12 files changed, 195 insertions, 223 deletions

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 8607e618..b91f7110 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -27,7 +27,7 @@ end
 module "certmanager"
 
 -- Global SSL options if not overridden per-host
-local default_ssl_config = configmanager.get("*", "core", "ssl");
+local default_ssl_config = configmanager.get("*", "ssl");
 local default_capath = "/etc/ssl/certs";
 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
 local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
@@ -100,7 +100,7 @@ function create_context(host, mode, user_ssl_config)
 end
 
 function reload_ssl_config()
-	default_ssl_config = configmanager.get("*", "core", "ssl");
+	default_ssl_config = configmanager.get("*", "ssl");
 end
 
 prosody.events.add_handler("config-reloaded", reload_ssl_config);
diff --git a/core/configmanager.lua b/core/configmanager.lua
index 51b9f5fe..9720f48a 100644
--- a/core/configmanager.lua
+++ b/core/configmanager.lua
@@ -7,8 +7,8 @@
 --
 
 local _G = _G;
-local setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type, pairs, table =
-      setmetatable, loadfile, pcall, rawget, rawset, io, error, dofile, type, pairs, table;
+local setmetatable, rawget, rawset, io, error, dofile, type, pairs, table =
+      setmetatable, rawget, rawset, io, error, dofile, type, pairs, table;
 local format, math_max = string.format, math.max;
 
 local fire_event = prosody and prosody.events.fire_event or function () end;
@@ -22,67 +22,52 @@ module "configmanager"
 local parsers = {};
 
 local config_mt = { __index = function (t, k) return rawget(t, "*"); end};
-local config = setmetatable({ ["*"] = { core = {} } }, config_mt);
+local config = setmetatable({ ["*"] = { } }, config_mt);
 
 -- When host not found, use global
-local host_mt = { };
-
--- When key not found in section, check key in global's section
-function section_mt(section_name)
-	return { __index = 	function (t, k)
-					local section = rawget(config["*"], section_name);
-					if not section then return nil; end
-					return section[k];
-				end
-	};
-end
+local host_mt = { __index = function(_, k) return config["*"][k] end }
 
 function getconfig()
 	return config;
 end
 
-function get(host, section, key)
-	if not key then
-		section, key = "core", section;
-	end
-	local sec = config[host][section];
-	if sec then
-		return sec[key];
+function get(host, key, _oldkey)
+	if key == "core" then
+		key = _oldkey; -- COMPAT with code that still uses "core"
 	end
-	return nil;
+	return config[host][key];
 end
-function _M.rawget(host, section, key)
+function _M.rawget(host, key, _oldkey)
+	if key == "core" then
+		key = _oldkey; -- COMPAT with code that still uses "core"
+	end
 	local hostconfig = rawget(config, host);
 	if hostconfig then
-		local sectionconfig = rawget(hostconfig, section);
-		if sectionconfig then
-			return rawget(sectionconfig, key);
-		end
+		return rawget(hostconfig, key);
 	end
 end
 
-local function set(config, host, section, key, value)
-	if host and section and key then
+local function set(config, host, key, value)
+	if host and key then
 		local hostconfig = rawget(config, host);
 		if not hostconfig then
 			hostconfig = rawset(config, host, setmetatable({}, host_mt))[host];
 		end
-		if not rawget(hostconfig, section) then
-			hostconfig[section] = setmetatable({}, section_mt(section));
-		end
-		hostconfig[section][key] = value;
+		hostconfig[key] = value;
 		return true;
 	end
 	return false;
 end
 
-function _M.set(host, section, key, value)
-	return set(config, host, section, key, value);
+function _M.set(host, key, value, _oldvalue)
+	if key == "core" then
+		key, value = value, _oldvalue; --COMPAT with code that still uses "core"
+	end
+	return set(config, host, key, value);
 end
 
