aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_admin_telnet.lua101
-rw-r--r--plugins/mod_blocklist.lua2
-rw-r--r--plugins/mod_bosh.lua59
-rw-r--r--plugins/mod_c2s.lua17
-rw-r--r--plugins/mod_component.lua4
-rw-r--r--plugins/mod_csi_simple.lua141
-rw-r--r--plugins/mod_http.lua36
-rw-r--r--plugins/mod_http_errors.lua25
-rw-r--r--plugins/mod_http_files.lua171
-rw-r--r--plugins/mod_limits.lua27
-rw-r--r--plugins/mod_mam/mod_mam.lua37
-rw-r--r--plugins/mod_mimicking.lua85
-rw-r--r--plugins/mod_muc_mam.lua50
-rw-r--r--plugins/mod_pep.lua15
-rw-r--r--plugins/mod_pep_simple.lua1
-rw-r--r--plugins/mod_posix.lua14
-rw-r--r--plugins/mod_presence.lua12
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua7
-rw-r--r--plugins/mod_s2s/mod_s2s.lua6
-rw-r--r--plugins/mod_s2s/s2sout.lib.lua2
-rw-r--r--plugins/mod_saslauth.lua5
-rw-r--r--plugins/mod_storage_internal.lua88
-rw-r--r--plugins/mod_storage_memory.lua50
-rw-r--r--plugins/mod_storage_sql.lua168
-rw-r--r--plugins/mod_tls.lua28
-rw-r--r--plugins/mod_websocket.lua42
-rw-r--r--plugins/muc/mod_muc.lua2
-rw-r--r--plugins/muc/muc.lib.lua80
-rw-r--r--plugins/muc/subject.lib.lua6
29 files changed, 859 insertions, 422 deletions
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index 1cbe27a4..fa03840b 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -22,6 +22,7 @@ local prosody = _G.prosody;
local console_listener = { default_port = 5582; default_mode = "*a"; interface = "127.0.0.1" };
+local unpack = table.unpack or unpack; -- luacheck: ignore 113
local iterators = require "util.iterators";
local keys, values = iterators.keys, iterators.values;
local jid_bare, jid_split, jid_join = import("util.jid", "bare", "prepped_split", "join");
@@ -30,6 +31,8 @@ local cert_verify_identity = require "util.x509".verify_identity;
local envload = require "util.envload".envload;
local envloadfile = require "util.envload".envloadfile;
local has_pposix, pposix = pcall(require, "util.pposix");
+local async = require "util.async";
+local serialize = require "util.serialization".new({ fatal = false, unquoted = true});
local commands = module:shared("commands")
local def_env = module:shared("env");
@@ -47,6 +50,21 @@ end
console = {};
+local runner_callbacks = {};
+
+function runner_callbacks:ready()
+ self.data.conn:resume();
+end
+
+function runner_callbacks:waiting()
+ self.data.conn:pause();
+end
+
+function runner_callbacks:error(err)
+ module:log("error", "Traceback[telnet]: %s", err);
+end
+
+
function console:new_session(conn)
local w = function(s) conn:write(s:gsub("\n", "\r\n")); end;
local session = { conn = conn;
@@ -62,6 +80,11 @@ function console:new_session(conn)
};
session.env = setmetatable({}, default_env_mt);
+ session.thread = async.runner(function (line)
+ console:process_line(session, line);
+ session.send(string.char(0));
+ end, runner_callbacks, session);
+
-- Load up environment with helper objects
for name, t in pairs(def_env) do
if type(t) == "table" then
@@ -150,8 +173,7 @@ function console_listener.onincoming(conn, data)
for line in data:gmatch("[^\n]*[\n\004]") do
if session.closed then return end
- console:process_line(session, line);
- session.send(string.char(0));
+ session.thread:run(line);
end
session.partial_data = data:match("[^\n]+$");
end
@@ -228,6 +250,7 @@ function commands.help(session, data)
print [[c2s:show_secure() - Show all encrypted client connections]]
print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]]
print [[c2s:close(jid) - Close all sessions for the specified JID]]
+ print [[c2s:closeall() - Close all active c2s connections ]]
elseif section == "s2s" then
print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]]
print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]]
@@ -458,7 +481,12 @@ function def_env.module:list(hosts)
end
else
for _, name in ipairs(modules) do
- print(" "..name);
+ local status, status_text = modulemanager.get_module(host, name).module:get_status();
+ local status_summary = "";
+ if status == "warn" or status == "error" then
+ status_summary = (" (%s: %s)"):format(status, status_text);
+ end
+ print((" %s%s"):format(name, status_summary));
end
end
end
@@ -474,9 +502,12 @@ function def_env.config:load(filename, format)
return true, "Config loaded";
end
-function def_env.config:get(host, section, key)
+function def_env.config:get(host, key)
+ if key == nil then
+ host, key = "*", host;
+ end
local config_get = require "core.configmanager".get
- return true, tostring(config_get(host, section, key));
+ return true, serialize(config_get(host, key));
end
function def_env.config:reload()
@@ -520,6 +551,15 @@ local function session_flags(session, line)
if session.remote then
line[#line+1] = "(remote)";
end
+ if session.is_bidi then
+ line[#line+1] = "(bidi)";
+ end
+ if session.bosh_version then
+ line[#line+1] = "(bosh)";
+ end
+ if session.websocket_request then
+ line[#line+1] = "(websocket)";
+ end
return table.concat(line, " ");
end
@@ -557,6 +597,7 @@ end
local function show_c2s(callback)
local c2s = array.collect(values(module:shared"/*/c2s/sessions"));
+ c2s:append(array.collect(values(module:shared"/*/bosh/sessions")));
c2s:sort(function(a, b)
if a.host == b.host then
if a.username == b.username then
@@ -571,7 +612,9 @@ local function show_c2s(callback)
end
function def_env.c2s:count()
- return true, "Total: ".. iterators.count(values(module:shared"/*/c2s/sessions")) .." clients";
+ local c2s_count = iterators.count(values(module:shared"/*/c2s/sessions"))
+ local bosh_count = iterators.count(values(module:shared"/*/bosh/sessions"))
+ return true, "Total: ".. c2s_count + bosh_count .." clients";
end
function def_env.c2s:show(match_jid, annotate)
@@ -628,6 +671,16 @@ function def_env.c2s:close(match_jid)
return true, "Total: "..count.." sessions closed";
end
+function def_env.c2s:closeall()
+ local count = 0;
+ --luacheck: ignore 212/jid
+ show_c2s(function (jid, session)
+ count = count + 1;
+ session:close();
+ end);
+ return true, "Total: "..count.." sessions closed";
+end
+
def_env.s2s = {};
function def_env.s2s:show(match_jid, annotate)
