18 files changed, 530 insertions, 140 deletions

diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index 2aa9bd9b..66560d44 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -154,6 +154,14 @@ function console_listener.onincoming(conn, data)
 	session.partial_data = data:match("[^\n]+$");
 end
 
+function console_listener.onreadtimeout(conn)
+	local session = sessions[conn];
+	if session then
+		session.send("\0");
+		return true;
+	end
+end
+
 function console_listener.ondisconnect(conn, err)
 	local session = sessions[conn];
 	if session then
@@ -212,9 +220,11 @@ function commands.help(session, data)
 		print [[c2s:show(jid) - Show all client sessions with the specified JID (or all if no JID given)]]
 		print [[c2s:show_insecure() - Show all unencrypted client connections]]
 		print [[c2s:show_secure() - Show all encrypted client connections]]
+		print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]]
 		print [[c2s:close(jid) - Close all sessions for the specified JID]]
 	elseif section == "s2s" then
 		print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]]
+		print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]]
 		print [[s2s:close(from, to) - Close a connection from one domain to another]]
 		print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]]
 	elseif section == "module" then
@@ -471,22 +481,28 @@ function def_env.config:reload()
 	return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err);
 end
 
-def_env.hosts = {};
-function def_env.hosts:list()
-	for host, host_session in pairs(hosts) do
-		self.session.print(host);
+local function common_info(session, line)
+	if session.id then
+		line[#line+1] = "["..session.id.."]"
+	else
+		line[#line+1] = "["..session.type..(tostring(session):match("%x*$")).."]"
 	end
-	return true, "Done";
-end
-
-function def_env.hosts:add(name)
 end
 
 local function session_flags(session, line)
 	line = line or {};
+	common_info(session, line);
+	if session.type == "c2s" then
+		local status, priority = "unavailable", tostring(session.priority or "-");
+		if session.presence then
+			status = session.presence:get_child_text("show") or "available";
+		end
+		line[#line+1] = status.."("..priority..")";
+	end
 	if session.cert_identity_status == "valid" then
-		line[#line+1] = "(secure)";
-	elseif session.secure then
+		line[#line+1] = "(authenticated)";
+	end
+	if session.secure then
 		line[#line+1] = "(encrypted)";
 	end
 	if session.compressed then
@@ -501,6 +517,23 @@ local function session_flags(session, line)
 	return table.concat(line, " ");
 end
 
+local function tls_info(session, line)
+	line = line or {};
+	common_info(session, line);
+	if session.secure then
+		local sock = session.conn and session.conn.socket and session.conn:socket();
+		if sock and sock.info then
+			local info = sock:info();
+			line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher);
+		else
+			line[#line+1] = "(cipher info unavailable)";
+		end
+	else
+		line[#line+1] = "(insecure)";
+	end
+	return table.concat(line, " ");
+end
+
 def_env.c2s = {};
 
 local function show_c2s(callback)
@@ -524,8 +557,9 @@ function def_env.c2s:count(match_jid)
 	return true, "Total: "..count.." clients";
 end
 
-function def_env.c2s:show(match_jid)
+function def_env.c2s:show(match_jid, annotate)
 	local print, count = self.session.print, 0;
+	annotate = annotate or session_flags;
 	local curr_host;
 	show_c2s(function (jid, session)
 		if curr_host ~= session.host then
@@ -534,11 +568,7 @@ function def_env.c2s:show(match_jid)
 		end
 		if (not match_jid) or jid:match(match_jid) then
 			count = count + 1;
-			local status, priority = "unavailable", tostring(session.priority or "-");
-			if session.presence then
-				status = session.presence:get_child_text("show") or "available";
-			end
-			print(session_flags(session, { "   "..jid.." - "..status.."("..priority..")" }));
+			print(annotate(session, { "  ", jid }));
 		end
 	end);
 	return true, "Total: "..count.." clients";
@@ -566,6 +596,10 @@ function def_env.c2s:show_secure(match_jid)
 	return true, "Total: "..count.." secure client connections";
 end
 
+function def_env.c2s:show_tls(match_jid)
+	return self:show(match_jid, tls_info);
+end
+
 function def_env.c2s:close(match_jid)
 	local count = 0;
 	show_c2s(function (jid, session)
@@ -579,8 +613,9 @@ end
 
 
 def_env.s2s = {};
-function def_env.s2s:show(match_jid)
+function def_env.s2s:show(match_jid, annotate)
 	local print = self.session.print;
+	annotate = annotate or session_flags;
 
 	local count_in, count_out = 0,0;
 	local s2s_list = { };
@@ -598,8 +633,7 @@ function def_env.s2s:show(match_jid)
 			remotehost, localhost = session.from_host or "?", session.to_host or "?";
 		end
 		local sess_lines = { l = localhost, r = remotehost,
-			session_flags(session, { "", direction, remotehost or "?",
-				"["..session.type..tostring(session):match("[a-f0-9]*$").."]" })};
+			annotate(session, { "", direction, remotehost or "?" })};
 
 		if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then
 			table.insert(s2s_list, sess_lines);
@@ -654,6 +688,10 @@ function def_env.s2s:show(match_jid)
 	return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections";
 end
 