 -- Helper function to resolve relative paths (needed by config)
 do
-	local rel_path_start = ".."..path_sep;
 	function resolve_relative_path(parent_path, path)
 		if path then
 			-- Some normalization
@@ -122,7 +107,7 @@ function load(filename, format)
 	if parsers[format] and parsers[format].load then
 		local f, err = io.open(filename);
 		if f then
-			local new_config = setmetatable({ ["*"] = { core = {} } }, config_mt);
+			local new_config = setmetatable({ ["*"] = { } }, config_mt);
 			local ok, err = parsers[format].load(f:read("*a"), filename, new_config);
 			f:close();
 			if ok then
@@ -166,7 +151,7 @@ end
 -- Built-in Lua parser
 do
 	local pcall, setmetatable = _G.pcall, _G.setmetatable;
-	local rawget, tostring = _G.rawget, _G.tostring;
+	local rawget = _G.rawget;
 	parsers.lua = {};
 	function parsers.lua.load(data, config_file, config)
 		local env;
@@ -176,53 +161,50 @@ do
 			Component = true, component = true,
 			Include = true, include = true, RunScript = true }, {
 				__index = function (t, k)
-					return rawget(_G, k) or
-						function (settings_table)
-							config[__currenthost or "*"][k] = settings_table;
-						end;
+					return rawget(_G, k);
 				end,
 				__newindex = function (t, k, v)
-					set(config, env.__currenthost or "*", "core", k, v);
+					set(config, env.__currenthost or "*", k, v);
 				end
 		});
 		
 		rawset(env, "__currenthost", "*") -- Default is global
 		function env.VirtualHost(name)
-			if rawget(config, name) and rawget(config[name].core, "component_module") then
+			if rawget(config, name) and rawget(config[name], "component_module") then
 				error(format("Host %q clashes with previously defined %s Component %q, for services use a sub-domain like conference.%s",
-					name, config[name].core.component_module:gsub("^%a+$", { component = "external", muc = "MUC"}), name, name), 0);
+					name, config[name].component_module:gsub("^%a+$", { component = "external", muc = "MUC"}), name, name), 0);
 			end
 			rawset(env, "__currenthost", name);
 			-- Needs at least one setting to logically exist :)
-			set(config, name or "*", "core", "defined", true);
+			set(config, name or "*", "defined", true);
 			return function (config_options)
 				rawset(env, "__currenthost", "*"); -- Return to global scope
 				for option_name, option_value in pairs(config_options) do
-					set(config, name or "*", "core", option_name, option_value);
+					set(config, name or "*", option_name, option_value);
 				end
 			end;
 		end
 		env.Host, env.host = env.VirtualHost, env.VirtualHost;
 		
 		function env.Component(name)
-			if rawget(config, name) and rawget(config[name].core, "defined") and not rawget(config[name].core, "component_module") then
+			if rawget(config, name) and rawget(config[name], "defined") and not rawget(config[name], "component_module") then
 				error(format("Component %q clashes with previously defined Host %q, for services use a sub-domain like conference.%s",
 					name, name, name), 0);
 			end
-			set(config, name, "core", "component_module", "component");
+			set(config, name, "component_module", "component");
 			-- Don't load the global modules by default
-			set(config, name, "core", "load_global_modules", false);
+			set(config, name, "load_global_modules", false);
 			rawset(env, "__currenthost", name);
 			local function handle_config_options(config_options)
 				rawset(env, "__currenthost", "*"); -- Return to global scope
 				for option_name, option_value in pairs(config_options) do
-					set(config, name or "*", "core", option_name, option_value);
+					set(config, name or "*", option_name, option_value);
 				end
 			end
 	
 			return function (module)
 					if type(module) == "string" then
-						set(config, name, "core", "component_module", module);
+						set(config, name, "component_module", module);
 						return handle_config_options;
 					end
 					return handle_config_options(module);
@@ -230,7 +212,7 @@ do
 		end
 		env.component = env.Component;
 		
-		function env.Include(file, wildcard)
+		function env.Include(file)
 			if file:match("[*?]") then
 				local path_pos, glob = file:match("()([^"..path_sep.."]+)$");
 				local path = file:sub(1, math_max(path_pos-2,0));
diff --git a/core/hostmanager.lua b/core/hostmanager.lua
index cee4a1d6..06ba72a1 100644
--- a/core/hostmanager.lua
+++ b/core/hostmanager.lua
@@ -17,14 +17,15 @@ local uuid_gen = require "util.uuid".generate;
 
 local log = require "util.logger".init("hostmanager");
 