@@ -1062,13 +1115,33 @@ end
def_env.xmpp = {};
local st = require "util.stanza";
-function def_env.xmpp:ping(localhost, remotehost)
- if prosody.hosts[localhost] then
- module:send(st.iq{ from=localhost, to=remotehost, type="get", id="ping" }
- :tag("ping", {xmlns="urn:xmpp:ping"}), prosody.hosts[localhost]);
- return true, "Sent ping";
+local new_id = require "util.id".medium;
+function def_env.xmpp:ping(localhost, remotehost, timeout)
+ localhost = select(2, jid_split(localhost));
+ remotehost = select(2, jid_split(remotehost));
+ if not localhost then
+ return nil, "Invalid sender hostname";
+ elseif not prosody.hosts[localhost] then
+ return nil, "No such local host";
+ end
+ if not remotehost then
+ return nil, "Invalid destination hostname";
+ elseif prosody.hosts[remotehost] then
+ return nil, "Both hosts are local";
+ end
+ local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()}
+ :tag("ping", {xmlns="urn:xmpp:ping"});
+ local ret, err;
+ local wait, done = async.waiter();
+ module:context(localhost):send_iq(iq, nil, timeout)
+ :next(function (ret_) ret = ret_; end,
+ function (err_) err = err_; end)
+ :finally(done);
+ wait();
+ if ret then
+ return true, "pong from " .. ret.stanza.attr.from;
else
- return nil, "No such host";
+ return false, tostring(err);
end
end
@@ -1207,7 +1280,7 @@ local function format_stat(type, value, ref_value)
--do return tostring(value) end
if type == "duration" then
if ref_value < 0.001 then
- return ("%d µs"):format(value*1000000);
+ return ("%g µs"):format(value*1000000);
elseif ref_value < 0.9 then
return ("%0.2f ms"):format(value*1000);
end
@@ -1495,7 +1568,7 @@ function def_env.stats:show(filter)
local stats, changed, extra = require "core.statsmanager".get_stats();
local available, displayed = 0, 0;
local displayed_stats = new_stats_context(self);
- for name, value in pairs(stats) do
+ for name, value in iterators.sorted_pairs(stats) do
available = available + 1;
if not filter or name:match(filter) then
displayed = displayed + 1;
diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua
index 8aca7332..2193a093 100644
--- a/plugins/mod_blocklist.lua
+++ b/plugins/mod_blocklist.lua
@@ -159,7 +159,7 @@ local function edit_blocklist(event)
local blocklist = cache[username] or get_blocklist(username);
local new_blocklist = {
- -- We set the [false] key to someting as a signal not to migrate privacy lists
+ -- We set the [false] key to something as a signal not to migrate privacy lists
[false] = blocklist[false] or { created = now; };
};
if type(blocklist[false]) == "table" then
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index d4701148..d4e980f2 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -44,16 +44,38 @@ local bosh_max_polling = module:get_option_number("bosh_max_polling", 5);
local bosh_max_wait = module:get_option_number("bosh_max_wait", 120);
local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure");
-local cross_domain = module:get_option("cross_domain_bosh", false);
+local cross_domain = module:get_option("cross_domain_bosh");
-if cross_domain == true then cross_domain = "*"; end
-if type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end
+if cross_domain ~= nil then
+ module:log("info", "The 'cross_domain_bosh' option has been deprecated");
+end
local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
-- All sessions, and sessions that have no requests open
local sessions = module:shared("sessions");
+local measure_active = module:measure("active_sessions", "amount");
+local measure_inactive = module:measure("inactive_sessions", "amount");
+local report_bad_host = module:measure("bad_host", "rate");
+local report_bad_sid = module:measure("bad_sid", "rate");
+local report_new_sid = module:measure("new_sid", "rate");
+local report_timeout = module:measure("timeout", "rate");
+
+module:hook("stats-update", function ()
+ local active = 0;
+ local inactive = 0;
+ for _, session in pairs(sessions) do
+ if #session.requests > 0 then
+ active = active + 1;
+ else
+ inactive = inactive + 1;
+ end
+ end
+ measure_active(active);
+ measure_inactive(inactive);
+end);
+
-- Used to respond to idle sessions (those with waiting requests)
function on_destroy_request(request)
log("debug", "Request destroyed: %s", tostring(request));
@@ -73,7 +95,7 @@ function on_destroy_request(request)
if session.inactive_timer then
session.inactive_timer:stop();
end
- session.inactive_timer = module:add_timer(max_inactive, check_inactive, session, request.context,
+ session.inactive_timer = module:add_timer(max_inactive, session_timeout, session, request.context,
"BOSH client silent for over "..max_inactive.." seconds");
(session.log or log)("debug", "BOSH session marked as inactive (for %ds)", max_inactive);
end
@@ -84,29 +106,14 @@ function on_destroy_request(request)
end
end
-function check_inactive(now, session, context, reason) -- luacheck: ignore 212/now
+function session_timeout(now, session, context, reason) -- luacheck: ignore 212/now
if not session.destroyed then
+ report_timeout();
sessions[context.sid] = nil;
sm_destroy_session(session, reason);
end
end
-local function set_cross_domain_headers(response)
- local headers = response.headers;
- headers.access_control_allow_methods = "GET, POST, OPTIONS";
- headers.access_control_allow_headers = "Content-Type";
- headers.access_control_max_age = "7200";
- headers.access_control_allow_origin = cross_domain;
- return response;
-end
-
-function handle_OPTIONS(event)
- if cross_domain and event.request.headers.origin then
- set_cross_domain_headers(event.response);
- end
- return "";
-end
-
function handle_POST(event)
log("debug", "Handling new request %s: %s\n----------", tostring(event.request), tostring(event.request.body));
@@ -121,10 +128,6 @@ function handle_POST(event)
local headers = response.headers;
headers.content_type = "text/xml; charset=utf-8";
- if cross_domain and request.headers.origin then
- set_cross_domain_headers(response);
- end
-
-- stream:feed() calls the stream_callbacks, so all stanzas in
-- the body are processed in this next line before it returns.