+function def_env.s2s:show_tls(match_jid)
+	return self:show(match_jid, tls_info);
+end
+
 local function print_subject(print, subject)
 	for _, entry in ipairs(subject) do
 		print(
@@ -823,9 +861,19 @@ end
 function def_env.host:list()
 	local print = self.session.print;
 	local i = 0;
+	local type;
 	for host in values(array.collect(keys(prosody.hosts)):sort()) do
 		i = i + 1;
-		print(host);
+		type = hosts[host].type;
+		if type == "local" then
+			print(host);
+		else
+			type = module:context(host):get_option_string("component_module", type);
+			if type ~= "component" then
+				type = type .. " component";
+			end
+			print(("%s (%s)"):format(host, type));
+		end
 	end
 	return true, i.." hosts";
 end
@@ -896,6 +944,9 @@ end
 
 function def_env.muc:create(room_jid)
 	local room, host = check_muc(room_jid);
+	if not room_name then
+		return room_name, host;
+	end
 	if not room then return nil, host end
 	if hosts[host].modules.muc.rooms[room_jid] then return nil, "Room exists already" end
 	return hosts[host].modules.muc.create_room(room_jid);
@@ -903,6 +954,9 @@ end
 
 function def_env.muc:room(room_jid)
 	local room_name, host = check_muc(room_jid);
+	if not room_name then
+		return room_name, host;
+	end
 	local room_obj = hosts[host].modules.muc.rooms[room_jid];
 	if not room_obj then
 		return nil, "No such room: "..room_jid;
@@ -910,6 +964,19 @@ function def_env.muc:room(room_jid)
 	return setmetatable({ room = room_obj }, console_room_mt);
 end
 
+function def_env.muc:list(host)
+	local host_session = hosts[host];
+	if not host_session or not host_session.modules.muc then
+		return nil, "Please supply the address of a local MUC component";
+	end
+	local c = 0;
+	for name in keys(host_session.modules.muc.rooms) do
+		print(name);
+		c = c + 1;
+	end
+	return true, c.." rooms";
+end
+
 local um = require"core.usermanager";
 
 def_env.user = {};
diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua
index c877d532..8de46f8c 100644
--- a/plugins/mod_auth_anonymous.lua
+++ b/plugins/mod_auth_anonymous.lua
@@ -43,7 +43,7 @@ function provider.get_sasl_handler()
 end
 
 function provider.users()
-	return next, hosts[host].sessions, nil;
+	return next, hosts[module.host].sessions, nil;
 end
 
 -- datamanager callback to disable writes
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index fb87bb9f..954392c9 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -7,6 +7,8 @@
 -- COPYING file in the source package for more information.
 --
 
+local max = math.max;
+
 local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1;
 local usermanager = require "core.usermanager";
 local generate_uuid = require "util.uuid".generate;
@@ -39,7 +41,7 @@ end
 
 
 -- Default; can be set per-user
-local iteration_count = 4096;
+local default_iteration_count = 4096;
 
 -- define auth provider
 local provider = {};
@@ -80,8 +82,8 @@ function provider.set_password(username, password)
 	log("debug", "set_password for username '%s'", username);
 	local account = accounts:get(username);
 	if account then
-		account.salt = account.salt or generate_uuid();
-		account.iteration_count = account.iteration_count or iteration_count;
+		account.salt = generate_uuid();
+		account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
 		local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
 		local stored_key_hex = to_hex(stored_key);
 		local server_key_hex = to_hex(server_key);
@@ -113,10 +115,10 @@ function provider.create_user(username, password)
 		return accounts:set(username, {});
 	end
 	local salt = generate_uuid();
-	local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, iteration_count);
+	local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
 	local stored_key_hex = to_hex(stored_key);
 	local server_key_hex = to_hex(server_key);
-	return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = iteration_count});
+	return accounts:set(username, {stored_key = stored_key_hex, server_key = server_key_hex, salt = salt, iteration_count = default_iteration_count});
 end
 
 function provider.delete_user(username)
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index 7a8af406..f0cdd7fb 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -174,19 +174,6 @@ local function session_close(session, reason)
 	end
 end
 
-local function session_open_stream(session)
-	local attr = {
-		["xmlns:stream"] = 'http://etherx.jabber.org/streams',
-		xmlns = stream_callbacks.default_ns,
-		version = "1.0",
-		["xml:lang"] = 'en',
-		id = session.streamid or "",
-		from = session.host
-	};
-	session.send("<?xml version='1.0'?>");
-	session.send(st.stanza("stream:stream", attr):top_tag());
-end
-
 module:hook_global("user-deleted", function(event)
 	local username, host = event.username, event.host;
 	local user = hosts[host].sessions[username];
@@ -234,7 +221,6 @@ function listener.onconnect(conn)
 		conn:setoption("keepalive", opt_keepalives);
 	end
 