-local hosts = hosts;
+local hosts = prosody.hosts;
 local prosody_events = prosody.events;
 if not _G.prosody.incoming_s2s then
 	require "core.s2smanager";
 end
 local incoming_s2s = _G.prosody.incoming_s2s;
+local core_route_stanza = _G.prosody.core_route_stanza;
 
-local pairs, select = pairs, select;
+local pairs, select, rawget = pairs, select, rawget;
 local tostring, type = tostring, type;
 
 module "hostmanager"
@@ -36,8 +37,8 @@ local function load_enabled_hosts(config)
 	local activated_any_host;
 	
 	for host, host_config in pairs(defined_hosts) do
-		if host ~= "*" and host_config.core.enabled ~= false then
-			if not host_config.core.component_module then
+		if host ~= "*" and host_config.enabled ~= false then
+			if not host_config.component_module then
 				activated_any_host = true;
 			end
 			activate(host, host_config);
@@ -66,18 +67,18 @@ local function host_send(stanza)
 end
 
 function activate(host, host_config)
-	if hosts[host] then return nil, "The host "..host.." is already activated"; end
+	if rawget(hosts, host) then return nil, "The host "..host.." is already activated"; end
 	host_config = host_config or configmanager.getconfig()[host];
 	if not host_config then return nil, "Couldn't find the host "..tostring(host).." defined in the current config"; end
 	local host_session = {
 		host = host;
 		s2sout = {};
 		events = events_new();
-		dialback_secret = configmanager.get(host, "core", "dialback_secret") or uuid_gen();
+		dialback_secret = configmanager.get(host, "dialback_secret") or uuid_gen();
 		send = host_send;
 		modules = {};
 	};
-	if not host_config.core.component_module then -- host
+	if not host_config.component_module then -- host
 		host_session.type = "local";
 		host_session.sessions = {};
 	else -- component
@@ -85,9 +86,9 @@ function activate(host, host_config)
 	end
 	hosts[host] = host_session;
 	if not host:match("[@/]") then
-		disco_items:set(host:match("%.(.*)") or "*", host, host_config.core.name or true);
+		disco_items:set(host:match("%.(.*)") or "*", host, host_config.name or true);
 	end
-	for option_name in pairs(host_config.core) do
+	for option_name in pairs(host_config) do
 		if option_name:match("_ports$") or option_name:match("_interface$") then
 			log("warn", "%s: Option '%s' has no effect for virtual hosts - put it in the server-wide section instead", host, option_name);
 		end
diff --git a/core/loggingmanager.lua b/core/loggingmanager.lua
index c3fc83e4..c69dede8 100644
--- a/core/loggingmanager.lua
+++ b/core/loggingmanager.lua
@@ -146,7 +146,7 @@ function reload_logging()
 	
 	logger.reset();
 
-	local debug_mode = config.get("*", "core", "debug");
+	local debug_mode = config.get("*", "debug");
 
 	default_logging = { { to = "console" , levels = { min = (debug_mode and "debug") or "info" } } };
 	default_file_logging = {
@@ -154,7 +154,7 @@ function reload_logging()
 	};
 	default_timestamp = "%b %d %H:%M:%S";
 
-	logging_config = config.get("*", "core", "log") or default_logging;
+	logging_config = config.get("*", "log") or default_logging;
 	
 	
 	for name, sink_maker in pairs(old_sink_types) do
diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index 20898fcf..ed75669b 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -21,7 +21,10 @@ local tonumber, tostring = tonumber, tostring;
 
 local prosody = prosody;
 local hosts = prosody.hosts;
-local core_post_stanza = prosody.core_post_stanza;
+
+-- FIXME: This assert() is to try and catch an obscure bug (2013-04-05)
+local core_post_stanza = assert(prosody.core_post_stanza,
+	"prosody.core_post_stanza is nil, please report this as a bug");
 