-- In particular, the streamopened() stream callback is where
@@ -205,6 +208,7 @@ function handle_POST(event)
return;
end
module:log("warn", "Unable to associate request with a session (incomplete request?)");
+ report_bad_sid();
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "item-not-found" });
return tostring(close_reply) .. "\n";
@@ -272,6 +276,7 @@ function stream_callbacks.streamopened(context, attr)
local wait = tonumber(attr.wait);
if not to_host then
log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to));
+ report_bad_host();
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
response:send(tostring(close_reply));
@@ -309,6 +314,7 @@ function stream_callbacks.streamopened(context, attr)
session.log("debug", "BOSH session created for request from %s", session.ip);
log("info", "New BOSH session, assigned it sid '%s'", sid);
+ report_new_sid();
module:fire_event("bosh-session", { session = session, request = request });
@@ -363,6 +369,7 @@ function stream_callbacks.streamopened(context, attr)
if not session then
-- Unknown sid
log("info", "Client tried to use sid '%s' which we don't know about", sid);
+ report_bad_sid();
response:send(tostring(st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", condition = "item-not-found" })));
context.notopen = nil;
return;
@@ -511,8 +518,6 @@ module:provides("http", {
route = {
["GET"] = GET_response;
["GET /"] = GET_response;
- ["OPTIONS"] = handle_OPTIONS;
- ["OPTIONS /"] = handle_OPTIONS;
["POST"] = handle_POST;
["POST /"] = handle_POST;
};
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index 15d3a9be..bfec1055 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -106,7 +106,13 @@ function stream_callbacks.streamopened(session, attr)
if features.tags[1] or session.full_jid then
send(features);
else
- (session.log or log)("warn", "No stream features to offer");
+ if session.secure then
+ -- Normally STARTTLS would be offered
+ (session.log or log)("warn", "No stream features to offer on secure session. Check authentication settings.");
+ else
+ -- Here SASL should be offered
+ (session.log or log)("warn", "No stream features to offer on insecure session. Check encryption and security settings.");
+ end
session:close{ condition = "undefined-condition", text = "No stream features to proceed with" };
end
end
@@ -283,7 +289,7 @@ function listener.onconnect(conn)
if data then
local ok, err = stream:feed(data);
if not ok then
- log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
+ log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300));
session:close("not-well-formed");
end
end
@@ -327,6 +333,13 @@ function listener.onreadtimeout(conn)
end
end
+function listener.ondrain(conn)
+ local session = sessions[conn];
+ if session then
+ return (hosts[session.host] or prosody).events.fire_event("c2s-ondrain", { session = session });
+ end
+end
+
local function keepalive(event)
local session = event.session;
if not session.notopen then
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
index b41204a2..b1ffc81d 100644
--- a/plugins/mod_component.lua
+++ b/plugins/mod_component.lua
@@ -49,6 +49,7 @@ function module.add_host(module)
local send;
local function on_destroy(session, err) --luacheck: ignore 212/err
+ module:set_status("warn", err and ("Disconnected: "..err) or "Disconnected");
env.connected = false;
env.session = false;
send = nil;
@@ -102,6 +103,7 @@ function module.add_host(module)
module:log("info", "External component successfully authenticated");
session.send(st.stanza("handshake"));
module:fire_event("component-authenticated", { session = session });
+ module:set_status("info", "Connected");
return true;
end
@@ -310,7 +312,7 @@ function listener.onconnect(conn)
function session.data(_, data)
local ok, err = stream:feed(data);
if ok then return; end
- module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_"));
+ log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300));
session:close("not-well-formed");
end
diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua
index da2dd953..13002ea8 100644
--- a/plugins/mod_csi_simple.lua
+++ b/plugins/mod_csi_simple.lua
@@ -9,40 +9,7 @@ module:depends"csi"
local jid = require "util.jid";
local st = require "util.stanza";
local dt = require "util.datetime";
-local new_queue = require "util.queue".new;
-
-local function new_pump(output, ...)