-	session.open_stream = session_open_stream;
 	session.close = session_close;
 
 	local stream = new_xmpp_stream(session, stream_callbacks);
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
index 1497b12f..297609d8 100644
--- a/plugins/mod_component.lua
+++ b/plugins/mod_component.lua
@@ -177,9 +177,7 @@ function stream_callbacks.streamopened(session, attr)
 	session.streamid = uuid_gen();
 	session.notopen = nil;
 	-- Return stream header
-	session.send("<?xml version='1.0'?>");
-	session.send(st.stanza("stream:stream", { xmlns=xmlns_component,
-			["xmlns:stream"]='http://etherx.jabber.org/streams', id=session.streamid, from=session.host }):top_tag());
+	session:open_stream();
 end
 
 function stream_callbacks.streamclosed(session)
diff --git a/plugins/mod_compression.lua b/plugins/mod_compression.lua
index f44e8a6d..969172fd 100644
--- a/plugins/mod_compression.lua
+++ b/plugins/mod_compression.lua
@@ -26,7 +26,7 @@ end
 
 module:hook("stream-features", function(event)
 	local origin, features = event.origin, event.features;
-	if not origin.compressed and (origin.type == "c2s" or origin.type == "s2sin" or origin.type == "s2sout") then
+	if not origin.compressed and origin.type == "c2s" then
 		-- FIXME only advertise compression support when TLS layer has no compression enabled
 		features:add_child(compression_stream_feature);
 	end
@@ -35,7 +35,7 @@ end);
 module:hook("s2s-stream-features", function(event)
 	local origin, features = event.origin, event.features;
 	-- FIXME only advertise compression support when TLS layer has no compression enabled
-	if not origin.compressed and (origin.type == "c2s" or origin.type == "s2sin" or origin.type == "s2sout") then
+	if not origin.compressed and origin.type == "s2sin" then
 		features:add_child(compression_stream_feature);
 	end
 end);
@@ -43,13 +43,13 @@ end);
 -- Hook to activate compression if remote server supports it.
 module:hook_stanza(xmlns_stream, "features",
 		function (session, stanza)
-			if not session.compressed and (session.type == "c2s" or session.type == "s2sin" or session.type == "s2sout") then
+			if not session.compressed and session.type == "s2sout" then
 				-- does remote server support compression?
-				local comp_st = stanza:child_with_name("compression");
+				local comp_st = stanza:get_child("compression", xmlns_compression_feature);
 				if comp_st then
 					-- do we support the mechanism
-					for a in comp_st:children() do
-						local algorithm = a[1]
+					for a in comp_st:childtags("method") do
+						local algorithm = a:get_text();
 						if algorithm == "zlib" then
 							session.sends2s(st.stanza("compress", {xmlns=xmlns_compression_protocol}):tag("method"):text("zlib"))
 							session.log("debug", "Enabled compression using zlib.")
@@ -125,8 +125,8 @@ end
 
 module:hook("stanza/http://jabber.org/protocol/compress:compressed", function(event)
 	local session = event.origin;
-
-	if session.type == "s2sout_unauthed" or session.type == "s2sout" then
+	
+	if session.type == "s2sout" then
 		session.log("debug", "Activating compression...")
 		-- create deflate and inflate streams
 		local deflate_stream = get_deflate_stream(session);
@@ -150,7 +150,7 @@ end);
 module:hook("stanza/http://jabber.org/protocol/compress:compress", function(event)
 	local session, stanza = event.origin, event.stanza;
 
-	if session.type == "c2s" or session.type == "s2sin" or session.type == "c2s_unauthed" or session.type == "s2sin_unauthed" then
+	if session.type == "c2s" or session.type == "s2sin" then
 		-- fail if we are already compressed
 		if session.compressed then
 			local error_st = st.stanza("failure", {xmlns=xmlns_compression_protocol}):tag("setup-failed");
@@ -160,8 +160,7 @@ module:hook("stanza/http://jabber.org/protocol/compress:compress", function(even
 		end
 
 		-- checking if the compression method is supported
-		local method = stanza:child_with_name("method");
-		method = method and (method[1] or "");
+		local method = stanza:get_child_text("method");
 		if method == "zlib" then
 			session.log("debug", "zlib compression enabled.");
 