 -- Registry of shared module data
 local shared_data = setmetatable({}, { __mode = "v" });
@@ -62,6 +65,20 @@ end
 function api:add_extension(data)
 	self:add_item("extension", data);
 end
+function api:has_feature(xmlns)
+	for _, feature in ipairs(self:get_host_items("feature")) do
+		if feature == xmlns then return true; end
+	end
+	return false;
+end
+function api:has_identity(category, type, name)
+	for _, id in ipairs(self:get_host_items("identity")) do
+		if id.category == category and id.type == type and id.name == name then
+			return true; 
+		end
+	end
+	return false;
+end
 
 function api:fire_event(...)
 	return (hosts[self.host] or prosody).events.fire_event(...);
@@ -167,12 +184,9 @@ function api:shared(...)
 end
 
 function api:get_option(name, default_value)
-	local value = config.get(self.host, self.name, name);
+	local value = config.get(self.host, name);
 	if value == nil then
-		value = config.get(self.host, "core", name);
-		if value == nil then
-			value = default_value;
-		end
+		value = default_value;
 	end
 	return value;
 end
@@ -256,6 +270,22 @@ function api:get_option_set(name, ...)
 	return set.new(value);
 end
 
+function api:get_option_inherited_set(name, ...)
+	local value = self:get_option_set(name, ...);
+	local global_value = self:context("*"):get_option_set(name, ...);
+	if not value then
+		return global_value;
+	elseif not global_value then
+		return value;
+	end
+	value:include(global_value);
+	return value;
+end
+
+function api:context(host)
+	return setmetatable({host=host or "*"}, {__index=self,__newindex=self});
+end
+
 function api:add_item(key, value)
 	self.items = self.items or {};
 	self.items[key] = self.items[key] or {};
@@ -274,23 +304,7 @@ function api:remove_item(key, value)
 end
 
 function api:get_host_items(key)
-	local result = {};
-	for mod_name, module in pairs(modulemanager.get_modules(self.host)) do
-		module = module.module;
-		if module.items then
-			for _, item in ipairs(module.items[key] or NULL) do
-				t_insert(result, item);
-			end
-		end
-	end
-	for mod_name, module in pairs(modulemanager.get_modules("*")) do
-		module = module.module;
-		if module.items then
-			for _, item in ipairs(module.items[key] or NULL) do
-				t_insert(result, item);
-			end
-		end
-	end
+	local result = modulemanager.get_items(key, self.host) or {};
 	return result;
 end
 
@@ -305,7 +319,13 @@ function api:handle_items(type, added_cb, removed_cb, existing)
 end
 
 function api:provides(name, item)
-	if not item then item = self.environment; end
+	-- if not item then item = setmetatable({}, { __index = function(t,k) return rawget(self.environment, k); end }); end
+	if not item then
+		item = {}
+		for k,v in pairs(self.environment) do
+			if k ~= "module" then item[k] = v; end
+		end
+	end
 	if not item.name then
 		local item_name = self.name;
 		-- Strip a provider prefix to find the item name
@@ -315,6 +335,7 @@ function api:provides(name, item)
 		end
 		item.name = item_name;
 	end
+	item._provided_by = self.name;
 	self:add_item(name.."-provider", item);
 end
 
@@ -339,4 +360,8 @@ function api:load_resource(path, mode)
 	return io.open(path, mode);
 end
 
+function api:open_store(name, type)
+	return storagemanager.open(self.host, name or self.name, type);
+end
+
 return api;
diff --git a/core/modulemanager.lua b/core/modulemanager.lua
index 4ba2c27e..535c227b 100644
--- a/core/modulemanager.lua
+++ b/core/modulemanager.lua
@@ -19,7 +19,7 @@ local prosody = prosody;
 
 local pcall, xpcall = pcall, xpcall;
 local setmetatable, rawget = setmetatable, rawget;
-local pairs, type, tostring = pairs, type, tostring;
+local ipairs, pairs, type, tostring, t_insert = ipairs, pairs, type, tostring, table.insert;
 
 local debug_traceback = debug.traceback;
 local unpack, select = unpack, select;
@@ -44,12 +44,12 @@ local modulemap = { ["*"] = {} };
 
