4 files changed, 85 insertions, 15 deletions

diff --git a/core/rostermanager.lua b/core/rostermanager.lua
index e2a92696..59ba6579 100644
--- a/core/rostermanager.lua
+++ b/core/rostermanager.lua
@@ -93,15 +93,18 @@ function load_roster(username, host)
 	else -- Attempt to load roster for non-loaded user
 		log("debug", "load_roster: loading for offline user: "..username.."@"..host);
 	end
-	roster = datamanager.load(username, host, "roster") or {};
+	local data, err = datamanager.load(username, host, "roster");
+	roster = data or {};
 	if user then user.roster = roster; end
-	if not roster[false] then roster[false] = { }; end
+	if not roster[false] then roster[false] = { broken = err or nil }; end
 	if roster[jid] then
 		roster[jid] = nil;
 		log("warn", "roster for "..jid.." has a self-contact");
 	end
-	hosts[host].events.fire_event("roster-load", username, host, roster);
-	return roster;
+	if not err then
+		hosts[host].events.fire_event("roster-load", username, host, roster);
+	end
+	return roster, err;
 end
 
 function save_roster(username, host, roster)
@@ -122,6 +125,7 @@ function save_roster(username, host, roster)
 		if metadata.version ~= true then
 			metadata.version = (metadata.version or 0) + 1;
 		end
+		if roster[false].broken then return nil, "Not saving broken roster" end
 		return datamanager.store(username, host, "roster", roster);
 	end
 	log("warn", "save_roster: user had no roster to save");
@@ -186,10 +190,22 @@ function process_inbound_unsubscribe(username, host, jid)
 	end
 end
 
+local function _get_online_roster_subscription(jidA, jidB)
+	local user = bare_sessions[jidA];
+	local item = user and (user.roster[jidB] or { subscription = "none" });
+	return item and item.subscription;
+end
 function is_contact_subscribed(username, host, jid)
-	local roster = load_roster(username, host);
+	do
+		local selfjid = username.."@"..host;
+		local subscription = _get_online_roster_subscription(selfjid, jid);
+		if subscription then return (subscription == "both" or subscription == "from"); end
+		local subscription = _get_online_roster_subscription(jid, selfjid);
+		if subscription then return (subscription == "both" or subscription == "to"); end
+	end
+	local roster, err = load_roster(username, host);
 	local item = roster[jid];
-	return item and (item.subscription == "from" or item.subscription == "both");
+	return item and (item.subscription == "from" or item.subscription == "both"), err;
 end
 
 function is_contact_pending_in(username, host, jid)
diff --git a/core/s2smanager.lua b/core/s2smanager.lua
index ca87670a..ced367a3 100644
--- a/core/s2smanager.lua
+++ b/core/s2smanager.lua
@@ -23,6 +23,7 @@ local tostring, pairs, ipairs, getmetatable, newproxy, error, tonumber,
 
 local idna_to_ascii = require "util.encodings".idna.to_ascii;
 local connlisteners_get = require "net.connlisteners".get;
+local initialize_filters = require "util.filters".initialize;
 local wrapclient = require "net.server".wrapclient;
 local modulemanager = require "core.modulemanager";
 local st = require "stanza";
@@ -137,7 +138,19 @@ function new_incoming(conn)
 	open_sessions = open_sessions + 1;
 	local w, log = conn.write, logger_init("s2sin"..tostring(conn):match("[a-f0-9]+$"));
 	session.log = log;
-	session.sends2s = function (t) log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)")); w(conn, tostring(t)); end
+	local filter = initialize_filters(session);
+	session.sends2s = function (t)
+		if t.name then
+			t = filter("stanzas/out", t);
+		end
+		if t then
+			t = filter("bytes/out", tostring(t));
+			if t then
+				log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)"));
+				return w(conn, t);
+			end
+		end
+	end
 	incoming_s2s[session] = true;
 	add_task(connect_timeout, function ()
 		if session.conn ~= conn or
@@ -166,6 +179,8 @@ function new_outgoing(from_host, to_host, connect)
 			host_session.log = log;
 		end
 		
+		initialize_filters(host_session);
+		
 		if connect ~= false then
 			-- Kick the connection attempting machine into life
 			attempt_connection(host_session);
@@ -241,7 +256,6 @@ function attempt_connection(host_session, err)
 			end
 		end);
 		
-		log("debug", "DNS lookup for %s sent, waiting for response before we can connect", to_host);
 		return true; -- Attempt in progress
 	elseif host_session.srv_hosts and #host_session.srv_hosts > host_session.srv_choice then -- Not our first attempt, and we also have SRV
 		host_session.srv_choice = host_session.srv_choice + 1;
@@ -332,8 +346,20 @@ function make_connect(host_session, connect_host, connect_port)
 	-- otherwise it will assume it is a new incoming connection
 	cl.register_outgoing(conn, host_session);
 	
