diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_actions_http.lua | 78 | ||||
-rw-r--r-- | plugins/mod_bosh.lua | 97 | ||||
-rw-r--r-- | plugins/mod_httpserver.lua | 2 | ||||
-rw-r--r-- | plugins/mod_register.lua | 30 |
4 files changed, 190 insertions, 17 deletions
diff --git a/plugins/mod_actions_http.lua b/plugins/mod_actions_http.lua new file mode 100644 index 00000000..43370a41 --- /dev/null +++ b/plugins/mod_actions_http.lua @@ -0,0 +1,78 @@ + +local httpserver = require "net.httpserver"; +local t_concat, t_insert = table.concat, table.insert; + +local log = log; + +local response_404 = { status = "404 Not Found", body = "<h1>No such action</h1>Sorry, I don't have the action you requested" }; + +local control = require "core.actions".actions; + + +local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = string.char(tonumber("0x"..k)); return t[k]; end }); + +local function urldecode(s) + return s and (s:gsub("+", " "):gsub("%%([a-fA-F0-9][a-fA-F0-9])", urlcodes)); +end + +local function query_to_table(query) + if type(query) == "string" and #query > 0 then + if query:match("=") then + local params = {}; + for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do + if k and v then + params[urldecode(k)] = urldecode(v); + end + end + return params; + else + return urldecode(query); + end + end +end + + + +local http_path = { http_base }; +local function handle_request(method, body, request) + local path = request.url.path:gsub("^/[^/]+/", ""); + + local curr = control; + + for comp in path:gmatch("([^/]+)") do + curr = curr[comp]; + if not curr then + return response_404; + end + end + + if type(curr) == "table" then + local s = {}; + for k,v in pairs(curr) do + t_insert(s, tostring(k)); + t_insert(s, " = "); + if type(v) == "function" then + t_insert(s, "action") + elseif type(v) == "table" then + t_insert(s, "list"); + else + t_insert(s, tostring(v)); + end + t_insert(s, "\n"); + end + return t_concat(s); + elseif type(curr) == "function" then + local params = query_to_table(request.url.query); + params.host = request.headers.host:gsub(":%d+", ""); + local ok, ret1, ret2 = pcall(curr, params); + if not ok then + return "EPIC FAIL: "..tostring(ret1); + elseif not ret1 then + return "FAIL: "..tostring(ret2); + else + return "OK: "..tostring(ret2); + end + end +end + +httpserver.new{ port = 5280, base = "control", handler = handle_request, ssl = false }
\ No newline at end of file diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index b3b4aebb..b5951e96 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -6,27 +6,29 @@ local init_xmlhandlers = require "core.xmlhandlers" local server = require "net.server"; local httpserver = require "net.httpserver"; local sm = require "core.sessionmanager"; +local sm_destroy_session = sm.destroy_session; local new_uuid = require "util.uuid".generate; local fire_event = require "core.eventmanager".fire_event; local core_process_stanza = core_process_stanza; local st = require "util.stanza"; local log = require "util.logger".init("bosh"); local stream_callbacks = { stream_tag = "http://jabber.org/protocol/httpbind|body" }; - +local config = require "core.configmanager"; local xmlns_bosh = "http://jabber.org/protocol/httpbind"; -- (hard-coded into a literal in session.send) -local BOSH_DEFAULT_HOLD = 1; -local BOSH_DEFAULT_INACTIVITY = 30; -local BOSH_DEFAULT_POLLING = 5; -local BOSH_DEFAULT_REQUESTS = 2; -local BOSH_DEFAULT_MAXPAUSE = 120; +local BOSH_DEFAULT_HOLD = tonumber(config.get("*", "core", "bosh_default_hold")) or 1; +local BOSH_DEFAULT_INACTIVITY = tonumber(config.get("*", "core", "bosh_max_inactivity")) or 60; +local BOSH_DEFAULT_POLLING = tonumber(config.get("*", "core", "bosh_max_polling")) or 5; +local BOSH_DEFAULT_REQUESTS = tonumber(config.get("*", "core", "bosh_max_requests")) or 2; +local BOSH_DEFAULT_MAXPAUSE = tonumber(config.get("*", "core", "bosh_max_pause")) or 300; local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; local os_time = os.time; local sessions = {}; +local inactive_sessions = {}; -- Sessions which have no open requests --- Used to respond to idle sessions +-- Used to respond to idle sessions (those with waiting requests) local waiting_requests = {}; function on_destroy_request(request) waiting_requests[request] = nil; @@ -34,7 +36,6 @@ end function handle_request(method, body, request) if (not body) or request.method ~= "POST" then - --return { status = "200 OK", headers = { ["Content-Type"] = "text/html" }, body = "<html><body>You don't look like a BOSH client to me... what do you want?