- -- luacheck: ignore 212/self
- local q = new_queue(...);
- local flush = true;
- function q:pause()
- flush = false;
- end
- function q:resume()
- flush = true;
- return q:flush();
- end
- local push = q.push;
- function q:push(item)
- local ok = push(self, item);
- if not ok then
- q:flush();
- output(item, self);
- elseif flush then
- return q:flush();
- end
- return true;
- end
- function q:flush()
- local item = self:pop();
- while item do
- output(item, self);
- item = self:pop();
- end
- return true;
- end
- return q;
-end
+local filters = require "util.filters";
local queue_size = module:get_option_number("csi_queue_size", 256);
@@ -84,37 +51,93 @@ module:hook("csi-is-stanza-important", function (event)
return true;
end, -1);
-module:hook("csi-client-inactive", function (event)
- local session = event.origin;
- if session.pump then
- session.pump:pause();
+local function with_timestamp(stanza, from)
+ if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then
+ stanza = st.clone(stanza);
+ stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = from, stamp = dt.datetime()}));
+ end
+ return stanza;
+end
+
+local function manage_buffer(stanza, session)
+ local ctr = session.csi_counter or 0;
+ if ctr >= queue_size then
+ session.log("debug", "Queue size limit hit, flushing buffer (queue size is %d)", session.csi_counter);
+ session.conn:resume_writes();
+ elseif module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then
+ session.log("debug", "Important stanza, flushing buffer (queue size is %d)", session.csi_counter);
+ session.conn:resume_writes();
else
- local bare_jid = jid.join(session.username, session.host);
- local send = session.send;
- session._orig_send = send;
- local pump = new_pump(session.send, queue_size);
- pump:pause();
- session.pump = pump;
- function session.send(stanza)
- if session.state == "active" or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then
- pump:flush();
- send(stanza);
- else
- if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then
- stanza = st.clone(stanza);
- stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = bare_jid, stamp = dt.datetime()}));
- end
- pump:push(stanza);
- end
- return true;
- end
+ stanza = with_timestamp(stanza, jid.join(session.username, session.host))
+ end
+ session.csi_counter = ctr + 1;
+ return stanza;
+end
+
+local function flush_buffer(data, session)
+ session.log("debug", "Client sent something, flushing buffer once (queue size is %d)", session.csi_counter);
+ session.conn:resume_writes();
+ return data;
+end
+
+function enable_optimizations(session)
+ if session.conn and session.conn and session.conn.pause_writes then
+ session.conn:pause_writes();
+ filters.add_filter(session, "stanzas/out", manage_buffer);
+ filters.add_filter(session, "bytes/in", flush_buffer);
+ else
+ session.log("warn", "Session connection does not support write pausing");
+ end
+end
+
+function disable_optimizations(session)
+ if session.conn and session.conn and session.conn.resume_writes then
+ filters.remove_filter(session, "stanzas/out", manage_buffer);
+ filters.remove_filter(session, "bytes/in", flush_buffer);
+ session.conn:resume_writes();
end
+end
+
+module:hook("csi-client-inactive", function (event)
+ local session = event.origin;
+ enable_optimizations(session);
end);
module:hook("csi-client-active", function (event)
local session = event.origin;
- if session.pump then
- session.pump:resume();
+ disable_optimizations(session);
+end);
+
+module:hook("pre-resource-unbind", function (event)
+ local session = event.session;
+ disable_optimizations(session);
+end);
+
+module:hook("c2s-ondrain", function (event)
+ local session = event.session;
+ if session.state == "inactive" and session.conn and session.conn and session.conn.pause_writes then
+ session.conn:pause_writes();
+ session.log("debug", "Buffer flushed, resuming inactive mode (queue size was %d)", session.csi_counter);
+ session.csi_counter = 0;
end
end);
+function module.load()
+ for _, user_session in pairs(prosody.hosts[module.host].sessions) do
+ for _, session in pairs(user_session.sessions) do
+ if session.state == "inactive" then
+ enable_optimizations(session);
+ end
+ end
+ end
+end
+
+function module.unload()
+ for _, user_session in pairs(prosody.hosts[module.host].sessions) do
+ for _, session in pairs(user_session.sessions) do
+ if session.state == "inactive" then
+ disable_optimizations(session);
+ end
+ end
+ end
+end
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index a1d409bd..17ea27e1 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -14,6 +14,7 @@ local moduleapi = require "core.moduleapi";
local url_parse = require "socket.url".parse;
local url_build = require "socket.url".build;
local normalize_path = require "util.http".normalize_path;
+local set = require "util.set";
local server = require "net.http.server";
@@ -22,6 +23,11 @@ server.set_default_host(module:get_option_string("http_default_host"));
server.set_option("body_size_limit", module:get_option_number("http_max_content_size"));
server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size"));
+-- CORS settigs
+local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" });
+local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" });
+local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60);
+
local function get_http_event(host, app_path, key)
local method, path = key:match("^(%S+)%s+(.+)$");
if not method then -- No path specified, default to "" (base path)
@@ -83,6 +89,13 @@ function moduleapi.http_url(module, app_name, default_path)