+	local filter = initialize_filters(host_session);
 	local w, log = conn.write, host_session.log;
-	host_session.sends2s = function (t) log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?")); w(conn, tostring(t)); end
+	host_session.sends2s = function (t)
+		if t.name then
+			t = filter("stanzas/out", t);
+		end
+		if t then
+			t = filter("bytes/out", tostring(t));
+			if t then
+				log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?"));
+				return w(conn, tostring(t));
+			end
+		end
+	end
 	
 	host_session:open_stream(from_host, to_host);
 	
diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua
index 6e771a84..ac07a793 100644
--- a/core/sessionmanager.lua
+++ b/core/sessionmanager.lua
@@ -26,6 +26,7 @@ local config_get = require "core.configmanager".get;
 local nameprep = require "util.encodings".stringprep.nameprep;
 local resourceprep = require "util.encodings".stringprep.resourceprep;
 
+local initialize_filters = require "util.filters".initialize;
 local fire_event = require "core.eventmanager".fire_event;
 local add_task = require "util.timer".add_task;
 local gettime = require "socket".gettime;
@@ -49,8 +50,20 @@ function new_session(conn)
 	end
 	open_sessions = open_sessions + 1;
 	log("debug", "open sessions now: ".. open_sessions);
+	
+	local filter = initialize_filters(session);
 	local w = conn.write;
-	session.send = function (t) w(conn, tostring(t)); end
+	session.send = function (t)
+		if t.name then
+			t = filter("stanzas/out", t);
+		end
+		if t then
+			t = filter("bytes/out", tostring(t));
+			if t then
+				return w(conn, t);
+			end
+		end
+	end
 	session.ip = conn:ip();
 	local conn_name = "c2s"..tostring(conn):match("[a-f0-9]+$");
 	session.log = logger.init(conn_name);
@@ -136,7 +149,7 @@ function bind_resource(session, resource)
 		local sessions = hosts[session.host].sessions[session.username].sessions;
 		local limit = config_get(session.host, "core", "max_resources") or 10;
 		if #sessions >= limit then
-			return nil, "cancel", "conflict", "Resource limit reached; only "..limit.." resources allowed";
+			return nil, "cancel", "resource-constraint", "Resource limit reached; only "..limit.." resources allowed";
 		end
 		if sessions[resource] then
 			-- Resource conflict
@@ -174,7 +187,19 @@ function bind_resource(session, resource)
 	hosts[session.host].sessions[session.username].sessions[resource] = session;
 	full_sessions[session.full_jid] = session;
 	
-	session.roster = rm_load_roster(session.username, session.host);
+	local err;
+	session.roster, err = rm_load_roster(session.username, session.host);
+	if err then
+		full_sessions[session.full_jid] = nil;
+		hosts[session.host].sessions[session.username].sessions[resource] = nil;
+		session.full_jid = nil;
+		session.resource = nil;
+		if next(bare_sessions[session.username..'@'..session.host].sessions) == nil then
+			bare_sessions[session.username..'@'..session.host] = nil;
+			hosts[session.host].sessions[session.username] = nil;
+		end
+		return nil, "cancel", "internal-server-error", "Error loading roster";
+	end
 	
 	hosts[session.host].events.fire_event("resource-bind", {session=session});
 	
diff --git a/core/usermanager.lua b/core/usermanager.lua
index a97e2ad7..e4654698 100644
--- a/core/usermanager.lua
+++ b/core/usermanager.lua
@@ -16,6 +16,8 @@ local jid_bare = require "util.jid".bare;
 local config = require "core.configmanager";
 local hosts = hosts;
 
+local require_provisioning = config.get("*", "core", "cyrus_require_provisioning") or false;
+
 local prosody = _G.prosody;
 
 module "usermanager"
@@ -71,12 +73,13 @@ function new_default_provider(host)
 	end
 
 	function provider.user_exists(username)
-		if is_cyrus(host) then return true; end
-		return datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials
+		if not(require_provisioning) and is_cyrus(host) then return true; end
+		local account, err = datamanager.load(username, host, "accounts") ~= nil; -- FIXME also check for empty credentials
+		return (account or err) ~= nil; -- FIXME also check for empty credentials
 	end
 
 	function provider.create_user(username, password)
-		if is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
+		if not(require_provisioning) and is_cyrus(host) then return nil, "Account creation/modification not available with Cyrus SASL."; end
 		return datamanager.store(username, host, "accounts", {password = password});
 	end