 -- Load modules when a host is activated
 function load_modules_for_host(host)
-	local component = config.get(host, "core", "component_module");
+	local component = config.get(host, "component_module");
 	
-	local global_modules_enabled = config.get("*", "core", "modules_enabled");
-	local global_modules_disabled = config.get("*", "core", "modules_disabled");
-	local host_modules_enabled = config.get(host, "core", "modules_enabled");
-	local host_modules_disabled = config.get(host, "core", "modules_disabled");
+	local global_modules_enabled = config.get("*", "modules_enabled");
+	local global_modules_disabled = config.get("*", "modules_disabled");
+	local host_modules_enabled = config.get(host, "modules_enabled");
+	local host_modules_disabled = config.get(host, "modules_disabled");
 	
 	if host_modules_enabled == global_modules_enabled then host_modules_enabled = nil; end
 	if host_modules_disabled == global_modules_disabled then host_modules_disabled = nil; end
@@ -218,7 +218,7 @@ local function do_reload_module(host, name)
 			saved = ret;
 		else
 			log("warn", "Error saving module '%s:%s' state: %s", host, name, ret);
-			if not config.get(host, "core", "force_module_reload") then
+			if not config.get(host, "force_module_reload") then
 				log("warn", "Aborting reload due to error, set force_module_reload to ignore this");
 				return nil, "save-state-failed";
 			else
@@ -278,6 +278,23 @@ function get_module(host, name)
 	return modulemap[host] and modulemap[host][name];
 end
 
+function get_items(key, host)
+	local result = {};
+	local modules = modulemap[host];
+	if not key or not host or not modules then return nil; end
+
+	for _, module in pairs(modules) do
+		local mod = module.module;
+		if mod.items and mod.items[key] then
+			for _, value in ipairs(mod.items[key]) do
+				t_insert(result, value);
+			end
+		end
+	end
+
+	return result;
+end
+
 function get_modules(host)
 	return modulemap[host];
 end
diff --git a/core/portmanager.lua b/core/portmanager.lua
index b02ba53b..7a247452 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -1,6 +1,7 @@
 local config = require "core.configmanager";
 local certmanager = require "core.certmanager";
 local server = require "net.server";
+local socket = require "socket";
 
 local log = require "util.logger".init("portmanager");
 local multitable = require "util.multitable";
@@ -8,7 +9,7 @@ local set = require "util.set";
 
 local table = table;
 local setmetatable, rawset, rawget = setmetatable, rawset, rawget;
-local type, tonumber, ipairs = type, tonumber, ipairs;
+local type, tonumber, tostring, ipairs, pairs = type, tonumber, tostring, ipairs, pairs;
 
 local prosody = prosody;
 local fire_event = prosody.events.fire_event;
@@ -17,9 +18,13 @@ module "portmanager";
 
 --- Config
 
-local default_interfaces = { "*" };
-local default_local_interfaces = { "127.0.0.1" };
-if config.get("*", "use_ipv6") then
+local default_interfaces = { };
+local default_local_interfaces = { };
+if config.get("*", "use_ipv4") ~= false then
+	table.insert(default_interfaces, "*");
+	table.insert(default_local_interfaces, "127.0.0.1");
+end
+if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
 	table.insert(default_interfaces, "::");
 	table.insert(default_local_interfaces, "::1");
 end
@@ -65,6 +70,16 @@ prosody.events.add_handler("item-removed/net-provider", function (event)
 	unregister_service(item.name, item);
 end);
 