return "http://disabled.invalid/";
end
+local function apply_cors_headers(response, methods, headers, max_age, origin)
+ response.headers.access_control_allow_methods = tostring(methods);
+ response.headers.access_control_allow_headers = tostring(headers);
+ response.headers.access_control_max_age = tostring(max_age)
+ response.headers.access_control_allow_origin = origin or "*";
+end
+
function module.add_host(module)
local host = module.host;
if host ~= "*" then
@@ -101,9 +114,27 @@ function module.add_host(module)
end
apps[app_name] = apps[app_name] or {};
local app_handlers = apps[app_name];
+
+ local app_methods = opt_methods;
+
+ local function cors_handler(event_data)
+ local request, response = event_data.request, event_data.response;
+ apply_cors_headers(response, app_methods, opt_headers, opt_max_age, request.headers.origin);
+ end
+
+ local function options_handler(event_data)
+ cors_handler(event_data);
+ return "";
+ end
+
for key, handler in pairs(event.item.route or {}) do
local event_name = get_http_event(host, app_path, key);
if event_name then
+ local method = event_name:match("^%S+");
+ if not app_methods:contains(method) then
+ app_methods = app_methods + set.new{ method };
+ end
+ local options_event_name = event_name:gsub("^%S+", "OPTIONS");
if type(handler) ~= "function" then
local data = handler;
handler = function () return data; end
@@ -121,6 +152,8 @@ function module.add_host(module)
if not app_handlers[event_name] then
app_handlers[event_name] = handler;
module:hook_object_event(server, event_name, handler);
+ module:hook_object_event(server, event_name, cors_handler, 1);
+ module:hook_object_event(server, options_event_name, options_handler, -1);
else
module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name);
end
@@ -195,9 +228,6 @@ module:provides("net", {
listener = server.listener;
default_port = 5281;
encryption = "ssl";
- ssl_config = {
- verify = "none";
- };
multiplex = {
pattern = "^[A-Z]";
};
diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua
index 13473219..2bb13298 100644
--- a/plugins/mod_http_errors.lua
+++ b/plugins/mod_http_errors.lua
@@ -26,21 +26,24 @@ local html = [[
<meta charset="utf-8">
<title>{title}</title>
<style>
-body{
- margin-top:14%;
- text-align:center;
- background-color:#F8F8F8;
- font-family:sans-serif;
+body {
+ margin-top : 14%;
+ text-align : center;
+ background-color : #F8F8F8;
+ font-family : sans-serif
}
-h1{
- font-size:xx-large;
+
+h1 {
+ font-size : xx-large
}
-p{
- font-size:x-large;
+
+p {
+ font-size : x-large
}
+
p+p {
- font-size:large;
- font-family:courier;
+ font-size : large;
+ font-family : courier
}
</style>
</head>
diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua
index 1dae0d6d..c357ddfc 100644
--- a/plugins/mod_http_files.lua
+++ b/plugins/mod_http_files.lua
@@ -7,14 +7,9 @@
--
module:depends("http");
-local server = require"net.http.server";
-local lfs = require "lfs";
-local os_date = os.date;
local open = io.open;
-local stat = lfs.attributes;
-local build_path = require"socket.url".build_path;
-local path_sep = package.config:sub(1,1);
+local fileserver = require"net.http.files";
local base_path = module:get_option_path("http_files_dir", module:get_option_path("http_path"));
local cache_size = module:get_option_number("http_files_cache_size", 128);
@@ -51,148 +46,56 @@ if not mime_map then
end
end
-local forbidden_chars_pattern = "[/%z]";
-if prosody.platform == "windows" then
- forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
+local function get_calling_module()
+ local info = debug.getinfo(3, "S");
+ if not info then return "An unknown module"; end
+ return info.source:match"mod_[^/\\.]+" or info.short_src;
end
-local urldecode = require "util.http".urldecode;
-function sanitize_path(path)
- if not path then return end
- local out = {};
-
- local c = 0;
- for component in path:gmatch("([^/]+)") do
- component = urldecode(component);
- if component:find(forbidden_chars_pattern) then
- return nil;
- elseif component == ".." then
- if c <= 0 then
- return nil;
- end
- out[c] = nil;
- c = c - 1;
- elseif component ~= "." then
- c = c + 1;
- out[c] = component;
- end
- end
- if path:sub(-1,-1) == "/" then
- out[c+1] = "";
- end
- return "/"..table.concat(out, "/");
-end
-
-local cache = require "util.cache".new(cache_size);
-
+-- COMPAT -- TODO deprecate
function serve(opts)
if type(opts) ~= "table" then -- assume path string
opts = { path = opts };
end
- -- luacheck: ignore 431
- local base_path = opts.path;
- local dir_indices = opts.index_files or dir_indices;
- local directory_index = opts.directory_index;
- local function serve_file(event, path)
- local request, response = event.request, event.response;
- local sanitized_path = sanitize_path(path);
- if path and not sanitized_path then
- return 400;
- end
- path = sanitized_path;
- local orig_path = sanitize_path(request.path);
- local full_path = base_path .. (path or ""):gsub("/", path_sep);
- local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
- if not attr then
- return 404;
- end
-
- local request_headers, response_headers = request.headers, response.headers;
-
- local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification);
- response_headers.last_modified = last_modified;
-
- local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0);
- response_headers.etag = etag;
-
- local if_none_match = request_headers.if_none_match
- local if_modified_since = request_headers.if_modified_since;
- if etag == if_none_match
