer[conn] = nil; -- warn if no buffer? +end + +connlisteners_register("multiplex", server); diff --git a/net/server.lua b/net/server.lua index 6ab8ce91..0102cee6 100644 --- a/net/server.lua +++ b/net/server.lua @@ -1,914 +1,50 @@ ---
--- server.lua by blastbeat of the luadch project
--- Re-used here under the MIT/X Consortium License
---
--- Modifications (C) 2008-2009 Matthew Wild, Waqas Hussain
---
-
--- // wrapping luadch stuff // --
-
-local use = function( what )
- return _G[ what ]
-end
-local clean = function( tbl )
- for i, k in pairs( tbl ) do
- tbl[ i ] = nil
- end
-end
-
-local log, table_concat = require ("util.logger").init("socket"), table.concat;
-local out_put = function (...) return log("debug", table_concat{...}); end
-local out_error = function (...) return log("warn", table_concat{...}); end
-local mem_free = collectgarbage
-
-----------------------------------// DECLARATION //--
-
---// constants //--
-
-local STAT_UNIT = 1 -- byte
-
---// lua functions //--
-
-local type = use "type"
-local pairs = use "pairs"
-local ipairs = use "ipairs"
-local tostring = use "tostring"
-local collectgarbage = use "collectgarbage"
-
---// lua libs //--
-
-local os = use "os"
-local table = use "table"
-local string = use "string"
-local coroutine = use "coroutine"
-
---// lua lib methods //--
-
-local os_time = os.time
-local os_difftime = os.difftime
-local table_concat = table.concat
-local table_remove = table.remove
-local string_len = string.len
-local string_sub = string.sub
-local coroutine_wrap = coroutine.wrap
-local coroutine_yield = coroutine.yield
-
---// extern libs //--
-
-local luasec = select( 2, pcall( require, "ssl" ) )
-local luasocket = require "socket"
-
---// extern lib methods //--
-
-local ssl_wrap = ( luasec and luasec.wrap )
-local socket_bind = luasocket.bind
-local socket_sleep = luasocket.sleep
-local socket_select = luasocket.select
-local ssl_newcontext = ( luasec and luasec.newcontext )
-
---// functions //--
-
-local id
-local loop
-local stats
-local idfalse
-local addtimer
-local closeall
-local addserver
-local getserver
-local wrapserver
-local getsettings
-local closesocket
-local removesocket
-local removeserver
-local changetimeout
-local wrapconnection
-local changesettings
-
---// tables //--
-
-local _server
-local _readlist
-local _timerlist
-local _sendlist
-local _socketlist
-local _closelist
-local _readtimes
-local _writetimes
-
---// simple data types //--
-
-local _
-local _readlistlen
-local _sendlistlen
-local _timerlistlen
-
-local _sendtraffic
-local _readtraffic
-
-local _selecttimeout
-local _sleeptime
-
-local _starttime
-local _currenttime
-
-local _maxsendlen
-local _maxreadlen
-
-local _checkinterval
-local _sendtimeout
-local _readtimeout
-
-local _cleanqueue
-
-local _timer
-
-local _maxclientsperserver
-
-----------------------------------// DEFINITION //--
-
-_server = { } -- key = port, value = table; list of listening servers
-_readlist = { } -- array with sockets to read from
-_sendlist = { } -- arrary with sockets to write to
-_timerlist = { } -- array of timer functions
-_socketlist = { } -- key = socket, value = wrapped socket (handlers)
-_readtimes = { } -- key = handler, value = timestamp of last data reading
-_writetimes = { } -- key = handler, value = timestamp of last data writing/sending
-_closelist = { } -- handlers to close
-
-_readlistlen = 0 -- length of readlist
-_sendlistlen = 0 -- length of sendlist
-_timerlistlen = 0 -- lenght of timerlist
-
-_sendtraffic = 0 -- some stats
-_readtraffic = 0
-
-_selecttimeout = 1 -- timeout of socket.select
-_sleeptime = 0 -- time to wait at the end of every loop
-
-_maxsendlen = 51000 * 1024 -- max len of send buffer
-_maxreadlen = 25000 * 1024 -- max len of read buffer
-
-_checkinterval = 1200000 -- interval in secs to check idle clients
-_sendtimeout = 60000 -- allowed send idle time in secs
-_readtimeout = 6 * 60 * 60 -- allowed read idle time in secs
-
-_cleanqueue = false -- clean bufferqueue after using
-
-_maxclientsperserver = 1000
-
-_maxsslhandshake = 30 -- max handshake round-trips
-----------------------------------// PRIVATE //--
-
-wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxconnections, startssl ) -- this function wraps a server
-
- maxconnections = maxconnections or _maxclientsperserver
-
- local connections = 0
-
- local dispatch, disconnect = listeners.incoming or listeners.listener, listeners.disconnect
-
- local err
-
- local ssl = false
-
- if sslctx then
- ssl = true
- if not ssl_newcontext then
- out_error "luasec not found"
- ssl = false
- end
- if type( sslctx ) ~= "table" then
- out_error "server.lua: wrong server sslctx"
- ssl = false
- end
- local ctx;
- ctx, err = ssl_newcontext( sslctx )
- if not ctx then
- err = err or "wrong sslctx parameters"
- local file;
- file = err:match("^error loading (.-) %(");
- if file then
- if file == "private key" then
- file = sslctx.key or "your private key";
- elseif file == "certificate" then
- file = sslctx.certificate or "your certificate file";
- end
- local reason = err:match("%((.+)%)$") or "some reason";
- if reason == "Permission denied" then
- reason = "Check that the permissions allow Prosody to read this file.";
- elseif reason == "No such file or directory" then
- reason = "Check that the path is correct, and the file exists.";
- elseif reason == "system lib" then
- reason = "Previous error (see logs), or other system error.";
- else
- reason = "Reason: "..tostring(reason or "unknown"):lower();
- end
- log("error", "SSL/TLS: Failed to load %s: %s", file, reason);
- else
- log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err );
- end
- ssl = false
- end
- sslctx = ctx;
- end
- if not ssl then
- sslctx = false;
- if startssl then
- log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport )
- return nil, "Cannot start ssl, see log for details"
- end
- end
-
- local accept = socket.accept
-
- --// public methods of the object //--
-
- local handler = { }
-
- handler.shutdown = function( ) end
-
- handler.ssl = function( )
- return ssl
- end
- handler.sslctx = function( )
- return sslctx
- end
- handler.remove = function( )
- connections = connections - 1
- end
- handler.close = function( )
- for _, handler in pairs( _socketlist ) do
- if handler.serverport == serverport then
- handler.disconnect( handler, "server closed" )
- handler.close( true )
- end
- end
- socket:close( )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _socketlist[ socket ] = nil
- handler = nil
- socket = nil
- --mem_free( )
- out_put "server.lua: closed server handler and removed sockets from list"
- end
- handler.ip = function( )
- return ip
- end
- handler.serverport = function( )
- return serverport
- end
- handler.socket = function( )
- return socket
- end
- handler.readbuffer = function( )
- if connections > maxconnections then
- out_put( "server.lua: refused new client connection: server full" )
- return false
- end
- local client, err = accept( socket ) -- try to accept
- if client then
- local ip, clientport = client:getpeername( )
- client:settimeout( 0 )
- local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx, startssl ) -- wrap new client socket
- if err then -- error while wrapping ssl socket
- return false
- end
- connections = connections + 1
- out_put( "server.lua: accepted new client connection from ", tostring(ip), ":", tostring(clientport), " to ", tostring(serverport))
- return dispatch( handler )
- elseif err then -- maybe timeout or something else
- out_put( "server.lua: error with new client connection: ", tostring(err) )
- return false
- end
- end
- return handler
-end
-
-wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx, startssl ) -- this function wraps a client to a handler object
-
- socket:settimeout( 0 )
-
- --// local import of socket methods //--
-
- local send
- local receive
- local shutdown
-
- --// private closures of the object //--
-
- local ssl
-
- local dispatch = listeners.incoming or listeners.listener
- local status = listeners.status
- local disconnect = listeners.disconnect
-
- local bufferqueue = { } -- buffer array
- local bufferqueuelen = 0 -- end of buffer array
-
- local toclose
- local fatalerror
- local needtls
-
- local bufferlen = 0
-
- local noread = false
- local nosend = false
-
- local sendtraffic, readtraffic = 0, 0
-
- local maxsendlen = _maxsendlen
- local maxreadlen = _maxreadlen
-
- --// public methods of the object //--
-
- local handler = bufferqueue -- saves a table ^_^
-
- handler.dispatch = function( )
- return dispatch
- end
- handler.disconnect = function( )
- return disconnect
- end
- handler.setlistener = function( listeners )
- dispatch = listeners.incoming
- disconnect = listeners.disconnect
- end
- handler.getstats = function( )
- return readtraffic, sendtraffic
- end
- handler.ssl = function( )
- return ssl
- end
- handler.sslctx = function ( )
- return sslctx
- end
- handler.send = function( _, data, i, j )
- return send( socket, data, i, j )
- end
- handler.receive = function( pattern, prefix )
- return receive( socket, pattern, prefix )
- end
- handler.shutdown = function( pattern )
- return shutdown( socket, pattern )
- end
- handler.close = function( forced )
- if not handler then return true; end
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _readtimes[ handler ] = nil
- if bufferqueuelen ~= 0 then
- if not ( forced or fatalerror ) then
- handler.sendbuffer( )
- if bufferqueuelen ~= 0 then -- try again...
- if handler then
- handler.write = nil -- ... but no further writing allowed
- end
- toclose = true
- return false
- end
- else
- send( socket, table_concat( bufferqueue, "", 1, bufferqueuelen ), 1, bufferlen ) -- forced send
- end
- end
- if socket then
- _ = shutdown and shutdown( socket )
- socket:close( )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _socketlist[ socket ] = nil
- socket = nil
- else
- out_put "server.lua: socket already closed"
- end
- if handler then
- _writetimes[ handler ] = nil
- _closelist[ handler ] = nil
- handler = nil
- end
- if server then
- server.remove( )
- end
- out_put "server.lua: closed client handler and removed socket from list"
- return true
- end
- handler.ip = function( )
- return ip
- end
- handler.serverport = function( )
- return serverport
- end
- handler.clientport = function( )
- return clientport
- end
- local write = function( data )
- bufferlen = bufferlen + string_len( data )
- if bufferlen > maxsendlen then
- _closelist[ handler ] = "send buffer exceeded" -- cannot close the client at the moment, have to wait to the end of the cycle
- handler.write = idfalse -- dont write anymore
- return false
- elseif socket and not _sendlist[ socket ] then
- _sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
- end
- bufferqueuelen = bufferqueuelen + 1
- bufferqueue[ bufferqueuelen ] = data
- if handler then
- _writetimes[ handler ] = _writetimes[ handler ] or _currenttime
- end
- return true
- end
- handler.write = write
- handler.bufferqueue = function( )
- return bufferqueue
- end
- handler.socket = function( )
- return socket
- end
- handler.pattern = function( new )
- pattern = new or pattern
- return pattern
- end
- handler.setsend = function ( newsend )
- send = newsend or send
- return send
- end
- handler.bufferlen = function( readlen, sendlen )
- maxsendlen = sendlen or maxsendlen
- maxreadlen = readlen or maxreadlen
- return maxreadlen, maxsendlen
- end
- handler.lock = function( switch )
- if switch == true then
- handler.write = idfalse
- local tmp = _sendlistlen
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _writetimes[ handler ] = nil
- if _sendlistlen ~= tmp then
- nosend = true
- end
- tmp = _readlistlen
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _readtimes[ handler ] = nil
- if _readlistlen ~= tmp then
- noread = true
- end
- elseif switch == false then
- handler.write = write
- if noread then
- noread = false
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
- _readtimes[ handler ] = _currenttime
- end
- if nosend then
- nosend = false
- write( "" )
- end
- end
- return noread, nosend
- end
- local _readbuffer = function( ) -- this function reads data
- local buffer, err, part = receive( socket, pattern ) -- receive buffer with "pattern"
- if not err or ( err == "timeout" or err == "wantread" ) then -- received something
- local buffer = buffer or part or ""
- local len = string_len( buffer )
- if len > maxreadlen then
- disconnect( handler, "receive buffer exceeded" )
- handler.close( true )
- return false
- end
- local count = len * STAT_UNIT
- readtraffic = readtraffic + count
- _readtraffic = _readtraffic + count
- _readtimes[ handler ] = _currenttime
- --out_put( "server.lua: read data '", buffer:gsub("[^%w%p ]", "."), "', error: ", err )
- return dispatch( handler, buffer, err )
- else -- connections was closed or fatal error
- out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " read error: ", tostring(err) )
- fatalerror = true
- disconnect( handler, err )
- _ = handler and handler.close( )
- return false
- end
- end
- local _sendbuffer = function( ) -- this function sends data
- local succ, err, byte, buffer, count;
- local count;
- if socket then
- buffer = table_concat( bufferqueue, "", 1, bufferqueuelen )
- succ, err, byte = send( socket, buffer, 1, bufferlen )
- count = ( succ or byte or 0 ) * STAT_UNIT
- sendtraffic = sendtraffic + count
- _sendtraffic = _sendtraffic + count
- _ = _cleanqueue and clean( bufferqueue )
- --out_put( "server.lua: sended '", buffer, "', bytes: ", tostring(succ), ", error: ", tostring(err), ", part: ", tostring(byte), ", to: ", tostring(ip), ":", tostring(clientport) )
- else
- succ, err, count = false, "closed", 0;
- end
- if succ then -- sending succesful
- bufferqueuelen = 0
- bufferlen = 0
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) -- delete socket from writelist
- _ = needtls and handler.starttls(true)
- _writetimes[ handler ] = nil
- _ = toclose and handler.close( )
- return true
- elseif byte and ( err == "timeout" or err == "wantwrite" ) then -- want write
- buffer = string_sub( buffer, byte + 1, bufferlen ) -- new buffer
- bufferqueue[ 1 ] = buffer -- insert new buffer in queue
- bufferqueuelen = 1
- bufferlen = bufferlen - byte
- _writetimes[ handler ] = _currenttime
- return true
- else -- connection was closed during sending or fatal error
- out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " write error: ", tostring(err) )
- fatalerror = true
- disconnect( handler, err )
- _ = handler and handler.close( )
- return false
- end
- end
-
- -- Set the sslctx
- local handshake;
- function handler.set_sslctx(new_sslctx)
- ssl = true
- sslctx = new_sslctx;
- local wrote
- local read
- handshake = coroutine_wrap( function( client ) -- create handshake coroutine
- local err
- for i = 1, _maxsslhandshake do
- _sendlistlen = ( wrote and removesocket( _sendlist, client, _sendlistlen ) ) or _sendlistlen
- _readlistlen = ( read and removesocket( _readlist, client, _readlistlen ) ) or _readlistlen
- read, wrote = nil, nil
- _, err = client:dohandshake( )
- if not err then
- out_put( "server.lua: ssl handshake done" )
- handler.readbuffer = _readbuffer -- when handshake is done, replace the handshake function with regular functions
- handler.sendbuffer = _sendbuffer
- _ = status and status( handler, "ssl-handshake-complete" )
- _readlistlen = addsocket(_readlist, client, _readlistlen)
- return true
- else
- out_put( "server.lua: error during ssl handshake: ", tostring(err) )
- if err == "wantwrite" and not wrote then
- _sendlistlen = addsocket(_sendlist, client, _sendlistlen)
- wrote = true
- elseif err == "wantread" and not read then
- _readlistlen = addsocket(_readlist, client, _readlistlen)
- read = true
- else
- break;
- end
- --coroutine_yield( handler, nil, err ) -- handshake not finished
- coroutine_yield( )
- end
- end
- disconnect( handler, "ssl handshake failed" )
- _ = handler and handler.close( true ) -- forced disconnect
- return false -- handshake failed
- end
- )
- end
- if sslctx then -- ssl?
- handler.set_sslctx(sslctx);
- if startssl then -- ssl now?
- --out_put("server.lua: ", "starting ssl handshake")
- local err
- socket, err = ssl_wrap( socket, sslctx ) -- wrap socket
- if err then
- out_put( "server.lua: ssl error: ", tostring(err) )
- --mem_free( )
- return nil, nil, err -- fatal error
- end
- socket:settimeout( 0 )
- handler.readbuffer = handshake
- handler.sendbuffer = handshake
- handshake( socket ) -- do handshake
- if not socket then
- return nil, nil, "ssl handshake failed";
- end
- else
- -- We're not automatically doing SSL, so we're not secure (yet)
- ssl = false
- handler.starttls = function( now )
- if not now then
- --out_put "server.lua: we need to do tls, but delaying until later"
- needtls = true
- return
- end
- --out_put( "server.lua: attempting to start tls on " .. tostring( socket ) )
- local oldsocket, err = socket
- socket, err = ssl_wrap( socket, sslctx ) -- wrap socket
- --out_put( "server.lua: sslwrapped socket is " .. tostring( socket ) )
- if err then
- out_put( "server.lua: error while starting tls on client: ", tostring(err) )
- return nil, err -- fatal error
- end
-
- socket:settimeout( 0 )
-
- -- add the new socket to our system
-
- send = socket.send
- receive = socket.receive
- shutdown = id
-
- _socketlist[ socket ] = handler
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
-
- -- remove traces of the old socket
-
- _readlistlen = removesocket( _readlist, oldsocket, _readlistlen )
- _sendlistlen = removesocket( _sendlist, oldsocket, _sendlistlen )
- _socketlist[ oldsocket ] = nil
-
- handler.starttls = nil
- needtls = nil
-
- -- Secure now
- ssl = true
-
- handler.readbuffer = handshake
- handler.sendbuffer = handshake
- handshake( socket ) -- do handshake
- end
- handler.readbuffer = _readbuffer
- handler.sendbuffer = _sendbuffer
- end
- else -- normal connection
- ssl = false
- handler.readbuffer = _readbuffer
- handler.sendbuffer = _sendbuffer
- end
-
- send = socket.send
- receive = socket.receive
- shutdown = ( ssl and id ) or socket.shutdown
-
- _socketlist[ socket ] = handler
- _readlistlen = addsocket(_readlist, socket, _readlistlen)
-
- return handler, socket
-end
-
-id = function( )
-end
-
-idfalse = function( )
- return false
-end
-
-addsocket = function( list, socket, len )
- if not list[ socket ] then
- len = len + 1
- list[ len ] = socket
- list[ socket ] = len
- end
- return len;
-end
-
-removesocket = function( list, socket, len ) -- this function removes sockets from a list ( copied from copas )
- local pos = list[ socket ]
- if pos then
- list[ socket ] = nil
- local last = list[ len ]
- list[ len ] = nil
- if last ~= socket then
- list[ last ] = pos
- list[ pos ] = last
- end
- return len - 1
- end
- return len
-end
-
-closesocket = function( socket )
- _sendlistlen = removesocket( _sendlist, socket, _sendlistlen )
- _readlistlen = removesocket( _readlist, socket, _readlistlen )
- _socketlist[ socket ] = nil
- socket:close( )
- --mem_free( )
-end
-
-----------------------------------// PUBLIC //--
-
-addserver = function( listeners, port, addr, pattern, sslctx, maxconnections, startssl ) -- this function provides a way for other scripts to reg a server
- local err
- --out_put("server.lua: autossl on ", port, " is ", startssl)
- if type( listeners ) ~= "table" then
- err = "invalid listener table"
- end
- if not type( port ) == "number" or not ( port >= 0 and port <= 65535 ) then
- err = "invalid port"
- elseif _server[ port ] then
- err = "listeners on port '" .. port .. "' already exist"
- elseif sslctx and not luasec then
- err = "luasec not found"
- end
- if err then
- out_error( "server.lua, port ", port, ": ", err )
- return nil, err
- end
- addr = addr or "*"
- local server, err = socket_bind( addr, port )
- if err then
- out_error( "server.lua, port ", port, ": ", err )
- return nil, err
- end
- local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx, maxconnections, startssl ) -- wrap new server socket
- if not handler then
- server:close( )
- return nil, err
- end
- server:settimeout( 0 )
- _readlistlen = addsocket(_readlist, server, _readlistlen)
- _server[ port ] = handler
- _socketlist[ server ] = handler
- out_put( "server.lua: new server listener on '", addr, ":", port, "'" )
- return handler
-end
-
-getserver = function ( port )
- return _server[ port ];
-end
-
-removeserver = function( port )
- local handler = _server[ port ]
- if not handler then
- return nil, "no server found on port '" .. tostring( port ) .. "'"
- end
- handler.close( )
- _server[ port ] = nil
- return true
-end
-
-closeall = function( )
- for _, handler in pairs( _socketlist ) do
- handler.close( )
- _socketlist[ _ ] = nil
- end
- _readlistlen = 0
- _sendlistlen = 0
- _timerlistlen = 0
- _server = { }
- _readlist = { }
- _sendlist = { }
- _timerlist = { }
- _socketlist = { }
- --mem_free( )
-end
-
-getsettings = function( )
- return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, _cleanqueue, _maxclientsperserver, _maxsslhandshake
-end
-
-changesettings = function( new )
- if type( new ) ~= "table" then
- return nil, "invalid settings table"
- end
- _selecttimeout = tonumber( new.timeout ) or _selecttimeout
- _sleeptime = tonumber( new.sleeptime ) or _sleeptime
- _maxsendlen = tonumber( new.maxsendlen ) or _maxsendlen
- _maxreadlen = tonumber( new.maxreadlen ) or _maxreadlen
- _checkinterval = tonumber( new.checkinterval ) or _checkinterval
- _sendtimeout = tonumber( new.sendtimeout ) or _sendtimeout
- _readtimeout = tonumber( new.readtimeout ) or _readtimeout
- _cleanqueue = new.cleanqueue
- _maxclientsperserver = new._maxclientsperserver or _maxclientsperserver
- _maxsslhandshake = new._maxsslhandshake or _maxsslhandshake
- return true
-end
-
-addtimer = function( listener )
- if type( listener ) ~= "function" then
- return nil, "invalid listener function"
- end
- _timerlistlen = _timerlistlen + 1
- _timerlist[ _timerlistlen ] = listener
- return true
-end
-
-stats = function( )
- return _readtraffic, _sendtraffic, _readlistlen, _sendlistlen, _timerlistlen
-end
-
-local dontstop = true; -- thinking about tomorrow, ...
-
-setquitting = function (quit)
- dontstop = not quit;
- return;
-end
-
-loop = function( ) -- this is the main loop of the program
- while dontstop do
- local read, write, err = socket_select( _readlist, _sendlist, _selecttimeout )
- for i, socket in ipairs( write ) do -- send data waiting in writequeues
- local handler = _socketlist[ socket ]
- if handler then
- handler.sendbuffer( )
- else
- closesocket( socket )
- out_put "server.lua: found no handler and closed socket (writelist)" -- this should not happen
- end
- end
- for i, socket in ipairs( read ) do -- receive data
- local handler = _socketlist[ socket ]
- if handler then
- handler.readbuffer( )
- else
- closesocket( socket )
- out_put "server.lua: found no handler and closed socket (readlist)" -- this can happen
- end
- end
- for handler, err in pairs( _closelist ) do
- handler.disconnect( )( handler, err )
- handler.close( true ) -- forced disconnect
- end
- clean( _closelist )
- _currenttime = os_time( )
- if os_difftime( _currenttime - _timer ) >= 1 then
- for i = 1, _timerlistlen do
- _timerlist[ i ]( _currenttime ) -- fire timers
- end
- _timer = _currenttime
- end
- socket_sleep( _sleeptime ) -- wait some time
- --collectgarbage( )
- end
- return "quitting"
-end
-
---// EXPERIMENTAL //--
-
-local wrapclient = function( socket, ip, serverport, listeners, pattern, sslctx, startssl )
- local handler = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx, startssl )
- _socketlist[ socket ] = handler
- _sendlistlen = addsocket(_sendlist, socket, _sendlistlen)
- return handler, socket
-end
-
-local addclient = function( address, port, listeners, pattern, sslctx, startssl )
- local client, err = luasocket.tcp( )
- if err then
- return nil, err
- end
- client:settimeout( 0 )
- _, err = client:connect( address, port )
- if err then -- try again
- local handler = wrapclient( client, address, port, listeners )
- else
- wrapconnection( nil, listeners, client, address, port, "clientport", pattern, sslctx, startssl )
- end
-end
-
---// EXPERIMENTAL //--
-
-----------------------------------// BEGIN //--
-
-use "setmetatable" ( _socketlist, { __mode = "k" } )
-use "setmetatable" ( _readtimes, { __mode = "k" } )
-use "setmetatable" ( _writetimes, { __mode = "k" } )
-
-_timer = os_time( )
-_starttime = os_time( )
-
-addtimer( function( )
- local difftime = os_difftime( _currenttime - _starttime )
- if difftime > _checkinterval then
- _starttime = _currenttime
- for handler, timestamp in pairs( _writetimes ) do
- if os_difftime( _currenttime - timestamp ) > _sendtimeout then
- --_writetimes[ handler ] = nil
- handler.disconnect( )( handler, "send timeout" )
- handler.close( true ) -- forced disconnect
- end
- end
- for handler, timestamp in pairs( _readtimes ) do
- if os_difftime( _currenttime - timestamp ) > _readtimeout then
- --_readtimes[ handler ] = nil
- handler.disconnect( )( handler, "read timeout" )
- handler.close( ) -- forced disconnect?