</body></html>" }; return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>"; end if not method then @@ -60,19 +61,16 @@ function handle_request(method, body, request) log("debug", "...sending what is in the buffer") session.send(t_concat(session.send_buffer)); session.send_buffer = {}; - return; else -- or an empty response log("debug", "...sending an empty response"); session.send(""); - return; end elseif #session.send_buffer > 0 then log("debug", "Session has data in the send buffer, will send now.."); local resp = t_concat(session.send_buffer); session.send_buffer = {}; session.send(resp); - return; end if not request.destroyed and session.bosh_wait then @@ -86,8 +84,21 @@ function handle_request(method, body, request) end end + local function bosh_reset_stream(session) session.notopen = true; end -local function bosh_close_stream(session, reason) end + +local session_close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }); +local function bosh_close_stream(session, reason) + (session.log or log)("info", "BOSH client disconnected"); + session_close_reply.attr.condition = reason; + local session_close_reply = tostring(session_close_reply); + for _, held_request in ipairs(session.requests) do + held_request:send(session_close_reply); + held_request:destroy(); + end + sessions[session.sid] = nil; + sm_destroy_session(session); +end function stream_callbacks.streamopened(request, attr) print("Attr:") @@ -95,14 +106,23 @@ function stream_callbacks.streamopened(request, attr) log("debug", "BOSH body open (sid: %s)", attr.sid); local sid = attr.sid if not sid then - -- TODO: Sanity checks here (rid, to, known host, etc.) + -- New session request request.notopen = nil; -- Signals that we accept this opening tag + -- TODO: Sanity checks here (rid, to, known host, etc.) + if not hosts[attr.to] then + -- Unknown host + session_close_reply.attr.condition = "host-unknown"; + request:send(tostring(session_close_reply)); + request.notopen = nil + return; + end + -- New session sid = tostring(new_uuid()); local session = { type = "c2s_unauthed", conn = {}, sid = sid, rid = attr.rid, host = attr.to, bosh_version = attr.ver, bosh_wait = attr.wait, streamid = sid, - bosh_hold = BOSH_DEFAULT_HOLD, - requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream }; + bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY, + requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream, dispatch_stanza = core_process_stanza }; sessions[sid] = session; log("info", "New BOSH session, assigned it sid '%s'", sid); local r, send_buffer = session.requests, session.send_buffer; @@ -133,6 +153,10 @@ function stream_callbacks.streamopened(request, attr) end elseif s ~= "" then log("debug", "Saved to send buffer because there are %d open requests", #r); + if session.bosh_max_inactive and not inactive_sessions[session] then + inactive_sessions[session] = os_time(); + (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]); + end -- Hmm, no requests are open :( t_insert(session.send_buffer, tostring(s)); log("debug", "There are now %d things in the send_buffer", #session.send_buffer); @@ -145,7 +169,7 @@ function stream_callbacks.streamopened(request, attr) fire_event("stream-features", session, features); --xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh' local response = st.stanza("body", { xmlns = xmlns_bosh, - inactivity = "30", polling = "5", requests = "2", hold = tostring(session.bosh_hold), maxpause = "120", + inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", sid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", ["xmlns:xmpp"] = "urn:xmpp:xbosh", ["xmlns:stream"] = "http://etherx.jabber.org/streams" }):add_child(features); request:send(tostring(response)); @@ -163,6 +187,19 @@ function stream_callbacks.streamopened(request, attr) return; end + if attr.type == "terminate" then + -- Client wants to end this session + session:close(); + request.notopen = nil; + return; + end + + -- If session was inactive, make sure it is now marked as not + if #session.requests == 0 then + (session.log or log)("debug", "BOSH client now active again at %d", os_time()); + inactive_sessions[session] = nil; + end + if session.notopen then local features = st.stanza("stream:features"); fire_event("stream-features", session, features); @@ -200,7 +237,33 @@ function on_timer() end end end + + now = now - 3; + for session, inactive_since in pairs(inactive_sessions) do + if session.bosh_max_inactive then + if now - inactive_since > session.bosh_max_inactive then + (session.log or log)("debug", "BOSH client inactive too long, destroying session at %d", now); + sessions[session.sid] = nil; + inactive_sessions[session] = nil; + sm_destroy_session(session, "BOSH client silent for over "..session.bosh_max_inactive.." seconds"); + end + else + inactive_sessions[session] = nil; + end + end +end + +local ports = config.get(module.host, "core", "bosh_ports") or { 5280 }; +for _, options in ipairs(ports) do + local port, base, ssl, interface = 5280, "http-bind", false, nil; + if type(options) == "number" then + port = options; + elseif type(options) == "table" then + port, base, ssl, interface = options.port or 5280, options.path or "http-bind", options.ssl or false, options.interface; + elseif type(options) == "string" then + base = options; + end + httpserver.new{ port = port, base = base, handler = handle_request, ssl = ssl } end -httpserver.new{ port = 5280, base = "http-bind", handler = handle_request, ssl = false} server.addtimer(on_timer); diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua index 02a9fd78..2bcdab43 100644 --- a/plugins/mod_httpserver.lua +++ b/plugins/mod_httpserver.lua @@ -1,4 +1,6 @@ +local httpserver = require "net.httpserver"; + local open = io.open; local t_concat = table.concat; diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 377bf153..44bbf700 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -23,6 +23,7 @@ local st = require "util.stanza"; local usermanager_user_exists = require "core.usermanager".user_exists; local usermanager_create_user = require "core.usermanager".create_user; local datamanager_store = require "util.datamanager".store; +local os_time = os.time; module:add_feature("jabber:iq:register"); @@ -93,6 +94,15 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza) end; end); +local recent_ips = {}; +local min_seconds_between_registrations = config.get(module.host, "core", "min_seconds_between_registrations"); +local whitelist_only = config.get(module.host, "core", "whitelist_registration_only"); +local whitelisted_ips = config.get(module.host, "core", "registration_whitelist") or { "127.0.0.1" }; +local blacklisted_ips = config.get(module.host, "core", "registration_blacklist") or {}; + +for _, ip in ipairs(whitelisted_ips) do whitelisted_ips[ip] = true; end +for _, ip in ipairs(blacklisted_ips) do blacklisted_ips[ip] = true; end + module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, stanza) if config.get(module.host, "core", "allow_registration") == false then session.send(st.error_reply(stanza, "cancel", "service-unavailable")); @@ -112,6 +122,26 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s local username = query:child_with_name("username"); local password = query:child_with_name("password"); if username and password then + -- Check that the user is not blacklisted or registering too often + if blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then + session.send(st.error_reply(stanza, "cancel", "not-acceptable")); + return; + elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then + if not recent_ips[session.ip] then + recent_ips[session.ip] = { time = os_time(), count = 1 }; + else + + local ip = recent_ips[session.ip]; + ip.count = ip.count + 1; + + if os_time() - ip.time < min_seconds_between_registrations then + ip.time = os_time(); + session.send(st.error_reply(stanza, "cancel", "not-acceptable")); + return; + end + ip.time = os_time(); + end + end -- FIXME shouldn't use table.concat username = table.concat(username); password = table.concat(password); |