+local function duplicate_ssl_config(ssl_config)
+	local ssl_config = type(ssl_config) == "table" and ssl_config or {};
+
+	local _config = {};
+	for k, v in pairs(ssl_config) do
+		_config[k] = v;
+	end
+	return _config;
+end
+
 --- Public API
 
 function activate(service_name)
@@ -97,31 +112,50 @@ function activate(service_name)
 	bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports );
 
 	local mode, ssl = listener.default_mode or "*a";
+	local hooked_ports = {};
 	
 	for interface in bind_interfaces do
 		for port in bind_ports do
-			port = tonumber(port);
-			if #active_services:search(nil, interface, port) > 0 then
+			local port_number = tonumber(port);
+			if not port_number then
+				log("error", "Invalid port number specified for service '%s': %s", service_info.name, tostring(port));
+			elseif #active_services:search(nil, interface, port_number) > 0 then
 				log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");
 			else
 				local err;
 				-- Create SSL context for this service/port
 				if service_info.encryption == "ssl" then
-					local ssl_config = config.get("*", config_prefix.."ssl");
-					ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config and (ssl_config[port]
-						or (ssl_config.certificate and ssl_config)));
+					local ssl_config = duplicate_ssl_config((config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[interface])
+								or (config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[port])
+								or config.get("*", config_prefix.."ssl")
+								or (config.get("*", "ssl") and config.get("*", "ssl")[interface])
+								or (config.get("*", "ssl") and config.get("*", "ssl")[port])
+								or config.get("*", "ssl"));
+					-- add default entries for, or override ssl configuration
+					if ssl_config and service_info.ssl_config then
+						for key, value in pairs(service_info.ssl_config) do
+							if not service_info.ssl_config_override and not ssl_config[key] then
+								ssl_config[key] = value;
+							elseif service_info.ssl_config_override then
+								ssl_config[key] = value;
+							end
+						end
+					end
+
+					ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config);
 					if not ssl then
-						log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port, err) or "unknown error");
+						log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port_number, err) or "unknown error");
 					end
 				end
 				if not err then
 					-- Start listening on interface+port
-					local handler, err = server.addserver(interface, port, listener, mode, ssl);
+					local handler, err = server.addserver(interface, port_number, listener, mode, ssl);
 					if not handler then
-						log("error", "Failed to open server port %d on %s, %s", port, interface, error_to_friendly_message(service_name, port, err));
+						log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err));
 					else
-						log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port);
-						active_services:add(service_name, interface, port, {
+						table.insert(hooked_ports, "["..interface.."]:"..port_number);
+						log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port_number);
+						active_services:add(service_name, interface, port_number, {
 							server = handler;
 							service = service_info;
 						});
@@ -130,7 +164,7 @@ function activate(service_name)
 			end
 		end
 	end
-	log("info", "Activated service '%s'", service_name);
+	log("info", "Activated service '%s' on %s", service_name, #hooked_ports == 0 and "no ports" or table.concat(hooked_ports, ", "));
 	return true;
 end
 
diff --git a/core/rostermanager.lua b/core/rostermanager.lua
index fdb890f9..5e06e3f7 100644
--- a/core/rostermanager.lua
+++ b/core/rostermanager.lua
@@ -11,16 +11,14 @@
 
 local log = require "util.logger".init("rostermanager");
 
-local setmetatable = setmetatable;
-local format = string.format;
-local pcall = pcall;
-local pairs, ipairs = pairs, ipairs;
+local pairs = pairs;
 local tostring = tostring;
 
 local hosts = hosts;
 local bare_sessions = bare_sessions;
 
 local datamanager = require "util.datamanager"
+local um_user_exists = require "core.usermanager".user_exists;
 local st = require "util.stanza";
 
 module "rostermanager"
@@ -108,6 +106,11 @@ function load_roster(username, host)
 end
 
 function save_roster(username, host, roster)
+	if not um_user_exists(username, host) then
+		log("debug", "not saving roster for %s@%s: the user doesn't exist", username, host);
+		return nil;
+	end
+
 	log("debug", "save_roster: saving roster for %s@%s", username, host);
 	if not roster then
 		roster = hosts[host] and hosts[host].sessions[username] and hosts[host].sessions[username].roster;
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index 6049e12e..06d3f2c9 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -8,39 +8,30 @@
 
 
 
-local hosts = hosts;
-local tostring, pairs, ipairs, getmetatable, newproxy, setmetatable
-    = tostring, pairs, ipairs, getmetatable, newproxy, setmetatable;
+local hosts = prosody.hosts;
+local tostring, pairs, setmetatable
+    = tostring, pairs, setmetatable;
 