- end
- end
- end
- end
-)
-
-----------------------------------// PUBLIC INTERFACE //--
-
-return {
-
- addclient = addclient,
- wrapclient = wrapclient,
-
- loop = loop,
- stats = stats,
- closeall = closeall,
- addtimer = addtimer,
- addserver = addserver,
- getserver = getserver,
- getsettings = getsettings,
- setquitting = setquitting,
- removeserver = removeserver,
- changesettings = changesettings,
-}
+ +local use_luaevent = require "core.configmanager".get("*", "core", "use_libevent"); + +if use_luaevent then + use_luaevent = pcall(require, "luaevent.core"); + if not use_luaevent then + log("error", "libevent not found, falling back to select()"); + end +end + +local server; + +if use_luaevent then + server = require "net.server_event"; + -- util.timer requires "net.server", so instead of having + -- Lua look for, and load us again (causing a loop) - set this here + -- (usually it isn't set until we return, look down there...) + package.loaded["net.server"] = server; + + -- Backwards compatibility for timers, addtimer + -- called a function roughly every second + local add_task = require "util.timer".add_task; + function server.addtimer(f) + return add_task(1, function (...) f(...); return 1; end); + end + + -- Overwrite signal.signal() because we need to ask libevent to + -- handle them instead + local ok, signal = pcall(require, "util.signal"); + if ok and signal then + local _signal_signal = signal.signal; + function signal.signal(signal_id, handler) + if type(signal_id) == "string" then + signal_id = signal[signal_id:upper()]; + end + if type(signal_id) ~= "number" then + return false, "invalid-signal"; + end + --_signal_signal(signal_id, handler); + return server.hook_signal(signal_id, handler); + end + end +else + server = require "net.server_select"; + package.loaded["net.server"] = server; +end + +-- require "net.server" shall now forever return this, +-- ie. server_select or server_event as chosen above. +return server; diff --git a/net/server_event.lua b/net/server_event.lua new file mode 100644 index 00000000..3afc732b --- /dev/null +++ b/net/server_event.lua @@ -0,0 +1,839 @@ +--[[ + + + server.lua based on lua/libevent by blastbeat + + notes: + -- when using luaevent, never register 2 or more EV_READ at one socket, same for EV_WRITE + -- you cant even register a new EV_READ/EV_WRITE callback inside another one + -- never call eventcallback:close( ) from inside eventcallback + -- to do some of the above, use timeout events or something what will called from outside + -- dont let garbagecollect eventcallbacks, as long they are running + -- when using luasec, there are 4 cases of timeout errors: wantread or wantwrite during reading or writing + +--]] + +local SCRIPT_NAME = "server_event.lua" +local SCRIPT_VERSION = "0.05" +local SCRIPT_AUTHOR = "blastbeat" +local LAST_MODIFIED = "2009/11/20" + +local cfg = { + MAX_CONNECTIONS = 100000, -- max per server connections (use "ulimit -n" on *nix) + MAX_HANDSHAKE_ATTEMPS = 10, -- attemps to finish ssl handshake + HANDSHAKE_TIMEOUT = 1, -- timout in seconds per handshake attemp + MAX_READ_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes allowed to read from sockets + MAX_SEND_LENGTH = 1024 * 1024 * 1024 * 1024, -- max bytes size of write buffer (for writing on sockets) + ACCEPT_DELAY = 10, -- seconds to wait until the next attemp of a full server to accept + READ_TIMEOUT = 60 * 30, -- timeout in seconds for read data from socket + WRITE_TIMEOUT = 30, -- timeout in seconds for write data on socket + CONNECT_TIMEOUT = 10, -- timeout in seconds for connection attemps + CLEAR_DELAY = 5, -- seconds to wait for clearing interface list (and calling ondisconnect listeners) + DEBUG = true, -- show debug messages +} + +local function use(x) return rawget(_G, x); end +local print = use "print" +local pcall = use "pcall" +local ipairs = use "ipairs" +local string = use "string" +local select = use "select" +local require = use "require" +local tostring = use "tostring" +local coroutine = use "coroutine" +local setmetatable = use "setmetatable" + +local ssl = use "ssl" or require "ssl" +local socket = use "socket" or require "socket" + +local log = require ("util.logger").init("socket") + +local function debug(...) + return log("debug", ("%s "):rep(select('#', ...)), ...) +end +local vdebug = debug; + +local bitor = ( function( ) -- thx Rici Lake + local hasbit = function( x, p ) + return x % ( p + p ) >= p + end + return function( x, y ) + local p = 1 + local z = 0 + local limit = x > y and x or y + while p <= limit do + if hasbit( x, p ) or hasbit( y, p ) then + z = z + p + end + p = p + p + end + return z + end +end )( ) + +local event = require "luaevent.core" +local base = event.new( ) +local EV_READ = event.EV_READ +local EV_WRITE = event.EV_WRITE +local EV_TIMEOUT = event.EV_TIMEOUT +local EV_SIGNAL = event.EV_SIGNAL + +local EV_READWRITE = bitor( EV_READ, EV_WRITE ) + +local interfacelist = ( function( ) -- holds the interfaces for sockets + local array = { } + local len = 0 + return function( method, arg ) + if "add" == method then + len = len + 1 + array[ len ] = arg + arg:_position( len ) + return len + elseif "delete" == method then + if len <= 0 then + return nil, "array is already empty" + end + local position = arg:_position() -- get position in array + if position ~= len then + local interface = array[ len ] -- get last interface + array[ position ] = interface -- copy it into free position + array[ len ] = nil -- free last position + interface:_position( position ) -- set new position in array + else -- free last position + array[ len ] = nil + end + len = len - 1 + return len + else + return array + end + end +end )( ) + +-- Client interface methods +local interface_mt +do + interface_mt = {}; interface_mt.__index = interface_mt; + + local addevent = base.addevent + local coroutine_wrap, coroutine_yield = coroutine.wrap,coroutine.yield + local string_len = string.len + + -- Private methods + function interface_mt:_position(new_position) + self.position = new_position or self.position + return self.position; + end + function interface_mt:_close() -- regs event to start self:_destroy() + local callback = function( ) + self:_destroy(); + self.eventclose = nil + return -1 + end + self.eventclose = addevent( base, nil, EV_TIMEOUT, callback, 0 ) + return true + end + + function interface_mt:_start_connection(plainssl) -- should be called from addclient + local callback = function( event ) + if EV_TIMEOUT == event then -- timout during connection + self.fatalerror = "connection timeout" + self:ontimeout() -- call timeout listener + self:_close() + debug( "new connection failed. id:", self.id, "error:", self.fatalerror ) + else + if plainssl then -- start ssl session + self:starttls() + else -- normal connection + self:_start_session( self.listener.onconnect ) + end + debug( "new connection established. id:", self.id ) + end + self.eventconnect = nil + return -1 + end + self.eventconnect = addevent( base, self.conn, EV_WRITE, callback, cfg.CONNECT_TIMEOUT ) + return true + end + function interface_mt:_start_session(onconnect) -- new session, for example after startssl + if self.type == "client" then + local callback = function( ) + self:_lock( false, false, false ) + --vdebug( "start listening on client socket with id:", self.id ) + self.eventread = addevent( base, self.conn, EV_READ, self.readcallback, cfg.READ_TIMEOUT ) -- register callback + self:onconnect() + self.eventsession = nil + return -1 + end + self.eventsession = addevent( base, nil, EV_TIMEOUT, callback, 0 ) + else + self:_lock( false ) + --vdebug( "start listening on server socket with id:", self.id ) + self.eventread = addevent( base, self.conn, EV_READ, self.readcallback ) -- register callback + end + return true + end + function interface_mt:_start_ssl(arg) -- old socket will be destroyed, therefore we have to close read/write events first + --vdebug( "starting ssl session with client id:", self.id ) + local _ + _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks! + _ = self.eventwrite and self.eventwrite:close( ) + self.eventread, self.eventwrite = nil, nil + local err + self.conn, err = ssl.wrap( self.conn, self._sslctx ) + if err then + self.fatalerror = err + self.conn = nil -- cannot be used anymore + if "onconnect" == arg then + self.ondisconnect = nil -- dont call this when client isnt really connected + end + self:_close() + debug( "fatal error while ssl wrapping:", err ) + return false + end + self.conn:settimeout( 0 ) -- set non blocking + local handshakecallback = coroutine_wrap( + function( event ) + local _, err + local attempt = 0 + local maxattempt = cfg.MAX_HANDSHAKE_ATTEMPS + while attempt < 1000 do -- no endless loop + attempt = attempt + 1 + debug( "ssl handshake of client with id:"..tostring(self).."attemp:"..attempt ) + if attempt > maxattempt then + self.fatalerror = "max handshake attemps exceeded" + elseif EV_TIMEOUT == event then + self.fatalerror = "timeout during handshake" + else + _, err = self.conn:dohandshake( ) + if not err then + self:_lock( false, false, false ) -- unlock the interface; sending, closing etc allowed + self.send = self.conn.send -- caching table lookups with new client object + self.receive = self.conn.receive + local onsomething + if "onconnect" == arg then -- trigger listener + onsomething = self.onconnect + else + onsomething = self.onsslconnection + end + self:_start_session( onsomething ) + debug( "ssl handshake done" ) + self:onstatus("ssl-handshake-complete"); + self.eventhandshake = nil + return -1 + end + debug( "error during ssl handshake:", err ) + if err == "wantwrite" then + event = EV_WRITE + elseif err == "wantread" then + event = EV_READ + else + self.fatalerror = err + end + end + if self.fatalerror then + if "onconnect" == arg then + self.ondisconnect = nil -- dont call this when client isnt really connected + end + self:_close() + debug( "handshake failed because:", self.fatalerror ) + self.eventhandshake = nil + return -1 + end + event = coroutine_yield( event, cfg.HANDSHAKE_TIMEOUT ) -- yield this monster... + end + end + ) + debug "starting handshake..." + self:_lock( false, true, true ) -- unlock read/write events, but keep interface locked + self.eventhandshake = addevent( base, self.conn, EV_READWRITE, handshakecallback, cfg.HANDSHAKE_TIMEOUT ) + return true + end + function interface_mt:_destroy() -- close this interface + events and call last listener + debug( "closing client with id:", self.id ) + self:_lock( true, true, true ) -- first of all, lock the interface to avoid further actions + local _ + _ = self.eventread and self.eventread:close( ) -- close events; this must be called outside of the event callbacks! + if self.type == "client" then + _ = self.eventwrite and self.eventwrite:close( ) + _ = self.eventhandshake and self.eventhandshake:close( ) + _ = self.eventstarthandshake and self.eventstarthandshake:close( ) + _ = self.eventconnect and self.eventconnect:close( ) + _ = self.eventsession and self.eventsession:close( ) + _ = self.eventwritetimeout and self.eventwritetimeout:close( ) + _ = self.eventreadtimeout and self.eventreadtimeout:close( ) + _ = self.ondisconnect and self:ondisconnect( self.fatalerror ) -- call ondisconnect listener (wont be the case if handshake failed on connect) + _ = self.conn and self.conn:close( ) -- close connection, must also be called outside of any socket registered events! + _ = self._server and self._server:counter(-1); + self.eventread, self.eventwrite = nil, nil + self.eventstarthandshake, self.eventhandshake, self.eventclose = nil, nil, nil + self.readcallback, self.writecallback = nil, nil + else + self.conn:close( ) + self.eventread, self.eventclose = nil, nil + self.interface, self.readcallback = nil, nil + end + interfacelist( "delete", self ) + return true + end + + function interface_mt:_lock(nointerface, noreading, nowriting) -- lock or unlock this interface or events + self.nointerface, self.noreading, self.nowriting = nointerface, noreading, nowriting + return nointerface, noreading, nowriting + end + + function interface_mt:counter(c) + if c then + self._connections = self._connections + c + end + return self._connections + end + + -- Public methods + function interface_mt:write(data) + if self.nowriting then return nil, "locked" end + --vdebug( "try to send data to client, id/data:", self.id, data ) + data = tostring( data ) + local len = string_len( data ) + local total = len + self.writebufferlen + if total > cfg.MAX_SEND_LENGTH then -- check buffer length + local err = "send buffer exceeded" + debug( "error:", err ) -- to much, check your app + return nil, err + end + self.writebuffer = self.writebuffer .. data -- new buffer + self.writebufferlen = total + if not self.eventwrite then -- register new write event + --vdebug( "register new write event" ) + self.eventwrite = addevent( base, self.conn, EV_WRITE, self.writecallback, cfg.WRITE_TIMEOUT ) + end + return true + end + function interface_mt:close(now) + if self.nointerface then return nil, "locked"; end + debug( "try to close client connection with id:", self.id ) + if self.type == "client" then + self.fatalerror = "client to close" + if ( not self.eventwrite ) or now then -- try to close immediately + self:_lock( true, true, true ) + self:_close() + return true + else -- wait for incomplete write request + self:_lock( true, true, false ) + debug "closing delayed until writebuffer is empty" + return nil, "writebuffer not empty, waiting" + end + else + debug( "try to close server with id:", self.id, "args:", now ) + self.fatalerror = "server to close" + self:_lock( true ) + local count = 0 + for _, item in ipairs( interfacelist( ) ) do + if ( item.type ~= "server" ) and ( item._server == self ) then -- client/server match + if item:close( now ) then -- writebuffer was empty + count = count + 1 + end + end + end + local timeout = 0 -- dont wait for unfinished writebuffers of clients... + if not now then + timeout = cfg.WRITE_TIMEOUT -- ...or wait for it + end + self:_close( timeout ) -- add new event to remove the server interface + debug( "seconds remained until server is closed:", timeout ) + return count -- returns finished clients with empty writebuffer + end + end + + function interface_mt:server() + return self._server or self; + end + + function interface_mt:port() + return self._port + end + + function interface_mt:serverport() + return self._serverport + end + + function interface_mt:ip() + return self._ip + end + + function interface_mt:ssl() + return self._usingssl + end + + function interface_mt:type() + return self._type or "client" + end + + function interface_mt:connections() + return self._connections + end + + function interface_mt:address() + return self.addr + end + + function interface_mt:set_sslctx(sslctx) + self._sslctx = sslctx; + if sslctx then + self.starttls = nil; -- use starttls() of interface_mt + else + self.starttls = false; -- prevent starttls() + end + end + + function interface_mt:set_send(new_send) + -- No-op, we always use the underlying connection's send + end + + function interface_mt:starttls(sslctx) + debug( "try to start ssl at client id:", self.id ) + local err + self._sslctx = sslctx; + if self._usingssl then -- startssl was already called + err = "ssl already active" + end + if err then + debug( "error:", err ) + return nil, err + end + self._usingssl = true + self.startsslcallback = function( ) -- we have to start the handshake outside of a read/write event + self.startsslcallback = nil + self:_start_ssl(); + self.eventstarthandshake = nil + return -1 + end + if not self.eventwrite then + self:_lock( true, true, true ) -- lock the interface, to not disturb the handshake + self.eventstarthandshake = addevent( base, nil, EV_TIMEOUT, self.startsslcallback, 0 ) -- add event to start handshake + else -- wait until writebuffer is empty + self:_lock( true, true, false ) + debug "ssl session delayed until writebuffer is empty..." + end + self.starttls = false; + return true + end + + function interface_mt:setoption(option, value) + if self.conn.setoption then + return self.conn:setoption(option, value); + end + return false, "setoption not implemented"; + end + + function interface_mt:setlistener(listener) + self.onconnect, self.ondisconnect, self.onincoming, self.ontimeout, self.onstatus + = listener.onconnect, listener.ondisconnect, listener.onincoming, listener.ontimeout, listener.onstatus; + end + + -- Stub handlers + function interface_mt:onconnect() + end + function interface_mt:onincoming() + end + function interface_mt:ondisconnect() + end + function interface_mt:ontimeout() + end + function interface_mt:onstatus() + debug("server.lua: Dummy onstatus()") + end +end + +-- End of client interface methods + +local handleclient; +do + local string_sub = string.sub -- caching table lookups + local string_len = string.len + local addevent = base.addevent + local coroutine_wrap = coroutine.wrap + local socket_gettime = socket.gettime + local coroutine_yield = coroutine.yield + function handleclient( client, ip, port, server, pattern, listener, _, sslctx ) -- creates an client interface + --vdebug("creating client interfacce...") + local interface = { + type = "client"; + conn = client; + currenttime = socket_gettime( ); -- safe the origin + writebuffer = ""; -- writebuffer + writebufferlen = 0; -- length of writebuffer + send = client.send; -- caching table lookups + receive = client.receive; + onconnect = listener.onconnect; -- will be called when client disconnects + ondisconnect = listener.ondisconnect; -- will be called when client disconnects + onincoming = listener.onincoming; -- will be called when client sends data + ontimeout = listener.ontimeout; -- called when fatal socket timeout occurs + onstatus = listener.onstatus; -- called for status changes (e.g. of SSL/TLS) + eventread = false, eventwrite = false, eventclose = false, + eventhandshake = false, eventstarthandshake = false; -- event handler + eventconnect = false, eventsession = false; -- more event handler... + eventwritetimeout = false; -- even more event handler... + eventreadtimeout = false; + fatalerror = false; -- error message + writecallback = false; -- will be called on write events + readcallback = false; -- will be called on read events + nointerface = true; -- lock/unlock parameter of this interface + noreading = false, nowriting = false; -- locks of the read/writecallback + startsslcallback = false; -- starting handshake callback + position = false; -- position of client in interfacelist + + -- Properties + _ip = ip, _port = port, _server = server, _pattern = pattern, + _serverport = (server and server:port() or nil), + _sslctx = sslctx; -- parameters + _usingssl = false; -- client is using ssl; + } + interface.id = tostring(interface):match("%x+$"); + interface.writecallback = function( event ) -- called on write events + --vdebug( "new client write event, id/ip/port:", interface, ip, port ) + if interface.nowriting or ( interface.fatalerror and ( "client to close" ~= interface.fatalerror ) ) then -- leave this event + --vdebug( "leaving this event because:", interface.nowriting or interface.fatalerror ) + interface.eventwrite = false + return -1 + end + if EV_TIMEOUT == event then -- took too long to write some data to socket -> disconnect + interface.fatalerror = "timeout during writing" + debug( "writing failed:", interface.fatalerror ) + interface:_close() + interface.eventwrite = false + return -1 + else -- can write :) + if interface._usingssl then -- handle luasec + if interface.eventreadtimeout then -- we have to read first + local ret = interface.readcallback( ) -- call readcallback + --vdebug( "tried to read in writecallback, result:", ret ) + end + if interface.eventwritetimeout then -- luasec only + interface.eventwritetimeout:close( ) -- first we have to close timeout event which where regged after a wantread error + interface.eventwritetimeout = false + end + end + local succ, err, byte = interface.conn:send( interface.writebuffer, 1, interface.writebufferlen ) + --vdebug( "write data:", interface.writebuffer, "error:", err, "part:", byte ) + if succ then -- writing succesful + interface.writebuffer = "" + interface.writebufferlen = 0 + if interface.fatalerror then + debug "closing client after writing" + interface:_close() -- close interface if needed + elseif interface.startsslcallback then -- start ssl connection if needed + debug "starting ssl handshake after writing" + interface.eventstarthandshake = addevent( base, nil, EV_TIMEOUT, interface.startsslcallback, 0 ) + elseif interface.eventreadtimeout then + return EV_WRITE, EV_TIMEOUT + end + interface.eventwrite = nil + return -1 + elseif byte then -- want write again + --vdebug( "writebuffer is not empty:", err ) + interface.writebuffer = string_sub( interface.writebuffer, byte + 1, interface.writebufferlen ) -- new buffer + interface.writebufferlen = interface.writebufferlen - byte + if "wantread" == err then -- happens only with luasec + local callback = function( ) + interface:_close() + interface.eventwritetimeout = nil + return evreturn, evtimeout + end + interface.eventwritetimeout = addevent( base, nil, EV_TIMEOUT, callback, cfg.WRITE_TIMEOUT ) -- reg a new timeout event + debug( "wantread during write attemp, reg it in readcallback but dont know what really happens next..." ) + -- hopefully this works with luasec; its simply not possible to use 2 different write events on a socket in luaevent + return -1 + end + return EV_WRITE, cfg.WRITE_TIMEOUT + else -- connection was closed during writing or fatal error + interface.fatalerror = err or "fatal error" + debug( "connection failed in write event:", interface.fatalerror ) + interface:_close() + interface.eventwrite = nil + return -1 + end + end + end + + interface.readcallback = function( event ) -- called on read events + --vdebug( "new client read event, id/ip/port:", tostring(interface.id), tostring(ip), tostring(port) ) + if interface.noreading or interface.fatalerror then -- leave this event + --vdebug( "leaving this event because:", tostring(interface.noreading or interface.fatalerror) ) + interface.eventread = nil + return -1 + end + if EV_TIMEOUT == event then -- took too long to get some data from client -> disconnect + interface.fatalerror = "timeout during receiving" + debug( "connection failed:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + else -- can read + if interface._usingssl then -- handle luasec + if interface.eventwritetimeout then -- ok, in the past writecallback was regged + local ret = interface.writecallback( ) -- call it + --vdebug( "tried to write in readcallback, result:", tostring(ret) ) + end + if interface.eventreadtimeout then + interface.eventreadtimeout:close( ) + interface.eventreadtimeout = nil + end + end + local buffer, err, part = interface.conn:receive( pattern ) -- receive buffer with "pattern" + --vdebug( "read data:", tostring(buffer), "error:", tostring(err), "part:", tostring(part) ) + buffer = buffer or part or "" + local len = string_len( buffer ) + if len > cfg.MAX_READ_LENGTH then -- check buffer length + interface.fatalerror = "receive buffer exceeded" + debug( "fatal error:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + end + interface.onincoming( interface, buffer, err ) -- send new data to listener + if err and ( err ~= "timeout" and err ~= "wantread" ) then + if "wantwrite" == err then -- need to read on write event + if not interface.eventwrite then -- register new write event if needed + interface.eventwrite = addevent( base, interface.conn, EV_WRITE, interface.writecallback, cfg.WRITE_TIMEOUT ) + end + interface.eventreadtimeout = addevent( base, nil, EV_TIMEOUT, + function( ) + interface:_close() + end, cfg.READ_TIMEOUT + ) + debug( "wantwrite during read attemp, reg it in writecallback but dont know what really happens next..." ) + -- to be honest i dont know what happens next, if it is allowed to first read, the write etc... + else -- connection was closed or fatal error + interface.fatalerror = err + debug( "connection failed in read event:", interface.fatalerror ) + interface:_close() + interface.eventread = nil + return -1 + end + end + return EV_READ, cfg.READ_TIMEOUT + end + end + + client:settimeout( 0 ) -- set non blocking + setmetatable(interface, interface_mt) + interfacelist( "add", interface ) -- add to interfacelist + return interface + end +end + +local handleserver +do + function handleserver( server, addr, port, pattern, listener, sslctx ) -- creates an server interface + debug "creating server interface..." + local interface = { + _connections = 0; + + conn = server; + onconnect = listener.onconnect; -- will be called when new client connected + eventread = false; -- read event handler + eventclose = false; -- close event handler + readcallback = false; -- read event callback + fatalerror = false; -- error message + nointerface = true; -- lock/unlock parameter + + _ip = addr, _port = port, _pattern = pattern, + _sslctx = sslctx; + } + interface.id = tostring(interface):match("%x+$"); + interface.readcallback = function( event ) -- server handler, called on incoming connections + --vdebug( "server can accept, id/addr/port:", interface, addr, port ) + if interface.fatalerror then + --vdebug( "leaving this event because:", self.fatalerror ) + interface.eventread = nil + return -1 + end + local delay = cfg.ACCEPT_DELAY + if EV_TIMEOUT == event then + if interface._connections >= cfg.MAX_CONNECTIONS then -- check connection count + debug( "to many connections, seconds to wait for next accept:", delay ) + return EV_TIMEOUT, delay -- timeout... + else + return EV_READ -- accept again + end + end + --vdebug("max connection check ok, accepting...") + local client, err = server:accept() -- try to accept; TODO: check err + while client do + if interface._connections >= cfg.MAX_CONNECTIONS then + client:close( ) -- refuse connection + debug( "maximal connections reached, refuse client connection; accept delay:", delay ) + return EV_TIMEOUT, delay -- delay for next accept attemp + end + local ip, port = client:getpeername( ) + interface._connections = interface._connections + 1 -- increase connection count + local clientinterface = handleclient( client, ip, port, interface, pattern, listener, nil, sslctx ) + --vdebug( "client id:", clientinterface, "startssl:", startssl ) + if sslctx then + clientinterface:starttls(sslctx) + else + clientinterface:_start_session( clientinterface.onconnect ) + end + debug( "accepted incoming client connection from:", ip, port ) + client, err = server:accept() -- try to accept again + end + return EV_READ + end + + server:settimeout( 0 ) + setmetatable(interface, interface_mt) + interfacelist( "add", interface ) + interface:_start_session() + return interface + end +end + +local addserver = ( function( ) + return function( addr, port, listener, pattern, sslcfg, startssl ) -- TODO: check arguments + --vdebug( "creating new tcp server with following parameters:", addr or "nil", port or "nil", sslcfg or "nil", startssl or "nil") + local server, err = socket.bind( addr, port, cfg.ACCEPT_QUEUE ) -- create server socket + if not server then + debug( "creating server socket failed because:", err ) + return nil, err + end + local sslctx + if sslcfg then + if not ssl then + debug "fatal error: luasec not found" + return nil, "luasec not found" + end + sslctx, err = ssl.newcontext( sslcfg ) + if err then + debug( "error while creating new ssl context for server socket:", err ) + return nil, err + end + end + local interface = handleserver( server, addr, port, pattern, listener, sslctx, startssl ) -- new server handler + debug( "new server created with id:", tostring(interface)) + return interface + end +end )( ) + +local addclient, wrapclient +do + function wrapclient( client, ip, port, listeners, pattern, sslctx, startssl ) + local interface = handleclient( client, ip, port, nil, pattern, listeners, sslctx ) + interface:_start_session() + return interface + --function handleclient( client, ip, port, server, pattern, listener, _, sslctx ) -- creates an client interface + end + + function addclient( addr, serverport, listener, pattern, localaddr, localport, sslcfg, startssl ) + local client, err = socket.tcp() -- creating new socket + if not client then + debug( "cannot create socket:", err ) + return nil, err + end + client:settimeout( 0 ) -- set nonblocking + if localaddr then + local res, err = client:bind( localaddr, localport, -1 ) + if not res then + debug( "cannot bind client:", err ) + return nil, err + end + end + local sslctx + if sslcfg then -- handle ssl/new context + if not ssl then + debug "need luasec, but not available" + return nil, "luasec not found" + end + sslctx, err = ssl.newcontext( sslcfg ) + if err then + debug( "cannot create new ssl context:", err ) + return nil, err + end + end + local res, err = client:connect( addr, serverport ) -- connect + if res or ( err == "timeout" ) then + local ip, port = client:getsockname( ) + local server = function( ) + return nil, "this is a dummy server interface" + end + local interface = wrapclient( client, ip, serverport, listeners, pattern, sslctx, startssl ) + interface:_start_connection( startssl ) + debug( "new connection id:", interface.id ) + return interface, err + else + debug( "new connection failed:", err ) + return nil, err + end + end +end + + +local loop = function( ) -- starts the event loop + base:loop( ) + return "quitting"; +end + +local newevent = ( function( ) + local add = base.addevent + return function( ... ) + return add( base, ... ) + end +end )( ) + +local closeallservers = function( arg ) + for _, item in ipairs( interfacelist( ) ) do + if item.type == "server" then + item:close( arg ) + end + end +end + +local function setquitting(yes) + if yes then + -- Quit now + closeallservers(); + base:loopexit(); + end +end + +function get_backend() + return base:method(); +end + +-- We need to hold onto the events to stop them +-- being garbage-collected +local signal_events = {}; -- [signal_num] -> event object +function hook_signal(signal_num, handler) + local function _handler(event) + local ret = handler(); + if ret ~= false then -- Continue handling this signal? + return EV_SIGNAL; -- Yes + end + return -1; -- Close this event + end + signal_events[signal_num] = base:addevent(signal_num, EV_SIGNAL, _handler); + return signal_events[signal_num]; +end + +return { + + cfg = cfg, + base = base, + loop = loop, + event = event, + event_base = base, + addevent = newevent, + addserver = addserver, + addclient = addclient, + wrapclient = wrapclient, + setquitting = setquitting, + closeall = closeallservers, + get_backend = get_backend, + hook_signal = hook_signal, + + __NAME = SCRIPT_NAME, + __DATE = LAST_MODIFIED, + __AUTHOR = SCRIPT_AUTHOR, + __VERSION = SCRIPT_VERSION, + +} diff --git a/net/server_select.lua b/net/server_select.lua new file mode 100644 index 00000000..e317d7dc --- /dev/null +++ b/net/server_select.lua @@ -0,0 +1,886 @@ +-- +-- server.lua by blastbeat of the luadch project +-- Re-used here under the MIT/X Consortium License +-- +-- Modifications (C) 2008-2009 Matthew Wild, Waqas Hussain +-- + +-- // wrapping luadch stuff // -- + +local use = function( what ) + return _G[ what ] +end +local clean = function( tbl ) + for i, k in pairs( tbl ) do + tbl[ i ] = nil + end +end + +local log, table_concat = require ("util.logger").init("socket"), table.concat; +local out_put = function (...) return log("debug", table_concat{...}); end +local out_error = function (...) return log("warn", table_concat{...