- or (not if_none_match and last_modified == if_modified_since) then
- return 304;
- end
-
- local data = cache:get(orig_path);
- if data and data.etag == etag then
- response_headers.content_type = data.content_type;
- data = data.data;
- elseif attr.mode == "directory" and path then
- if full_path:sub(-1) ~= "/" then
- local dir_path = { is_absolute = true, is_directory = true };
- for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end
- response_headers.location = build_path(dir_path);
- return 301;
- end
- for i=1,#dir_indices do
- if stat(full_path..dir_indices[i], "mode") == "file" then
- return serve_file(event, path..dir_indices[i]);
- end
- end
-
- if directory_index then
- data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path });
- end
- if not data then
- return 403;
- end
- cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; });
- response_headers.content_type = mime_map.html;
-
- else
- local f, err = open(full_path, "rb");
- if not f then
- module:log("debug", "Could not open %s. Error was %s", full_path, err);
- return 403;
- end
- local ext = full_path:match("%.([^./]+)$");
- local content_type = ext and mime_map[ext];
- response_headers.content_type = content_type;
- if attr.size > cache_max_file_size then
- response_headers.content_length = attr.size;
- module:log("debug", "%d > cache_max_file_size", attr.size);
- return response:send_file(f);
- else
- data = f:read("*a");
- f:close();
- end
- cache:set(orig_path, { data = data; content_type = content_type; etag = etag });
- end
-
- return response:send(data);
+ if opts.directory_index == nil then
+ opts.directory_index = directory_index;
end
-
- return serve_file;
+ if opts.mime_map == nil then
+ opts.mime_map = mime_map;
+ end
+ if opts.cache_size == nil then
+ opts.cache_size = cache_size;
+ end
+ if opts.cache_max_file_size == nil then
+ opts.cache_max_file_size = cache_max_file_size;
+ end
+ if opts.index_files == nil then
+ opts.index_files = dir_indices;
+ end
+ -- TODO Crank up to warning
+ module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module());
+ return fileserver.serve(opts);
end
function wrap_route(routes)
+ module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module());
for route,handler in pairs(routes) do
if type(handler) ~= "function" then
- routes[route] = serve(handler);
+ routes[route] = fileserver.serve(handler);
end
end
return routes;
end
-if base_path then
- module:provides("http", {
- route = {
- ["GET /*"] = serve {
- path = base_path;
- directory_index = directory_index;
- }
- };
- });
-else
- module:log("debug", "http_files_dir not set, assuming use by some other module");
-end
-
+module:provides("http", {
+ route = {
+ ["GET /*"] = fileserver.serve({
+ path = base_path;
+ directory_index = directory_index;
+ mime_map = mime_map;
+ cache_size = cache_size;
+ cache_max_file_size = cache_max_file_size;
+ index_files = dir_indices;
+ });
+ };
+});
diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua
index 914d5c44..7ae8bb34 100644
--- a/plugins/mod_limits.lua
+++ b/plugins/mod_limits.lua
@@ -51,18 +51,18 @@ end
local default_filter_set = {};
function default_filter_set.bytes_in(bytes, session)
- local sess_throttle = session.throttle;
- if sess_throttle then
- local ok, balance, outstanding = sess_throttle:poll(#bytes, true);
+ local sess_throttle = session.throttle;
+ if sess_throttle then
+ local ok, balance, outstanding = sess_throttle:poll(#bytes, true);
if not ok then
- session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding);
+ session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding);
outstanding = ceil(outstanding);
session.conn:pause(); -- Read no more data from the connection until there is no outstanding data
local outstanding_data = bytes:sub(-outstanding);
bytes = bytes:sub(1, #bytes-outstanding);
timer.add_task(limits_resolution, function ()
if not session.conn then return; end
- if sess_throttle:peek(#outstanding_data) then
+ if sess_throttle:peek(#outstanding_data) then
session.log("debug", "Resuming paused session");
session.conn:resume();
end
@@ -96,3 +96,20 @@ end
function module.unload()
filters.remove_filter_hook(filter_hook);
end
+
+function module.add_host(module)
+ local unlimited_jids = module:get_option_inherited_set("unlimited_jids", {});
+
+ if not unlimited_jids:empty() then
+ module:hook("authentication-success", function (event)
+ local session = event.session;
+ local session_type = session.type:match("^[^_]+");
+ local jid = session.username .. "@" .. session.host;
+ if unlimited_jids:contains(jid) then
+ local filter_set = type_filters[session_type];
+ filters.remove_filter(session, "bytes/in", filter_set.bytes_in);
+ session.throttle = nil;
+ end
+ end);
+ end
+end
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua
index 8900a2be..4e0cf531 100644
--- a/plugins/mod_mam/mod_mam.lua
+++ b/plugins/mod_mam/mod_mam.lua
@@ -40,6 +40,9 @@ local strip_tags = module:get_option_set("dont_archive_namespaces", { "http://ja
local archive_store = module:get_option_string("archive_store", "archive");
local archive = module:open_store(archive_store, "archive");
+local cleanup_after = module:get_option_string("archive_expires_after", "1w");
+local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60);
+local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000);
if not archive.find then
error("mod_"..(archive._provided_by or archive.name and "storage_"..archive.name).." does not support archiving\n"
.."See https://prosody.im/doc/storage and https://prosody.im/doc/archiving for more information");