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 95933da5..49529ea2 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -42,7 +42,7 @@ local function get_base_path(host_module, app_name, default_app_path)
 	return (normalize_path(host_module:get_option("http_paths", {})[app_name] -- Host
 		or module:get_option("http_paths", {})[app_name] -- Global
 		or default_app_path)) -- Default
-		:gsub("%$(%w+)", { host = module.host });
+		:gsub("%$(%w+)", { host = host_module.host });
 end
 
 local ports_by_scheme = { http = 80, https = 443, };
@@ -51,6 +51,9 @@ local ports_by_scheme = { http = 80, https = 443, };
 function moduleapi.http_url(module, app_name, default_path)
 	app_name = app_name or (module.name:gsub("^http_", ""));
 	local external_url = url_parse(module:get_option_string("http_external_url")) or {};
+	if external_url.scheme and external_url.port == nil then
+		external_url.port = ports_by_scheme[external_url.scheme];
+	end
 	local services = portmanager.get_active_services();
 	local http_services = services:get("https") or services:get("http") or {};
 	for interface, ports in pairs(http_services) do
@@ -139,7 +142,13 @@ module:provides("net", {
 	listener = server.listener;
 	default_port = 5281;
 	encryption = "ssl";
-	ssl_config = { verify = "none" };
+	ssl_config = {
+		verify = {
+			peer = false,
+			client_once = false,
+			"none",
+		}
+	};
 	multiplex = {
 		pattern = "^[A-Z]";
 	};
diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua
index dd04853b..2e9f4182 100644
--- a/plugins/mod_http_files.lua
+++ b/plugins/mod_http_files.lua
@@ -14,6 +14,7 @@ local os_date = os.date;
 local open = io.open;
 local stat = lfs.attributes;
 local build_path = require"socket.url".build_path;
+local path_sep = package.config:sub(1,1);
 