}); end +local mem_free = collectgarbage + +----------------------------------// DECLARATION //-- + +--// constants //-- + +local STAT_UNIT = 1 -- byte + +--// lua functions //-- + +local type = use "type" +local pairs = use "pairs" +local ipairs = use "ipairs" +local tostring = use "tostring" +local collectgarbage = use "collectgarbage" + +--// lua libs //-- + +local os = use "os" +local table = use "table" +local string = use "string" +local coroutine = use "coroutine" + +--// lua lib methods //-- + +local os_time = os.time +local os_difftime = os.difftime +local table_concat = table.concat +local table_remove = table.remove +local string_len = string.len +local string_sub = string.sub +local coroutine_wrap = coroutine.wrap +local coroutine_yield = coroutine.yield + +--// extern libs //-- + +local luasec = select( 2, pcall( require, "ssl" ) ) +local luasocket = require "socket" + +--// extern lib methods //-- + +local ssl_wrap = ( luasec and luasec.wrap ) +local socket_bind = luasocket.bind +local socket_sleep = luasocket.sleep +local socket_select = luasocket.select +local ssl_newcontext = ( luasec and luasec.newcontext ) + +--// functions //-- + +local id +local loop +local stats +local idfalse +local addtimer +local closeall +local addserver +local getserver +local wrapserver +local getsettings +local closesocket +local removesocket +local removeserver +local changetimeout +local wrapconnection +local changesettings + +--// tables //-- + +local _server +local _readlist +local _timerlist +local _sendlist +local _socketlist +local _closelist +local _readtimes +local _writetimes + +--// simple data types //-- + +local _ +local _readlistlen +local _sendlistlen +local _timerlistlen + +local _sendtraffic +local _readtraffic + +local _selecttimeout +local _sleeptime + +local _starttime +local _currenttime + +local _maxsendlen +local _maxreadlen + +local _checkinterval +local _sendtimeout +local _readtimeout + +local _cleanqueue + +local _timer + +local _maxclientsperserver + +----------------------------------// DEFINITION //-- + +_server = { } -- key = port, value = table; list of listening servers +_readlist = { } -- array with sockets to read from +_sendlist = { } -- arrary with sockets to write to +_timerlist = { } -- array of timer functions +_socketlist = { } -- key = socket, value = wrapped socket (handlers) +_readtimes = { } -- key = handler, value = timestamp of last data reading +_writetimes = { } -- key = handler, value = timestamp of last data writing/sending +_closelist = { } -- handlers to close + +_readlistlen = 0 -- length of readlist +_sendlistlen = 0 -- length of sendlist +_timerlistlen = 0 -- lenght of timerlist + +_sendtraffic = 0 -- some stats +_readtraffic = 0 + +_selecttimeout = 1 -- timeout of socket.select +_sleeptime = 0 -- time to wait at the end of every loop + +_maxsendlen = 51000 * 1024 -- max len of send buffer +_maxreadlen = 25000 * 1024 -- max len of read buffer + +_checkinterval = 1200000 -- interval in secs to check idle clients +_sendtimeout = 60000 -- allowed send idle time in secs +_readtimeout = 6 * 60 * 60 -- allowed read idle time in secs + +_cleanqueue = false -- clean bufferqueue after using + +_maxclientsperserver = 1000 + +_maxsslhandshake = 30 -- max handshake round-trips +----------------------------------// PRIVATE //-- + +wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxconnections ) -- this function wraps a server + + maxconnections = maxconnections or _maxclientsperserver + + local connections = 0 + + local dispatch, disconnect = listeners.onincoming, listeners.ondisconnect + + local accept = socket.accept + + --// public methods of the object //-- + + local handler = { } + + handler.shutdown = function( ) end + + handler.ssl = function( ) + return sslctx ~= nil + end + handler.sslctx = function( ) + return sslctx + end + handler.remove = function( ) + connections = connections - 1 + end + handler.close = function( ) + for _, handler in pairs( _socketlist ) do + if handler.serverport == serverport then + handler.disconnect( handler, "server closed" ) + handler:close( true ) + end + end + socket:close( ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _socketlist[ socket ] = nil + handler = nil + socket = nil + --mem_free( ) + out_put "server.lua: closed server handler and removed sockets from list" + end + handler.ip = function( ) + return ip + end + handler.serverport = function( ) + return serverport + end + handler.socket = function( ) + return socket + end + handler.readbuffer = function( ) + if connections > maxconnections then + out_put( "server.lua: refused new client connection: server full" ) + return false + end + local client, err = accept( socket ) -- try to accept + if client then + local ip, clientport = client:getpeername( ) + client:settimeout( 0 ) + local handler, client, err = wrapconnection( handler, listeners, client, ip, serverport, clientport, pattern, sslctx ) -- wrap new client socket + if err then -- error while wrapping ssl socket + return false + end + connections = connections + 1 + out_put( "server.lua: accepted new client connection from ", tostring(ip), ":", tostring(clientport), " to ", tostring(serverport)) + return dispatch( handler ) + elseif err then -- maybe timeout or something else + out_put( "server.lua: error with new client connection: ", tostring(err) ) + return false + end + end + return handler +end + +wrapconnection = function( server, listeners, socket, ip, serverport, clientport, pattern, sslctx ) -- this function wraps a client to a handler object + + socket:settimeout( 0 ) + + --// local import of socket methods //-- + + local send + local receive + local shutdown + + --// private closures of the object //-- + + local ssl + + local dispatch = listeners.onincoming + local status = listeners.onstatus + local disconnect = listeners.ondisconnect + + local bufferqueue = { } -- buffer array + local bufferqueuelen = 0 -- end of buffer array + + local toclose + local fatalerror + local needtls + + local bufferlen = 0 + + local noread = false + local nosend = false + + local sendtraffic, readtraffic = 0, 0 + + local maxsendlen = _maxsendlen + local maxreadlen = _maxreadlen + + --// public methods of the object //-- + + local handler = bufferqueue -- saves a table ^_^ + + handler.dispatch = function( ) + return dispatch + end + handler.disconnect = function( ) + return disconnect + end + handler.setlistener = function( self, listeners ) + dispatch = listeners.onincoming + disconnect = listeners.ondisconnect + status = listeners.onstatus + end + handler.getstats = function( ) + return readtraffic, sendtraffic + end + handler.ssl = function( ) + return ssl + end + handler.sslctx = function ( ) + return sslctx + end + handler.send = function( _, data, i, j ) + return send( socket, data, i, j ) + end + handler.receive = function( pattern, prefix ) + return receive( socket, pattern, prefix ) + end + handler.shutdown = function( pattern ) + return shutdown( socket, pattern ) + end + handler.setoption = function (self, option, value) + if socket.setoption then + return socket:setoption(option, value); + end + return false, "setoption not implemented"; + end + handler.close = function( self, forced ) + if not handler then return true; end + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _readtimes[ handler ] = nil + if bufferqueuelen ~= 0 then + if not ( forced or fatalerror ) then + handler.sendbuffer( ) + if bufferqueuelen ~= 0 then -- try again... + if handler then + handler.write = nil -- ... but no further writing allowed + end + toclose = true + return false + end + else + send( socket, table_concat( bufferqueue, "", 1, bufferqueuelen ), 1, bufferlen ) -- forced send + end + end + if socket then + _ = shutdown and shutdown( socket ) + socket:close( ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _socketlist[ socket ] = nil + socket = nil + else + out_put "server.lua: socket already closed" + end + if handler then + _writetimes[ handler ] = nil + _closelist[ handler ] = nil + handler = nil + end + if server then + server.remove( ) + end + out_put "server.lua: closed client handler and removed socket from list" + return true + end + handler.ip = function( ) + return ip + end + handler.serverport = function( ) + return serverport + end + handler.clientport = function( ) + return clientport + end + local write = function( self, data ) + bufferlen = bufferlen + string_len( data ) + if bufferlen > maxsendlen then + _closelist[ handler ] = "send buffer exceeded" -- cannot close the client at the moment, have to wait to the end of the cycle + handler.write = idfalse -- dont write anymore + return false + elseif socket and not _sendlist[ socket ] then + _sendlistlen = addsocket(_sendlist, socket, _sendlistlen) + end + bufferqueuelen = bufferqueuelen + 1 + bufferqueue[ bufferqueuelen ] = data + if handler then + _writetimes[ handler ] = _writetimes[ handler ] or _currenttime + end + return true + end + handler.write = write + handler.bufferqueue = function( self ) + return bufferqueue + end + handler.socket = function( self ) + return socket + end + handler.pattern = function( self, new ) + pattern = new or pattern + return pattern + end + handler.set_send = function ( self, newsend ) + send = newsend or send + return send + end + handler.bufferlen = function( self, readlen, sendlen ) + maxsendlen = sendlen or maxsendlen + maxreadlen = readlen or maxreadlen + return bufferlen, maxreadlen, maxsendlen + end + handler.lock_read = function (self, switch) + if switch == true then + local tmp = _readlistlen + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _readtimes[ handler ] = nil + if _readlistlen ~= tmp then + noread = true + end + elseif switch == false then + if noread then + noread = false + _readlistlen = addsocket(_readlist, socket, _readlistlen) + _readtimes[ handler ] = _currenttime + end + end + return noread + end + handler.lock = function( self, switch ) + handler.lock_read (switch) + if switch == true then + handler.write = idfalse + local tmp = _sendlistlen + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _writetimes[ handler ] = nil + if _sendlistlen ~= tmp then + nosend = true + end + elseif switch == false then + handler.write = write + if nosend then + nosend = false + write( "" ) + end + end + return noread, nosend + end + local _readbuffer = function( ) -- this function reads data + local buffer, err, part = receive( socket, pattern ) -- receive buffer with "pattern" + if not err or (err == "wantread" or err == "timeout") or string_len(part) > 0 then -- received something + local buffer = buffer or part or "" + local len = string_len( buffer ) + if len > maxreadlen then + disconnect( handler, "receive buffer exceeded" ) + handler.close( true ) + return false + end + local count = len * STAT_UNIT + readtraffic = readtraffic + count + _readtraffic = _readtraffic + count + _readtimes[ handler ] = _currenttime + --out_put( "server.lua: read data '", buffer:gsub("[^%w%p ]", "."), "', error: ", err ) + return dispatch( handler, buffer, err ) + else -- connections was closed or fatal error + out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " read error: ", tostring(err) ) + fatalerror = true + disconnect( handler, err ) + _ = handler and handler.close( ) + return false + end + end + local _sendbuffer = function( ) -- this function sends data + local succ, err, byte, buffer, count; + local count; + if socket then + buffer = table_concat( bufferqueue, "", 1, bufferqueuelen ) + succ, err, byte = send( socket, buffer, 1, bufferlen ) + count = ( succ or byte or 0 ) * STAT_UNIT + sendtraffic = sendtraffic + count + _sendtraffic = _sendtraffic + count + _ = _cleanqueue and clean( bufferqueue ) + --out_put( "server.lua: sended '", buffer, "', bytes: ", tostring(succ), ", error: ", tostring(err), ", part: ", tostring(byte), ", to: ", tostring(ip), ":", tostring(clientport) ) + else + succ, err, count = false, "closed", 0; + end + if succ then -- sending succesful + bufferqueuelen = 0 + bufferlen = 0 + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) -- delete socket from writelist + _ = needtls and handler:starttls(nil, true) + _writetimes[ handler ] = nil + _ = toclose and handler.close( ) + return true + elseif byte and ( err == "timeout" or err == "wantwrite" ) then -- want write + buffer = string_sub( buffer, byte + 1, bufferlen ) -- new buffer + bufferqueue[ 1 ] = buffer -- insert new buffer in queue + bufferqueuelen = 1 + bufferlen = bufferlen - byte + _writetimes[ handler ] = _currenttime + return true + else -- connection was closed during sending or fatal error + out_put( "server.lua: client ", tostring(ip), ":", tostring(clientport), " write error: ", tostring(err) ) + fatalerror = true + disconnect( handler, err ) + _ = handler and handler.close( ) + return false + end + end + + -- Set the sslctx + local handshake; + function handler.set_sslctx(self, new_sslctx) + ssl = true + sslctx = new_sslctx; + local wrote + local read + handshake = coroutine_wrap( function( client ) -- create handshake coroutine + local err + for i = 1, _maxsslhandshake do + _sendlistlen = ( wrote and removesocket( _sendlist, client, _sendlistlen ) ) or _sendlistlen + _readlistlen = ( read and removesocket( _readlist, client, _readlistlen ) ) or _readlistlen + read, wrote = nil, nil + _, err = client:dohandshake( ) + if not err then + out_put( "server.lua: ssl handshake done" ) + handler.readbuffer = _readbuffer -- when handshake is done, replace the handshake function with regular functions + handler.sendbuffer = _sendbuffer + _ = status and status( handler, "ssl-handshake-complete" ) + _readlistlen = addsocket(_readlist, client, _readlistlen) + return true + else + out_put( "server.lua: error during ssl handshake: ", tostring(err) ) + if err == "wantwrite" and not wrote then + _sendlistlen = addsocket(_sendlist, client, _sendlistlen) + wrote = true + elseif err == "wantread" and not read then + _readlistlen = addsocket(_readlist, client, _readlistlen) + read = true + else + break; + end + --coroutine_yield( handler, nil, err ) -- handshake not finished + coroutine_yield( ) + end + end + disconnect( handler, "ssl handshake failed" ) + _ = handler and handler:close( true ) -- forced disconnect + return false -- handshake failed + end + ) + end + if sslctx then -- ssl? + handler:set_sslctx(sslctx); + out_put("server.lua: ", "starting ssl handshake") + local err + socket, err = ssl_wrap( socket, sslctx ) -- wrap socket + if err then + out_put( "server.lua: ssl error: ", tostring(err) ) + --mem_free( ) + return nil, nil, err -- fatal error + end + socket:settimeout( 0 ) + handler.readbuffer = handshake + handler.sendbuffer = handshake + handshake( socket ) -- do handshake + if not socket then + return nil, nil, "ssl handshake failed"; + end + else + local sslctx; + handler.starttls = function( self, _sslctx, now ) + if _sslctx then + sslctx = _sslctx; + handler:set_sslctx(sslctx); + end + if not now then + out_put "server.lua: we need to do tls, but delaying until later" + needtls = true + return + end + out_put( "server.lua: attempting to start tls on " .. tostring( socket ) ) + local oldsocket, err = socket + socket, err = ssl_wrap( socket, sslctx ) -- wrap socket + --out_put( "server.lua: sslwrapped socket is " .. tostring( socket ) ) + if err then + out_put( "server.lua: error while starting tls on client: ", tostring(err) ) + return nil, err -- fatal error + end + + socket:settimeout( 0 ) + + -- add the new socket to our system + + send = socket.send + receive = socket.receive + shutdown = id + + _socketlist[ socket ] = handler + _readlistlen = addsocket(_readlist, socket, _readlistlen) + + -- remove traces of the old socket + + _readlistlen = removesocket( _readlist, oldsocket, _readlistlen ) + _sendlistlen = removesocket( _sendlist, oldsocket, _sendlistlen ) + _socketlist[ oldsocket ] = nil + + handler.starttls = nil + needtls = nil + + -- Secure now + ssl = true + + handler.readbuffer = handshake + handler.sendbuffer = handshake + handshake( socket ) -- do handshake + end + handler.readbuffer = _readbuffer + handler.sendbuffer = _sendbuffer + end + + send = socket.send + receive = socket.receive + shutdown = ( ssl and id ) or socket.shutdown + + _socketlist[ socket ] = handler + _readlistlen = addsocket(_readlist, socket, _readlistlen) + + return handler, socket +end + +id = function( ) +end + +idfalse = function( ) + return false +end + +addsocket = function( list, socket, len ) + if not list[ socket ] then + len = len + 1 + list[ len ] = socket + list[ socket ] = len + end + return len; +end + +removesocket = function( list, socket, len ) -- this function removes sockets from a list ( copied from copas ) + local pos = list[ socket ] + if pos then + list[ socket ] = nil + local last = list[ len ] + list[ len ] = nil + if last ~= socket then + list[ last ] = pos + list[ pos ] = last + end + return len - 1 + end + return len +end + +closesocket = function( socket ) + _sendlistlen = removesocket( _sendlist, socket, _sendlistlen ) + _readlistlen = removesocket( _readlist, socket, _readlistlen ) + _socketlist[ socket ] = nil + socket:close( ) + --mem_free( ) +end + +----------------------------------// PUBLIC //-- + +addserver = function( addr, port, listeners, pattern, sslctx ) -- this function provides a way for other scripts to reg a server + local err + if type( listeners ) ~= "table" then + err = "invalid listener table" + end + if not type( port ) == "number" or not ( port >= 0 and port <= 65535 ) then + err = "invalid port" + elseif _server[ port ] then + err = "listeners on port '" .. port .. "' already exist" + elseif sslctx and not luasec then + err = "luasec not found" + end + if err then + out_error( "server.lua, port ", port, ": ", err ) + return nil, err + end + addr = addr or "*" + local server, err = socket_bind( addr, port ) + if err then + out_error( "server.lua, port ", port, ": ", err ) + return nil, err + end + local handler, err = wrapserver( listeners, server, addr, port, pattern, sslctx, _maxclientsperserver ) -- wrap new server socket + if not handler then + server:close( ) + return nil, err + end + server:settimeout( 0 ) + _readlistlen = addsocket(_readlist, server, _readlistlen) + _server[ port ] = handler + _socketlist[ server ] = handler + out_put( "server.lua: new "..(sslctx and "ssl " or "").."server listener on '", addr, ":", port, "'" ) + return handler +end + +getserver = function ( port ) + return _server[ port ]; +end + +removeserver = function( port ) + local handler = _server[ port ] + if not handler then + return nil, "no server found on port '" .. tostring( port ) .. "'" + end + handler:close( ) + _server[ port ] = nil + return true +end + +closeall = function( ) + for _, handler in pairs( _socketlist ) do + handler:close( ) + _socketlist[ _ ] = nil + end + _readlistlen = 0 + _sendlistlen = 0 + _timerlistlen = 0 + _server = { } + _readlist = { } + _sendlist = { } + _timerlist = { } + _socketlist = { } + --mem_free( ) +end + +getsettings = function( ) + return _selecttimeout, _sleeptime, _maxsendlen, _maxreadlen, _checkinterval, _sendtimeout, _readtimeout, _cleanqueue, _maxclientsperserver, _maxsslhandshake +end + +changesettings = function( new ) + if type( new ) ~= "table" then + return nil, "invalid settings table" + end + _selecttimeout = tonumber( new.timeout ) or _selecttimeout + _sleeptime = tonumber( new.sleeptime ) or _sleeptime + _maxsendlen = tonumber( new.maxsendlen ) or _maxsendlen + _maxreadlen = tonumber( new.maxreadlen ) or _maxreadlen + _checkinterval = tonumber( new.checkinterval ) or _checkinterval + _sendtimeout = tonumber( new.sendtimeout ) or _sendtimeout + _readtimeout = tonumber( new.readtimeout ) or _readtimeout + _cleanqueue = new.cleanqueue + _maxclientsperserver = new._maxclientsperserver or _maxclientsperserver + _maxsslhandshake = new._maxsslhandshake or _maxsslhandshake + return true +end + +addtimer = function( listener ) + if type( listener ) ~= "function" then + return nil, "invalid listener function" + end + _timerlistlen = _timerlistlen + 1 + _timerlist[ _timerlistlen ] = listener + return true +end + +stats = function( ) + return _readtraffic, _sendtraffic, _readlistlen, _sendlistlen, _timerlistlen +end + +local dontstop = true; -- thinking about tomorrow, ... + +setquitting = function (quit) + dontstop = not quit; + return; +end + +loop = function( ) -- this is the main loop of the program + while dontstop do + local read, write, err = socket_select( _readlist, _sendlist, _selecttimeout ) + for i, socket in ipairs( write ) do -- send data waiting in writequeues + local handler = _socketlist[ socket ] + if handler then + handler.sendbuffer( ) + else + closesocket( socket ) + out_put "server.lua: found no handler and closed socket (writelist)" -- this should not happen + end + end + for i, socket in ipairs( read ) do -- receive data + local handler = _socketlist[ socket ] + if handler then + handler.readbuffer( ) + else + closesocket( socket ) + out_put "server.lua: found no handler and closed socket (readlist)" -- this can happen + end + end + for handler, err in pairs( _closelist ) do + handler.disconnect( )( handler, err ) + handler:close( true ) -- forced disconnect + end + clean( _closelist ) + _currenttime = os_time( ) + if os_difftime( _currenttime - _timer ) >= 1 then + for i = 1, _timerlistlen do + _timerlist[ i ]( _currenttime ) -- fire timers + end + _timer = _currenttime + end + socket_sleep( _sleeptime ) -- wait some time + --collectgarbage( ) + end + return "quitting" +end + +local function get_backend() + return "select"; +end + +--// EXPERIMENTAL //-- + +local wrapclient = function( socket, ip, serverport, listeners, pattern, sslctx ) + local handler = wrapconnection( nil, listeners, socket, ip, serverport, "clientport", pattern, sslctx ) + _socketlist[ socket ] = handler + _sendlistlen = addsocket(_sendlist, socket, _sendlistlen) + return handler, socket +end + +local addclient = function( address, port, listeners, pattern, sslctx ) + local client, err = luasocket.tcp( ) + if err then + return nil, err + end + client:settimeout( 0 ) + _, err = client:connect( address, port ) + if err then -- try again + local handler = wrapclient( client, address, port, listeners ) + else + wrapconnection( nil, listeners, client, address, port, "clientport", pattern, sslctx ) + end +end + +--// EXPERIMENTAL //-- + +----------------------------------// BEGIN //-- + +use "setmetatable" ( _socketlist, { __mode = "k" } ) +use "setmetatable" ( _readtimes, { __mode = "k" } ) +use "setmetatable" ( _writetimes, { __mode = "k" } ) + +_timer = os_time( ) +_starttime = os_time( ) + +addtimer( function( ) + local difftime = os_difftime( _currenttime - _starttime ) + if difftime > _checkinterval then + _starttime = _currenttime + for handler, timestamp in pairs( _writetimes ) do + if os_difftime( _currenttime - timestamp ) > _sendtimeout then + --_writetimes[ handler ] = nil + handler.disconnect( )( handler, "send timeout" ) + handler:close( true ) -- forced disconnect + end + end + for handler, timestamp in pairs( _readtimes ) do + if os_difftime( _currenttime - timestamp ) > _readtimeout then + --_readtimes[ handler ] = nil + handler.disconnect( )( handler, "read timeout" ) + handler:close( ) -- forced disconnect? + end + end + end + end +) + +local function setlogger(new_logger) + local old_logger = log; + if new_logger then + log = new_logger; + end + return old_logger; +end + +----------------------------------// PUBLIC INTERFACE //-- + +return { + + addclient = addclient, + wrapclient = wrapclient, + + loop = loop, + stats = stats, + closeall = closeall, + addtimer = addtimer, + addserver = addserver, + getserver = getserver, + setlogger = setlogger, + getsettings = getsettings, + setquitting = setquitting, + removeserver = removeserver, + get_backend = get_backend, + changesettings = changesettings, +} diff --git a/net/xmppclient_listener.lua b/net/xmppclient_listener.lua index 417dfd4a..3a0c65be 100644 --- a/net/xmppclient_listener.lua +++ b/net/xmppclient_listener.lua @@ -27,8 +27,10 @@ local sm_streamopened = sessionmanager.streamopened; local sm_streamclosed = sessionmanager.streamclosed; local st = require "util.stanza"; -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", - default_ns = "jabber:client", +local config = require "core.configmanager"; +local opt_keepalives = config.get("*", "core", "tcp_keepalives"); + +local stream_callbacks = { default_ns = "jabber:client", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza }; function stream_callbacks.error(session, error, data) @@ -61,16 +63,15 @@ local function session_reset_stream(session) function session.data(conn, data) local ok, err = parser:parse(data); if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " ")); + log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); session:close("xml-not-well-formed"); end return true; end - local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then @@ -100,15 +101,15 @@ local function session_close(session, reason) end end session.send("</stream:stream>"); - session.conn.close(); - xmppclient.disconnect(session.conn, (reason and (reason.text or reason.condition)) or reason or "session closed"); + session.conn:close(); + xmppclient.ondisconnect(session.conn, (reason and (reason.text or reason.condition)) or reason or "session closed"); end end -- End of session methods -- -function xmppclient.listener(conn, data) +function xmppclient.onincoming(conn, data) local session = sessions[conn]; if not session then session = sm_new_session(conn); @@ -117,10 +118,14 @@ function xmppclient.listener(conn, data) session.log("info", "Client connected"); -- Client is using legacy SSL (otherwise mod_tls sets this flag) - if conn.ssl() then + if conn:ssl() then session.secure = true; end + if opt_keepalives ~= nil then + conn:setoption("keepalive", opt_keepalives); + end + session.reset_stream = session_reset_stream; session.close = session_close; @@ -133,14 +138,13 @@ function xmppclient.listener(conn, data) end end -function xmppclient.disconnect(conn, err) +function xmppclient.ondisconnect(conn, err) local session = sessions[conn]; if session then (session.log or log)("info", "Client disconnected: %s", err); sm_destroy_session(session, err); sessions[conn] = nil; session = nil; - collectgarbage("collect"); end end diff --git a/net/xmppcomponent_listener.lua b/net/xmppcomponent_listener.lua index c16f41a0..0b98b6bc 100644 --- a/net/xmppcomponent_listener.lua +++ b/net/xmppcomponent_listener.lua @@ -32,7 +32,7 @@ local xmlns_component = 'jabber:component:accept'; --- Callbacks/data for xmlhandlers to handle streams for us --- -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", default_ns = xmlns_component }; +local stream_callbacks = { default_ns = xmlns_component }; function stream_callbacks.error(session, error, data, data2) log("warn", "Error processing component stream: "..tostring(error)); @@ -87,7 +87,7 @@ end --- Closing a component connection local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then @@ -117,17 +117,17 @@ local function session_close(session, reason) end end session.send("</stream:stream>"); - session.conn.close(); - component_listener.disconnect(session.conn, "stream error"); + session.conn:close(); + component_listener.ondisconnect(session.conn, "stream error"); end end --- Component connlistener -function component_listener.listener(conn, data) +function component_listener.onincoming(conn, data) local session = sessions[conn]; if not session then local _send = conn.write; - session = { type = "component", conn = conn, send = function (data) return _send(tostring(data)); end }; + session = { type = "component", conn = conn, send = function (data) return _send(conn, tostring(data)); end }; sessions[conn] = session; -- Logging functions -- @@ -157,7 +157,7 @@ function component_listener.listener(conn, data) end end -function component_listener.disconnect(conn, err) +function component_listener.ondisconnect(conn, err) local session = sessions[conn]; if session then (session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err)); @@ -169,7 +169,6 @@ function component_listener.disconnect(conn, err) sessions[conn] = nil; for k in pairs(session) do session[k] = nil; end session = nil; - collectgarbage("collect"); end end diff --git a/net/xmppserver_listener.lua b/net/xmppserver_listener.lua index c7e02ec5..c9746ee1 100644 --- a/net/xmppserver_listener.lua +++ b/net/xmppserver_listener.lua @@ -17,16 +17,34 @@ local s2s_streamopened = require "core.s2smanager".streamopened; local s2s_streamclosed = require "core.s2smanager".streamclosed; local s2s_destroy_session = require "core.s2smanager".destroy_session; local s2s_attempt_connect = require "core.s2smanager".attempt_connection; -local stream_callbacks = { stream_tag = "http://etherx.jabber.org/streams\1stream", - default_ns = "jabber:server", +local stream_callbacks = { default_ns = "jabber:server", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza }; +local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; + function stream_callbacks.error(session, error, data) if error == "no-stream" then session:close("invalid-namespace"); - else + elseif error == "parse-error" then session.log("debug", "Server-to-server XML parse error: %s", tostring(error)); session:close("xml-not-well-formed"); + elseif error == "stream-error" then + local condition, text = "undefined-condition"; + for child in data:children() do + if child.attr.xmlns == xmlns_xmpp_streams then + if child.name ~= "text" then + condition = child.name; + else + text = child:get_text(); + end + if condition ~= "undefined-condition" and text then + break; + end + end + end + text = condition .. (text and (" ("..text..")") or ""); + session.log("info", "Session closed by remote with error: %s", text); + session:close(nil, text); end end @@ -70,8 +88,8 @@ local function session_reset_stream(session) end local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:match("[^\1]*"), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; -local function session_close(session, reason) +local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; +local function session_close(session, reason, remote_reason) local log = session.log or log; if session.conn then if session.notopen then @@ -100,18 +118,18 @@ local function session_close(session, reason) end end session.sends2s("</stream:stream>"); - if session.notopen or not session.conn.close() then - session.conn.close(true); -- Force FIXME: timer? + if session.notopen or not session.conn:close() then + session.conn:close(true); -- Force FIXME: timer? end - session.conn.close(); - xmppserver.disconnect(session.conn, "stream error"); + session.conn:close(); + xmppserver.ondisconnect(session.conn, remote_reason or (reason and (reason.text or reason.condition)) or reason or "stream closed"); end end -- End of session methods -- -function xmppserver.listener(conn, data) +function xmppserver.onincoming(conn, data) local session = sessions[conn]; if not session then session = s2s_new_incoming(conn); @@ -137,7 +155,7 @@ function xmppserver.listener(conn, data) end end -function xmppserver.status(conn, status) +function xmppserver.onstatus(conn, status) if status == "ssl-handshake-complete" then local session = sessions[conn]; if session and session.direction == "outgoing" then @@ -148,21 +166,20 @@ function xmppserver.status(conn, status) end end -function xmppserver.disconnect(conn, err) +function xmppserver.ondisconnect(conn, err) local session = sessions[conn]; if session then if err and err ~= "closed" and session.srv_hosts then - (session.log or log)("debug", "s2s connection closed unexpectedly"); + (session.log or log)("debug", "s2s connection attempt failed: %s", err); if s2s_attempt_connect(session, err) then - (session.log or log)("debug", "...so we're going to try again"); + (session.log or log)("debug", "...so we're going to try another target"); return; -- Session lives for now end end (session.log or log)("info", "s2s disconnected: %s->%s (%s)", tostring(session.from_host), tostring(session.to_host), tostring(err)); - s2s_destroy_session(session); + s2s_destroy_session(session, err); sessions[conn] = nil; session = nil; - collectgarbage("collect"); end end diff --git a/plugins/mod_actions_http.lua b/plugins/mod_actions_http.lua deleted file mode 100644 index c6069793..00000000 --- a/plugins/mod_actions_http.lua +++ /dev/null @@ -1,86 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2009 Matthew Wild --- Copyright (C) 2008-2009 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - - -local httpserver = require "net.httpserver"; -local t_concat, t_insert = table.concat, table.insert; - -local log = log; - -local response_404 = { status = "404 Not Found", body = "<h1>No such action</h1>Sorry, I don't have the action you requested" }; - -local control = require "core.actions".actions; - - -local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = string.char(tonumber("0x"..k)); return t[k]; end }); - -local function urldecode(s) - return s and (s:gsub("+", " "):gsub("%%([a-fA-F0-9][a-fA-F0-9])", urlcodes)); -end - -local function query_to_table(query) - if type(query) == "string" and #query > 0 then - if query:match("=") then - local params = {}; - for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do - if k and v then - params[urldecode(k)] = urldecode(v); - end - end - return params; - else - return urldecode(query); - end - end -end - - - -local http_path = { http_base }; -local function handle_request(method, body, request) - local path = request.url.path:gsub("^/[^/]+/", ""); - - local curr = control; - - for comp in path:gmatch("([^/]+)") do - curr = curr[comp]; - if not curr then - return response_404; - end - end - - if type(curr) == "table" then - local s = {}; - for k,v in pairs(curr) do - t_insert(s, tostring(k)); - t_insert(s, " = "); - if type(v) == "function" then - t_insert(s, "action") - elseif type(v) == "table" then - t_insert(s, "list"); - else - t_insert(s, tostring(v)); - end - t_insert(s, "\n"); - end - return t_concat(s); - elseif type(curr) == "function" then - local params = query_to_table(request.url.query); - params.host = request.headers.host:gsub(":%d+", ""); - local ok, ret1, ret2 = pcall(curr, params); - if not ok then - return "EPIC FAIL: "..tostring(ret1); - elseif not ret1 then - return "FAIL: "..tostring(ret2); - else - return "OK: "..tostring(ret2); - end - end -end - -httpserver.new{ port = 5280, base = "control", handler = handle_request, ssl = false }