@@ -138,7 +141,11 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
});
if not data then
- origin.send(st.error_reply(stanza, "cancel", "internal-server-error", err));
+ if err == "item-not-found" then
+ origin.send(st.error_reply(stanza, "modify", "item-not-found"));
+ else
+ origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
+ end
return true;
end
local total = tonumber(err);
@@ -295,7 +302,28 @@ local function message_handler(event, c2s)
log("debug", "Archiving stanza: %s", stanza:top_tag());
-- And stash it
- local ok = archive:append(store_user, nil, clone_for_storage, time_now(), with);
+ local time = time_now();
+ local ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
+ if not ok and err == "quota-limit" then
+ if type(cleanup_after) == "number" then
+ module:log("debug", "User '%s' over quota, cleaning archive", store_user);
+ local cleaned = archive:delete(store_user, {
+ ["end"] = (os.time() - cleanup_after);
+ });
+ if cleaned then
+ ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
+ end
+ end
+ if not ok and (archive.caps and archive.caps.truncate) then
+ module:log("debug", "User '%s' over quota, truncating archive", store_user);
+ local truncated = archive:delete(store_user, {
+ truncate = archive_item_limit - 1;
+ });
+ if truncated then
+ ok, err = archive:append(store_user, nil, clone_for_storage, time, with);
+ end
+ end
+ end
if ok then
local clone_for_other_handlers = st.clone(stanza);
local id = ok;
@@ -321,8 +349,6 @@ end
module:hook("pre-message/bare", strip_stanza_id_after_other_events, -1);
module:hook("pre-message/full", strip_stanza_id_after_other_events, -1);
-local cleanup_after = module:get_option_string("archive_expires_after", "1w");
-local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60);
if cleanup_after ~= "never" then
local cleanup_storage = module:open_store("archive_cleanup");
local cleanup_map = module:open_store("archive_cleanup", "map");
@@ -357,8 +383,10 @@ if cleanup_after ~= "never" then
last_date:set(username, date);
end
end
+ local cleanup_time = module:measure("cleanup", "times");
cleanup_runner = require "util.async".runner(function ()
+ local cleanup_done = cleanup_time();
local users = {};
local cut_off = datestamp(os.time() - cleanup_after);
for date in cleanup_storage:users() do
@@ -386,6 +414,7 @@ if cleanup_after ~= "never" then
end
end
module:log("info", "Deleted %d expired messages for %d users", sum, num_users);
+ cleanup_done();
end);
cleanup_task = module:add_timer(1, function ()
diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua
new file mode 100644
index 00000000..b586a70c
--- /dev/null
+++ b/plugins/mod_mimicking.lua
@@ -0,0 +1,85 @@
+-- Prosody IM
+-- Copyright (C) 2012 Florian Zeitz
+-- Copyright (C) 2019 Kim Alvefur
+--
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local encodings = require "util.encodings";
+assert(encodings.confusable, "This module requires that Prosody be built with ICU");
+local skeleton = encodings.confusable.skeleton;
+
+local usage = require "util.prosodyctl".show_usage;
+local usermanager = require "core.usermanager";
+local storagemanager = require "core.storagemanager";
+
+local skeletons
+function module.load()
+ if module.host ~= "*" then
+ skeletons = module:open_store("skeletons");
+ end
+end
+
+module:hook("user-registered", function(user)
+ local skel = skeleton(user.username);
+ local ok, err = skeletons:set(skel, { username = user.username });
+ if not ok then
+ module:log("error", "Unable to store mimicry data (%q => %q): %s", user.username, skel, err);
+ end
+end);
+
+module:hook("user-deleted", function(user)
+ local skel = skeleton(user.username);
+ local ok, err = skeletons:set(skel, nil);
+ if not ok and err then
+ module:log("error", "Unable to clear mimicry data (%q): %s", skel, err);
+ end
+end);
+
+module:hook("user-registering", function(user)
+ local existing, err = skeletons:get(skeleton(user.username));
+ if existing then
+ module:log("debug", "Attempt to register username '%s' which could be confused with '%s'", user.username, existing.username);
+ user.allowed = false;
+ elseif err then
+ module:log("error", "Unable to check if new username '%s' can be confused with any existing user: %s", err);
+ end
+end);
+
+function module.command(arg)
+ if (arg[1] ~= "bootstrap" or not arg[2]) then
+ usage("mod_mimicking bootstrap <host>", "Initialize username mimicry database");
+ return;
+ end
+
+ local host = arg[2];
+
+ local host_session = prosody.hosts[host];
+ if not host_session then
+ return "No such host";
+ end
+
+ storagemanager.initialize_host(host);
+ usermanager.initialize_host(host);
+
+ skeletons = storagemanager.open(host, "skeletons");
+
+ local count = 0;
+ for user in usermanager.users(host) do
+ local skel = skeleton(user);
+ local existing, err = skeletons:get(skel);
+ if existing and existing.username ~= user then
+ module:log("warn", "Existing usernames '%s' and '%s' are confusable", existing.username, user);
+ elseif err then
+ module:log("error", "Error checking for existing mimicry data (%q = %q): %s", user, skel, err);
+ end
+ local ok, err = skeletons:set(skel, { username = user });
+ if ok then
+ count = count + 1;
+ elseif err then
+ module:log("error", "Unable to store mimicry data (%q => %q): %s", user, skel, err);
+ end
+ end
+ module:log("info", "%d usernames indexed", count);
+end
diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua
index a2e3f81b..eb93a386 100644
--- a/plugins/mod_muc_mam.lua
+++ b/plugins/mod_muc_mam.lua
@@ -4,7 +4,7 @@
-- This file is MIT/X11 licensed.