-local fire_event = prosody.events.fire_event;
 local logger_init = require "util.logger".init;
 
 local log = logger_init("s2smanager");
 
-local config = require "core.configmanager";
-
 local prosody = _G.prosody;
 incoming_s2s = {};
 prosody.incoming_s2s = incoming_s2s;
 local incoming_s2s = incoming_s2s;
+local fire_event = prosody.events.fire_event;
 
 module "s2smanager"
 
-local open_sessions = 0;
-
 function new_incoming(conn)
 	local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} };
-	if true then
-		session.trace = newproxy(true);
-		getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
-	end
-	open_sessions = open_sessions + 1;
 	session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$"));
 	incoming_s2s[session] = true;
 	return session;
 end
 
-function new_outgoing(from_host, to_host, connect)
+function new_outgoing(from_host, to_host)
 	local host_session = { to_host = to_host, from_host = from_host, host = from_host,
 		               notopen = true, type = "s2sout_unauthed", direction = "outgoing" };
 	hosts[from_host].s2sout[to_host] = host_session;
@@ -49,75 +40,6 @@ function new_outgoing(from_host, to_host, connect)
 	return host_session;
 end
 
-function make_authenticated(session, host)
-	if not session.secure then
-		local local_host = session.direction == "incoming" and session.to_host or session.from_host;
-		if config.get(local_host, "core", "s2s_require_encryption") then
-			session:close({
-				condition = "policy-violation",
-				text = "Encrypted server-to-server communication is required but was not "
-				       ..((session.direction == "outgoing" and "offered") or "used")
-			});
-		end
-	end
-	if session.type == "s2sout_unauthed" then
-		session.type = "s2sout";
-	elseif session.type == "s2sin_unauthed" then
-		session.type = "s2sin";
-		if host then
-			if not session.hosts[host] then session.hosts[host] = {}; end
-			session.hosts[host].authed = true;
-		end
-	elseif session.type == "s2sin" and host then
-		if not session.hosts[host] then session.hosts[host] = {}; end
-		session.hosts[host].authed = true;
-	else
-		return false;
-	end
-	session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
-	
-	mark_connected(session);
-	
-	return true;
-end
-
--- Stream is authorised, and ready for normal stanzas
-function mark_connected(session)
-	local sendq, send = session.sendq, session.sends2s;
-	
-	local from, to = session.from_host, session.to_host;
-	
-	session.log("info", "%s s2s connection %s->%s complete", session.direction, from, to);
-
-	local event_data = { session = session };
-	if session.type == "s2sout" then
-		prosody.events.fire_event("s2sout-established", event_data);
-		hosts[from].events.fire_event("s2sout-established", event_data);
-	else
-		local host_session = hosts[to];
-		session.send = function(stanza)
-			return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza });
-		end;
-
-		prosody.events.fire_event("s2sin-established", event_data);
-		hosts[to].events.fire_event("s2sin-established", event_data);
-	end
-	
-	if session.direction == "outgoing" then
-		if sendq then
-			session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host);
-			for i, data in ipairs(sendq) do
-				send(data[1]);
-				sendq[i] = nil;
-			end
-			session.sendq = nil;
-		end
-		
-		session.ip_hosts = nil;
-		session.srv_hosts = nil;
-	end
-end
-
 local resting_session = { -- Resting, not dead
 		destroyed = true;
 		type = "s2s_destroyed";
@@ -133,7 +55,7 @@ local resting_session = { -- Resting, not dead
 function retire_session(session, reason)
 	local log = session.log or log;
 	for k in pairs(session) do
-		if k ~= "trace" and k ~= "log" and k ~= "id" and k ~= "conn" then
+		if k ~= "log" and k ~= "id" and k ~= "conn" then
 			session[k] = nil;
 		end
 	end
@@ -158,12 +80,12 @@ function destroy_session(session, reason)
 	
 	local event_data = { session = session, reason = reason };
 	if session.type == "s2sout" then
-		prosody.events.fire_event("s2sout-destroyed", event_data);
+		fire_event("s2sout-destroyed", event_data);
 		if hosts[session.from_host] then
 			hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data);
 		end
 	elseif session.type == "s2sin" then
-		prosody.events.fire_event("s2sin-destroyed", event_data);
+		fire_event("s2sin-destroyed", event_data);
 		if hosts[session.to_host] then
 			hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data);
 		end
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index 05b2d64b..98ead07f 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -24,22 +24,10 @@ local uuid_generate = require "util.uuid".generate;
 local initialize_filters = require "util.filters".initialize;
 local gettime = require "socket".gettime;
 