\ No newline at end of file diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index af13bde9..f25e7670 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -23,7 +23,7 @@ local logger = require "util.logger"; local log = logger.init("mod_bosh"); local xmlns_bosh = "http://jabber.org/protocol/httpbind"; -- (hard-coded into a literal in session.send) -local stream_callbacks = { stream_tag = "http://jabber.org/protocol/httpbind\1body", default_ns = xmlns_bosh }; +local stream_callbacks = { stream_ns = "http://jabber.org/protocol/httpbind", stream_tag = "body", default_ns = xmlns_bosh }; local BOSH_DEFAULT_HOLD = tonumber(module:get_option("bosh_default_hold")) or 1; local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; @@ -34,6 +34,22 @@ local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 3 local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" }; local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} }; +local cross_domain = module:get_option("cross_domain_bosh"); +if cross_domain then + default_headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"; + default_headers["Access-Control-Allow-Headers"] = "Content-Type"; + default_headers["Access-Control-Max-Age"] = "7200"; + + if cross_domain == true then + default_headers["Access-Control-Allow-Origin"] = "*"; + elseif type(cross_domain) == "table" then + cross_domain = table.concat(cross_domain, ", "); + end + if type(cross_domain) == "string" then + default_headers["Access-Control-Allow-Origin"] = cross_domain; + end +end + local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local os_time = os.time; @@ -61,9 +77,13 @@ end function handle_request(method, body, request) if (not body) or request.method ~= "POST" then - return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; + if request.method == "OPTIONS" then + return { headers = default_headers, body = "" }; + else + return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; + end end - if not method then + if not method then log("debug", "Request %s suffered error %s", tostring(request.id), body); return; end @@ -152,7 +172,7 @@ function stream_callbacks.streamopened(request, attr) local r, send_buffer = session.requests, session.send_buffer; local response = { headers = default_headers } function session.send(s) - log("debug", "Sending BOSH data: %s", tostring(s)); + --log("debug", "Sending BOSH data: %s", tostring(s)); local oldest_request = r[1]; while oldest_request and oldest_request.destroyed do t_remove(r, 1); @@ -160,7 +180,7 @@ function stream_callbacks.streamopened(request, attr) oldest_request = r[1]; end if oldest_request then - log("debug", "We have an open request, so using that to send with"); + log("debug", "We have an open request, so sending on that"); response.body = t_concat{"<body xmlns='http://jabber.org/protocol/httpbind' sid='", sid, "' xmlns:stream = 'http://etherx.jabber.org/streams'>", tostring(s), "</body>" }; oldest_request:send(response); --log("debug", "Sent"); @@ -188,12 +208,12 @@ function stream_callbacks.streamopened(request, attr) local features = st.stanza("stream:features"); fire_event("stream-features", session, features); --xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh' - local response = st.stanza("body", { xmlns = xmlns_bosh, - inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", - sid = sid, authid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", + local response = st.stanza("body", { xmlns = xmlns_bosh, + inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", + sid = sid, authid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", ["xmlns:xmpp"] = "urn:xmpp:xbosh", ["xmlns:stream"] = "http://etherx.jabber.org/streams" }):add_child(features); request:send{ headers = default_headers, body = tostring(response) }; - + request.sid = sid; return; end @@ -254,6 +274,7 @@ function stream_callbacks.handlestanza(request, stanza) if stanza.attr.xmlns == xmlns_bosh then stanza.attr.xmlns = "jabber:client"; end + session.ip = request.handler:ip(); core_process_stanza(session, stanza); end end @@ -297,7 +318,14 @@ function on_timer() end end -local ports = module:get_option("bosh_ports") or { 5280 }; -httpserver.new_from_config(ports, handle_request, { base = "http-bind" }); -server.addtimer(on_timer); +local function setup() + local ports = module:get_option("bosh_ports") or { 5280 }; + httpserver.new_from_config(ports, handle_request, { base = "http-bind" }); + server.addtimer(on_timer); +end +if prosody.start_time then -- already started + setup(); +else + prosody.events.add_handler("server-started", setup); +end diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index 69a42eaf..d9783b0c 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -14,25 +14,14 @@ local hosts = _G.hosts; local t_concat = table.concat; -local lxp = require "lxp"; -local logger = require "util.logger"; local config = require "core.configmanager"; -local connlisteners = require "net.connlisteners"; local cm_register_component = require "core.componentmanager".register_component; local cm_deregister_component = require "core.componentmanager".deregister_component; -local uuid_gen = require "util.uuid".generate; local sha1 = require "util.hashes".sha1; local st = require "util.stanza"; -local init_xmlhandlers = require "core.xmlhandlers"; - -local sessions = {}; local log = module._log; -local component_listener = { default_port = 5347; default_mode = "*a"; default_interface = config.get("*", "core", "component_interface") or "127.0.0.1" }; - -local xmlns_component = 'jabber:component:accept'; - --- Handle authentication attempts by components function handle_component_auth(session, stanza) log("info", "Handling component auth"); @@ -44,7 +33,7 @@ function handle_component_auth(session, stanza) local secret = config.get(session.user, "core", "component_secret"); if not secret then - (session.log or log)("warn", "Component attempted to identify as %s, but component_password is not set", session.user); + (session.log or log)("warn", "Component attempted to identify as %s, but component_secret is not set", session.user); session:close("not-authorized"); return; end @@ -80,4 +69,4 @@ function handle_component_auth(session, stanza) session.send(st.stanza("handshake")); end -module:add_handler("component", "handshake", xmlns_component, handle_component_auth); +module:add_handler("component", "handshake", "jabber:component:accept", handle_component_auth); diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua index f1cae737..638b8e13 100644 --- a/plugins/mod_compression.lua +++ b/plugins/mod_compression.lua @@ -8,16 +8,16 @@ local st = require "util.stanza"; local zlib = require "zlib"; local pcall = pcall; - local xmlns_compression_feature = "http://jabber.org/features/compress" local xmlns_compression_protocol = "http://jabber.org/protocol/compress" +local xmlns_stream = "http://etherx.jabber.org/streams"; local compression_stream_feature = st.stanza("compression", {xmlns=xmlns_compression_feature}):tag("method"):text("zlib"):up(); local compression_level = module:get_option("compression_level"); - -- if not defined assume admin wants best compression if compression_level == nil then compression_level = 9 end; + compression_level = tonumber(compression_level); if not compression_level or compression_level < 1 or compression_level > 9 then module:log("warn", "Invalid compression level in config: %s", tostring(compression_level)); @@ -34,89 +34,179 @@ module:add_event_hook("stream-features", end ); --- TODO Support compression on S2S level too. -module:add_handler({"c2s_unauthed", "c2s"}, "compress", xmlns_compression_protocol, +module:hook("s2s-stream-features", + function (data) + local session, features = data.session, data.features; + -- FIXME only advertise compression support when TLS layer has no compression enabled + if not session.compressed then + features:add_child(compression_stream_feature); + end + end +); + +-- Hook to activate compression if remote server supports it. +module:hook_stanza(xmlns_stream, "features", + function (session, stanza) + if not session.compressed then + -- does remote server support compression? + local comp_st = stanza:child_with_name("compression"); + if comp_st then + -- do we support the mechanism + for a in comp_st:children() do + local algorithm = a[1] + if algorithm == "zlib" then + session.sends2s(st.stanza("compress", {xmlns=xmlns_compression_protocol}):tag("method"):text("zlib")) + session.log("info", "Enabled compression using zlib.") + return true; + end + end + session.log("debug", "Remote server supports no compression algorithm we support.") + end + end + end +, 250); + + +-- returns either nil or a fully functional ready to use inflate stream +local function get_deflate_stream(session) + local status, deflate_stream = pcall(zlib.deflate, compression_level); + if status == false then + local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); + (session.sends2s or session.send)(error_st); + session.log("error", "Failed to create zlib.deflate filter."); + module:log("error", deflate_stream); + return + end + return deflate_stream +end + +-- returns either nil or a fully functional ready to use inflate stream +local function get_inflate_stream(session) + local status, inflate_stream = pcall(zlib.inflate); + if status == false then + local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); + (session.sends2s or session.send)(error_st); + session.log("error", "Failed to create zlib.deflate filter."); + module:log("error", inflate_stream); + return + end + return inflate_stream +end + +-- setup compression for a stream +local function setup_compression(session, deflate_stream) + local old_send = (session.sends2s or session.send); + + local new_send = function(t) + --TODO: Better code injection in the sending process + session.log(t) + local status, compressed, eof = pcall(deflate_stream, tostring(t), 'sync'); + if status == false then + session:close({ + condition = "undefined-condition"; + text = compressed; + extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); + }); + module:log("warn", compressed); + return; + end + session.conn:write(compressed); + end; + + if session.sends2s then session.sends2s = new_send + elseif session.send then session.send = new_send end +end + +-- setup decompression for a stream +local function setup_decompression(session, inflate_stream) + local old_data = session.data + session.data = function(conn, data) + local status, decompressed, eof = pcall(inflate_stream, data); + if status == false then + session:close({ + condition = "undefined-condition"; + text = decompressed; + extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); + }); + module:log("warn", decompressed); + return; + end + old_data(conn, decompressed); + end; +end + +module:add_handler({"s2sout_unauthed", "s2sout"}, "compressed", xmlns_compression_protocol, + function(session ,stanza) + session.log("debug", "Activating compression...") + -- create deflate and inflate streams + local deflate_stream = get_deflate_stream(session); + if not deflate_stream then return end + + local inflate_stream = get_inflate_stream(session); + if not inflate_stream then return end + + -- setup compression for session.w + setup_compression(session, deflate_stream); + + -- setup decompression for session.data + setup_decompression(session, inflate_stream); + local session_reset_stream = session.reset_stream; + session.reset_stream = function(session) + session_reset_stream(session); + setup_decompression(session, inflate_stream); + return true; + end; + session:reset_stream(); + local default_stream_attr = {xmlns = "jabber:server", ["xmlns:stream"] = "http://etherx.jabber.org/streams", + ["xmlns:db"] = 'jabber:server:dialback', version = "1.0", to = session.to_host, from = session.from_host}; + session.sends2s("<?xml version='1.0'?>"); + session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + session.compressed = true; + end +); + +module:add_handler({"c2s_unauthed", "c2s", "s2sin_unauthed", "s2sin"}, "compress", xmlns_compression_protocol, function(session, stanza) -- fail if we are already compressed if session.compressed then local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("unsupported-method"); - session.send(error_st); - session:log("warn", "Tried to establish another compression layer."); + (session.sends2s or session.send)(error_st); + session.log("warn", "Tried to establish another compression layer."); end -- checking if the compression method is supported local method = stanza:child_with_name("method")[1]; if method == "zlib" then - session.log("info", method.." compression selected."); - session.send(st.stanza("compressed", {xmlns=xmlns_compression_protocol})); - session:reset_stream(); + session.log("debug", method.." compression selected."); -- create deflate and inflate streams - local status, deflate_stream = pcall(zlib.deflate, compression_level); - if status == false then - local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); - session.send(error_st); - session:log("error", "Failed to create zlib.deflate filter."); - module:log("error", deflate_stream); - return - end + local deflate_stream = get_deflate_stream(session); + if not deflate_stream then return end - local status, inflate_stream = pcall(zlib.inflate); - if status == false then - local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed"); - session.send(error_st); - session:log("error", "Failed to create zlib.deflate filter."); - module:log("error", inflate_stream); - return - end + local inflate_stream = get_inflate_stream(session); + if not inflate_stream then return end - -- setup compression for session.w - local old_send = session.send; + (session.sends2s or session.send)(st.stanza("compressed", {xmlns=xmlns_compression_protocol})); + session:reset_stream(); - session.send = function(t) - local status, compressed, eof = pcall(deflate_stream, tostring(t), 'sync'); - if status == false then - session:close({ - condition = "undefined-condition"; - text = compressed; - extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); - }); - module:log("warn", compressed); - return; - end - old_send(compressed); - end; + -- setup compression for session.w + setup_compression(session, deflate_stream); -- setup decompression for session.data - local function setup_decompression(session) - local old_data = session.data - session.data = function(conn, data) - local status, decompressed, eof = pcall(inflate_stream, data); - if status == false then - session:close({ - condition = "undefined-condition"; - text = decompressed; - extra = st.stanza("failure", {xmlns="http://jabber.org/protocol/compress"}):tag("processing-failed"); - }); - module:log("warn", decompressed); - return; - end - old_data(conn, decompressed); - end; - end - setup_decompression(session); + setup_decompression(session, inflate_stream); local session_reset_stream = session.reset_stream; session.reset_stream = function(session) session_reset_stream(session); - setup_decompression(session); + setup_decompression(session, inflate_stream); return true; end; session.compressed = true; else - session.log("info", method.." compression selected. But we don't support it."); + session.log("warn", method.." compression selected. But we don't support it."); local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("unsupported-method"); - session.send(error_st); + (session.sends2s or session.send)(error_st); end end ); + diff --git a/plugins/mod_console.lua b/plugins/mod_console.lua index 5a092298..6d387b0e 100644 --- a/plugins/mod_console.lua +++ b/plugins/mod_console.lua @@ -33,11 +33,11 @@ end console = {}; function console:new_session(conn) - local w = function(s) conn.write(s:gsub("\n", "\r\n")); end; + local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; local session = { conn = conn; send = function (t) w(tostring(t)); end; print = function (t) w("| "..tostring(t).."\n"); end; - disconnect = function () conn.close(); end; + disconnect = function () conn:close(); end; }; session.env = setmetatable({}, default_env_mt); @@ -53,7 +53,7 @@ end local sessions = {}; -function console_listener.listener(conn, data) +function console_listener.onincoming(conn, data) local session = sessions[conn]; if not session then @@ -126,7 +126,7 @@ function console_listener.listener(conn, data) session.send(string.char(0)); end -function console_listener.disconnect(conn, err) +function console_listener.ondisconnect(conn, err) local session = sessions[conn]; if session then session.disconnect(); @@ -148,7 +148,7 @@ commands.quit, commands.exit = commands.bye, commands.bye; commands["!"] = function (session, data) if data:match("^!!") then session.print("!> "..session.env._); - return console_listener.listener(session.conn, session.env._); + return console_listener.onincoming(session.conn, session.env._); end local old, new = data:match("^!(.-[^\\])!(.-)!$"); if old and new then @@ -158,7 +158,7 @@ commands["!"] = function (session, data) return; end session.print("!> "..res); - return console_listener.listener(session.conn, res); + return console_listener.onincoming(session.conn, res); end session.print("Sorry, not sure what you want"); end @@ -478,7 +478,7 @@ function def_env.s2s:show(match_jid) for remotehost, session in pairs(host_session.s2sout) do if (not match_jid) or remotehost:match(match_jid) or host:match(match_jid) then count_out = count_out + 1; - print(" "..host.." -> "..remotehost..(session.secure and " (encrypted)" or "")); + print(" "..host.." -> "..remotehost..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); if session.sendq then print(" There are "..#session.sendq.." queued outgoing stanzas for this connection"); end @@ -515,7 +515,7 @@ function def_env.s2s:show(match_jid) -- Pft! is what I say to list comprehensions or (session.hosts and #array.collect(keys(session.hosts)):filter(subhost_filter)>0)) then count_in = count_in + 1; - print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.secure and " (encrypted)" or "")); + print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); if session.type == "s2sin_unauthed" then print(" Connection not yet authenticated"); end @@ -650,3 +650,5 @@ if option and option ~= "short" and option ~= "full" and option ~= "graphic" the end end end + +prosody.net_activate_ports("console", "console", {5582}, "tcp"); diff --git a/plugins/mod_disco.lua b/plugins/mod_disco.lua index 06b29f0e..f7e51b83 100644 --- a/plugins/mod_disco.lua +++ b/plugins/mod_disco.lua @@ -7,8 +7,30 @@ -- local componentmanager_get_children = require "core.componentmanager".get_children; +local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed; +local jid_split = require "util.jid".split; +local jid_bare = require "util.jid".bare; local st = require "util.stanza" +local disco_items = module:get_option("disco_items") or {}; +do -- validate disco_items + for _, item in ipairs(disco_items) do + local err; + if type(item) ~= "table" then + err = "item is not a table"; + elseif type(item[1]) ~= "string" then + err = "item jid is not a string"; + elseif item[2] and type(item[2]) ~= "string" then + err = "item name is not a string"; + end + if err then + module:log("error", "option disco_items is malformed: %s", err); + disco_items = {}; -- TODO clean up data instead of removing it? + break; + end + end +end + module:add_identity("server", "im", "Prosody"); -- FIXME should be in the non-existing mod_router module:add_feature("http://jabber.org/protocol/disco#info"); module:add_feature("http://jabber.org/protocol/disco#items"); @@ -47,6 +69,37 @@ module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function(eve for jid in pairs(componentmanager_get_children(module.host)) do reply:tag("item", {jid = jid}):up(); end + for _, item in ipairs(disco_items) do + reply:tag("item", {jid=item[1], name=item[2]}):up(); + end origin.send(reply); return true; end); +module:hook("iq/bare/http://jabber.org/protocol/disco#info:query", function(event) + local origin, stanza = event.origin, event.stanza; + if stanza.attr.type ~= "get" then return; end + local node = stanza.tags[1].attr.node; + if node and node ~= "" then return; end -- TODO fire event? + local username = jid_split(stanza.attr.to) or origin.username; + if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then + local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info'}); + if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account + module:fire_event("account-disco-info", { session = origin, stanza = reply }); + origin.send(reply); + return true; + end +end); +module:hook("iq/bare/http://jabber.org/protocol/disco#items:query", function(event) + local origin, stanza = event.origin, event.stanza; + if stanza.attr.type ~= "get" then return; end + local node = stanza.tags[1].attr.node; + if node and node ~= "" then return; end -- TODO fire event? + local username = jid_split(stanza.attr.to) or origin.username; + if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then + local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#items'}); + if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account + module:fire_event("account-disco-items", { session = origin, stanza = reply }); + origin.send(reply); + return true; + end +end); diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua index 545d4faf..07c7f315 100644 --- a/plugins/mod_httpserver.lua +++ b/plugins/mod_httpserver.lua @@ -15,8 +15,20 @@ local t_concat = table.concat; local http_base = config.get("*", "core", "http_path") or "www_files"; local response_400 = { status = "400 Bad Request", body = "<h1>Bad Request</h1>Sorry, we didn't understand your request :(" }; +local response_403 = { status = "403 Forbidden", body = "<h1>Forbidden</h1>You don't have permission to view the contents of this directory :(" }; local response_404 = { status = "404 Not Found", body = "<h1>Page Not Found</h1>Sorry, we couldn't find what you were looking for :(" }; +-- TODO: Should we read this from /etc/mime.types if it exists? (startup time...?) +local mime_map = { + html = "text/html"; + htm = "text/html"; + xml = "text/xml"; + xsl = "text/xml"; + txt = "text/plain; charset=utf-8"; + js = "text/javascript"; + css = "text/css"; +}; + local function preprocess_path(path) if path:sub(1,1) ~= "/" then path = "/"..path; @@ -36,11 +48,19 @@ local function preprocess_path(path) end function serve_file(path) - local f, err = open(http_base..path, "r"); + local f, err = open(http_base..path, "rb"); if not f then return response_404; end local data = f:read("*a"); f:close(); - return data; + if not data then + return response_403; + end + local ext = path:match("%.([^.]*)$"); + local mime = mime_map[ext]; -- Content-Type should be nil when not known + return { + headers = { ["Content-Type"] = mime; }; + body = data; + }; end local function handle_file_request(method, body, request) @@ -56,6 +76,13 @@ local function handle_default_request(method, body, request) return serve_file(path); end -local ports = config.get(module.host, "core", "http_ports") or { 5280 }; -httpserver.set_default_handler(handle_default_request); -httpserver.new_from_config(ports, handle_file_request, { base = "files" }); +local function setup() + local ports = config.get(module.host, "core", "http_ports") or { 5280 }; + httpserver.set_default_handler(handle_default_request); + httpserver.new_from_config(ports, handle_file_request, { base = "files" }); +end +if prosody.start_time then -- already started + setup(); +else + prosody.events.add_handler("server-started", setup); +end diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index bfe22867..c42876b8 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -37,9 +37,16 @@ end module:add_identity("pubsub", "pep", "Prosody"); module:add_feature("http://jabber.org/protocol/pubsub#publish"); -local function publish(session, node, item) +local function subscription_presence(user_bare, recipient) + local recipient_bare = jid_bare(recipient); + if (recipient_bare == user_bare) then return true end + local item = load_roster(jid_split(user_bare))[recipient_bare]; + return item and (item.subscription == 'from' or item.subscription == 'both'); +end + +local function publish(session, node, id, item) item.attr.xmlns = nil; - local disable = #item.tags ~= 1 or #item.tags[1].tags == 0; + local disable = #item.tags ~= 1 or #item.tags[1] == 0; if #item.tags == 0 then item.name = "retract"; end local bare = session.username..'@'..session.host; local stanza = st.message({from=bare, type='headline'}) @@ -58,9 +65,9 @@ local function publish(session, node, item) end else if not user_data then user_data = {}; data[bare] = user_data; end - user_data[node] = stanza; + user_data[node] = {id or "1", item}; end - + -- broadcast for recipient, notify in pairs(recipients[bare] or NULL) do if notify[node] then @@ -74,10 +81,14 @@ local function publish_all(user, recipient, session) local notify = recipients[user] and recipients[user][recipient]; if d and notify then for node in pairs(notify) do - local message = d[node]; - if message then - message.attr.to = recipient; - session.send(message); + if d[node] then + local id, item = unpack(d[node]); + session.send(st.message({from=user, to=recipient, type='headline'}) + :tag('event', {xmlns='http://jabber.org/protocol/pubsub#event'}) + :tag('items', {node=node}) + :add_child(item) + :up() + :up()); end end end @@ -106,11 +117,9 @@ end module:hook("presence/bare", function(event) -- inbound presence to bare JID recieved local origin, stanza = event.origin, event.stanza; - local user = stanza.attr.to or (origin.username..'@'..origin.host); - local bare = jid_bare(stanza.attr.from); - local item = load_roster(jid_split(user))[bare]; - if not stanza.attr.to or (item and (item.subscription == 'from' or item.subscription == 'both')) then + + if not stanza.attr.to or subscription_presence(user, stanza.attr.from) then local recipient = stanza.attr.from; local current = recipients[user] and recipients[user][recipient]; local hash = get_caps_hash_from_presence(stanza, current); @@ -135,19 +144,63 @@ end, 10); module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", function(event) local session, stanza = event.origin, event.stanza; + local payload = stanza.tags[1]; + if stanza.attr.type == 'set' and (not stanza.attr.to or jid_bare(stanza.attr.from) == stanza.attr.to) then - local payload = stanza.tags[1]; - if payload.name == 'pubsub' then -- <pubsub xmlns='http://jabber.org/protocol/pubsub'> + payload = payload.tags[1]; + if payload and (payload.name == 'publish' or payload.name == 'retract') and payload.attr.node then -- <publish node='http://jabber.org/protocol/tune'> + local node = payload.attr.node; payload = payload.tags[1]; - if payload and (payload.name == 'publish' or payload.name == 'retract') and payload.attr.node then -- <publish node='http://jabber.org/protocol/tune'> - local node = payload.attr.node; - payload = payload.tags[1]; - if payload and payload.name == "item" then -- <item> - session.send(st.reply(stanza)); - publish(session, node, st.clone(payload)); + if payload and payload.name == "item" then -- <item> + local id = payload.attr.id; + session.send(st.reply(stanza)); + publish(session, node, id, st.clone(payload)); + return true; + end + end + elseif stanza.attr.type == 'get' then + local user = stanza.attr.to and jid_bare(stanza.attr.to) or session.username..'@'..session.host; + if subscription_presence(user, stanza.attr.from) then + local user_data = data[user]; + local node, requested_id; + payload = payload.tags[1]; + if payload and payload.name == 'items' then + node = payload.attr.node; + local item = payload.tags[1]; + if item and item.name == "item" then + requested_id = item.attr.id; + end + end + if node and user_data and user_data[node] then -- Send the last item + local id, item = unpack(user_data[node]); + if not requested_id or id == requested_id then + local stanza = st.reply(stanza) + :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'}) + :tag('items', {node=node}) + :add_child(item) + :up() + :up(); + session.send(stanza); + return true; + else -- requested item doesn't exist + local stanza = st.reply(stanza) + :tag('pubsub', {xmlns='http://jabber.org/protocol/pubsub'}) + :tag('items', {node=node}) + :up(); + session.send(stanza); return true; end + elseif node then -- node doesn't exist + session.send(st.error_reply(stanza, 'cancel', 'item-not-found')); + return true; + else --invalid request + session.send(st.error_reply(stanza, 'modify', 'bad-request')); + return true; end + else --no presence subscription + session.send(st.error_reply(stanza, 'auth', 'not-authorized') + :tag('presence-subscription-required', {xmlns='http://jabber.org/protocol/pubsub#errors'})); + return true; end end end); @@ -224,3 +277,21 @@ module:hook("iq/bare/disco", function(event) end end end); + +module:hook("account-disco-info", function(event) + local stanza = event.stanza; + stanza:tag('identity', {category='pubsub', type='pep'}):up(); + stanza:tag('feature', {var='http://jabber.org/protocol/pubsub#publish'}):up(); +end); + +module:hook("account-disco-items", function(event) + local session, stanza = event.session, event.stanza; + local bare = session.username..'@'..session.host; + local user_data = data[bare]; + + if user_data then + for node, _ in pairs(user_data) do + stanza:tag('item', {jid=bare, node=node}):up(); -- TODO we need to handle queries to these nodes + end + end +end); diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index b75b9610..55d52ccd 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -7,7 +7,7 @@ -- -local want_pposix_version = "0.3.1"; +local want_pposix_version = "0.3.3"; local pposix = assert(require "util.pposix"); if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end @@ -19,10 +19,16 @@ end local logger_set = require "util.logger".setwriter; +local lfs = require "lfs"; +local stat = lfs.attributes; + local prosody = _G.prosody; module.host = "*"; -- we're a global module +local umask = module:get_option("umask") or "027"; +pposix.umask(umask); + -- Allow switching away from root, some people like strange ports. module:add_event_hook("server-started", function () local uid = module:get_option("setuid"); @@ -59,28 +65,38 @@ module:add_event_hook("server-starting", function () end end); -local pidfile_written; +local pidfile; +local pidfile_handle; local function remove_pidfile() - if pidfile_written then - os.remove(pidfile_written); - pidfile_written = nil; + if pidfile_handle then + pidfile_handle:close(); + os.remove(pidfile); + pidfile, pidfile_handle = nil, nil; end end local function write_pidfile() - if pidfile_written then + if pidfile_handle then remove_pidfile(); end - local pidfile = module:get_option("pidfile"); + pidfile = module:get_option("pidfile"); if pidfile then - local pf, err = io.open(pidfile, "w+"); - if not pf then - module:log("error", "Couldn't write pidfile; %s", err); + local mode = stat(pidfile) and "r+" or "w+"; + pidfile_handle, err = io.open(pidfile, mode); + if not pidfile_handle then + module:log("error", "Couldn't write pidfile at %s; %s", pidfile, err); + prosody.shutdown("Couldn't write pidfile"); else - pf:write(tostring(pposix.getpid())); - pf:close(); - pidfile_written = pidfile; + if not lfs.lock(pidfile_handle, "w") then -- Exclusive lock + local other_pid = pidfile_handle:read("*a"); + module:log("error", "Another Prosody instance seems to be running with PID %s, quitting", other_pid); + pidfile_handle = nil; + prosody.shutdown("Prosody already running"); + else + pidfile_handle:write(tostring(pposix.getpid())); + pidfile_handle:flush(); + end end end end @@ -146,4 +162,11 @@ if signal.signal then prosody.reload_config(); prosody.reopen_logfiles(); end); + + signal.signal("SIGINT", function () + module:log("info", "Received SIGINT"); + prosody.unlock_globals(); + prosody.shutdown("Received SIGINT"); + prosody.lock_globals(); + end); end diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index f83e017b..c28dd338 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -76,6 +76,7 @@ function handle_normal_presence(origin, stanza, core_route_stanza) end end if stanza.attr.type == nil and not origin.presence then -- initial presence + origin.presence = stanza; -- FIXME repeated later local probe = st.presence({from = origin.full_jid, type = "probe"}); for jid, item in pairs(roster) do -- probe all contacts we are subscribed to if item.subscription == "both" or item.subscription == "to" then @@ -200,9 +201,6 @@ function handle_outbound_presence_subscriptions_and_probes(origin, stanza, from_ rostermanager.roster_push(node, host, to_bare); end core_route_stanza(origin, stanza); - -- COMPAT: Some legacy clients keep displaying unsubscribed contacts as online unless an unavailable presence is sent: - send_presence_of_available_resources(node, host, to_bare, origin, core_route_stanza, - st.presence({ type="unavailable", from=from_bare, to=to_bare, id=stanza.attr.id })); end stanza.attr.from, stanza.attr.to = st_from, st_to; end @@ -220,19 +218,20 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b if stanza.attr.type == "probe" then if rostermanager.is_contact_subscribed(node, host, from_bare) then if 0 == send_presence_of_available_resources(node, host, st_from, origin, core_route_stanza) then - -- TODO send last recieved unavailable presence (or we MAY do nothing, which is fine too) + core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"})); -- TODO send last activity end else - core_route_stanza(origin, st.presence({from=to_bare, to=from_bare, type="unsubscribed"})); + core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unsubscribed"})); end elseif stanza.attr.type == "subscribe" then if rostermanager.is_contact_subscribed(node, host, from_bare) then - core_route_stanza(origin, st.presence({from=to_bare, to=from_bare, type="subscribed"})); -- already subscribed + core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="subscribed"})); -- already subscribed -- Sending presence is not clearly stated in the RFC, but it seems appropriate if 0 == send_presence_of_available_resources(node, host, from_bare, origin, core_route_stanza) then - -- TODO send last recieved unavailable presence (or we MAY do nothing, which is fine too) + core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"})); -- TODO send last activity end else + core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"})); -- acknowledging receipt if not rostermanager.is_contact_pending_in(node, host, from_bare) then if rostermanager.set_contact_pending_in(node, host, from_bare) then sessionmanager.send_to_available_resources(node, host, stanza); @@ -241,14 +240,17 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b end elseif stanza.attr.type == "unsubscribe" then if rostermanager.process_inbound_unsubscribe(node, host, from_bare) then + sessionmanager.send_to_interested_resources(node, host, stanza); rostermanager.roster_push(node, host, from_bare); end elseif stanza.attr.type == "subscribed" then if rostermanager.process_inbound_subscription_approval(node, host, from_bare) then + sessionmanager.send_to_interested_resources(node, host, stanza); rostermanager.roster_push(node, host, from_bare); end elseif stanza.attr.type == "unsubscribed" then if rostermanager.process_inbound_subscription_cancellation(node, host, from_bare) then + sessionmanager.send_to_interested_resources(node, host, stanza); rostermanager.roster_push(node, host, from_bare); end end -- discard any other type @@ -325,6 +327,20 @@ module:hook("presence/full", function(data) end -- resource not online, discard return true; end); +module:hook("presence/host", function(data) + -- inbound presence to the host + local origin, stanza = data.origin, data.stanza; + + local from_bare = jid_bare(stanza.attr.from); + local t = stanza.attr.type; + if t == "probe" then + core_route_stanza(hosts[module.host], st.presence({ from = module.host, to = from_bare, id = stanza.attr.id })); + elseif t == "subscribe" then + core_route_stanza(hosts[module.host], st.presence({ from = module.host, to = from_bare, id = stanza.attr.id, type = "subscribed" })); + core_route_stanza(hosts[module.host], st.presence({ from = module.host, to = from_bare, id = stanza.attr.id })); + end + return true; +end); module:hook("resource-unbind", function(event) local session, err = event.session, event.error; diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua index 8c319bde..ab1eb870 100644 --- a/plugins/mod_privacy.lua +++ b/plugins/mod_privacy.lua @@ -1,31 +1,540 @@ -- Prosody IM -- Copyright (C) 2008-2009 Matthew Wild -- Copyright (C) 2008-2009 Waqas Hussain +-- Copyright (C) 2009 Thilo Cestonaro -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- - +local prosody = prosody; local st = require "util.stanza"; local datamanager = require "util.datamanager"; +local bare_sessions, full_sessions = bare_sessions, full_sessions; +local util_Jid = require "util.jid"; +local jid_bare = util_Jid.bare; +local jid_split = util_Jid.split; +local load_roster = require "core.rostermanager".load_roster; +local to_number = tonumber; + +function findNamedList(privacy_lists, name) + if privacy_lists.lists then + for i=1,#privacy_lists.lists do + if privacy_lists.lists[i].name == name then + return i; + end + end + end +end + +function isListUsed(origin, name, privacy_lists) + local user = bare_sessions[origin.username.."