 local base_path = module:get_option_string("http_files_dir", module:get_option_string("http_path"));
 local dir_indices = module:get_option("http_index_files", { "index.html", "index.htm" });
@@ -61,7 +62,7 @@ function serve(opts)
 		local request, response = event.request, event.response;
 		local orig_path = request.path;
 		local full_path = base_path .. (path and "/"..path or "");
-		local attr = stat(full_path);
+		local attr = stat((full_path:gsub('%'..path_sep..'+$','')));
 		if not attr then
 			return 404;
 		end
diff --git a/plugins/mod_pep_plus.lua b/plugins/mod_pep_plus.lua
new file mode 100644
index 00000000..ee57e647
--- /dev/null
+++ b/plugins/mod_pep_plus.lua
@@ -0,0 +1,368 @@
+local pubsub = require "util.pubsub";
+local jid_bare = require "util.jid".bare;
+local jid_split = require "util.jid".split;
+local set_new = require "util.set".new;
+local st = require "util.stanza";
+local calculate_hash = require "util.caps".calculate_hash;
+local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
+
+local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
+local xmlns_pubsub_event = "http://jabber.org/protocol/pubsub#event";
+local xmlns_pubsub_owner = "http://jabber.org/protocol/pubsub#owner";
+
+local lib_pubsub = module:require "pubsub";
+local handlers = lib_pubsub.handlers;
+local pubsub_error_reply = lib_pubsub.pubsub_error_reply;
+
+local services = {};
+local recipients = {};
+local hash_map = {};
+
+function module.save()
+	return { services = services };
+end
+
+function module.restore(data)
+	services = data.services;
+end
+
+local function subscription_presence(user_bare, recipient)
+	local recipient_bare = jid_bare(recipient);
+	if (recipient_bare == user_bare) then return true; end
+	local username, host = jid_split(user_bare);
+	return is_contact_subscribed(username, host, recipient_bare);
+end
+
+local function get_broadcaster(name)
+	local function simple_broadcast(kind, node, jids, item)
+		if item then
+			item = st.clone(item);
+			item.attr.xmlns = nil; -- Clear the pubsub namespace
+		end
+		local message = st.message({ from = name, type = "headline" })
+			:tag("event", { xmlns = xmlns_pubsub_event })
+				:tag(kind, { node = node })
+					:add_child(item);
+		for jid in pairs(jids) do
+			module:log("debug", "Sending notification to %s from %s: %s", jid, name, tostring(item));
+			message.attr.to = jid;
+			module:send(message);
+		end
+	end
+	return simple_broadcast;
+end
+
+function get_pep_service(name)
+	if services[name] then
+		return services[name];
+	end
+	services[name] = pubsub.new({
+		capabilities = {
+			none = {
+				create = false;
+				publish = false;
+				retract = false;
+				get_nodes = false;
+
+				subscribe = false;
+				unsubscribe = false;
+				get_subscription = false;
+				get_subscriptions = false;
+				get_items = false;
+
+				subscribe_other = false;
+				unsubscribe_other = false;
+				get_subscription_other = false;
+				get_subscriptions_other = false;
+
+				be_subscribed = true;
+				be_unsubscribed = true;
+
+				set_affiliation = false;
+			};
+			subscriber = {
+				create = false;
+				publish = false;
+				retract = false;
+				get_nodes = true;
+
+				subscribe = true;
+				unsubscribe = true;
+				get_subscription = true;
+				get_subscriptions = true;
+				get_items = true;
+
+				subscribe_other = false;
+				unsubscribe_other = false;
+				get_subscription_other = false;
+				get_subscriptions_other = false;
+
+				be_subscribed = true;
+				be_unsubscribed = true;
+
+				set_affiliation = false;
+			};
+			publisher = {
+				create = false;
+				publish = true;
+				retract = true;
+				get_nodes = true;
+
+				subscribe = true;
+				unsubscribe = true;
+				get_subscription = true;
+				get_subscriptions = true;
+				get_items = true;
+
+				subscribe_other = false;
+				unsubscribe_other = false;
+				get_subscription_other = false;
+				get_subscriptions_other = false;
+
+				be_subscribed = true;
+				be_unsubscribed = true;
+
+				set_affiliation = false;
+			};
+			owner = {
+				create = true;
+				publish = true;
+				retract = true;
+				delete = true;
+				get_nodes = true;
+
+				subscribe = true;
+				unsubscribe = true;
+				get_subscription = true;
+				get_subscriptions = true;
+				get_items = true;
+
+
+				subscribe_other = true;
+				unsubscribe_other = true;
+				get_subscription_other = true;
+				get_subscriptions_other = true;
+
+				be_subscribed = true;
+				be_unsubscribed = true;
+
+				set_affiliation = true;
+			};
+		};
+
+		autocreate_on_publish = true;
+		autocreate_on_subscribe = true;
+
+		broadcaster = get_broadcaster(name);
+		get_affiliation = function (jid)
+			if jid_bare(jid) == name then
+				return "owner";
+			elseif subscription_presence(name, jid) then
+				return "subscriber";
+			end
+		end;
+
+		normalize_jid = jid_bare;
+	});
+	return services[name];
+end
+
+function handle_pubsub_iq(event)
+	local origin, stanza = event.origin, event.stanza;
+	local pubsub = stanza.tags[1];
+	local action = pubsub.tags[1];
+	if not action then
+		return origin.send(st.error_reply(stanza, "cancel", "bad-request"));
+	end
+	local service_name = stanza.attr.to or origin.username.."@"..origin.host
+	local service = get_pep_service(service_name);
+	local handler = handlers[stanza.attr.type.."_"..action.name];
+	if handler then
+		handler(origin, stanza, action, service);
+		return true;
+	end
+end
+
+module:hook("iq/bare/"..xmlns_pubsub..":pubsub", handle_pubsub_iq);
+module:hook("iq/bare/"..xmlns_pubsub_owner..":pubsub", handle_pubsub_iq);
+
+module:add_identity("pubsub", "pep", module:get_option_string("name", "Prosody"));
+module:add_feature("http://jabber.org/protocol/pubsub#publish");
+
+local function get_caps_hash_from_presence(stanza, current)
+	local t = stanza.attr.type;
+	if not t then
+		local child = stanza:get_child("c", "http://jabber.org/protocol/caps");
+		if child then
+			local attr = child.attr;
+			if attr.hash then -- new caps
+				if attr.hash == 'sha-1' and attr.node and attr.ver then
+					return attr.ver, attr.node.."#"..attr.ver;
+				end
+			else -- legacy caps
+				if attr.node and attr.ver then
+					return attr.node.."#"..attr.ver.."#"..(attr.ext or ""), attr.node.."#"..attr.ver;
+				end
+			end