-local newproxy = newproxy;
-local getmetatable = getmetatable;
-
 module "sessionmanager"
 
-local open_sessions = 0;
-
 function new_session(conn)
 	local session = { conn = conn, type = "c2s_unauthed", conntime = gettime() };
-	if true then
-		session.trace = newproxy(true);
-		getmetatable(session.trace).__gc = function () open_sessions = open_sessions - 1; end;
-	end
-	open_sessions = open_sessions + 1;
-	log("debug", "open sessions now: %d", open_sessions);
-	
 	local filter = initialize_filters(session);
 	local w = conn.write;
 	session.send = function (t)
@@ -72,7 +60,7 @@ local resting_session = { -- Resting, not dead
 function retire_session(session)
 	local log = session.log or log;
 	for k in pairs(session) do
-		if k ~= "trace" and k ~= "log" and k ~= "id" then
+		if k ~= "log" and k ~= "id" then
 			session[k] = nil;
 		end
 	end
@@ -140,7 +128,7 @@ function bind_resource(session, resource)
 		local sessions = hosts[session.host].sessions[session.username].sessions;
 		if sessions[resource] then
 			-- Resource conflict
-			local policy = config_get(session.host, "core", "conflict_resolve");
+			local policy = config_get(session.host, "conflict_resolve");
 			local increment;
 			if policy == "random" then
 				resource = uuid_generate();
diff --git a/core/storagemanager.lua b/core/storagemanager.lua
index 36a671be..1c82af6d 100644
--- a/core/storagemanager.lua
+++ b/core/storagemanager.lua
@@ -86,7 +86,7 @@ function open(host, store, typ)
 	if not ret then
 		if err == "unsupported-store" then
 			log("debug", "Storage driver %s does not support store %s (%s), falling back to null driver",
-				driver_name, store, typ);
+				driver_name, store, typ or "<nil>");
 			ret = null_storage_driver;
 			err = nil;
 		end
diff --git a/core/usermanager.lua b/core/usermanager.lua
index 417d7037..08343bee 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -42,8 +42,8 @@ function initialize_host(host)
 	
 	host_session.events.add_handler("item-added/auth-provider", function (event)
 		local provider = event.item;
-		local auth_provider = config.get(host, "core", "authentication") or default_provider;
-		if config.get(host, "core", "anonymous_login") then
+		local auth_provider = config.get(host, "authentication") or default_provider;
+		if config.get(host, "anonymous_login") then
 			log("error", "Deprecated config option 'anonymous_login'. Use authentication = 'anonymous' instead.");
 			auth_provider = "anonymous";
 		end -- COMPAT 0.7
@@ -61,8 +61,8 @@ function initialize_host(host)
 		end
 	end);
 	host_session.users = new_null_provider(); -- Start with the default usermanager provider
-	local auth_provider = config.get(host, "core", "authentication") or default_provider;
-	if config.get(host, "core", "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
+	local auth_provider = config.get(host, "authentication") or default_provider;
+	if config.get(host, "anonymous_login") then auth_provider = "anonymous"; end -- COMPAT 0.7
 	if auth_provider ~= "null" then
 		modulemanager.load(host, "auth_"..auth_provider);
 	end
@@ -116,8 +116,8 @@ function is_admin(jid, host)
 	jid = jid_bare(jid);
 	host = host or "*";
 	
-	local host_admins = config.get(host, "core", "admins");
-	local global_admins = config.get("*", "core", "admins");
+	local host_admins = config.get(host, "admins");
+	local global_admins = config.get("*", "admins");
 	
 	if host_admins and host_admins ~= global_admins then
 		if type(host_admins) == "table" then