@"..origin.host]; + if user then + for resource, session in pairs(user.sessions) do + if resource ~= origin.resource then + if session.activePrivacyList == name then + return true; + elseif session.activePrivacyList == nil and privacy_lists.default == name then + return true; + end + end + end + end +end + +function isAnotherSessionUsingDefaultList(origin) + local user = bare_sessions[origin.username.."@"..origin.host]; + if user then + for resource, session in pairs(user.sessions) do + if resource ~= origin.resource and session.activePrivacyList == nil then + return true; + end + end + end +end + +function sendUnavailable(origin, to, from) +--[[ example unavailable presence stanza +<presence from="node@host/resource" type="unavailable" to="node@host" > + <status>Logged out</status> +</presence> +]]-- + local presence = st.presence({from=from, type="unavailable"}); + presence:tag("status"):text("Logged out"); + + local node, host = jid_bare(to); + local bare = node .. "@" .. host; + + local user = bare_sessions[bare]; + if user then + for resource, session in pairs(user.sessions) do + presence.attr.to = session.full_jid; + module:log("debug", "send unavailable to: %s; from: %s", tostring(presence.attr.to), tostring(presence.attr.from)); + origin.send(presence); + end + end +end + +function sendNeededUnavailablePersences(origin, listnameOrItem) -- TODO implement it correctly! + if type(listnameOrItem) == "string" then + local listname = listnameOrItem; + for _,list in ipairs(privacy_lists.lists) do + if list.name == listname then + for _,item in ipairs(list.items) do + sendNeededUnavailablePersences(origin, item); + end + end + end + elseif type(listnameOrItem) == "table" then + module:log("debug", "got an item, check whether to send unavailable presence stanza or not"); + local item = listnameOrItem; + + if item["presence-out"] == true then + if item.type == "jid" then + sendUnavailable(origin, item.value, origin.full_jid); + elseif item.type == "group" then + elseif item.type == "subscription" then + elseif item.type == nil then + end + elseif item["presence-in"] == true then + if item.type == "jid" then + sendUnavailable(origin, origin.full_jid, item.value); + elseif item.type == "group" then + elseif item.type == "subscription" then + elseif item.type == nil then + end + end + else + module:log("debug", "got unknown type: %s", type(listnameOrItem)); + end +end + +function declineList(privacy_lists, origin, stanza, which) + if which == "default" then + if isAnotherSessionUsingDefaultList(origin) then + return { "cancel", "conflict", "Another session is online and using the default list."}; + end + privacy_lists.default = nil; + origin.send(st.reply(stanza)); + elseif which == "active" then + origin.activePrivacyList = nil; + origin.send(st.reply(stanza)); + else + return {"modify", "bad-request", "Neither default nor active list specifed to decline."}; + end + return true; +end + +function activateList(privacy_lists, origin, stanza, which, name) + local idx = findNamedList(privacy_lists, name); + + if privacy_lists.default == nil then + privacy_lists.default = ""; + end + if origin.activePrivacyList == nil then + origin.activePrivacyList = ""; + end + + if which == "default" and idx ~= nil then + if isAnotherSessionUsingDefaultList(origin) then + return {"cancel", "conflict", "Another session is online and using the default list."}; + end + privacy_lists.default = name; + origin.send(st.reply(stanza)); +--[[ + if origin.activePrivacyList == nil then + sendNeededUnavailablePersences(origin, name); + end +]]-- + elseif which == "active" and idx ~= nil then + origin.activePrivacyList = name; + origin.send(st.reply(stanza)); + -- sendNeededUnavailablePersences(origin, name); + else + return {"modify", "bad-request", "Either not active or default given or unknown list name specified."}; + end + return true; +end + +function deleteList(privacy_lists, origin, stanza, name) + local idx = findNamedList(privacy_lists, name); + + if idx ~= nil then + if isListUsed(origin, name, privacy_lists) then + return {"cancel", "conflict", "Another session is online and using the list which should be deleted."}; + end + if privacy_lists.default == name then + privacy_lists.default = ""; + end + if origin.activePrivacyList == name then + origin.activePrivacyList = ""; + end + table.remove(privacy_lists.lists, idx); + origin.send(st.reply(stanza)); + return true; + end + return {"modify", "bad-request", "Not existing list specifed to be deleted."}; +end + +function createOrReplaceList (privacy_lists, origin, stanza, name, entries, roster) + local idx = findNamedList(privacy_lists, name); + local bare_jid = origin.username.."@"..origin.host; + + if privacy_lists.lists == nil then + privacy_lists.lists = {}; + end + + if idx == nil then + idx = #privacy_lists.lists + 1; + end + + local orderCheck = {}; + local list = {}; + list.name = name; + list.items = {}; + + for _,item in ipairs(entries) do + if to_number(item.attr.order) == nil or to_number(item.attr.order) < 0 or orderCheck[item.attr.order] ~= nil then + return {"modify", "bad-request", "Order attribute not valid."}; + end + + if item.attr.type ~= nil and item.attr.type ~= "jid" and item.attr.type ~= "subscription" and item.attr.type ~= "group" then + return {"modify", "bad-request", "Type attribute not valid."}; + end + + local tmp = {}; + orderCheck[item.attr.order] = true; + + tmp["type"] = item.attr.type; + tmp["value"] = item.attr.value; + tmp["action"] = item.attr.action; + tmp["order"] = to_number(item.attr.order); + tmp["presence-in"] = false; + tmp["presence-out"] = false; + tmp["message"] = false; + tmp["iq"] = false; + + if #item.tags > 0 then + for _,tag in ipairs(item.tags) do + tmp[tag.name] = true; + end + end + + if tmp.type == "group" then + local found = false; + local roster = load_roster(origin.username, origin.host); + for jid,item in pairs(roster) do + if item.groups ~= nil then + for group in pairs(item.groups) do + if group == tmp.value then + found = true; + break; + end + end + if found == true then + break; + end + end + end + if found == false then + return {"cancel", "item-not-found", "Specifed roster group not existing."}; + end + elseif tmp.type == "subscription" then + if tmp.value ~= "both" and + tmp.value ~= "to" and + tmp.value ~= "from" and + tmp.value ~= "none" then + return {"cancel", "bad-request", "Subscription value must be both, to, from or none."}; + end + end + + if tmp.action ~= "deny" and tmp.action ~= "allow" then + return {"cancel", "bad-request", "Action must be either deny or allow."}; + end + +--[[ + if (privacy_lists.default == name and origin.activePrivacyList == nil) or origin.activePrivacyList == name then + module:log("debug", "calling sendNeededUnavailablePresences!"); + -- item is valid and list is active, so send needed unavailable stanzas + sendNeededUnavailablePersences(origin, tmp); + end +]]-- + list.items[#list.items + 1] = tmp; + end + + table.sort(list, function(a, b) return a.order < b.order; end); + + privacy_lists.lists[idx] = list; + origin.send(st.reply(stanza)); + if bare_sessions[bare_jid] ~= nil then + local iq = st.iq ( { type = "set", id="push1" } ); + iq:tag ("query", { xmlns = "jabber:iq:privacy" } ); + iq:tag ("list", { name = list.name } ):up(); + iq:up(); + for resource, session in pairs(bare_sessions[bare_jid].sessions) do + iq.attr.to = bare_jid.."/"..resource + session.send(iq); + end + else + return {"cancel", "bad-request", "internal error."}; + end + return true; +end + +function getList(privacy_lists, origin, stanza, name) + local reply = st.reply(stanza); + reply:tag("query", {xmlns="jabber:iq:privacy"}); + + if name == nil then + reply:tag("active", {name=origin.activePrivacyList or ""}):up(); + reply:tag("default", {name=privacy_lists.default or ""}):up(); + if privacy_lists.lists then + for _,list in ipairs(privacy_lists.lists) do + reply:tag("list", {name=list.name}):up(); + end + end + else + local idx = findNamedList(privacy_lists, name); + if idx ~= nil then + local list = privacy_lists.lists[idx]; + reply = reply:tag("list", {name=list.name}); + for _,item in ipairs(list.items) do + reply:tag("item", {type=item.type, value=item.value, action=item.action, order=item.order}); + if item["message"] then reply:tag("message"):up(); end + if item["iq"] then reply:tag("iq"):up(); end + if item["presence-in"] then reply:tag("presence-in"):up(); end + if item["presence-out"] then reply:tag("presence-out"):up(); end + reply:up(); + end + else + return {"cancel", "item-not-found", "Unknown list specified."}; + end + end + + origin.send(reply); + return true; +end module:hook("iq/bare/jabber:iq:privacy:query", function(data) local origin, stanza = data.origin, data.stanza; - if not stanza.attr.to then -- only service requests to own bare JID + if stanza.attr.to == nil then -- only service requests to own bare JID local query = stanza.tags[1]; -- the query element + local valid = false; local privacy_lists = datamanager.load(origin.username, origin.host, "privacy") or {}; + if stanza.attr.type == "set" then - -- TODO + if #query.tags == 1 then -- the <query/> element MUST NOT include more than one child element + for _,tag in ipairs(query.tags) do + if tag.name == "active" or tag.name == "default" then + if tag.attr.name == nil then -- Client declines the use of active / default list + valid = declineList(privacy_lists, origin, stanza, tag.name); + else -- Client requests change of active / default list + valid = activateList(privacy_lists, origin, stanza, tag.name, tag.attr.name); + end + elseif tag.name == "list" and tag.attr.name then -- Client adds / edits a privacy list + if #tag.tags == 0 then -- Client removes a privacy list + valid = deleteList(privacy_lists, origin, stanza, tag.attr.name); + else -- Client edits a privacy list + valid = createOrReplaceList(privacy_lists, origin, stanza, tag.attr.name, tag.tags); + end + end + end + end elseif stanza.attr.type == "get" then - if #query.tags == 0 then -- Client requests names of privacy lists from server - -- TODO - elseif #query.tags == 1 and query.tags[1].name == "list" then -- Client requests a privacy list from server - -- TODO - else - origin.send(st.error_reply(stanza, "modify", "bad-request")); + local name = nil; + local listsToRetrieve = 0; + if #query.tags >= 1 then + for _,tag in ipairs(query.tags) do + if tag.name == "list" then -- Client requests a privacy list from server + name = tag.attr.name; + listsToRetrieve = listsToRetrieve + 1; + end + end + end + if listsToRetrieve == 0 or listsToRetrieve == 1 then + valid = getList(privacy_lists, origin, stanza, name); end end + + if valid ~= true then + if valid[0] == nil then + valid[0] = "cancel"; + end + if valid[1] == nil then + valid[1] = "bad-request"; + end + origin.send(st.error_reply(stanza, valid[0], valid[1], valid[2])); + else + datamanager.store(origin.username, origin.host, "privacy", privacy_lists); + end + return true; end end); + +function checkIfNeedToBeBlocked(e, session) + local origin, stanza = e.origin, e.stanza; + local privacy_lists = datamanager.load(session.username, session.host, "privacy") or {}; + local bare_jid = session.username.."@"..session.host; + local to = stanza.attr.to; + local from = stanza.attr.from; + + local to_user = bare_jid == jid_bare(to); + local from_user = bare_jid == jid_bare(from); + + module:log("debug", "stanza: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from)); + + if privacy_lists.lists == nil or + (session.activePrivacyList == nil or session.activePrivacyList == "") and + (privacy_lists.default == nil or privacy_lists.default == "") + then + return; -- Nothing to block, default is Allow all + end + if from_user and to_user then + module:log("debug", "Not blocking communications between user's resources"); + return; -- from one of a user's resource to another => HANDS OFF! + end + + local idx; + local list; + local item; + local listname = session.activePrivacyList; + if listname == nil or listname == "" then + listname = privacy_lists.default; -- no active list selected, use default list + end + idx = findNamedList(privacy_lists, listname); + if idx == nil then + module:log("debug", "given privacy listname not found. name: %s", listname); + return; + end + list = privacy_lists.lists[idx]; + if list == nil then + module:log("debug", "privacy list index wrong. index: %d", idx); + return; + end + for _,item in ipairs(list.items) do + local apply = false; + local block = false; + if ( + (stanza.name == "message" and item.message) or + (stanza.name == "iq" and item.iq) or + (stanza.name == "presence" and to_user and item["presence-in"]) or + (stanza.name == "presence" and from_user and item["presence-out"]) or + (item.message == false and item.iq == false and item["presence-in"] == false and item["presence-out"] == false) + ) then + apply = true; + end + if apply then + local evilJid = {}; + apply = false; + if to_user then + module:log("debug", "evil jid is (from): %s", from); + evilJid.node, evilJid.host, evilJid.resource = jid_split(from); + else + module:log("debug", "evil jid is (to): %s", to); + evilJid.node, evilJid.host, evilJid.resource = jid_split(to); + end + if item.type == "jid" and + (evilJid.node and evilJid.host and evilJid.resource and item.value == evilJid.node.."@"..evilJid.host.."/"..evilJid.resource) or + (evilJid.node and evilJid.host and item.value == evilJid.node.."@"..evilJid.host) or + (evilJid.host and evilJid.resource and item.value == evilJid.host.."/"..evilJid.resource) or + (evilJid.host and item.value == evilJid.host) then + apply = true; + block = (item.action == "deny"); + elseif item.type == "group" then + local roster = load_roster(session.username, session.host); + local groups = roster[evilJid.node .. "@" .. evilJid.host].groups; + for group in pairs(groups) do + if group == item.value then + apply = true; + block = (item.action == "deny"); + break; + end + end + elseif item.type == "subscription" and evilJid.node ~= nil and evilJid.host ~= nil then -- we need a valid bare evil jid + local roster = load_roster(session.username, session.host); + if roster[evilJid.node .. "@" .. evilJid.host].subscription == item.value then + apply = true; + block = (item.action == "deny"); + end + elseif item.type == nil then + apply = true; + block = (item.action == "deny"); + end + end + if apply then + if block then + module:log("debug", "stanza blocked: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from)); + if stanza.name == "message" then + origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); + elseif stanza.name == "iq" and (stanza.attr.type == "get" or stanza.attr.type == "set") then + origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); + end + return true; -- stanza blocked ! + else + module:log("debug", "stanza explicitly allowed!") + return; + end + end + end +end + +function preCheckIncoming(e) + local session; + if e.stanza.attr.to ~= nil then + local node, host, resource = jid_split(e.stanza.attr.to); + if node == nil or host == nil then + return; + end + if resource == nil then + local prio = 0; + local session_; + if bare_sessions[node.."@"..host] ~= nil then + for resource, session_ in pairs(bare_sessions[node.."@"..host].sessions) do + if session_.priority ~= nil and session_.priority > prio then + session = session_; + prio = session_.priority; + end + end + end + else + session = full_sessions[node.."@"..host.."/"..resource]; + end + if session ~= nil then + return checkIfNeedToBeBlocked(e, session); + else + module:log("debug", "preCheckIncoming: Couldn't get session for jid: %s@%s/%s", tostring(node), tostring(host), tostring(resource)); + end + end +end + +function preCheckOutgoing(e) + local session = e.origin; + if e.stanza.attr.from == nil then + e.stanza.attr.from = session.username .. "@" .. session.host; + if session.resource ~= nil then + e.stanza.attr.from = e.stanza.attr.from .. "/" .. session.resource; + end + end + return checkIfNeedToBeBlocked(e, session); +end + +module:hook("pre-message/full", preCheckOutgoing, 500); +module:hook("pre-message/bare", preCheckOutgoing, 500); +module:hook("pre-message/host", preCheckOutgoing, 500); +module:hook("pre-iq/full", preCheckOutgoing, 500); +module:hook("pre-iq/bare", preCheckOutgoing, 500); +module:hook("pre-iq/host", preCheckOutgoing, 500); +module:hook("pre-presence/full", preCheckOutgoing, 500); +module:hook("pre-presence/bare", preCheckOutgoing, 500); +module:hook("pre-presence/host", preCheckOutgoing, 500); + +module:hook("message/full", preCheckIncoming, 500); +module:hook("message/bare", preCheckIncoming, 500); +module:hook("message/host", preCheckIncoming, 500); +module:hook("iq/full", preCheckIncoming, 500); +module:hook("iq/bare", preCheckIncoming, 500); +module:hook("iq/host", preCheckIncoming, 500); +module:hook("presence/full", preCheckIncoming, 500); +module:hook("presence/bare", preCheckIncoming, 500); +module:hook("presence/host", preCheckIncoming, 500); diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua new file mode 100644 index 00000000..2cfbe7b6 --- /dev/null +++ b/plugins/mod_proxy65.lua @@ -0,0 +1,286 @@ +-- Copyright (C) 2009 Thilo Cestonaro +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +--[[ +* to restart the proxy in the console: e.g. +module:unload("proxy65"); +> server.removeserver(<proxy65_port>); +module:load("proxy65", <proxy65_jid>); +]]-- + +if module:get_host_type() ~= "component" then + error("proxy65 should be loaded as a component, please see http://prosody.im/doc/components", 0); +end + +local jid_split, jid_join = require "util.jid".split, require "util.jid".join; +local st = require "util.stanza"; +local componentmanager = require "core.componentmanager"; +local config_get = require "core.configmanager".get; +local connlisteners = require "net.connlisteners"; +local sha1 = require "util.hashes".sha1; + +local host, name = module:get_host(), "SOCKS5 Bytestreams Service"; +local sessions, transfers, component, replies_cache = {}, {}, nil, {}; + +local proxy_port = config_get(host, "core", "proxy65_port") or 5000; +local proxy_interface = config_get(host, "core", "proxy65_interface") or "*"; +local proxy_address = config_get(host, "core", "proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; +local proxy_acl = config_get(host, "core", "proxy65_acl"); + +local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; + +function connlistener.onincoming(conn, data) + local session = sessions[conn] or {}; + + if session.setup == nil and data ~= nil and data:sub(1):byte() == 0x05 and data:len() > 2 then + local nmethods = data:sub(2):byte(); + local methods = data:sub(3); + local supported = false; + for i=1, nmethods, 1 do + if(methods:sub(i):byte() == 0x00) then -- 0x00 == method: NO AUTH + supported = true; + break; + end + end + if(supported) then + module:log("debug", "new session found ... ") + session.setup = true; + sessions[conn] = session; + conn:write(string.char(5, 0)); + end + return; + end + if session.setup then + if session.sha ~= nil and transfers[session.sha] ~= nil then + local sha = session.sha; + if transfers[sha].activated == true and transfers[sha].target ~= nil then + if transfers[sha].initiator == conn then + transfers[sha].target:write(data); + else + transfers[sha].initiator:write(data); + end + return; + end + end + if data ~= nil and data:len() == 0x2F and -- 40 == length of SHA1 HASH, and 7 other bytes => 47 => 0x2F + data:sub(1):byte() == 0x05 and -- SOCKS5 has 5 in first byte + data:sub(2):byte() == 0x01 and -- CMD must be 1 + data:sub(3):byte() == 0x00 and -- RSV must be 0 + data:sub(4):byte() == 0x03 and -- ATYP must be 3 + data:sub(5):byte() == 40 and -- SHA1 HASH length must be 40 (0x28) + data:sub(-2):byte() == 0x00 and -- PORT must be 0, size 2 byte + data:sub(-1):byte() == 0x00 + then + local sha = data:sub(6, 45); -- second param is not count! it's the ending index (included!) + if transfers[sha] == nil then + transfers[sha] = {}; + transfers[sha].activated = false; + transfers[sha].target = conn; + session.sha = sha; + module:log("debug", "target connected ... "); + elseif transfers[sha].target ~= nil then + transfers[sha].initiator = conn; + session.sha = sha; + module:log("debug", "initiator connected ... "); + throttle_sending(conn, transfers[sha].target); + throttle_sending(transfers[sha].target, conn); + end + conn:write(string.char(5, 0, 0, 3, sha:len()) .. sha .. string.char(0, 0)); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) + conn:lock_read(true) + else + module:log("warn", "Neither data transfer nor initial connect of a participator of a transfer.") + conn.close(); + end + else + if data ~= nil then + module:log("warn", "unknown connection with no authentication data -> closing it"); + conn.close(); + end + end +end + +function connlistener.ondisconnect(conn, err) + local session = sessions[conn]; + if session then + if session.sha and transfers[session.sha] then + local initiator, target = transfers[session.sha].initiator, transfers[session.sha].target; + if initiator == conn and target ~= nil then + target.close(); + elseif target == conn and initiator ~= nil then + initiator.close(); + end + transfers[session.sha] = nil; + end + -- Clean up any session-related stuff here + sessions[conn] = nil; + end +end + +local function get_disco_info(stanza) + local reply = replies_cache.disco_info; + if reply == nil then + reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#info") + :tag("identity", {category='proxy', type='bytestreams', name=name}):up() + :tag("feature", {var="http://jabber.org/protocol/bytestreams"}); + replies_cache.disco_info = reply; + end + + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + return reply; +end + +local function get_disco_items(stanza) + local reply = replies_cache.disco_items; + if reply == nil then + reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#items"); + replies_cache.disco_items = reply; + end + + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + return reply; +end + +local function get_stream_host(origin, stanza) + local reply = replies_cache.stream_host; + local err_reply = replies_cache.stream_host_err; + local sid = stanza.tags[1].attr.sid; + local allow = false; + local jid_node, jid_host, jid_resource = jid_split(stanza.attr.from); + + if stanza.attr.from == nil then + jid_node = origin.username; + jid_host = origin.host; + jid_resource = origin.resource; + end + + if proxy_acl and #proxy_acl > 0 then + if host ~= nil then -- at least a domain is needed. + for _, acl in ipairs(proxy_acl) do + local acl_node, acl_host, acl_resource = jid_split(acl); + if ((acl_node ~= nil and acl_node == jid_node) or acl_node == nil) and + ((acl_host ~= nil and acl_host == jid_host) or acl_host == nil) and + ((acl_resource ~= nil and acl_resource == jid_resource) or acl_resource == nil) then + allow = true; + end + end + end + else + allow = true; + end + if allow == true then + if reply == nil then + reply = st.iq({type="result", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}); + replies_cache.stream_host = reply; + end + else + module:log("warn", "Denying use of proxy for %s", tostring(jid_join(jid_node, jid_host, jid_resource))); + if err_reply == nil then + err_reply = st.iq({type="error", from=host}) + :query("http://jabber.org/protocol/bytestreams") + :tag("error", {code='403', type='auth'}) + :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'}); + replies_cache.stream_host_err = err_reply; + end + reply = err_reply; + end + reply.attr.id = stanza.attr.id; + reply.attr.to = stanza.attr.from; + reply.tags[1].attr.sid = sid; + return reply; +end + +module.unload = function() + componentmanager.deregister_component(host); + connlisteners.deregister(module.host .. ':proxy65'); +end + +local function set_activation(stanza) + local from, to, sid, reply = nil; + from = stanza.attr.from; + if stanza.tags[1] ~= nil and tostring(stanza.tags[1].name) == "query" then + if stanza.tags[1].attr ~= nil then + sid = stanza.tags[1].attr.sid; + end + if stanza.tags[1].tags[1] ~= nil and tostring(stanza.tags[1].tags[1].name) == "activate" then + to = stanza.tags[1].tags[1][1]; + end + end + if from ~= nil and to ~= nil and sid ~= nil then + reply = st.iq({type="result", from=host, to=from}); + reply.attr.id = stanza.attr.id; + end + return reply, from, to, sid; +end + +function handle_to_domain(origin, stanza) + local to_node, to_host, to_resource = jid_split(stanza.attr.to); + if to_node == nil then + local type = stanza.attr.type; + if type == "error" or type == "result" then return; end + if stanza.name == "iq" and type == "get" then + local xmlns = stanza.tags[1].attr.xmlns + if xmlns == "http://jabber.org/protocol/disco#info" then + origin.send(get_disco_info(stanza)); + return true; + elseif xmlns == "http://jabber.org/protocol/disco#items" then + origin.send(get_disco_items(stanza)); + return true; + elseif xmlns == "http://jabber.org/protocol/bytestreams" then + origin.send(get_stream_host(origin, stanza)); + return true; + end + elseif stanza.name == "iq" and type == "set" then + local reply, from, to, sid = set_activation(stanza); + if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then + local sha = sha1(sid .. from .. to, true); + if transfers[sha] == nil then + module:log("error", "transfers[sha]: nil"); + elseif(transfers[sha] ~= nil and transfers[sha].initiator ~= nil and transfers[sha].target ~= nil) then + origin.send(reply); + transfers[sha].activated = true; + transfers[sha].target:lock_read(false); + transfers[sha].initiator:lock_read(false); + end + else + module:log("error", "activation failed: sid: %s, initiator: %s, target: %s", tostring(sid), tostring(from), tostring(to)); + end + end + end + return; +end + +if not connlisteners.register(module.host .. ':proxy65', connlistener) then + module:log("error", "mod_proxy65: Could not establish a connection listener. Check your configuration please."); + module:log("error", "Possibly two proxy65 components are configured to share the same port."); +end + +connlisteners.start(module.host .. ':proxy65'); +component = componentmanager.register_component(host, handle_to_domain); +local sender_lock_threshold = 4096; +function throttle_sending(sender, receiver) + sender:pattern(sender_lock_threshold); + local sender_locked; + local _sendbuffer = receiver.sendbuffer; + function receiver.sendbuffer() + _sendbuffer(); + if sender_locked and receiver.bufferlen() < sender_lock_threshold then + sender:lock_read(false); -- Unlock now + sender_locked = nil; + end + end + + local _readbuffer = sender.readbuffer; + function sender.readbuffer() + _readbuffer(); + if not sender_locked and receiver.bufferlen() >= sender_lock_threshold then + sender_locked = true; + sender:lock_read(true); + end + end +end diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 22724130..be1be0ae 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -43,21 +43,21 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) session:close({condition = "not-authorized", text = "Account deleted"}); end -- TODO datamanager should be able to delete all user data itself - datamanager.store(username, host, "roster", nil); datamanager.store(username, host, "vcard", nil); datamanager.store(username, host, "private", nil); datamanager.store(username, host, "offline", nil); - --local bare = username.."@"..host; + local bare = username.."@"..host; for jid, item in pairs(roster) do - if jid ~= "pending" then - if item.subscription == "both" or item.subscription == "to" then - -- TODO unsubscribe + if jid and jid ~= "pending" then + if item.subscription == "both" or item.subscription == "from" or (roster.pending and roster.pending[jid]) then + core_post_stanza(hosts[host], st.presence({type="unsubscribed", from=bare, to=jid})); end - if item.subscription == "both" or item.subscription == "from" then - -- TODO unsubscribe + if item.subscription == "both" or item.subscription == "to" or item.ask then + core_post_stanza(hosts[host], st.presence({type="unsubscribe", from=bare, to=jid})); end end end + datamanager.store(username, host, "roster", nil); datamanager.store(username, host, "accounts", nil); -- delete accounts datastore at the end module:log("info", "User removed their account: %s@%s", username, host); module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session }); @@ -117,7 +117,9 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s local password = query:child_with_name("password"); if username and password then -- Check that the user is not blacklisted or registering too often - if blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then + if not session.ip then + module:log("debug", "User's IP not known; can't apply blacklist/whitelist"); + elseif blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then session.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not allowed to register an account.")); return; elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then @@ -139,7 +141,7 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s username = nodeprep(table.concat(username)); password = table.concat(password); local host = module.host; - if not username then + if not username or username == "" then session.send(st.error_reply(stanza, "modify", "not-acceptable", "The requested username is invalid.")); elseif usermanager_user_exists(username, host) then session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua index 7ca22aa1..52c61a26 100644 --- a/plugins/mod_roster.lua +++ b/plugins/mod_roster.lua @@ -74,18 +74,20 @@ module:add_iq_handler("c2s", "jabber:iq:roster", if not resource and host then if jid ~= from_node.."@"..from_host then if item.attr.subscription == "remove" then - local r_item = session.roster[jid]; + local roster = session.roster; + local r_item = roster[jid]; if r_item then + local to_bare = node and (node.."@"..host) or host; -- bare JID + if r_item.subscription == "both" or r_item.subscription == "from" or (roster.pending and roster.pending[jid]) then + core_post_stanza(session, st.presence({type="unsubscribed", from=session.full_jid, to=to_bare})); + end + if r_item.subscription == "both" or r_item.subscription == "to" or r_item.ask then + core_post_stanza(session, st.presence({type="unsubscribe", from=session.full_jid, to=to_bare})); + end local success, err_type, err_cond, err_msg = rm_remove_from_roster(session, jid); if success then session.send(st.reply(stanza)); rm_roster_push(from_node, from_host, jid); - local to_bare = node and (node.."