+		end
+		return; -- no or bad caps
+	elseif t == "unavailable" or t == "error" then
+		return;
+	end
+	return current; -- no caps, could mean caps optimization, so return current
+end
+
+local function resend_last_item(jid, node, service)
+	local ok, items = service:get_items(node, jid);
+	if not ok then return; end
+	for i, id in ipairs(items) do
+		service.config.broadcaster("items", node, { [jid] = true }, items[id]);
+	end
+end
+
+local function update_subscriptions(recipient, service_name, nodes)
+	local service = get_pep_service(service_name);
+
+	recipients[service_name] = recipients[service_name] or {};
+	nodes = nodes or set_new();
+	local old = recipients[service_name][recipient];
+
+	if old and type(old) == table then
+		for node in pairs((old - nodes):items()) do
+			service:remove_subscription(node, recipient, recipient);
+		end
+	end
+
+	for node in nodes:items() do
+		service:add_subscription(node, recipient, recipient);
+		resend_last_item(recipient, node, service);
+	end
+	recipients[service_name][recipient] = nodes;
+end
+
+module:hook("presence/bare", function(event)
+	-- inbound presence to bare JID recieved
+	local origin, stanza = event.origin, event.stanza;
+	local user = stanza.attr.to or (origin.username..'@'..origin.host);
+	local t = stanza.attr.type;
+	local self = not stanza.attr.to;
+	local service = get_pep_service(user);
+
+	if not t then -- available presence
+		if self or subscription_presence(user, stanza.attr.from) then
+			local recipient = stanza.attr.from;
+			local current = recipients[user] and recipients[user][recipient];
+			local hash, query_node = get_caps_hash_from_presence(stanza, current);
+			if current == hash or (current and current == hash_map[hash]) then return; end
+			if not hash then
+				update_subscriptions(recipient, user);
+			else
+				recipients[user] = recipients[user] or {};
+				if hash_map[hash] then
+					update_subscriptions(recipient, user, hash_map[hash]);
+				else
+					recipients[user][recipient] = hash;
+					local from_bare = origin.type == "c2s" and origin.username.."@"..origin.host;
+					if self or origin.type ~= "c2s" or (recipients[from_bare] and recipients[from_bare][origin.full_jid]) ~= hash then
+						-- COMPAT from ~= stanza.attr.to because OneTeam can't deal with missing from attribute
+						origin.send(
+							st.stanza("iq", {from=user, to=stanza.attr.from, id="disco", type="get"})
+								:tag("query", {xmlns = "http://jabber.org/protocol/disco#info", node = query_node})
+						);
+					end
+				end
+			end
+		end
+	elseif t == "unavailable" then
+		update_subscriptions(stanza.attr.from, user);
+	elseif not self and t == "unsubscribe" then
+		local from = jid_bare(stanza.attr.from);
+		local subscriptions = recipients[user];
+		if subscriptions then
+			for subscriber in pairs(subscriptions) do
+				if jid_bare(subscriber) == from then
+					update_subscriptions(subscriber, user);
+				end
+			end
+		end
+	end
+end, 10);
+
+module:hook("iq-result/bare/disco", function(event)
+	local origin, stanza = event.origin, event.stanza;
+	local disco = stanza:get_child("query", "http://jabber.org/protocol/disco#info");
+	if not disco then
+		return;
+	end
+
+	-- Process disco response
+	local self = not stanza.attr.to;
+	local user = stanza.attr.to or (origin.username..'@'..origin.host);
+	local contact = stanza.attr.from;
+	local current = recipients[user] and recipients[user][contact];
+	if type(current) ~= "string" then return; end -- check if waiting for recipient's response
+	local ver = current;
+	if not string.find(current, "#") then
+		ver = calculate_hash(disco.tags); -- calculate hash
+	end
+	local notify = set_new();
+	for _, feature in pairs(disco.tags) do
+		if feature.name == "feature" and feature.attr.var then
+			local nfeature = feature.attr.var:match("^(.*)%+notify$");
+			if nfeature then notify:add(nfeature); end
+		end
+	end
+	hash_map[ver] = notify; -- update hash map
+	if self then
+		for jid, item in pairs(origin.roster) do -- for all interested contacts
+			if item.subscription == "both" or item.subscription == "from" then
+				if not recipients[jid] then recipients[jid] = {}; end
+				update_subscriptions(contact, jid, notify);
+			end
+		end
+	end
+	update_subscriptions(contact, user, notify);
+end);
+
+module:hook("account-disco-info-node", function(event)
+	local reply, stanza, origin = event.reply, event.stanza, event.origin;
+	local service_name = stanza.attr.to or origin.username.."@"..origin.host
+	local service = get_pep_service(service_name);
+	local node = event.node;
+	local ok = service:get_items(node, jid_bare(stanza.attr.from) or true);
+	if not ok then return; end
+	event.exists = true;
+	reply:tag('identity', {category='pubsub', type='leaf'}):up();
+end);
+
+module:hook("account-disco-info", function(event)
+	local reply = event.reply;
+	reply:tag('identity', {category='pubsub', type='pep'}):up();
+	reply:tag('feature', {var='http://jabber.org/protocol/pubsub#publish'}):up();
+end);
+
+module:hook("account-disco-items-node", function(event)
+	local reply, stanza, origin = event.reply, event.stanza, event.origin;
+	local node = event.node;
+	local service_name = stanza.attr.to or origin.username.."@"..origin.host
+	local service = get_pep_service(service_name);
+	local ok, ret = service:get_items(node, jid_bare(stanza.attr.from) or true);
+	if not ok then return; end
+	event.exists = true;
+	for _, id in ipairs(ret) do
+		reply:tag("item", { jid = service_name, name = id }):up();
+	end
+end);
+
+module:hook("account-disco-items", function(event)
+	local reply, stanza, origin = event.reply, event.stanza, event.origin;
+
+	local service_name = reply.attr.from or origin.username.."@"..origin.host
+	local service = get_pep_service(service_name);
+	local ok, ret = service:get_nodes(jid_bare(stanza.attr.from));
+	if not ok then return; end
+
+	for node, node_obj in pairs(ret) do
+		reply:tag("item", { jid = service_name, node = node, name = node_obj.config.name }):up();
+	end
+end);
diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua
index 69542c96..89d6d2b6 100644
--- a/plugins/mod_posix.lua
+++ b/plugins/mod_posix.lua
@@ -129,14 +129,6 @@ end
 require "core.loggingmanager".register_sink_type("syslog", syslog_sink_maker);
 
 local daemonize = module:get_option("daemonize", prosody.installed);
-if daemonize == nil then
-	local no_daemonize = module:get_option("no_daemonize"); --COMPAT w/ 0.5
-	daemonize = not no_daemonize;
-	if no_daemonize ~= nil then
-		module:log("warn", "The 'no_daemonize' option is now replaced by 'daemonize'");
-		module:log("warn", "Update your config from 'no_daemonize = %s' to 'daemonize = %s'", tostring(no_daemonize), tostring(daemonize));
-	end
-end
 
 local function remove_log_sinks()
 	local lm = require "core.loggingmanager";
diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua
index 2ed9faac..73527cbc 100644
--- a/plugins/mod_proxy65.lua
+++ b/plugins/mod_proxy65.lua
@@ -101,27 +101,10 @@ function module.add_host(module)
 		module:log("warn", "proxy65_port is deprecated, please put proxy65_ports = { %d } into the global section instead", legacy_config);
 	end
 
+	module:depends("disco");
 	module:add_identity("proxy", "bytestreams", name);
 	module:add_feature("http://jabber.org/protocol/bytestreams");
 
-	module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
-		local origin, stanza = event.origin, event.stanza;
-		if not stanza.tags[1].attr.node then
-			origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#info")
-				:tag("identity", {category='proxy', type='bytestreams', name=name}):up()
-				:tag("feature", {var="http://jabber.org/protocol/bytestreams"}) );
-			return true;
-		end
-	end, -1);
-
-	module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event)
-		local origin, stanza = event.origin, event.stanza;
-		if not stanza.tags[1].attr.node then
-			origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#items"));
-			return true;
-		end
-	end, -1);
-
 	module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event)
 		local origin, stanza = event.origin, event.stanza;
 
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index c6dbe831..33e729af 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -100,7 +100,7 @@ module:hook("host-disco-items-node", function (event)
 		return;
 	end
 
-	for id, item in pairs(ret) do
+	for _, id in ipairs(ret) do
 		reply:tag("item", { jid = module.host, name = id }):up();
 	end
 	event.exists = true;
diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua
index 2b015e34..4e9acd68 100644
--- a/plugins/mod_pubsub/pubsub.lib.lua
+++ b/plugins/mod_pubsub/pubsub.lib.lua
@@ -42,8 +42,8 @@ function handlers.get_items(origin, stanza, items, service)
 	end
 
 	local data = st.stanza("items", { node = node });
-	for _, entry in pairs(results) do
-		data:add_child(entry);
+	for _, id in ipairs(results) do
+		data:add_child(results[id]);
 	end
 	local reply;
 	if data then
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 5531ca3e..3de59d35 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -150,6 +150,13 @@ function module.add_host(module)
 	module:hook("route/remote", route_to_new_session, -10);
 	module:hook("s2s-authenticated", make_authenticated, -1);
 	module:hook("s2s-read-timeout", keepalive, -1);
+	module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza)
+		if session.type == "s2sout" then
+			-- Stream is authenticated and we are seem to be done with feature negotiation,
+			-- so the stream is ready for stanzas.  RFC 6120 Section 4.3
+			mark_connected(session);
+		end
+	end, -1);
 end
 
 -- Stream is authorised, and ready for normal stanzas
@@ -219,7 +226,10 @@ function make_authenticated(event)
 	end
 	session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host);
 
-	mark_connected(session);
+	if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then
+		-- Stream either used dialback for authentication or is an incoming stream.
+		mark_connected(session);
+	end
 
 	return true;
 end
@@ -510,27 +520,16 @@ local function session_close(session, reason, remote_reason)
 	end
 end
 
-function session_open_stream(session, from, to)
-	local attr = {
-		["xmlns:stream"] = 'http://etherx.jabber.org/streams',
-		xmlns = 'jabber:server',
-		version = session.version and (session.version > 0 and "1.0" or nil),
-		["xml:lang"] = 'en',
-		id = session.streamid,
-		from = from, to = to,
-	}
+function session_stream_attrs(session, from, to, attr)
 	if not from or (hosts[from] and hosts[from].modules.dialback) then
 		attr["xmlns:db"] = 'jabber:server:dialback';
 	end
-
-	session.sends2s("<?xml version='1.0'?>");
-	session.sends2s(st.stanza("stream:stream", attr):top_tag());
-	return true;
 end
 
 -- Session initialization logic shared by incoming and outgoing
 local function initialize_session(session)
 	local stream = new_xmpp_stream(session, stream_callbacks);
+	local log = session.log or log;
 	session.stream = stream;
 
 	session.notopen = true;
@@ -540,16 +539,32 @@ local function initialize_session(session)
 		session.stream:reset();
 	end
 
-	session.open_stream = session_open_stream;
+	session.stream_attrs = session_stream_attrs;
+
+	local filter = initialize_filters(session);
+	local conn = session.conn;
+	local w = conn.write;
+
+	function session.sends2s(t)
+		log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^[^>]*>?"));
+		if t.name then
+			t = filter("stanzas/out", t);
+		end
+		if t then
+			t = filter("bytes/out", tostring(t));
+			if t then
+				return w(conn, t);
+			end
+		end
+	end
 