@"..host) or host; -- bare JID - if r_item.subscription == "both" or r_item.subscription == "from" then - core_post_stanza(session, st.presence({type="unsubscribed", from=session.full_jid, to=to_bare})); - elseif r_item.subscription == "both" or r_item.subscription == "to" then - core_post_stanza(session, st.presence({type="unsubscribe", from=session.full_jid, to=to_bare})); - end else session.send(st.error_reply(stanza, err_type, err_cond, err_msg)); end diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 04e33b29..75ee9f04 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -21,11 +21,12 @@ local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_get_password = require "core.usermanager".get_password; local t_concat, t_insert = table.concat, table.insert; local tostring = tostring; -local jid_split = require "util.jid".split +local jid_split = require "util.jid".split; local md5 = require "util.hashes".md5; local config = require "core.configmanager"; -local secure_auth_only = config.get(module:get_host(), "core", "c2s_require_encryption") or config.get(module:get_host(), "core", "require_encryption"); +local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local sasl_backend = module:get_option("sasl_backend") or "builtin"; local log = module._log; @@ -33,28 +34,37 @@ local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; local xmlns_stanzas ='urn:ietf:params:xml:ns:xmpp-stanzas'; -local new_sasl = require "util.sasl".new; +local new_sasl +if sasl_backend == "cyrus" then + local cyrus_new = require "util.sasl_cyrus".new; + new_sasl = function(realm) + return cyrus_new(realm, module:get_option("cyrus_service_name") or "xmpp"); + end +else + if sasl_backend ~= "builtin" then module:log("warn", "Unknown SASL backend %s", sasl_backend); end; + new_sasl = require "util.sasl".new; +end -default_authentication_profile = { +local default_authentication_profile = { plain = function(username, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - local password = usermanager_get_password(prepped_username, realm); - if not password then - return "", nil; - end - return password, true; + local prepped_username = nodeprep(username); + if not prepped_username then + log("debug", "NODEprep failed on username: %s", username); + return "", nil; + end + local password = usermanager_get_password(prepped_username, realm); + if not password then + return "", nil; end + return password, true; + end }; -anonymous_authentication_profile = { +local anonymous_authentication_profile = { anonymous = function(username, realm) - return true; -- for normal usage you should always return true here - end -} + return true; -- for normal usage you should always return true here + end +}; local function build_reply(status, ret, err_msg) local reply = st.stanza(status, {xmlns = xmlns_sasl}); @@ -75,7 +85,7 @@ end local function handle_status(session, status) if status == "failure" then - session.sasl_handler = nil; + session.sasl_handler = session.sasl_handler:clean_clone(); elseif status == "success" then local username = nodeprep(session.sasl_handler.username); if not username then -- TODO move this to sessionmanager @@ -104,13 +114,16 @@ local function sasl_handler(session, stanza) if not valid_mechanism then return session.send(build_reply("failure", "invalid-mechanism")); end + if secure_auth_only and not session.secure then + return session.send(build_reply("failure", "encryption-required")); + end elseif not session.sasl_handler then return; -- FIXME ignoring out of order stanzas because ejabberd does end local text = stanza[1]; if text then text = base64.decode(text); - log("debug", "%s", text); + log("debug", "%s", text:gsub("[%z\001-\008\011\012\014-\031]", " ")); if not text then session.sasl_handler = nil; session.send(build_reply("failure", "incorrect-encoding")); @@ -131,56 +144,53 @@ module:add_handler("c2s_unauthed", "response", xmlns_sasl, sasl_handler); local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; -module:add_event_hook("stream-features", - function (session, features) - if not session.username then - if secure_auth_only and not session.secure then - return; - end - if module:get_option("anonymous_login") then - session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); - else - session.sasl_handler = new_sasl(session.host, default_authentication_profile); - if not (module:get_option("allow_unencrypted_plain_auth")) and not session.secure then - session.sasl_handler:forbidden({"PLAIN"}); - end - end - features:tag("mechanisms", mechanisms_attr); - for k, v in pairs(session.sasl_handler:mechanisms()) do - features:tag("mechanism"):text(v):up(); - end - features:up(); - else - features:tag("bind", bind_attr):tag("required"):up():up(); - features:tag("session", xmpp_session_attr):tag("optional"):up():up(); - end - end); - -module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", - function (session, stanza) - log("debug", "Client requesting a resource bind"); - local resource; - if stanza.attr.type == "set" then - local bind = stanza.tags[1]; - if bind and bind.attr.xmlns == xmlns_bind then - resource = bind:child_with_name("resource"); - if resource then - resource = resource[1]; - end - end +module:add_event_hook("stream-features", function(session, features) + if not session.username then + if secure_auth_only and not session.secure then + return; + end + if module:get_option("anonymous_login") then + session.sasl_handler = new_sasl(session.host, anonymous_authentication_profile); + else + session.sasl_handler = new_sasl(session.host, default_authentication_profile); + if not (module:get_option("allow_unencrypted_plain_auth")) and not session.secure then + session.sasl_handler:forbidden({"PLAIN"}); end - local success, err_type, err, err_msg = sm_bind_resource(session, resource); - if not success then - session.send(st.error_reply(stanza, err_type, err, err_msg)); - else - session.send(st.reply(stanza) - :tag("bind", { xmlns = xmlns_bind}) - :tag("jid"):text(session.full_jid)); + end + features:tag("mechanisms", mechanisms_attr); + for k, v in pairs(session.sasl_handler:mechanisms()) do + features:tag("mechanism"):text(v):up(); + end + features:up(); + else + features:tag("bind", bind_attr):tag("required"):up():up(); + features:tag("session", xmpp_session_attr):tag("optional"):up():up(); + end +end); + +module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-bind", function(session, stanza) + log("debug", "Client requesting a resource bind"); + local resource; + if stanza.attr.type == "set" then + local bind = stanza.tags[1]; + if bind and bind.attr.xmlns == xmlns_bind then + resource = bind:child_with_name("resource"); + if resource then + resource = resource[1]; end - end); + end + end + local success, err_type, err, err_msg = sm_bind_resource(session, resource); + if not success then + session.send(st.error_reply(stanza, err_type, err, err_msg)); + else + session.send(st.reply(stanza) + :tag("bind", { xmlns = xmlns_bind}) + :tag("jid"):text(session.full_jid)); + end +end); -module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", - function (session, stanza) - log("debug", "Client requesting a session"); - session.send(st.reply(stanza)); - end); +module:add_iq_handler("c2s", "urn:ietf:params:xml:ns:xmpp-session", function(session, stanza) + log("debug", "Client requesting a session"); + session.send(st.reply(stanza)); +end); diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 8a450803..73b5ae09 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -14,15 +14,15 @@ local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local secure_s2s_only = module:get_option("s2s_require_encryption"); +local global_ssl_ctx = prosody.global_ssl_ctx; + module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, function (session, stanza) if session.conn.starttls then session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); - if session.host and hosts[session.host].ssl_ctx_in then - session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); - end - session.conn.starttls(); + local ssl_ctx = session.host and hosts[session.host].ssl_ctx_in or global_ssl_ctx; + session.conn:starttls(ssl_ctx); session.log("info", "TLS negotiation started..."); session.secure = false; else @@ -36,10 +36,8 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, if session.conn.starttls then session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); - if session.to_host and hosts[session.to_host].ssl_ctx_in then - session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); - end - session.conn.starttls(); + local ssl_ctx = session.to_host and hosts[session.to_host].ssl_ctx_in or global_ssl_ctx; + session.conn:starttls(ssl_ctx); session.log("info", "TLS negotiation started for incoming s2s..."); session.secure = false; else @@ -89,9 +87,9 @@ module:hook_stanza(xmlns_stream, "features", module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) module:log("debug", "Proceeding with TLS on s2sout..."); - local format, to_host, from_host = string.format, session.to_host, session.from_host; session:reset_stream(); - session.conn.starttls(true); + local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; + session.conn:starttls(ssl_ctx, true); session.secure = false; return true; end); diff --git a/plugins/mod_vcard.lua b/plugins/mod_vcard.lua index 0efc1638..6bf82ee7 100644 --- a/plugins/mod_vcard.lua +++ b/plugins/mod_vcard.lua @@ -51,7 +51,7 @@ if module:get_option("vcard_compatibility") then module:hook("iq/full", function(data) local stanza = data.stanza; local payload = stanza.tags[1]; - if stanza.attr.type == "get" or stanza.attr.type == "set" and payload.name == "vCard" and payload.attr.xmlns == "vcard-temp" then + if stanza.attr.type == "get" and payload.name == "vCard" and payload.attr.xmlns == "vcard-temp" then return handle_vcard(data); end end, 1); diff --git a/plugins/mod_xmlrpc.lua b/plugins/mod_xmlrpc.lua deleted file mode 100644 index 7165386a..00000000 --- a/plugins/mod_xmlrpc.lua +++ /dev/null @@ -1,128 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2009 Matthew Wild --- Copyright (C) 2008-2009 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - - -module.host = "*" -- Global module - -local httpserver = require "net.httpserver"; -local st = require "util.stanza"; -local pcall = pcall; -local unpack = unpack; -local tostring = tostring; -local is_admin = require "core.usermanager".is_admin; -local jid_split = require "util.jid".split; -local jid_bare = require "util.jid".bare; -local b64_decode = require "util.encodings".base64.decode; -local get_method = require "core.objectmanager".get_object; -local validate_credentials = require "core.usermanager".validate_credentials; - -local translate_request = require "util.xmlrpc".translate_request; -local create_response = require "util.xmlrpc".create_response; -local create_error_response = require "util.xmlrpc".create_error_response; - -local entity_map = setmetatable({ - ["amp"] = "&"; - ["gt"] = ">"; - ["lt"] = "<"; - ["apos"] = "'"; - ["quot"] = "\""; -}, {__index = function(_, s) - if s:sub(1,1) == "#" then - if s:sub(2,2) == "x" then - return string.char(tonumber(s:sub(3), 16)); - else - return string.char(tonumber(s:sub(2))); - end - end - end -}); -local function xml_unescape(str) - return (str:gsub("&(.-);", entity_map)); -end -local function parse_xml(xml) - local stanza = st.stanza("root"); - local regexp = "<([^>]*)>([^<]*)"; - for elem, text in xml:gmatch(regexp) do - --print("[<"..elem..">|"..text.."]"); - if elem:sub(1,1) == "!" or elem:sub(1,1) == "?" then -- neglect comments and processing-instructions - elseif elem:sub(1,1) == "/" then -- end tag - elem = elem:sub(2); - stanza:up(); -- TODO check for start-end tag name match - elseif elem:sub(-1,-1) == "/" then -- empty tag - elem = elem:sub(1,-2); - stanza:tag(elem):up(); - else -- start tag - stanza:tag(elem); - end - if #text ~= 0 then -- text - stanza:text(xml_unescape(text)); - end - end - return stanza.tags[1]; -end - -local function handle_xmlrpc_request(jid, method, args) - local is_secure_call = (method:sub(1,7) == "secure/"); - if not is_admin(jid) and not is_secure_call then - return create_error_response(401, "not authorized"); - end - method = get_method(method); - if not method then return create_error_response(404, "method not found"); end - args = args or {}; - if is_secure_call then table.insert(args, 1, jid); end - local success, result = pcall(method, unpack(args)); - if success then - success, result = pcall(create_response, result or "nil"); - if success then - return result; - end - return create_error_response(500, "Error in creating response: "..result); - end - return create_error_response(0, tostring(result):gsub("^[^:]+:%d+: ", "")); -end - -local function handle_xmpp_request(origin, stanza) - local query = stanza.tags[1]; - if query.name == "query" then - if #query.tags == 1 then - local success, method, args = pcall(translate_request, query.tags[1]); - if success then - local result = handle_xmlrpc_request(jid_bare(stanza.attr.from), method, args); - origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:rpc'}):add_child(result)); - else - origin.send(st.error_reply(stanza, "modify", "bad-request", method)); - end - else origin.send(st.error_reply(stanza, "modify", "bad-request", "No content in XML-RPC request")); end - else origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end -end -module:add_iq_handler({"c2s", "s2sin"}, "jabber:iq:rpc", handle_xmpp_request); -module:add_feature("jabber:iq:rpc"); --- TODO add <identity category='automation' type='rpc'/> to disco replies - -local default_headers = { ['Content-Type'] = 'text/xml' }; -local unauthorized_response = { status = '401 UNAUTHORIZED', headers = {['Content-Type']='text/html', ['WWW-Authenticate']='Basic realm="WallyWorld"'}; body = "<html><body>Authentication required</body></html>"; }; -local function handle_http_request(method, body, request) - -- authenticate user - local username, password = b64_decode(request['authorization'] or ''):gmatch('([^:]*):(.*)')(); -- TODO digest auth - local node, host = jid_split(username); - if not validate_credentials(host, node, password) then - return unauthorized_response; - end - -- parse request - local stanza = body and parse_xml(body); - if (not stanza) or request.method ~= "POST" then - return "<html><body>You really don't look like an XML-RPC client to me... what do you want?</body></html>"; - end - -- execute request - local success, method, args = pcall(translate_request, stanza); - if success then - return { headers = default_headers; body = tostring(handle_xmlrpc_request(node.."@"..host, method, args)) }; - end - return "<html><body>Error parsing XML-RPC request: "..tostring(method).."</body></html>"; -end -httpserver.new{ port = 9000, base = "xmlrpc", handler = handle_http_request } diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 856f3cba..d23e2474 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -16,7 +16,6 @@ local muc_name = module:get_option("name"); if type(muc_name) ~= "string" then muc_name = "Prosody Chatrooms"; end local restrict_room_creation = module:get_option("restrict_room_creation"); if restrict_room_creation and restrict_room_creation ~= true then restrict_room_creation = nil; end -local history_length = 20; local muc_new_room = module:require "muc".new_room; local register_component = require "core.componentmanager".register_component; diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 3a185e17..ad45bbfd 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -59,19 +59,12 @@ local kickable_error_conditions = { ["service-unavailable"] = true; ["malformed error"] = true; }; + local function get_error_condition(stanza) - for _, tag in ipairs(stanza.tags) do - if tag.name == "error" and (not(tag.attr.xmlns) or tag.attr.xmlns == "jabber:client") then - for _, cond in ipairs(tag.tags) do - if cond.attr.xmlns == "urn:ietf:params:xml:ns:xmpp-stanzas" then - return cond.name; - end - end - return "malformed error"; - end - end - return "malformed error"; + local _, condition = stanza:get_error(); + return condition or "malformed error"; end + local function is_kickable_error(stanza) local cond = get_error_condition(stanza); return kickable_error_conditions[cond] and cond; @@ -89,17 +82,6 @@ local function getTag(stanza, path) return getUsingPath(stanza, path); end local function getText(stanza, path) return getUsingPath(stanza, path, true); end ----------- ---[[function get_room_disco_info(room, stanza) - return st.iq({type='result', id=stanza.attr.id, from=stanza.attr.to, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#info") - :tag("identity", {category='conference', type='text', name=room._data["name"]):up() - :tag("feature", {var="http://jabber.org/protocol/muc"}); -- TODO cache disco reply -end -function get_room_disco_items(room, stanza) - return st.iq({type='result', id=stanza.attr.id, from=stanza.attr.to, to=stanza.attr.from}):query("http://jabber.org/protocol/disco#items"); -end -- TODO allow non-private rooms]] - --- - local room_mt = {}; room_mt.__index = room_mt; @@ -128,19 +110,21 @@ function room_mt:broadcast_presence(stanza, sid, code, nick) end end function room_mt:broadcast_message(stanza, historic) + local to = stanza.attr.to; for occupant, o_data in pairs(self._occupants) do for jid in pairs(o_data.sessions) do stanza.attr.to = jid; self:_route_stanza(stanza); end end + stanza.attr.to = to; if historic then -- add to history local history = self._data['history']; if not history then history = {}; self._data['history'] = history; end - -- stanza = st.clone(stanza); + stanza = st.clone(stanza); stanza:tag("delay", {xmlns = "urn:xmpp:delay", from = muc_domain, stamp = datetime.datetime()}):up(); -- XEP-0203 stanza:tag("x", {xmlns = "jabber:x:delay", from = muc_domain, stamp = datetime.legacy()}):up(); -- XEP-0091 (deprecated) - t_insert(history, st.clone(st.preserialize(stanza))); + t_insert(history, st.preserialize(stanza)); while #history > history_length do t_remove(history, 1) end end end @@ -181,12 +165,12 @@ function room_mt:send_history(to) end end -local function room_get_disco_info(self, stanza) +function room_mt:get_disco_info(stanza) return st.reply(stanza):query("http://jabber.org/protocol/disco#info") :tag("identity", {category="conference", type="text"}):up() :tag("feature", {var="http://jabber.org/protocol/muc"}); end -local function room_get_disco_items(self, stanza) +function room_mt:get_disco_items(stanza) local reply = st.reply(stanza):query("http://jabber.org/protocol/disco#items"); for room_jid in pairs(self._occupants) do reply:tag("item", {jid = room_jid, name = room_jid:match("/(.*)")}):up(); @@ -204,6 +188,16 @@ function room_mt:set_subject(current_nick, subject) return true; end +local function build_unavailable_presence_from_error(stanza) + local type, condition, text = stanza:get_error(); + local error_message = "Kicked: "..condition:gsub("%-", " "); + if text then + error_message = error_message..": "..text; + end + return st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) + :tag('status'):text(error_message); +end + function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc local from, to = stanza.attr.from, stanza.attr.to; local room = jid_bare(to); @@ -217,8 +211,7 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc if type == "error" then -- error, kick em out! if current_nick then log("debug", "kicking %s from %s", current_nick, room); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=from, to=to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); end elseif type == "unavailable" then -- unavailable if current_nick then @@ -365,8 +358,7 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc origin.send(st.error_reply(stanza, "modify", "bad-request")); elseif current_nick and stanza.name == "message" and type == "error" and is_kickable_error(stanza) then log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable else -- private stanza local o_data = self._occupants[to]; if o_data then @@ -387,61 +379,122 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc end end -function room_mt:handle_form(origin, stanza) - if self:get_affiliation(stanza.attr.from) ~= "owner" then origin.send(st.error_reply(stanza, "auth", "forbidden")); return; end - if stanza.attr.type == "get" then - local title = "Configuration for "..self.jid; - origin.send(st.reply(stanza):query("http://jabber.org/protocol/muc#owner") - :tag("x", {xmlns='jabber:x:data', type='form'}) - :tag("title"):text(title):up() - :tag("instructions"):text(title):up() - :tag("field", {type='hidden', var='FORM_TYPE'}):tag("value"):text("http://jabber.org/protocol/muc#roomconfig"):up():up() - :tag("field", {type='boolean', label='Make Room Persistent?', var='muc#roomconfig_persistentroom'}) - :tag("value"):text(self._data.persistent and "1" or "0"):up() +function room_mt:send_form(origin, stanza) + local title = "Configuration for "..self.jid; + origin.send(st.reply(stanza):query("http://jabber.org/protocol/muc#owner") + :tag("x", {xmlns='jabber:x:data', type='form'}) + :tag("title"):text(title):up() + :tag("instructions"):text(title):up() + :tag("field", {type='hidden', var='FORM_TYPE'}):tag("value"):text("http://jabber.org/protocol/muc#roomconfig"):up():up() + :tag("field", {type='boolean', label='Make Room Persistent?', var='muc#roomconfig_persistentroom'}) + :tag("value"):text(self._data.persistent and "1" or "0"):up() + :up() + :tag("field", {type='boolean', label='Make Room Publicly Searchable?', var='muc#roomconfig_publicroom'}) + :tag("value"):text(self._data.hidden and "0" or "1"):up() + :up() + :tag("field", {type='list-single', label='Who May Discover Real JIDs?', var='muc#roomconfig_whois'}) + :tag("value"):text(self._data.whois or 'moderators'):up() + :tag("option", {label = 'Moderators Only'}) + :tag("value"):text('moderators'):up() :up() - :tag("field", {type='boolean', label='Make Room Publicly Searchable?', var='muc#roomconfig_publicroom'}) - :tag("value"):text(self._data.hidden and "0" or "1"):up() + :tag("option", {label = 'Anyone'}) + :tag("value"):text('anyone'):up() :up() - ); - elseif stanza.attr.type == "set" then - local query = stanza.tags[1]; - local form; - for _, tag in ipairs(query.tags) do if tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then form = tag; break; end end - if not form then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); return; end - if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end - if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - local fields = {}; - for _, field in pairs(form.tags) do - if field.name == "field" and field.attr.var and field.tags[1].name == "value" and #field.tags[1].tags == 0 then - fields[field.attr.var] = field.tags[1][1] or ""; - end + :up() + ); +end + +local valid_whois = { + moderators = true, + anyone = true, +} + +function room_mt:process_form(origin, stanza) + local query = stanza.tags[1]; + local form; + for _, tag in ipairs(query.tags) do if tag.name == "x" and tag.attr.xmlns == "jabber:x:data" then form = tag; break; end end + if not form then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); return; end + if form.attr.type == "cancel" then origin.send(st.reply(stanza)); return; end + if form.attr.type ~= "submit" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + local fields = {}; + for _, field in pairs(form.tags) do + if field.name == "field" and field.attr.var and field.tags[1].name == "value" and #field.tags[1].tags == 0 then + fields[field.attr.var] = field.tags[1][1] or ""; end - if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + end + if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + + local dirty = false + + local persistent = fields['muc#roomconfig_persistentroom']; + if persistent == "0" or persistent == "false" then persistent = nil; elseif persistent == "1" or persistent == "true" then persistent = true; + else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + dirty = dirty or (self._data.persistent ~= persistent) + self._data.persistent = persistent; + module:log("debug", "persistent=%s", tostring(persistent)); + + local public = fields['muc#roomconfig_publicroom']; + if public == "0" or public == "false" then public = nil; elseif public == "1" or public == "true" then public = true; + else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end + dirty = dirty or (self._data.hidden ~= (not public and true or nil)) + self._data.hidden = not public and true or nil; + + local whois = fields['muc#roomconfig_whois']; + if not valid_whois[whois] then + origin.send(st.error_reply(stanza, 'cancel', 'bad-request')); + return; + end + local whois_changed = self._data.whois ~= whois + self._data.whois = whois + module:log('debug', 'whois=%s', tostring(whois)) + + if self.save then self:save(true); end + origin.send(st.reply(stanza)); - local persistent = fields['muc#roomconfig_persistentroom']; - if persistent == "0" or persistent == "false" then persistent = nil; elseif persistent == "1" or persistent == "true" then persistent = true; - else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - self._data.persistent = persistent; - module:log("debug", "persistent=%s", tostring(persistent)); + if dirty or whois_changed then + local msg = st.message({type='groupchat', from=self.jid}) + :tag('x', {xmlns='http://jabber.org/protocol/muc#user'}):up() - local public = fields['muc#roomconfig_publicroom']; - if public == "0" or public == "false" then public = nil; elseif public == "1" or public == "true" then public = true; - else origin.send(st.error_reply(stanza, "cancel", "bad-request")); return; end - self._data.hidden = not public and true or nil; + if dirty then + msg.tags[1]:tag('status', {code = '104'}) + end + if whois_changed then + local code = (whois == 'moderators') and 173 or 172 + msg.tags[1]:tag('status', {code = code}) + end - if self.save then self:save(true); end - origin.send(st.reply(stanza)); + self:broadcast_message(msg, false) end end +function room_mt:destroy(newjid, reason, password) + local pr = st.presence({type = "unavailable"}) + :tag("x", {xmlns = "http://jabber.org/protocol/muc#user"}) + :tag("item", { affiliation='none', role='none' }):up() + :tag("destroy", {jid=newjid}) + if reason then pr:tag("reason"):text(reason):up(); end + if password then pr:tag("password"):text(password):up(); end + for nick, occupant in pairs(self._occupants) do + pr.attr.from = nick; + for jid in pairs(occupant.sessions) do + pr.attr.to = jid; + self:_route_stanza(pr); + self._jid_nick[jid] = nil; + end + self._occupants[nick] = nil; + end + self._data.persistent = nil; + if self.save then self:save(true); end +end + function room_mt:handle_to_room(origin, stanza) -- presence changes and groupchat messages, along with disco/etc local type = stanza.attr.type; local xmlns = stanza.tags[1] and stanza.tags[1].attr.xmlns; if stanza.name == "iq" then if xmlns == "http://jabber.org/protocol/disco#info" and type == "get" then - origin.send(room_get_disco_info(self, stanza)); + origin.send(self:get_disco_info(stanza)); elseif xmlns == "http://jabber.org/protocol/disco#items" and type == "get" then - origin.send(room_get_disco_items(self, stanza)); + origin.send(self:get_disco_items(stanza)); elseif xmlns == "http://jabber.org/protocol/muc#admin" then local actor = stanza.attr.from; local affiliation = self:get_affiliation(actor); @@ -492,9 +545,14 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha -- TODO allow admins and owners not in room? Provide read-only access to everyone who can see the participants anyway? if _rol == "none" then _rol = nil; end local reply = st.reply(stanza):query("http://jabber.org/protocol/muc#admin"); - for nick, occupant in pairs(self._occupants) do + for occupant_jid, occupant in pairs(self._occupants) do if occupant.role == _rol then - reply:tag("item", {nick = nick, role = _rol or "none", affiliation = occupant.affiliation or "none", jid = occupant.jid}):up(); + reply:tag("item", { + nick = select(3, jid_split(occupant_jid)), + role = _rol or "none", + affiliation = occupant.affiliation or "none", + jid = occupant.jid + }):up(); end end origin.send(reply); @@ -509,7 +567,30 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha origin.send(st.error_reply(stanza, "cancel", "bad-request")); end elseif xmlns == "http://jabber.org/protocol/muc#owner" and (type == "get" or type == "set") and stanza.tags[1].name == "query" then - self:handle_form(origin, stanza); + if self:get_affiliation(stanza.attr.from) ~= "owner" then + origin.send(st.error_reply(stanza, "auth", "forbidden")); + elseif stanza.attr.type == "get" then + self:send_form(origin, stanza); + elseif stanza.attr.type == "set" then + local child = stanza.tags[1].tags[1]; + if not child then + origin.send(st.error_reply(stanza, "auth", "bad-request")); + elseif child.name == "destroy" then + local newjid = child.attr.jid; + local reason, password; + for _,tag in ipairs(child.tags) do + if tag.name == "reason" then + reason = #tag.tags == 0 and tag[1]; + elseif tag.name == "password" then + password = #tag.tags == 0 and tag[1]; + end + end + self:destroy(newjid, reason, password); + origin.send(st.reply(stanza)); + else + self:process_form(origin, stanza); + end + end elseif type == "set" or type == "get" then origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); end @@ -517,23 +598,31 @@ function room_mt:handle_to_room(origin, stanza) -- presence changes and groupcha local from, to = stanza.attr.from, stanza.attr.to; local room = jid_bare(to); local current_nick = self._jid_nick[from]; - if not current_nick then -- not in room + local occupant = self._occupants[current_nick]; + if not occupant then -- not in room origin.send(st.error_reply(stanza, "cancel", "not-acceptable")); + elseif occupant.role == "visitor" then + origin.send(st.error_reply(stanza, "cancel", "forbidden")); else local from = stanza.attr.from; stanza.attr.from = current_nick; local subject = getText(stanza, {"subject"}); if subject then - self:set_subject(current_nick, subject); -- TODO use broadcast_message_stanza + if occupant.role == "moderator" then + self:set_subject(current_nick, subject); -- TODO use broadcast_message_stanza + else + stanza.attr.from = from; + origin.send(st.error_reply(stanza, "cancel", "forbidden")); + end else self:broadcast_message(stanza, true); end + stanza.attr.from = from; end elseif stanza.name == "message" and type == "error" and is_kickable_error(stanza) then local current_nick = self._jid_nick[stanza.attr.from]; log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid); - self:handle_to_occupant(origin, st.presence({type='unavailable', from=stanza.attr.from, to=stanza.attr.to}) - :tag('status'):text('Kicked: '..get_error_condition(stanza))); -- send unavailable + self:handle_to_occupant(origin, build_unavailable_presence_from_error(stanza)); -- send unavailable elseif stanza.name == "presence" then -- hack - some buggy clients send presence updates to the room rather than their nick local to = stanza.attr.to; local current_nick = self._jid_nick[stanza.attr.from]; @@ -651,21 +740,21 @@ function room_mt:get_role(nick) local session = self._occupants[nick]; return session and session.role or nil; end -function room_mt:set_role(actor, nick, role, callback, reason) +function room_mt:set_role(actor, occupant_jid, role, callback, reason) if role == "none" then role = nil; end if role and role ~= "moderator" and role ~= "participant" and role ~= "visitor" then return nil, "modify", "not-acceptable"; end if self:get_affiliation(actor) ~= "owner" then return nil, "cancel", "not-allowed"; end - local occupant = self._occupants[nick]; + local occupant = self._occupants[occupant_jid]; if not occupant then return nil, "modify", "not-acceptable"; end if occupant.affiliation == "owner" or occupant.affiliation == "admin" then return nil, "cancel", "not-allowed"; end - local p = st.presence({from = nick}) + local p = st.presence({from = occupant_jid}) :tag("x", {xmlns = "http://jabber.org/protocol/muc#user"}) - :tag("item", {affiliation=occupant.affiliation or "none", nick=nick, role=role or "none"}) + :tag("item", {affiliation=occupant.affiliation or "none", nick=select(3, jid_split(occupant_jid)), role=role or "none"}) :tag("reason"):text(reason or ""):up() :up(); if not role then -- kick p.attr.type = "unavailable"; - self._occupants[nick] = nil; + self._occupants[occupant_jid] = nil; for jid in pairs(occupant.sessions) do -- remove for all sessions of the nick self._jid_nick[jid] = nil; end @@ -678,7 +767,7 @@ function room_mt:set_role(actor, nick, role, callback, reason) self:_route_stanza(p); end if callback then callback(); end - self:broadcast_except_nick(p, nick); + self:broadcast_except_nick(p, occupant_jid); return true; end @@ -688,13 +777,11 @@ function room_mt:_route_stanza(stanza) local from_occupant = self._occupants[stanza.attr.from]; if stanza.name == "presence" then if to_occupant and from_occupant then - if to_occupant.role == "moderator" or jid_bare(to_occupant.jid) == jid_bare(from_occupant.jid) then - for i=#stanza.tags,1,-1 do - local tag = stanza.tags[i]; - if tag.name == "x" and tag.attr.xmlns == "http://jabber.org/protocol/muc#user" then - muc_child = tag; - break; - end + if self._data.whois == 'anyone' then + muc_child = stanza:get_child("x", "http://jabber.org/protocol/muc#user"); + else + if to_occupant.role == "moderator" or jid_bare(to_occupant.jid) == jid_bare(from_occupant.jid) then + muc_child = stanza:get_child("x", "http://jabber.org/protocol/muc#user"); end end end @@ -709,6 +796,9 @@ function room_mt:_route_stanza(stanza) end end end + if self._data.whois == 'anyone' then + muc_child:tag('status', { code = '100' }); + end end self:route_stanza(stanza); if muc_child then @@ -727,7 +817,9 @@ function _M.new_room(jid) jid = jid; _jid_nick = {}; _occupants = {}; - _data = {}; + _data = { + whois = 'moderators', + }; _affiliations = {}; }, room_mt); end @@ -14,8 +14,9 @@ CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR"); CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR"); CFG_DATADIR=os.getenv("PROSODY_DATADIR"); --- -- -- -- -- -- -- ---- -- -- -- -- -- -- -- -- +-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +-- Tell Lua where to find our libraries if CFG_SOURCEDIR then package.path = CFG_SOURCEDIR.."/?.lua;"..package.path; package.cpath = CFG_SOURCEDIR.."/?.so;"..package.cpath; @@ -24,16 +25,23 @@ end package.path = package.path..";"..(CFG_SOURCEDIR or ".").."/fallbacks/?.lua"; package.cpath = package.cpath..";"..(CFG_SOURCEDIR or ".").."/fallbacks/?.so"; +-- Substitute ~ with path to home directory in data path if CFG_DATADIR then if os.getenv("HOME") then CFG_DATADIR = CFG_DATADIR:gsub("^~", os.getenv("HOME")); end end --- Required to be able to find packages installed with luarocks -pcall(require, "luarocks.require") +-- Initialize logging +require "core.loggingmanager" --- Replace require with one that doesn't pollute _G +-- Check runtime dependencies +if not require "util.dependencies".check_dependencies() then + os.exit(1); +end + +-- Replace require() with one that doesn't pollute _G, required +-- for neat sandboxing of modules do local _realG = _G; local _real_require = require; @@ -52,13 +60,38 @@ do end end - +-- Load the config-parsing module config = require "core.configmanager" +-- -- -- -- +-- Define the functions we call during startup, the +-- actual startup happens right at the end, where these +-- functions get called + function read_config() - -- TODO: Check for other formats when we add support for them - -- Use lfs? Make a new conf/ dir? - local ok, level, err = config.load((CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + local filenames = {}; + + local filename; + if arg[1] == "--config" and arg[2] then + table.insert(filenames, arg[2]); + if CFG_CONFIGDIR then + table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]); + end + else + for _, format in ipairs(config.parsers()) do + table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format); + end + end + for _,_filename in ipairs(filenames) do + filename = _filename; + local file = io.open(filename); + if file then + file:close(); + CFG_CONFIGDIR = filename:match("^(.*)[\\/][^\\/]*$"); + break; + end + end + local ok, level, err = config.load(filename); if not ok then print("\n"); print("**************************"); @@ -82,13 +115,7 @@ function read_config() end function load_libraries() - --- Initialize logging - require "core.loggingmanager" - - --- Check runtime dependencies - require "util.dependencies" - - --- Load socket framework + -- Load socket framework server = require "net.server" end @@ -153,6 +180,66 @@ function init_global_state() prosody.events.fire_event("server-stopping", {reason = reason}); server.setquitting(true); end + + -- Load SSL settings from config, and create a ctx table + local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); + if global_ssl_ctx then + local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2" }; + setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); + prosody.global_ssl_ctx = global_ssl_ctx; + end + + local cl = require "net.connlisteners"; + function prosody.net_activate_ports(option, listener, default, conntype) + conntype = conntype or (global_ssl_ctx and "tls") or "tcp"; + local ports_option = option and option.."_ports" or "ports"; + if not cl.get(listener) then return; end + local ports = config.get("*", "core", ports_option) or default; + if type(ports) == "number" then ports = {ports} end; + + if type(ports) ~= "table" then + log("error", "core."..ports_option.." is not a table"); + else + for _, port in ipairs(ports) do + port = tonumber(port); + if type(port) ~= "number" then + log("error", "Non-numeric "..ports_option..": "..tostring(port)); + else + local ok, err = cl.start(listener, { + ssl = conntype == "ssl" and global_ssl_ctx, + port = port, + interface = (option and config.get("*", "core", option.."_interface")) + or cl.get(listener).default_interface + or config.get("*", "core", "interface"), + type = conntype + }); + if not ok then + local friendly_message = err; + if err:match(" in use") then + if port == 5222 or port == 5223 or port == 5269 then + friendly_message = "check that Prosody or another XMPP server is " + .."not already running and using this port"; + elseif port == 80 or port == 81 then + friendly_message = "check that a HTTP server is not already using " + .."this port"; + elseif port == 5280 then + friendly_message = "check that Prosody or a BOSH connection manager " + .."is not already running"; + else + friendly_message = "this port is in use by another application"; + end + elseif err:match("permission") then + friendly_message = "Prosody does not have sufficient privileges to use this port"; + elseif err == "no ssl context" then + friendly_message = "there is no 'ssl' config under Host \"*\" which is " + .."require for legacy SSL ports"; + end + log("error", "Failed to open server port %d, %s", port, friendly_message); + end + end + end + end + end end function read_version() @@ -216,56 +303,33 @@ function init_data_store() end function prepare_to_start() + log("debug", "Prosody is using the %s backend for connection handling", server.get_backend()); -- Signal to modules that we are ready to start eventmanager.fire_event("server-starting"); prosody.events.fire_event("server-starting"); - -- Load SSL settings from config, and create a ctx table - local global_ssl_ctx = rawget(_G, "ssl") and config.get("*", "core", "ssl"); - if global_ssl_ctx then - local default_ssl_ctx = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none"; }; - setmetatable(global_ssl_ctx, { __index = default_ssl_ctx }); - end - - local cl = require "net.connlisteners"; -- start listening on sockets - function prosody.net_activate_ports(option, listener, default, conntype) - if not cl.get(listener) then return; end - local ports = config.get("*", "core", option.."_ports") or default; - if type(ports) == "number" then ports = {ports} end; - - if type(ports) ~= "table" then - log("error", "core."..option.." is not a table"); - else - for _, port in ipairs(ports) do - if type(port) ~= "number" then - log("error", "Non-numeric "..option.."_ports: "..tostring(port)); - else - cl.start(listener, { - ssl = conntype ~= "tcp" and global_ssl_ctx, - port = port, - interface = config.get("*", "core", option.."_interface") - or cl.get(listener).default_interface - or config.get("*", "core", "interface"), - type = conntype - }); - end - end + if config.get("*", "core", "ports") then + prosody.net_activate_ports(nil, "multiplex", {5222, 5269}); + if config.get("*", "core", "ssl_ports") then + prosody.net_activate_ports("ssl", "multiplex", {5223}, "ssl"); end + else + prosody.net_activate_ports("c2s", "xmppclient", {5222}); + prosody.net_activate_ports("s2s", "xmppserver", {5269}); + prosody.net_activate_ports("component", "xmppcomponent", {5347}, "tcp"); + prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); end - prosody.net_activate_ports("c2s", "xmppclient", {5222}, (global_ssl_ctx and "tls") or "tcp"); - prosody.net_activate_ports("s2s", "xmppserver", {5269}, (global_ssl_ctx and "tls") or "tcp"); - prosody.net_activate_ports("component", "xmppcomponent", {}, "tcp"); - prosody.net_activate_ports("legacy_ssl", "xmppclient", {}, "ssl"); - prosody.net_activate_ports("console", "console", {5582}, "tcp"); - prosody.start_time = os.time(); end function init_global_protection() - -- Catch global accesses -- - local locked_globals_mt = { __index = function (t, k) error("Attempt to read a non-existent global '"..k.."'", 2); end, __newindex = function (t, k, v) error("Attempt to set a global: "..tostring(k).." = "..tostring(v), 2); end } + -- Catch global accesses + local locked_globals_mt = { + __index = function (t, k) log("warn", "%s", debug.traceback("Attempt to read a non-existent global '"..tostring(k).."'", 2)); end; + __newindex = function (t, k, v) error("Attempt to set a global: "..tostring(k).." = "..tostring(v), 2); end; + }; function prosody.unlock_globals() setmetatable(_G, nil); @@ -282,7 +346,7 @@ end function loop() -- Error handler for errors that make it this far local function catch_uncaught_error(err) - if type(err) == "string" and err:match("%d*: interrupted!$") then + if type(err) == "string" and err:match("interrupted!$") then return "quitting"; end @@ -342,6 +406,7 @@ function cleanup() server.setquitting(true); end +-- Are you ready? :) read_config(); load_libraries(); init_global_state(); diff --git a/prosody.cfg.lua.dist b/prosody.cfg.lua.dist index d660a9bd..de07d7c5 100644 --- a/prosody.cfg.lua.dist +++ b/prosody.cfg.lua.dist @@ -1,38 +1,38 @@ --- Prosody Example Configuration File +-- Prosody Example Configuration File -- --- If it wasn't already obvious, -- starts a comment, and all +-- If it wasn't already obvious, -- starts a comment, and all -- text after it on a line is ignored by Prosody. -- --- The config is split into sections, a global section, and one --- for each defined host that we serve. You can add as many host +-- The config is split into sections, a global section, and one +-- for each defined host that we serve. You can add as many host -- sections as you like. -- --- Lists are written { "like", "this", "one" } --- Lists can also be of { 1, 2, 3 } numbers, and other things. +-- Lists are written { "like", "this", "one" } +-- Lists can also be of { 1, 2, 3 } numbers, and other things. -- Either commas, or semi-colons; may be used -- as seperators. -- --- A table is a list of values, except each value has a name. An +-- A table is a list of values, except each value has a name. An -- example table would be: -- -- ssl = { key = "keyfile.key", certificate = "certificate.cert" } -- --- Whitespace (that is tabs, spaces, line breaks) is mostly insignificant, so --- can +-- Whitespace (that is tabs, spaces, line breaks) is mostly insignificant, so +-- can -- be placed anywhere that you deem fitting. -- -- Tip: You can check that the syntax of this file is correct when you have finished -- by running: luac -p prosody.cfg.lua --- If there are any errors, it will let you know what and where they are, otherwise it +-- If there are any errors, it will let you know what and where they are, otherwise it -- will keep quiet. -- --- The only thing left to do is rename this file to remove the .dist ending, and fill in the +-- The only thing left to do is rename this file to remove the .dist ending, and fill in the -- blanks. Good luck, and happy Jabbering! -- Server-wide settings go in this section Host "*" - -- This is a (by default, empty) list of accounts that are admins + -- This is a (by default, empty) list of accounts that are admins -- for the server. Note that you must create the accounts separately -- (see http://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } @@ -63,7 +63,7 @@ Host "*" -- Other specific functionality --"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - --"console"; -- telnet to port 5582 (needs console_enabled = true) + --"console"; -- Opens admin telnet interface on localhost port 5582 --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"httpserver"; -- Serve static files from a directory over HTTP }; @@ -83,7 +83,7 @@ Host "*" -- These are the SSL/TLS-related settings. If you don't want -- to use SSL/TLS, you may comment or remove this - ssl = { + ssl = { key = "certs/localhost.key"; certificate = "certs/localhost.cert"; } @@ -101,7 +101,7 @@ Host "example.com" -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. - ssl = { + ssl = { key = "certs/example.com.key"; certificate = "certs/example.com.crt"; } @@ -29,8 +29,11 @@ if CFG_DATADIR then end end --- Required to be able to find packages installed with luarocks -pcall(require, "luarocks.require") +require "core.loggingmanager" + +if not require "util.dependencies".check_dependencies() then + os.exit(1); +end config = require "core.configmanager" @@ -60,13 +63,15 @@ do end end +prosody = { hosts = {}, events = events, platform = "posix" }; + local data_path = config.get("*", "core", "data_path") or CFG_DATADIR or "data"; require "util.datamanager".set_data_path(data_path); -- Switch away from root and into the prosody user -- local switched_user, current_uid; -local want_pposix_version = "0.3.1"; +local want_pposix_version = "0.3.3"; local ok, pposix = pcall(require, "util.pposix"); if ok and pposix then @@ -89,6 +94,9 @@ if ok and pposix then print("Warning: Couldn't switch to Prosody user/group '"..tostring(desired_user).."'/'"..tostring(desired_group).."': "..tostring(err)); end end + + -- Set our umask to protect data files + pposix.umask(config.get("*", "core", "umask") or "027"); else print("Error: Unable to load pposix module. Check that Prosody is installed correctly.") print("For more help send the below error to us through http://prosody.im/discuss"); @@ -108,8 +116,7 @@ local error_messages = setmetatable({ local events = require "util.events".new(); -hosts = {}; -prosody = { hosts = hosts, events = events }; +hosts = prosody.hosts; for hostname, config in pairs(config.getconfig()) do hosts[hostname] = { events = events }; @@ -137,18 +144,33 @@ function show_usage(usage, desc) end local function getchar(n) - os.execute("stty raw -echo"); - local ok, char = pcall(io.read, n or 1); - os.execute("stty sane"); + local stty_ret = os.execute("stty raw -echo 2>/dev/null"); + local ok, char; + if stty_ret == 0 then + ok, char = pcall(io.read, n or 1); + os.execute("stty sane"); + else + ok, char = pcall(io.read, "*l"); + if ok then + char = char:sub(1, n or 1); + end + end if ok then return char; end end local function getpass() - os.execute("stty -echo"); + local stty_ret = os.execute("stty -echo 2>/dev/null"); + if stty_ret ~= 0 then + io.write("\027[08m"); -- ANSI 'hidden' text attribute + end local ok, pass = pcall(io.read, "*l"); - os.execute("stty sane"); + if stty_ret == 0 then + os.execute("stty sane"); + else + io.write("\027[00m"); + end io.write("\n"); if ok then return pass; @@ -317,21 +339,23 @@ function commands.start(arg) local ok, ret = prosodyctl.start(); if ok then - local i=1; - while true do - local ok, running = prosodyctl.isrunning(); - if ok and running then - break; - elseif i == 5 then - show_message("Still waiting..."); - elseif i >= prosodyctl_timeout then - show_message("Prosody is still not running. Please give it some time or check your log files for errors."); - return 2; + if config.get("*", "core", "daemonize") ~= false then + local i=1; + while true do + local ok, running = prosodyctl.isrunning(); + if ok and running then + break; + elseif i == 5 then + show_message("Still waiting..."); + elseif i >= prosodyctl_timeout then + show_message("Prosody is still not running. Please give it some time or check your log files for errors."); + return 2; + end + socket.sleep(0.5); + i = i + 1; end - socket.sleep(0.5); - i = i + 1; + show_message("Started"); end - show_message("Started"); return 0; end @@ -462,6 +486,32 @@ function commands.unregister(arg) return 1; end +local http_errors = { + [404] = "Plugin not found, did you type the address correctly?" + }; + +function commands.addplugin(arg) + local url = arg[1]; + if url:match("^http://") then + local http = require "socket.http"; + show_message("Fetching..."); + local code, err = http.request(url); + if not code or not tostring(err):match("^[23]") then + show_message("Failed: "..(http_errors[err] or ("HTTP error "..err))); + return 1; + end + if url:match("%.lua$") then + local ok, err = datamanager.store(url:match("/mod_([^/]+)$"), "*", "plugins", {code}); + if not ok then + show_message("Failed to save to data store: "..err); + return 1; + end + end + show_message("Saved. Don't forget to load the module using the config file or admin console!"); + else + show_message("Sorry, I don't understand how to fetch plugins from there."); + end +end --------------------- diff --git a/tests/modulemanager_option_conversion.lua b/tests/modulemanager_option_conversion.lua new file mode 100644 index 00000000..7dceeaed --- /dev/null +++ b/tests/modulemanager_option_conversion.lua @@ -0,0 +1,55 @@ +package.path = "../?.lua;"..package.path; + +local api = require "core.modulemanager".api; + +local module = setmetatable({}, {__index = api}); +local opt = nil; +function module:log() end +function module:get_option(name) + if name == "opt" then + return opt; + else + return nil; + end +end + +function test_value(value, returns) + opt = value; + assert(module:get_option_number("opt") == returns.number, "number doesn't match"); + assert(module:get_option_string("opt") == returns.string, "string doesn't match"); + assert(module:get_option_boolean("opt") == returns.boolean, "boolean doesn't match"); + + if type(returns.array) == "table" then + local target_array, returned_array = returns.array, module:get_option_array("opt"); + assert(#target_array == #returned_array, "array length doesn't match"); + for i=1,#target_array do + assert(target_array[i] == returned_array[i], "array item doesn't match"); + end + else + assert(module:get_option_array("opt") == returns.array, "array is returned (not nil)"); + end + + if type(returns.set) == "table" then + local target_items, returned_items = set.new(returns.set), module:get_option_set("opt"); + assert(target_items == returned_items, "set doesn't match"); + else + assert(module:get_option_set("opt") == returns.set, "set is returned (not nil)"); + end +end + +test_value(nil, {}); + +test_value(true, { boolean = true, string = "true", array = {true}, set = {true} }); +test_value(false, { boolean = false, string = "false", array = {false}, set = {false} }); +test_value("true", { boolean = true, string = "true", array = {"true"}, set = {"true"} }); +test_value("false", { boolean = false, string = "false", array = {"false"}, set = {"false"} }); +test_value(1, { boolean = true, string = "1", array = {1}, set = {1}, number = 1 }); +test_value(0, { boolean = false, string = "0", array = {0}, set = {0}, number = 0 }); + +test_value("hello world", { string = "hello world", array = {"hello world"}, set = {"hello world"} }); +test_value(1234, { string = "1234", number = 1234, array = {1234}, set = {1234} }); + +test_value({1, 2, 3}, { boolean = true, string = "1", number = 1, array = {1, 2, 3}, set = {1, 2, 3} }); +test_value({1, 2, 3, 3, 4}, {boolean = true, string = "1", number = 1, array = {1, 2, 3, 3, 4}, set = {1, 2, 3, 4} }); +test_value({0, 1, 2, 3}, { boolean = false, string = "0", number = 0, array = {0, 1, 2, 3}, set = {0, 1, 2, 3} }); + diff --git a/tests/test.lua b/tests/test.lua index f5976a02..b71ccc1f 100644 --- a/tests/test.lua +++ b/tests/test.lua @@ -16,7 +16,7 @@ function run_all_tests() dotest "core.s2smanager" dotest "core.configmanager" dotest "util.stanza" - + dosingletest("test_sasl.lua", "latin1toutf8"); end @@ -106,7 +106,9 @@ function dosingletest(testname, fname) end function dotest(unitname) - local tests = setmetatable({}, { __index = _realG }); + local _fakeG = setmetatable({}, {__index = _realG}); + _fakeG._G = _fakeG; + local tests = setmetatable({}, { __index = _fakeG }); tests.__unit = unitname; local chunk, err = loadfile("test_"..unitname:gsub("%.", "_")..".lua"); if not chunk then @@ -120,19 +122,20 @@ function dotest(unitname) print("WARNING: ", "Failed to initialise tests for "..unitname, err); return; end - if tests.env then setmetatable(tests.env, { __index = _realG }); end - local unit = setmetatable({}, { __index = setmetatable({ _G = tests.env or _G }, { __index = tests.env or _G }) }); - unit._G = unit; _realG._G = unit; + local unit = setmetatable({}, { __index = setmetatable({ _G = tests.env or _fakeG }, { __index = tests.env or _fakeG }) }); local fn = "../"..unitname:gsub("%.", "/")..".lua"; local chunk, err = loadfile(fn); if not chunk then print("WARNING: ", "Failed to load module: "..unitname, err); return; end - + + local oldmodule, old_M = _fakeG.module, _fakeG._M; + _fakeG.module = function () _M = _G end setfenv(chunk, unit); local success, err = pcall(chunk); + _fakeG.module, _fakeG._M = oldmodule, old_M; if not success then print("WARNING: ", "Failed to initialise module: "..unitname, err); return; @@ -149,6 +152,9 @@ function dotest(unitname) print("WARNING: ", unitname.."."..name.." has no test!"); end else + if verbosity >= 4 then + print("INFO: ", "Testing "..unitname.."."..name); + end local line_hook, line_info = new_line_coverage_monitor(fn); debug.sethook(line_hook, "l") local success, ret = pcall(test, f, unit); diff --git a/tests/test_util_jid.lua b/tests/test_util_jid.lua index fe6ec74e..f579e597 100644 --- a/tests/test_util_jid.lua +++ b/tests/test_util_jid.lua @@ -6,6 +6,16 @@ -- COPYING file in the source package for more information. -- +function join(join) + assert_equal(join("a", "b", "c"), "a@b/c", "builds full JID"); + assert_equal(join("a", "b", nil), "a@b", "builds bare JID"); + assert_equal(join(nil, "b", "c"), "b/c", "builds full host JID"); + assert_equal(join(nil, "b", nil), "b", "builds bare host JID"); + assert_equal(join(nil, nil, nil), nil, "invalid JID is nil"); + assert_equal(join("a", nil, nil), nil, "invalid JID is nil"); + assert_equal(join(nil, nil, "c"), nil, "invalid JID is nil"); + assert_equal(join("a", nil, "c"), nil, "invalid JID is nil"); +end function split(split) @@ -43,3 +53,4 @@ function bare(bare) assert_equal(bare("user@@host/resource"), nil, "invalid JID is nil"); assert_equal(bare("user@host/"), nil, "invalid JID is nil"); end + diff --git a/tools/xep227toprosody.lua b/tools/xep227toprosody.lua new file mode 100644 index 00000000..313b2194 --- /dev/null +++ b/tools/xep227toprosody.lua @@ -0,0 +1,261 @@ +#!/usr/bin/env lua +-- Prosody IM +-- Copyright (C) 2008-2009 Matthew Wild +-- Copyright (C) 2008-2009 Waqas Hussain +-- Copyright (C) 2010 Stefan Gehn +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +-- FIXME: XEP-0227 supports XInclude but luaexpat does not +-- +-- XEP-227 elements and their current level of support: +-- Hosts : supported +-- Users : supported +-- Rosters : supported, needs testing +-- Offline Messages : supported, needs testing +-- Private XML Storage : supported, needs testing +-- vCards : supported, needs testing +-- Privacy Lists: UNSUPPORTED +-- http://xmpp.org/extensions/xep-0227.html#privacy-lists +-- mod_privacy uses dm.load(username, host, "privacy"); and stores stanzas 1:1 +-- Incoming Subscription Requests : supported + +package.path = package.path..";../?.lua"; +package.cpath = package.cpath..";../?.so"; -- needed for util.pposix used in datamanager + +-- ugly workaround for getting datamanager to work outside of prosody :( +prosody = { }; +prosody.platform = "unknown"; +if os.getenv("WINDIR") then + prosody.platform = "windows"; +elseif package.config:sub(1,1) == "/" then + prosody.platform = "posix"; +end + +local lxp = require "lxp"; +local st = require "util.stanza"; +local init_xmlhandlers = require "core.xmlhandlers"; +local dm = require "util.datamanager" +dm.set_data_path("data"); + +local ns_separator = "\1"; +local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$"; +local ns_xep227 = "http://www.xmpp.org/extensions/xep-0227.html#ns"; + +----------------------------------------------------------------------- + +function store_vcard(username, host, stanza) + -- create or update vCard for username@host + local ret, err = dm.store(username, host, "vcard", st.preserialize(stanza)); + print("["..(err or "success").."] stored vCard: "..username.."@"..host); +end + +function store_password(username, host, password) + -- create or update account for username@host + local ret, err = dm.store(username, host, "accounts", {password = password}); + print("["..(err or "success").."] stored account: "..username.."@"..host.." = "..password); +end + +function store_roster(username, host, roster_items) + -- fetch current roster-table for username@host if he already has one + local roster = dm.load(username, host, "roster") or {}; + -- merge imported roster-items with loaded roster + for item_tag in roster_items:childtags() do + -- jid for this roster-item + local item_jid = item_tag.attr.jid + -- validate item stanzas + if (item_tag.name == "item") and (item_jid ~= "") then + -- prepare roster item + -- TODO: is the subscription attribute optional? + local item = {subscription = item_tag.attr.subscription, groups = {}}; + -- optional: give roster item a real name + if item_tag.attr.name then + item.name = item_tag.attr.name; + end + -- optional: iterate over group stanzas inside item stanza + for group_tag in item_tag:childtags() do + local group_name = group_tag:get_text(); + if (group_tag.name == "group") and (group_name ~= "") then + item.groups[group_name] = true; + else + print("[error] invalid group stanza: "..group_tag:pretty_print()); + end + end + -- store item in roster + roster[item_jid] = item; + print("[success] roster entry: " ..username.."@"..host.." - "..item_jid); + else + print("[error] invalid roster stanza: " ..item_tag:pretty_print()); + end + + end + -- store merged roster-table + local ret, err = dm.store(username, host, "roster", roster); + print("["..(err or "success").."] stored roster: " ..username.."@"..host); +end + +function store_private(username, host, private_items) + local private = dm.load(username, host, "private") or {}; + for ch in private_items:childtags() do + --print("private :"..ch:pretty_print()); + private[ch.name..":"..ch.attr.xmlns] = st.preserialize(ch); + print("[success] private item: " ..username.."@"..host.." - "..ch.name); + end + local ret, err = dm.store(username, host, "private", private); + print("["..(err or "success").."] stored private: " ..username.."@"..host); +end + +function store_offline_messages(username, host, offline_messages) + -- TODO: maybe use list_load(), append and list_store() instead + -- of constantly reopening the file with list_append()? + for ch in offline_messages:childtags() do + --print("message :"..ch:pretty_print()); + local ret, err = dm.list_append(username, host, "offline", st.preserialize(ch)); + print("["..(err or "success").."] stored offline message: " ..username.."@"..host.." - "..ch.attr.from); + end +end + + +function store_subscription_request(username, host, presence_stanza) + local from_bare = presence_stanza.attr.from; + + -- fetch current roster-table for username@host if he already has one + local roster = dm.load(username, host, "roster") or {}; + + local item = roster[from_bare]; + if item and (item.subscription == "from" or item.subscription == "both") then + return; -- already subscribed, do nothing + end + + -- add to table of pending subscriptions + if not roster.pending then roster.pending = {}; end + roster.pending[from_bare] = true; + + -- store updated roster-table + local ret, err = dm.store(username, host, "roster", roster); + print("["..(err or "success").."] stored subscription request: " ..username.."@"..host.." - "..from_bare); +end + +----------------------------------------------------------------------- + +local curr_host = ""; +local user_name = ""; + + +local cb = { + stream_tag = "user", + stream_ns = ns_xep227, +}; +function cb.streamopened(session, attr) + session.notopen = false; + user_name = attr.name; + store_password(user_name, curr_host, attr.password); +end +function cb.streamclosed(session) + session.notopen = true; + user_name = ""; +end +function cb.handlestanza(session, stanza) + --print("Parsed stanza "..stanza.name.." xmlns: "..(stanza.attr.xmlns or "")); + if (stanza.name == "vCard") and (stanza.attr.xmlns == "vcard-temp") then + store_vcard(user_name, curr_host, stanza); + elseif (stanza.name == "query") then + if (stanza.attr.xmlns == "jabber:iq:roster") then + store_roster(user_name, curr_host, stanza); + elseif (stanza.attr.xmlns == "jabber:iq:private") then + store_private(user_name, curr_host, stanza); + end + elseif (stanza.name == "offline-messages") then + store_offline_messages(user_name, curr_host, stanza); + elseif (stanza.name == "presence") and (stanza.attr.xmlns == "jabber:client") then + store_subscription_request(user_name, curr_host, stanza); + else + print("UNHANDLED stanza "..stanza.name.." xmlns: "..(stanza.attr.xmlns or "")); + end +end + +local user_handlers = init_xmlhandlers({ notopen = true, }, cb); + +----------------------------------------------------------------------- + +local lxp_handlers = { + --count = 0 +}; + +-- TODO: error handling for invalid opening elements if curr_host is empty +function lxp_handlers.StartElement(parser, elementname, attributes) + local curr_ns, name = elementname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + --io.write("+ ", string.rep(" ", count), name, " (", curr_ns, ")", "\n") + --count = count + 1; + if curr_host ~= "" then + -- forward to xmlhandlers + user_handlers:StartElement(elementname, attributes); + elseif (curr_ns == ns_xep227) and (name == "host") then + curr_host = attributes["jid"]; -- start of host element + print("Begin parsing host "..curr_host); + elseif (curr_ns ~= ns_xep227) or (name ~= "server-data") then + io.stderr:write("Unhandled XML element: ", name, "\n"); + os.exit(1); + end +end + +-- TODO: error handling for invalid closing elements if host is empty +function lxp_handlers.EndElement(parser, elementname) + local curr_ns, name = elementname:match(ns_pattern); + if name == "" then + curr_ns, name = "", curr_ns; + end + --count = count - 1; + --io.write("- ", string.rep(" ", count), name, " (", curr_ns, ")", "\n") + if curr_host ~= "" then + if (curr_ns == ns_xep227) and (name == "host") then + print("End parsing host "..curr_host); + curr_host = "" -- end of host element + else + -- forward to xmlhandlers + user_handlers:EndElement(elementname); + end + elseif (curr_ns ~= ns_xep227) or (name ~= "server-data") then + io.stderr:write("Unhandled XML element: ", name, "\n"); + os.exit(1); + end +end + +function lxp_handlers.CharacterData(parser, string) + if curr_host ~= "" then + -- forward to xmlhandlers + user_handlers:CharacterData(string); + end +end + +----------------------------------------------------------------------- + +local arg = ...; +local help = "/? -? ? /h -h /help -help --help"; +if not arg or help:find(arg, 1, true) then + print([[XEP-227 importer for Prosody + + Usage: xep227toprosody.lua filename.xml + +]]); + os.exit(1); +end + +local file = io.open(arg); +if not file then + io.stderr:write("Could not open file: ", arg, "\n"); + os.exit(0); +end + +local parser = lxp.new(lxp_handlers, ns_separator); +for l in file:lines() do + parser:parse(l); +end +parser:parse(); +parser:close(); +file:close(); diff --git a/util-src/Makefile b/util-src/Makefile index 6cee457b..4b2606dc 100644 --- a/util-src/Makefile +++ b/util-src/Makefile @@ -9,43 +9,21 @@ OPENSSL_LIB?=crypto CC?=gcc LD?=gcc +.SUFFIXES: .c .o .so + +.c.o: + $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o $@ $< + +.o.so: + MACOSX_DEPLOYMENT_TARGET="10.3"; export MACOSX_DEPLOYMENT_TARGET; + $(LD) $(LDFLAGS) -o $@ $< -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn -lcrypto all: encodings.so hashes.so pposix.so signal.so install: encodings.so hashes.so pposix.so signal.so install *.so ../util/ - clean: rm -f *.o rm -f *.so rm -f ../util/*.so - -encodings.o: encodings.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o encodings.o encodings.c -encodings.so: encodings.o - MACOSX_DEPLOYMENT_TARGET="10.3"; export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o encodings.so encodings.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lidn - - -hashes.o: hashes.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o hashes.o hashes.c -hashes.so: hashes.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o hashes.so hashes.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) -lcrypto - -pposix.o: pposix.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o pposix.o pposix.c -pposix.so: pposix.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o pposix.so pposix.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) - -lsignal.o: lsignal.c - $(CC) $(CFLAGS) -I$(LUA_INCDIR) -c -o lsignal.o lsignal.c -signal.so: lsignal.o - MACOSX_DEPLOYMENT_TARGET="10.3"; - export MACOSX_DEPLOYMENT_TARGET; - $(LD) $(LFLAGS) -o signal.so lsignal.o -L$(LUA_LIBDIR) -llua$(LUA_SUFFIX) - diff --git a/util-src/pposix.c b/util-src/pposix.c index 94086ed6..8c1dbcc6 100644 --- a/util-src/pposix.c +++ b/util-src/pposix.c @@ -2,7 +2,7 @@ -- Copyright (C) 2008-2009 Matthew Wild -- Copyright (C) 2008-2009 Waqas Hussain -- Copyright (C) 2009 Tobias Markmann --- +-- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- @@ -13,9 +13,10 @@ * POSIX support functions for Lua */ -#define MODULE_VERSION "0.3.1" +#define MODULE_VERSION "0.3.3" #include <stdlib.h> +#include <math.h> #include <unistd.h> #include <libgen.h> #include <sys/resource.h> @@ -38,14 +39,14 @@ static int lc_daemonize(lua_State *L) { pid_t pid; - + if ( getppid() == 1 ) { lua_pushboolean(L, 0); lua_pushstring(L, "already-daemonized"); return 2; } - + /* Attempt initial fork */ if((pid = fork()) < 0) { @@ -61,7 +62,7 @@ static int lc_daemonize(lua_State *L) lua_pushnumber(L, pid); return 2; } - + /* and we are the child process */ if(setsid() == -1) { @@ -150,7 +151,7 @@ int facility_constants[] = { exist, the results are undefined. Most portable is to use a string constant. " -- syslog manpage -*/ +*/ char* syslog_ident = NULL; int lc_syslog_open(lua_State* L) @@ -159,12 +160,12 @@ int lc_syslog_open(lua_State* L) facility = facility_constants[facility]; luaL_checkstring(L, 1); - + if(syslog_ident) free(syslog_ident); - + syslog_ident = strdup(lua_tostring(L, 1)); - + openlog(syslog_ident, LOG_PID, facility); return 0; } @@ -264,7 +265,7 @@ int lc_setuid(lua_State* L) { uid = lua_tonumber(L, 1); } - + if(uid>-1) { /* Ok, attempt setuid */ @@ -293,7 +294,7 @@ int lc_setuid(lua_State* L) return 1; } } - + /* Seems we couldn't find a valid UID to switch to */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-uid"); @@ -322,7 +323,7 @@ int lc_setgid(lua_State* L) { gid = lua_tonumber(L, 1); } - + if(gid>-1) { /* Ok, attempt setgid */ @@ -351,20 +352,47 @@ int lc_setgid(lua_State* L) return 1; } } - + /* Seems we couldn't find a valid GID to switch to */ lua_pushboolean(L, 0); lua_pushstring(L, "invalid-gid"); return 2; } +int lc_umask(lua_State* L) +{ + char old_mode_string[7]; + mode_t old_mode = umask(strtoul(luaL_checkstring(L, 1), NULL, 8)); + + snprintf(old_mode_string, sizeof(old_mode_string), "%03o", old_mode); + old_mode_string[sizeof(old_mode_string)-1] = 0; + lua_pushstring(L, old_mode_string); + + return 1; +} + +int lc_mkdir(lua_State* L) +{ + int ret = mkdir(luaL_checkstring(L, 1), S_IRUSR | S_IWUSR | S_IXUSR + | S_IRGRP | S_IWGRP | S_IXGRP + | S_IROTH | S_IXOTH); /* mode 775 */ + + lua_pushboolean(L, ret==0); + if(ret) + { + lua_pushstring(L, strerror(errno)); + return 2; + } + return 1; +} + /* Like POSIX's setrlimit()/getrlimit() API functions. - * + * * Syntax: * pposix.setrlimit( resource, soft limit, hard limit) - * + * * Any negative limit will be replace with the current limit by an additional call of getrlimit(). - * + * * Example usage: * pposix.setrlimit("NOFILE", 1000, 2000) */ @@ -393,16 +421,16 @@ int lc_setrlimit(lua_State *L) { lua_pushboolean(L, 0); lua_pushstring(L, "incorrect-arguments"); } - + resource = luaL_checkstring(L, 1); softlimit = luaL_checkinteger(L, 2); hardlimit = luaL_checkinteger(L, 3); - + rid = string2resource(resource); if (rid != -1) { struct rlimit lim; struct rlimit lim_current; - + if (softlimit < 0 || hardlimit < 0) { if (getrlimit(rid, &lim_current)) { lua_pushboolean(L, 0); @@ -410,12 +438,12 @@ int lc_setrlimit(lua_State *L) { return 2; } } - + if (softlimit < 0) lim.rlim_cur = lim_current.rlim_cur; else lim.rlim_cur = softlimit; if (hardlimit < 0) lim.rlim_max = lim_current.rlim_max; else lim.rlim_max = hardlimit; - + if (setrlimit(rid, &lim)) { lua_pushboolean(L, 0); lua_pushstring(L, "setrlimit-failed"); @@ -436,13 +464,13 @@ int lc_getrlimit(lua_State *L) { const char *resource = NULL; int rid = -1; struct rlimit lim; - + if (arguments != 1) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid-arguments"); return 2; } - + resource = luaL_checkstring(L, 1); rid = string2resource(resource); if (rid != -1) { @@ -463,59 +491,50 @@ int lc_getrlimit(lua_State *L) { return 3; } -void lc_abort(lua_State* L) +int lc_abort(lua_State* L) { abort(); + return 0; } /* Register functions */ int luaopen_util_pposix(lua_State *L) { - lua_newtable(L); + luaL_Reg exports[] = { + { "abort", lc_abort }, - lua_pushcfunction(L, lc_abort); - lua_setfield(L, -2, "abort"); + { "daemonize", lc_daemonize }, - lua_pushcfunction(L, lc_daemonize); - lua_setfield(L, -2, "daemonize"); + { "syslog_open", lc_syslog_open }, + { "syslog_close", lc_syslog_close }, + { "syslog_log", lc_syslog_log }, + { "syslog_setminlevel", lc_syslog_setmask }, - lua_pushcfunction(L, lc_syslog_open); - lua_setfield(L, -2, "syslog_open"); + { "getpid", lc_getpid }, + { "getuid", lc_getuid }, + { "getgid", lc_getgid }, - lua_pushcfunction(L, lc_syslog_close); - lua_setfield(L, -2, "syslog_close"); + { "setuid", lc_setuid }, + { "setgid", lc_setgid }, - lua_pushcfunction(L, lc_syslog_log); - lua_setfield(L, -2, "syslog_log"); + { "umask", lc_umask }, - lua_pushcfunction(L, lc_syslog_setmask); - lua_setfield(L, -2, "syslog_setminlevel"); + { "mkdir", lc_mkdir }, - lua_pushcfunction(L, lc_getpid); - lua_setfield(L, -2, "getpid"); + { "setrlimit", lc_setrlimit }, + { "getrlimit", lc_getrlimit }, - lua_pushcfunction(L, lc_getuid); - lua_setfield(L, -2, "getuid"); - lua_pushcfunction(L, lc_getgid); - lua_setfield(L, -2, "getgid"); + { NULL, NULL } + }; - lua_pushcfunction(L, lc_setuid); - lua_setfield(L, -2, "setuid"); - lua_pushcfunction(L, lc_setgid); - lua_setfield(L, -2, "setgid"); - - lua_pushcfunction(L, lc_setrlimit); - lua_setfield(L, -2, "setrlimit"); - - lua_pushcfunction(L, lc_getrlimit); - lua_setfield(L, -2, "getrlimit"); + luaL_register(L, "pposix", exports); lua_pushliteral(L, "pposix"); lua_setfield(L, -2, "_NAME"); lua_pushliteral(L, MODULE_VERSION); lua_setfield(L, -2, "_VERSION"); - + return 1; }; diff --git a/util-src/lsignal.c b/util-src/signal.c index 80799e4a..2d13383f 100644 --- a/util-src/lsignal.c +++ b/util-src/signal.c @@ -1,9 +1,9 @@ /* - * lsignal.h -- Signal Handler Library for Lua + * signal.c -- Signal Handler Library for Lua * - * Version: 1.000 + * Version: 1.000+changes * - * Copyright (C) 2007 Patrick J. Donnelly (batrick@unm.edu) + * Copyright (C) 2007 Patrick J. Donnelly (batrick@batbytes.com) * * This software is distributed under the same license as Lua 5.0: * @@ -27,6 +27,7 @@ */ #include <signal.h> +#include <stdlib.h> #include "lua.h" #include "lauxlib.h" @@ -149,43 +150,67 @@ static const struct lua_signal lua_signals[] = { {NULL, 0} }; -static int Nsig = 0; static lua_State *Lsig = NULL; static lua_Hook Hsig = NULL; static int Hmask = 0; static int Hcount = 0; +static struct signal_event +{ + int Nsig; + struct signal_event *next_event; +} *signal_queue = NULL; + +static struct signal_event *last_event = NULL; + static void sighook(lua_State *L, lua_Debug *ar) { + /* restore the old hook */ + lua_sethook(L, Hsig, Hmask, Hcount); + lua_pushstring(L, LUA_SIGNAL); lua_gettable(L, LUA_REGISTRYINDEX); - lua_pushnumber(L, Nsig); - lua_gettable(L, -2); - lua_call(L, 0, 0); + struct signal_event *event; + while((event = signal_queue)) + { + lua_pushnumber(L, event->Nsig); + lua_gettable(L, -2); + lua_call(L, 0, 0); + signal_queue = event->next_event; + free(event); + }; + + lua_pop(L, 1); /* pop lua_signal table */ - /* set the old hook */ - lua_sethook(L, Hsig, Hmask, Hcount); } static void handle(int sig) { - Hsig = lua_gethook(Lsig); - Hmask = lua_gethookmask(Lsig); - Hcount = lua_gethookcount(Lsig); - Nsig = sig; - - lua_sethook(Lsig, sighook, LUA_MASKCALL | LUA_MASKRET | LUA_MASKCOUNT, 1); - /* - switch (sig) + if(!signal_queue) + { + /* Store the existing debug hook (if any) and its parameters */ + Hsig = lua_gethook(Lsig); + Hmask = lua_gethookmask(Lsig); + Hcount = lua_gethookcount(Lsig); + + signal_queue = malloc(sizeof(struct signal_event)); + signal_queue->Nsig = sig; + signal_queue->next_event = NULL; + + last_event = signal_queue; + + /* Set our new debug hook */ + lua_sethook(Lsig, sighook, LUA_MASKCALL | LUA_MASKRET | LUA_MASKCOUNT, 1); + } + else { - case SIGABRT: ; - case SIGFPE: ; - case SIGILL: ; - case SIGINT: ; - case SIGSEGV: ; - case SIGTERM: ; - } */ + last_event->next_event = malloc(sizeof(struct signal_event)); + last_event->next_event->Nsig = sig; + last_event->next_event->next_event = NULL; + + last_event = last_event->next_event; + } } /* @@ -348,7 +373,7 @@ static int l_kill(lua_State *L) static const struct luaL_Reg lsignal_lib[] = { {"signal", l_signal}, {"raise", l_raise}, -#ifdef _POSIX_SOURCE +#if defined _POSIX_SOURCE || (defined(sun) || defined(__sun)) {"kill", l_kill}, #endif {NULL, NULL} diff --git a/util/dataforms.lua b/util/dataforms.lua index 5626172e..56671347 100644 --- a/util/dataforms.lua +++ b/util/dataforms.lua @@ -23,8 +23,8 @@ function new(layout) return setmetatable(layout, form_mt); end -function form_t.form(layout, data) - local form = st.stanza("x", { xmlns = xmlns_forms, type = "form" }); +function form_t.form(layout, data, formtype) + local form = st.stanza("x", { xmlns = xmlns_forms, type = formtype or "form" }); if layout.title then form:tag("title"):text(layout.title):up(); end @@ -93,7 +93,13 @@ function form_t.data(layout, stanza) local data = {}; for field_tag in stanza:childtags() do - local field_type = field_tag.attr.type; + local field_type; + for n, field in ipairs(layout) do + if field.name == field_tag.attr.var then + field_type = field.type; + break; + end + end local reader = field_readers[field_type]; if reader then diff --git a/util/datamanager.lua b/util/datamanager.lua index 4d07d6cc..a2da0aa3 100644 --- a/util/datamanager.lua +++ b/util/datamanager.lua @@ -15,19 +15,25 @@ local loadfile, setfenv, pcall = loadfile, setfenv, pcall; local log = require "util.logger".init("datamanager"); local io_open = io.open; local os_remove = os.remove; -local io_popen = io.popen; local tostring, tonumber = tostring, tonumber; local error = error; local next = next; local t_insert = table.insert; local append = require "util.serialization".append; local path_separator = "/"; if os.getenv("WINDIR") then path_separator = "\\" end +local raw_mkdir; + +if prosody.platform == "posix" then + raw_mkdir = require "util.pposix".mkdir; -- Doesn't trample on umask +else + raw_mkdir = require "lfs".mkdir; +end module "datamanager" ---- utils ----- local encode, decode; -do +do local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = char(tonumber("0x"..k)); return t[k]; end }); decode = function (s) @@ -43,7 +49,7 @@ local _mkdir = {}; local function mkdir(path) path = path:gsub("/", path_separator); -- TODO as an optimization, do this during path creation rather than here if not _mkdir[path] then - local x = io_popen("mkdir \""..path.."