-	local filter = session.filter;
 	function session.data(data)
 		data = filter("bytes/in", data);
 		if data then
 			local ok, err = stream:feed(data);
 			if ok then return; end
-			(session.log or log)("warn", "Received invalid XML: %s", data);
-			(session.log or log)("warn", "Problem was: %s", err);
+			log("warn", "Received invalid XML: %s", data);
+			log("warn", "Problem was: %s", err);
 			session:close("not-well-formed");
 		end
 	end
@@ -561,6 +576,8 @@ local function initialize_session(session)
 		return handlestanza(session, stanza);
 	end
 
+	module:fire_event("s2s-created", { session = session });
+
 	add_task(connect_timeout, function ()
 		if session.type == "s2sin" or session.type == "s2sout" then
 			return; -- Ok, we're connected
@@ -581,22 +598,6 @@ function listener.onconnect(conn)
 		session = s2s_new_incoming(conn);
 		sessions[conn] = session;
 		session.log("debug", "Incoming s2s connection");
-
-		local filter = initialize_filters(session);
-		local w = conn.write;
-		session.sends2s = function (t)
-			log("debug", "sending: %s", t.top_tag and t:top_tag() or t:match("^([^>]*>?)"));
-			if t.name then
-				t = filter("stanzas/out", t);
-			end
-			if t then
-				t = filter("bytes/out", tostring(t));
-				if t then
-					return w(conn, t);
-				end
-			end
-		end
-
 		initialize_session(session);
 	else -- Outgoing session connected
 		session:open_stream(session.from_host, session.to_host);
@@ -644,7 +645,6 @@ function listener.onreadtimeout(conn)
 end
 
 function listener.register_outgoing(conn, session)
-	session.direction = "outgoing";
 	sessions[conn] = session;
 	initialize_session(session);
 end
diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index 42b4281c..942a618d 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -297,21 +297,6 @@ function s2sout.make_connect(host_session, connect_host, connect_port)
 	conn = wrapclient(conn, connect_host.addr, connect_port, s2s_listener, "*a");
 	host_session.conn = conn;
 
-	local filter = initialize_filters(host_session);
-	local w, log = conn.write, host_session.log;
-	host_session.sends2s = function (t)
-		log("debug", "sending: %s", (t.top_tag and t:top_tag()) or t:match("^[^>]*>?"));
-		if t.name then
-			t = filter("stanzas/out", t);
-		end
-		if t then
-			t = filter("bytes/out", tostring(t));
-			if t then
-				return w(conn, tostring(t));
-			end
-		end
-	end
-
 	-- Register this outgoing connection so that xmppserver_listener knows about it
 	-- otherwise it will assume it is a new incoming connection
 	s2s_listener.register_outgoing(conn, host_session);
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 94c060b3..df60aefa 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -197,7 +197,7 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:auth", function(event)
 		return s2s_external_auth(session, stanza)
 	end
 
-	if session.type ~= "c2s_unauthed" then return; end
+	if session.type ~= "c2s_unauthed" or module:get_host_type() ~= "local" then return; end
 
 	if session.sasl_handler and session.sasl_handler.selected then
 		session.sasl_handler = nil; -- allow starting a new SASL negotiation before completing an old one
diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua
index 1f453d42..7b810ab8 100644
--- a/plugins/mod_storage_sql.lua
+++ b/plugins/mod_storage_sql.lua
@@ -49,7 +49,7 @@ local function db2uri(params)
 end
 
 
-local resolve_relative_path = require "core.configmanager".resolve_relative_path;
+local resolve_relative_path = require "util.paths".resolve_relative_path;
 
 local function test_connection()
 	if not connection then return nil; end
diff --git a/plugins/mod_storage_sql2.lua b/plugins/mod_storage_sql2.lua
index 7a2ec4a7..249c72a7 100644
--- a/plugins/mod_storage_sql2.lua
+++ b/plugins/mod_storage_sql2.lua
@@ -2,7 +2,7 @@
 local json = require "util.json";
 local xml_parse = require "util.xml".parse;
 local uuid = require "util.uuid";
-local resolve_relative_path = require "core.configmanager".resolve_relative_path;
+local resolve_relative_path = require "util.paths".resolve_relative_path;
 
 local stanza_mt = require"util.stanza".stanza_mt;
 local getmetatable = getmetatable;
@@ -289,7 +289,7 @@ function archive_store:find(username, query)
 
 		-- Total matching
 		if query.total then
-			local stats = engine:select(sql_query:gsub("^(SELECT).-(FROM)", "%1 COUNT(*) %2"):format(t_concat(where, " AND "), "DESC", ""), unpack(args));
+			local stats = engine:select("SELECT COUNT(*) FROM `prosodyarchive` WHERE " .. t_concat(where, " AND "), unpack(args));
 			if stats then
 				local _total = stats()
 				total = _total and _total[1];