\" 2>&1"):read("*a"); + raw_mkdir(path); _mkdir[path] = true; end return path; @@ -88,7 +94,7 @@ end function getpath(username, host, datastore, ext, create) ext = ext or "dat"; - host = host and encode(host); + host = (host and encode(host)) or "_global"; username = username and encode(username); if username then if create then mkdir(mkdir(mkdir(data_path).."/"..host).."/"..datastore); end diff --git a/util/dependencies.lua b/util/dependencies.lua index 5b07072f..baa0cee2 100644 --- a/util/dependencies.lua +++ b/util/dependencies.lua @@ -6,19 +6,27 @@ -- COPYING file in the source package for more information. -- +module("dependencies", package.seeall) -local fatal; +function softreq(...) local ok, lib = pcall(require, ...); if ok then return lib; else return nil, lib; end end -local function softreq(...) local ok, lib = pcall(require, ...); if ok then return lib; else return nil, lib; end end +-- Required to be able to find packages installed with luarocks +if not softreq "luarocks.loader" then -- LuaRocks 2.x + softreq "luarocks.require"; -- LuaRocks <1.x +end -local function missingdep(name, sources, msg) +function missingdep(name, sources, msg) print(""); print("**************************"); print("Prosody was unable to find "..tostring(name)); print("This package can be obtained in the following ways:"); print(""); - for k,v in pairs(sources) do - print("", k, v); + local longest_platform = 0; + for platform in pairs(sources) do + longest_platform = math.max(longest_platform, #platform); + end + for platform, source in pairs(sources) do + print("", platform..":"..(" "):rep(4+longest_platform-#platform)..source); end print(""); print(msg or (name.." is required for Prosody to run, so we will now exit.")); @@ -27,62 +35,91 @@ local function missingdep(name, sources, msg) print(""); end -local lxp = softreq "lxp" - -if not lxp then - missingdep("luaexpat", { ["Ubuntu 8.04 (Hardy)"] = "sudo apt-get install liblua5.1-expat0"; ["luarocks"] = "luarocks install luaexpat"; }); - fatal = true; -end - -local socket = softreq "socket" - -if not socket then - missingdep("luasocket", { ["Ubuntu 8.04 (Hardy)"] = "sudo apt-get install liblua5.1-socket2"; ["luarocks"] = "luarocks install luasocket"; }); - fatal = true; -end +function check_dependencies() + local fatal; -local ssl = softreq "ssl" - -if not ssl then - if config.get("*", "core", "run_without_ssl") then - log("warn", "Running without SSL support because run_without_ssl is defined in the config"); - else - missingdep("LuaSec", { ["Source"] = "http://www.inf.puc-rio.br/~brunoos/luasec/" }, "SSL/TLS support will not be available"); + local lxp = softreq "lxp" + + if not lxp then + missingdep("luaexpat", { + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-expat0"; + ["luarocks"] = "luarocks install luaexpat"; + ["Source"] = "http://www.keplerproject.org/luaexpat/"; + }); + fatal = true; end -end - -local encodings, err = softreq "util.encodings" -if not encodings then - if err:match("not found") then - missingdep("util.encodings", { ["Windows"] = "Make sure you have encodings.dll from the Prosody distribution in util/"; - ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/encodings.so"; - }); + + local socket = softreq "socket" + + if not socket then + missingdep("luasocket", { + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-socket2"; + ["luarocks"] = "luarocks install luasocket"; + ["Source"] = "http://www.tecgraf.puc-rio.br/~diego/professional/luasocket/"; + }); + fatal = true; + end + + local lfs, err = softreq "lfs" + if not lfs then + missingdep("luafilesystem", { + ["luarocks"] = "luarocks install luafilesystem"; + ["Debian/Ubuntu"] = "sudo apt-get install liblua5.1-filesystem0"; + ["Source"] = "http://www.keplerproject.org/luafilesystem/"; + }); + fatal = true; + end + + local ssl = softreq "ssl" + + if not ssl then + missingdep("LuaSec", { + ["Debian/Ubuntu"] = "http://prosody.im/download/start#debian_and_ubuntu"; + ["luarocks"] = "luarocks install luasec"; + ["Source"] = "http://www.inf.puc-rio.br/~brunoos/luasec/"; + }, "SSL/TLS support will not be available"); else - print "***********************************" - print("util/encodings couldn't be loaded. Check that you have a recent version of libidn"); - print "" - print("The full error was:"); - print(err) - print "***********************************" + local major, minor, veryminor, patched = ssl._VERSION:match("(%d+)%.(%d+)%.?(%d*)(M?)"); + if not major or ((tonumber(major) == 0 and (tonumber(minor) or 0) <= 3 and (tonumber(veryminor) or 0) <= 2) and patched ~= "M") then + log("error", "This version of LuaSec contains a known bug that causes disconnects, see http://prosody.im/doc/depends"); + end + end + + local encodings, err = softreq "util.encodings" + if not encodings then + if err:match("not found") then + missingdep("util.encodings", { ["Windows"] = "Make sure you have encodings.dll from the Prosody distribution in util/"; + ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/encodings.so"; + }); + else + print "***********************************" + print("util/encodings couldn't be loaded. Check that you have a recent version of libidn"); + print "" + print("The full error was:"); + print(err) + print "***********************************" + end + fatal = true; end - fatal = true; -end -local hashes, err = softreq "util.hashes" -if not hashes then - if err:match("not found") then - missingdep("util.hashes", { ["Windows"] = "Make sure you have hashes.dll from the Prosody distribution in util/"; - ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/hashes.so"; - }); - else - print "***********************************" - print("util/hashes couldn't be loaded. Check that you have a recent version of OpenSSL (libcrypto in particular)"); - print "" - print("The full error was:"); - print(err) - print "***********************************" + local hashes, err = softreq "util.hashes" + if not hashes then + if err:match("not found") then + missingdep("util.hashes", { ["Windows"] = "Make sure you have hashes.dll from the Prosody distribution in util/"; + ["GNU/Linux"] = "Run './configure' and 'make' in the Prosody source directory to build util/hashes.so"; + }); + else + print "***********************************" + print("util/hashes couldn't be loaded. Check that you have a recent version of OpenSSL (libcrypto in particular)"); + print "" + print("The full error was:"); + print(err) + print "***********************************" + end + fatal = true; end - fatal = true; + return not fatal; end -if fatal then os.exit(1); end + +return _M; diff --git a/util/events.lua b/util/events.lua index a1edd496..ef8fc30a 100644 --- a/util/events.lua +++ b/util/events.lua @@ -47,13 +47,13 @@ function new() _rebuild_index(event); end end; - local function add_plugin(plugin) - for event, handler in pairs(plugin) do + local function add_handlers(handlers) + for event, handler in pairs(handlers) do add_handler(event, handler); end end; - local function remove_plugin(plugin) - for event, handler in pairs(plugin) do + local function remove_handlers(handlers) + for event, handler in pairs(handlers) do remove_handler(event, handler); end end; diff --git a/util/hmac.lua b/util/hmac.lua index ffd69d91..18c559b2 100644 --- a/util/hmac.lua +++ b/util/hmac.lua @@ -7,20 +7,27 @@ -- local hashes = require "util.hashes" -local xor = require "bit".bxor -local t_insert, t_concat = table.insert, table.concat; local s_char = string.char; +local s_gsub = string.gsub; +local s_rep = string.rep; module "hmac" -local function arraystr(array) - local t = {} - for i = 1,#array do - t_insert(t, s_char(array[i])) - end - - return t_concat(t) +local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; +local function xor(x, y) + local lowx, lowy = x % 16, y % 16; + local hix, hiy = (x - lowx) / 16, (y - lowy) / 16; + local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1]; + local r = hir * 16 + lowr; + return r; +end +local opadc, ipadc = s_char(0x5c), s_char(0x36); +local ipad_map = {}; +local opad_map = {}; +for i=0,255 do + ipad_map[s_char(i)] = s_char(xor(0x36, i)); + opad_map[s_char(i)] = s_char(xor(0x5c, i)); end --[[ @@ -36,31 +43,15 @@ hex return raw hash or hexadecimal string --]] function hmac(key, message, hash, blocksize, hex) - local opad = {} - local ipad = {} - - for i = 1,blocksize do - opad[i] = 0x5c - ipad[i] = 0x36 - end - if #key > blocksize then key = hash(key) end - for i = 1,#key do - ipad[i] = xor(ipad[i],key:sub(i,i):byte()) - opad[i] = xor(opad[i],key:sub(i,i):byte()) - end - - opad = arraystr(opad) - ipad = arraystr(ipad) + local padding = blocksize - #key; + local ipad = s_gsub(key, ".", ipad_map)..s_rep(ipadc, padding); + local opad = s_gsub(key, ".", opad_map)..s_rep(opadc, padding); - if hex then - return hash(opad..hash(ipad..message), true) - else - return hash(opad..hash(ipad..message)) - end + return hash(opad..hash(ipad..message), hex) end function md5(key, message, hex) diff --git a/util/jid.lua b/util/jid.lua index ccc8309c..b43247cc 100644 --- a/util/jid.lua +++ b/util/jid.lua @@ -65,4 +65,17 @@ function prep(jid) return host; end +function join(node, host, resource) + if node and host and resource then + return node.."@"..host.."/"..resource; + elseif node and host then + return node.."@"..host; + elseif host and resource then + return host.."/"..resource; + elseif host then + return host; + end + return nil; -- Invalid JID +end + return _M; diff --git a/util/pluginloader.lua b/util/pluginloader.lua index 696af34f..8c22c204 100644 --- a/util/pluginloader.lua +++ b/util/pluginloader.lua @@ -9,11 +9,19 @@ local plugin_dir = CFG_PLUGINDIR or "./plugins/"; -local io_open = io.open; -local loadstring = loadstring; +local io_open, os_time = io.open, os.time; +local loadstring, pairs = loadstring, pairs; + +local datamanager = require "util.datamanager"; module "pluginloader" +local function load_from_datastore(name) + local content = datamanager.load(name, nil, "plugins"); + if not content or not content[1] then return nil, "Resource not found"; end + return content[1], name; +end + local function load_file(name) local file, err = io_open(plugin_dir..name); if not file then return file, err; end @@ -22,16 +30,36 @@ local function load_file(name) return content, name; end -function load_resource(plugin, resource) +function load_resource(plugin, resource, loader) if not resource then resource = "mod_"..plugin..".lua"; end - local content, err = load_file(plugin.."/"..resource); - if not content then content, err = load_file(resource); end + loader = loader or load_file; + + local content, err = loader(plugin.."/"..resource); + if not content then content, err = loader(resource); end -- TODO add support for packed plugins + + if not content and loader == load_file then + return load_resource(plugin, resource, load_from_datastore); + end + return content, err; end +function store_resource(plugin, resource, content, metadata) + if not resource then + resource = "mod_"..plugin..".lua"; + end + local store = { content }; + if metadata then + for k,v in pairs(metadata) do + store[k] = v; + end + end + datamanager.store(plugin.."/"..resource, nil, "plugins", store); +end + function load_code(plugin, resource) local content, err = load_resource(plugin, resource); if not content then return content, err; end diff --git a/util/prosodyctl.lua b/util/prosodyctl.lua index b24e194d..0776fc76 100644 --- a/util/prosodyctl.lua +++ b/util/prosodyctl.lua @@ -12,6 +12,7 @@ local encodings = require "util.encodings"; local stringprep = encodings.stringprep; local usermanager = require "core.usermanager"; local signal = require "util.signal"; +local lfs = require "lfs"; local nodeprep, nameprep = stringprep.nodeprep, stringprep.nameprep; @@ -64,11 +65,17 @@ function getpid() return false, "no-pidfile"; end - local file, err = io.open(pidfile); + local file, err = io.open(pidfile, "r+"); if not file then return false, "pidfile-read-failed", err; end + local locked, err = lfs.lock(file, "w"); + if locked then + file:close(); + return false, "pidfile-not-locked"; + end + local pid = tonumber(file:read("*a")); file:close(); @@ -82,7 +89,7 @@ end function isrunning() local ok, pid, err = _M.getpid(); if not ok then - if pid == "pidfile-read-failed" then + if pid == "pidfile-read-failed" or pid == "pidfile-not-locked" then -- Report as not running, since we can't open the pidfile -- (it probably doesn't exist) return true, false; @@ -102,10 +109,8 @@ function start() end if not CFG_SOURCEDIR then os.execute("./prosody"); - elseif CFG_SOURCEDIR:match("^/usr/local") then - os.execute("/usr/local/bin/prosody"); else - os.execute("prosody"); + os.execute(CFG_SOURCEDIR.."/../../bin/prosody"); end return true; end diff --git a/util/sasl.lua b/util/sasl.lua index 7b7db024..9c8fff78 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -83,13 +83,19 @@ end -- create a new SASL object which can be used to authenticate clients function new(realm, profile, forbidden) - sasl_i = {profile = profile}; + local sasl_i = {profile = profile}; sasl_i.realm = realm; - s = setmetatable(sasl_i, method); - s:forbidden(sasl_i, forbidden) + local s = setmetatable(sasl_i, method); + if forbidden == nil then forbidden = {} end + s:forbidden(forbidden) return s; end +-- get a fresh clone with the same realm, profiles and forbidden mechanisms +function method:clean_clone() + return new(self.realm, self.profile, self:forbidden()) +end + -- set the forbidden mechanisms function method:forbidden( restrict ) if restrict then @@ -107,7 +113,7 @@ function method:mechanisms() for backend, f in pairs(self.profile) do if backend_mechanism[backend] then for _, mechanism in ipairs(backend_mechanism[backend]) do - if not sasl_i.restrict:contains(mechanism) then + if not self.restrict:contains(mechanism) then mechanisms[mechanism] = true; end end diff --git a/util/sasl/digest-md5.lua b/util/sasl/digest-md5.lua index 1429a5c6..5b8f5c8a 100644 --- a/util/sasl/digest-md5.lua +++ b/util/sasl/digest-md5.lua @@ -28,10 +28,6 @@ module "digest-md5" --========================= --SASL DIGEST-MD5 according to RFC 2831 -local function digest_response() - - return response, A1, A2 -end local function digest(self, message) --TODO complete support for authzid @@ -101,7 +97,8 @@ local function digest(self, message) end local function parse(data) local message = {} - for k, v in s_gmatch(data, [[([%w%-]+)="?([^",]*)"?,?]]) do -- FIXME The hacky regex makes me shudder + -- COMPAT: %z in the pattern to work around jwchat bug (sends "charset=utf-8\0") + for k, v in s_gmatch(data, [[([%w%-]+)="?([^",%z]*)"?,?]]) do -- FIXME The hacky regex makes me shudder message[k] = v; end return message; @@ -169,13 +166,14 @@ local function digest(self, message) --TODO maybe realm support self.username = response["username"]; + local Y, state; if self.profile.plain then local password, state = self.profile.plain(response["username"], self.realm) if state == nil then return "failure", "not-authorized" elseif state == false then return "failure", "account-disabled" end Y = md5(response["username"]..":"..response["realm"]..":"..password); elseif self.profile["digest-md5"] then - local Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"]) + Y, state = self.profile["digest-md5"](response["username"], self.realm, response["realm"], response["charset"]) if state == nil then return "failure", "not-authorized" elseif state == false then return "failure", "account-disabled" end elseif self.profile["digest-md5-test"] then diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 46a86bb9..ae5c777a 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -17,22 +17,23 @@ local log = require "util.logger".init("sasl"); module "plain" ---========================= ---SASL PLAIN according to RFC 4616 +-- ================================ +-- SASL PLAIN according to RFC 4616 local function plain(self, message) - local response = message - local authorization = s_match(response, "([^%z]+)") - local authentication = s_match(response, "%z([^%z]+)%z") - local password = s_match(response, "%z[^%z]+%z([^%z]+)") + if not message then + return "failure", "malformed-request"; + end + + local authorization, authentication, password = s_match(message, "^([^%z]*)%z([^%z]+)%z([^%z]+)"); - if authentication == nil or password == nil then + if not authorization then return "failure", "malformed-request"; end - + -- SASLprep password and authentication authentication = saslprep(authentication); password = saslprep(password); - + if (not password) or (password == "") or (not authentication) or (authentication == "") then log("debug", "Username or password violates SASLprep."); return "failure", "malformed-request", "Invalid username or password."; @@ -63,4 +64,4 @@ function init(registerMechanism) registerMechanism("PLAIN", {"plain", "plain_test"}, plain); end -return _M;
\ No newline at end of file +return _M; diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 4413e2a6..4f800529 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -21,6 +21,9 @@ local sha1 = require "util.hashes".sha1; local generate_uuid = require "util.uuid".generate; local saslprep = require "util.encodings".stringprep.saslprep; local log = require "util.logger".init("sasl"); +local t_concat = table.concat; +local char = string.char; +local byte = string.byte; module "scram" @@ -36,17 +39,19 @@ local function bp( b ) return result end +local xor_map = {0;1;2;3;4;5;6;7;8;9;10;11;12;13;14;15;1;0;3;2;5;4;7;6;9;8;11;10;13;12;15;14;2;3;0;1;6;7;4;5;10;11;8;9;14;15;12;13;3;2;1;0;7;6;5;4;11;10;9;8;15;14;13;12;4;5;6;7;0;1;2;3;12;13;14;15;8;9;10;11;5;4;7;6;1;0;3;2;13;12;15;14;9;8;11;10;6;7;4;5;2;3;0;1;14;15;12;13;10;11;8;9;7;6;5;4;3;2;1;0;15;14;13;12;11;10;9;8;8;9;10;11;12;13;14;15;0;1;2;3;4;5;6;7;9;8;11;10;13;12;15;14;1;0;3;2;5;4;7;6;10;11;8;9;14;15;12;13;2;3;0;1;6;7;4;5;11;10;9;8;15;14;13;12;3;2;1;0;7;6;5;4;12;13;14;15;8;9;10;11;4;5;6;7;0;1;2;3;13;12;15;14;9;8;11;10;5;4;7;6;1;0;3;2;14;15;12;13;10;11;8;9;6;7;4;5;2;3;0;1;15;14;13;12;11;10;9;8;7;6;5;4;3;2;1;0;}; + +local result = {}; local function binaryXOR( a, b ) - if a:len() > b:len() then - b = string.rep("\0", a:len() - b:len())..b - elseif string.len(a) < string.len(b) then - a = string.rep("\0", b:len() - a:len())..a - end - local result = "" - for i=1, a:len() do - result = result..string.char(xor(a:byte(i), b:byte(i))) + for i=1, #a do + local x, y = byte(a, i), byte(b, i); + local lowx, lowy = x % 16, y % 16; + local hix, hiy = (x - lowx) / 16, (y - lowy) / 16; + local lowr, hir = xor_map[lowx * 16 + lowy + 1], xor_map[hix * 16 + hiy + 1]; + local r = hir * 16 + lowr; + result[i] = char(r) end - return result + return t_concat(result); end -- hash algorithm independent Hi(PBKDF2) implementation @@ -54,7 +59,7 @@ local function Hi(hmac, str, salt, i) local Ust = hmac(str, salt.."\0\0\0\1"); local res = Ust; for n=1,i-1 do - Und = hmac(str, Ust) + local Und = hmac(str, Ust) res = binaryXOR(res, Und) Ust = Und end @@ -70,8 +75,8 @@ local function validate_username(username) end -- replace =2D with , and =3D with = - username:gsub("=2D", ","); - username:gsub("=3D", "="); + username = username:gsub("=2D", ","); + username = username:gsub("=3D", "="); -- apply SASLprep username = saslprep(username); @@ -116,7 +121,7 @@ local function scram_sha_1(self, message) return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; end - local password; + local password, state; if self.profile.plain then password, state = self.profile.plain(self.state.name, self.realm) if state == nil then return "failure", "not-authorized" diff --git a/util/sasl_cyrus.lua b/util/sasl_cyrus.lua new file mode 100644 index 00000000..b42bee07 --- /dev/null +++ b/util/sasl_cyrus.lua @@ -0,0 +1,125 @@ +-- sasl.lua v0.4 +-- Copyright (C) 2008-2009 Tobias Markmann +-- +-- All rights reserved. +-- +-- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: +-- +-- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +-- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +-- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +-- +-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +local cyrussasl = require "cyrussasl"; +local log = require "util.logger".init("sasl_cyrus"); +local array = require "util.array"; + +local tostring = tostring; +local pairs, ipairs = pairs, ipairs; +local t_insert, t_concat = table.insert, table.concat; +local s_match = string.match; +local setmetatable = setmetatable + +local keys = keys; + +local print = print +local pcall = pcall +local s_match, s_gmatch = string.match, string.gmatch + +module "sasl_cyrus" + +local method = {}; +method.__index = method; +local initialized = false; + +local function init(service_name) + if not initialized then + local st, errmsg = pcall(cyrussasl.server_init, service_name); + if st then + initialized = true; + else + log("error", "Failed to initialize CyrusSASL: %s", errmsg); + end + end +end + +-- create a new SASL object which can be used to authenticate clients +function new(realm, service_name) + local sasl_i = {}; + + init(service_name); + + sasl_i.realm = realm; + sasl_i.service_name = service_name; + sasl_i.cyrus = cyrussasl.server_new(service_name, nil, nil, nil, nil) + if sasl_i.cyrus == 0 then + log("error", "got NULL return value from server_new") + return nil; + end + cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) + local s = setmetatable(sasl_i, method); + return s; +end + +-- get a fresh clone with the same realm, profiles and forbidden mechanisms +function method:clean_clone() + return new(self.realm, self.service_name) +end + +-- set the forbidden mechanisms +function method:forbidden( restrict ) + log("debug", "Called method:forbidden. NOT IMPLEMENTED.") + return {} +end + +-- get a list of possible SASL mechanims to use +function method:mechanisms() + local mechanisms = {} + local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") + for w in s_gmatch(cyrus_mechs, "[^ ]+") do + mechanisms[w] = true; + end + self.mechs = mechanisms + return array.collect(keys(mechanisms)); +end + +-- select a mechanism to use +function method:select(mechanism) + self.mechanism = mechanism; + return self.mechs[mechanism]; +end + +-- feed new messages to process into the library +function method:process(message) + local err; + local data; + + if self.mechanism then + err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") + else + err, data = cyrussasl.server_step(self.cyrus, message or "") + end + + self.username = cyrussasl.get_username(self.cyrus) + + if (err == 0) then -- SASL_OK + return "success", data + elseif (err == 1) then -- SASL_CONTINUE + return "challenge", data + elseif (err == -4) then -- SASL_NOMECH + log("debug", "SASL mechanism not available from remote end") + return "failure", + "undefined-condition", + "SASL mechanism not available" + elseif (err == -13) then -- SASL_BADAUTH + return "failure", "not-authorized" + else + log("debug", "Got SASL error condition %d", err) + return "failure", + "undefined-condition", + cyrussasl.get_message( self.cyrus ) + end +end + +return _M; diff --git a/util/serialization.lua b/util/serialization.lua index c2bbbb8d..7071d3f7 100644 --- a/util/serialization.lua +++ b/util/serialization.lua @@ -13,6 +13,7 @@ local t_insert = table.insert; local t_concat = table.concat; local error = error; local pairs = pairs; +local next = next; local debug_traceback = debug.traceback; local log = require "util.logger".init("serialization"); @@ -34,21 +35,25 @@ local function _simplesave(o, ind, t, func) elseif type(o) == "string" then func(t, (("%q"):format(o):gsub("\\\n", "\\n"))); elseif type(o) == "table" then - func(t, "{\n"); - for k,v in pairs(o) do - func(t, indent(ind)); - func(t, "["); - func(t, basicSerialize(k)); - func(t, "] = "); - if ind == 0 then - _simplesave(v, 0, t, func); - else - _simplesave(v, ind+1, t, func); + if next(o) ~= nil then + func(t, "{\n"); + for k,v in pairs(o) do + func(t, indent(ind)); + func(t, "["); + func(t, basicSerialize(k)); + func(t, "] = "); + if ind == 0 then + _simplesave(v, 0, t, func); + else + _simplesave(v, ind+1, t, func); + end + func(t, ";\n"); end - func(t, ",\n"); + func(t, indent(ind-1)); + func(t, "}"); + else + func(t, "{}"); end - func(t, indent(ind-1)); - func(t, "}"); elseif type(o) == "boolean" then func(t, (o and "true" or "false")); else diff --git a/util/stanza.lua b/util/stanza.lua index d295d5cc..065888d0 100644 --- a/util/stanza.lua +++ b/util/stanza.lua @@ -38,6 +38,8 @@ if do_pretty_printing then end end +local xmlns_stanzas = "urn:ietf:params:xml:ns:xmpp-stanzas"; + module "stanza" stanza_mt = { __type = "stanza" }; @@ -65,7 +67,7 @@ end function stanza_mt:text(text) (self.last_add[#self.last_add] or self):add_direct_child(text); - return self; + return self; end function stanza_mt:up() @@ -93,14 +95,25 @@ function stanza_mt:add_child(child) return self; end +function stanza_mt:get_child(name, xmlns) + for _, child in ipairs(self.tags) do + if (not name or child.name == name) + and ((not xmlns and self.attr.xmlns == child.attr.xmlns) + or child.attr.xmlns == xmlns) then + + return child; + end + end +end + function stanza_mt:child_with_name(name) - for _, child in ipairs(self.tags) do + for _, child in ipairs(self.tags) do if child.name == name then return child; end end end function stanza_mt:child_with_ns(ns) - for _, child in ipairs(self.tags) do + for _, child in ipairs(self.tags) do if child.attr.xmlns == ns then return child; end end end @@ -112,7 +125,6 @@ function stanza_mt:children() local v = a[i] if v then return v; end end, self, i; - end function stanza_mt:childtags() local i = 0; @@ -121,7 +133,6 @@ function stanza_mt:childtags() local v = self.tags[i] if v then return v; end end, self.tags[1], i; - end local xml_escape @@ -180,6 +191,30 @@ function stanza_mt.get_text(t) end end +function stanza_mt.get_error(stanza) + local type, condition, text; + + local error_tag = stanza:get_child("error"); + if not error_tag then + return nil, nil, nil; + end + type = error_tag.attr.type; + + for child in error_tag:children() do + if child.attr.xmlns == xmlns_stanzas then + if not text and child.name == "text" then + text = child:get_text(); + elseif not condition then + condition = child.name; + end + if condition and text then + break; + end + end + end + return type, condition or "undefined-condition", text or ""; +end + function stanza_mt.__add(s1, s2) return s1:add_direct_child(s2); end @@ -280,13 +315,16 @@ function reply(orig) return stanza(orig.name, orig.attr and { to = orig.attr.from, from = orig.attr.to, id = orig.attr.id, type = ((orig.name == "iq" and "result") or orig.attr.type) }); end -function error_reply(orig, type, condition, message) - local t = reply(orig); - t.attr.type = "error"; - t:tag("error", {type = type}) - :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); - if (message) then t:tag("text"):text(message):up(); end - return t; -- stanza ready for adding app-specific errors +do + local xmpp_stanzas_attr = { xmlns = xmlns_stanzas }; + function error_reply(orig, type, condition, message) + local t = reply(orig); + t.attr.type = "error"; + t:tag("error", {type = type}) --COMPAT: Some day xmlns:stanzas goes here + :tag(condition, xmpp_stanzas_attr):up(); + if (message) then t:tag("text", xmpp_stanzas_attr):text(message):up(); end + return t; -- stanza ready for adding app-specific errors + end end function presence(attr) @@ -306,7 +344,7 @@ if do_pretty_printing then function stanza_mt.pretty_print(t) local children_text = ""; for n, child in ipairs(t) do - if type(child) == "string" then + if type(child) == "string" then children_text = children_text .. xml_escape(child); else children_text = children_text .. child:pretty_print(); diff --git a/util/timer.lua b/util/timer.lua index c0c7f25a..c52d9c68 100644 --- a/util/timer.lua +++ b/util/timer.lua @@ -8,6 +8,9 @@ local ns_addtimer = require "net.server".addtimer; +local event = require "net.server".event; +local event_base = require "net.server".event_base; + local get_time = os.time; local t_insert = table.insert; local t_remove = table.remove; @@ -19,33 +22,51 @@ local new_data = {}; module "timer" -local function _add_task(delay, func) - local current_time = get_time(); - delay = delay + current_time; - if delay >= current_time then - t_insert(new_data, {delay, func}); - else func(); end -end - -add_task = _add_task; - -ns_addtimer(function() - local current_time = get_time(); - if #new_data > 0 then - for _, d in pairs(new_data) do - t_insert(data, d); +local _add_task; +if not event then + function _add_task(delay, func) + local current_time = get_time(); + delay = delay + current_time; + if delay >= current_time then + t_insert(new_data, {delay, func}); + else + func(); end - new_data = {}; end - - for i, d in pairs(data) do - local t, func = d[1], d[2]; - if t <= current_time then - data[i] = nil; - local r = func(current_time); - if type(r) == "number" then _add_task(r, func); end + + ns_addtimer(function() + local current_time = get_time(); + if #new_data > 0 then + for _, d in pairs(new_data) do + t_insert(data, d); + end + new_data = {}; end + + for i, d in pairs(data) do + local t, func = d[1], d[2]; + if t <= current_time then + data[i] = nil; + local r = func(current_time); + if type(r) == "number" then _add_task(r, func); end + end + end + end); +else + local EVENT_LEAVE = (event.core and event.core.LEAVE) or -1; + function _add_task(delay, func) + event_base:addevent(nil, 0, function () + local ret = func(); + if ret then + return 0, ret; + else + return EVENT_LEAVE; + end + end + , delay); end -end); +end + +add_task = _add_task; return _M; |