if module:get_host_type() ~= "component" then
- module:log("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name);
+ module:log_status("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name);
return;
end
@@ -21,6 +21,7 @@ local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prep = require "util.jid".prep;
local dataform = require "util.dataforms".new;
+local get_form_type = require "util.dataforms".get_type;
local mod_muc = module:depends"muc";
local get_room_from_jid = mod_muc.get_room_from_jid;
@@ -32,6 +33,9 @@ local m_min = math.min;
local timestamp, timestamp_parse, datestamp = import( "util.datetime", "datetime", "parse", "date");
local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50);
+local cleanup_after = module:get_option_string("muc_log_expires_after", "1w");
+local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60);
+
local default_history_length = 20;
local max_history_length = module:get_option_number("max_history_messages", math.huge);
@@ -49,6 +53,8 @@ local log_by_default = module:get_option_boolean("muc_log_by_default", true);
local archive_store = "muc_log";
local archive = module:open_store(archive_store, "archive");
+local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000);
+
if archive.name == "null" or not archive.find then
if not archive.find then
module:log("error", "Attempt to open archive storage returned a driver without archive API support");
@@ -63,12 +69,15 @@ end
local function archiving_enabled(room)
if log_all_rooms then
+ module:log("debug", "Archiving all rooms");
return true;
end
local enabled = room._data.archiving;
if enabled == nil then
+ module:log("debug", "Default is %s (for %s)", log_by_default, room.jid);
return log_by_default;
end
+ module:log("debug", "Logging in room %s is %s", room.jid, enabled);
return enabled;
end
@@ -135,7 +144,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
local qstart, qend;
local form = query:get_child("x", "jabber:x:data");
if form then
- local err;
+ local form_type, err = get_form_type(form);
+ if form_type ~= xmlns_mam then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'"));
+ return true;
+ end
form, err = query_form:data(form);
if err then
origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));
@@ -176,7 +189,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event)
});
if not data then
- origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
+ if err == "item-not-found" then
+ origin.send(st.error_reply(stanza, "modify", "item-not-found"));
+ else
+ origin.send(st.error_reply(stanza, "cancel", "internal-server-error"));
+ end
return true;
end
local total = tonumber(err);
@@ -352,7 +369,29 @@ local function save_to_history(self, stanza)
end
-- And stash it
- local id = archive:append(room_node, nil, stored_stanza, time_now(), with);
+ local time = time_now();
+ local id, err = archive:append(room_node, nil, stored_stanza, time, with);
+
+ if not id and err == "quota-limit" then
+ if type(cleanup_after) == "number" then
+ module:log("debug", "Room '%s' over quota, cleaning archive", room_node);
+ local cleaned = archive:delete(room_node, {
+ ["end"] = (os.time() - cleanup_after);
+ });
+ if cleaned then
+ id, err = archive:append(room_node, nil, stored_stanza, time, with);
+ end
+ end
+ if not id and (archive.caps and archive.caps.truncate) then
+ module:log("debug", "User '%s' over quota, truncating archive", room_node);
+ local truncated = archive:delete(room_node, {
+ truncate = archive_item_limit - 1;
+ });
+ if truncated then
+ id, err = archive:append(room_node, nil, stored_stanza, time, with);
+ end
+ end
+ end
if id then
schedule_cleanup(room_node);
@@ -394,9 +433,6 @@ end);
-- Cleanup
-local cleanup_after = module:get_option_string("muc_log_expires_after", "1w");
-local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60);
-
if cleanup_after ~= "never" then
local cleanup_storage = module:open_store("muc_log_cleanup");
local cleanup_map = module:open_store("muc_log_cleanup", "map");
diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua
index 7a4aac2b..f06f1753 100644
--- a/plugins/mod_pep.lua
+++ b/plugins/mod_pep.lua
@@ -8,6 +8,7 @@ local calculate_hash = require "util.caps".calculate_hash;
local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
local cache = require "util.cache";
local set = require "util.set";
+local new_id = require "util.id".medium;
local storagemanager = require "core.storagemanager";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
@@ -138,9 +139,6 @@ local function get_broadcaster(username)
if kind == "retract" then
kind = "items"; -- XEP-0060 signals retraction in an <items> container
end
- local message = st.message({ from = user_bare, type = "headline" })
- :tag("event", { xmlns = xmlns_pubsub_event })
- :tag(kind, { node = node });
if item then
item = st.clone(item);
item.attr.xmlns = nil; -- Clear the pubsub namespace
@@ -149,8 +147,17 @@ local function get_broadcaster(username)
item:maptags(function () return nil; end);
end
end
+ end
+
+ local id = new_id();
+ local message = st.message({ from = user_bare, type = "headline", id = id })
+ :tag("event", { xmlns = xmlns_pubsub_event })
+ :tag(kind, { node = node });
+
+ if item then
message:add_child(item);
end
+
for jid in pairs(jids) do
module:log("debug", "Sending notification to %s from %s: %s", jid, user_bare, tostring(item));
message.attr.to = jid;
@@ -252,8 +259,6 @@ end
module:hook("iq/bare/"..xmlns_pubsub..":pubsub", handle_pubsub_iq);
module:hook("iq/bare/"..xmlns_pubsub_owner..":pubsub", handle_pubsub_iq);
-module:add_identity("pubsub", "pep", module:get_option_string("name", "Prosody"));
-module:add_feature("http://jabber.org/protocol/pubsub#publish");
local function get_caps_hash_from_presence(stanza, current)
local t = stanza.attr.type;
diff --git a/plugins/mod_pep_simple.lua b/plugins/mod_pep_simple.lua
index f0b5d7ef..f91e5448 100644
--- a/plugins/mod_pep_simple.lua
+++ b/plugins/mod_pep_simple.lua
@@ -14,6 +14,7 @@ local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed
local pairs = pairs;
local next = next;
local type = type;
+local unpack = table.unpack or unpack; -- luacheck: ignore 113
local calculate_hash = require "util.caps".calculate_hash;
local core_post_stanza = prosody.core_post_stanza;
local bare_sessions = prosody.bare_sessions;
diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua
index 23df4d23..a2a60dd0 100644
--- a/plugins/mod_posix.lua
+++ b/plugins/mod_posix.lua
@@ -20,7 +20,6 @@ if not have_signal then
module:log("warn", "Couldn't load signal library, won't respond to SIGTERM");
end
-local format = require "util.format".format;
local lfs = require "lfs";
local stat = lfs.attributes;
@@ -113,19 +112,6 @@ local function write_pidfile()
end
end
-local syslog_opened;
-function syslog_sink_maker(config) -- luacheck: ignore 212/config
- if not syslog_opened then
- pposix.syslog_open("prosody", module:get_option_string("syslog_facility"));
- syslog_opened = true;
- end
- local syslog = pposix.syslog_log;
- return function (name, level, message, ...)
- syslog(level, name, format(message, ...));
- end;
-end
-require "core.loggingmanager".register_sink_type("syslog", syslog_sink_maker);
-
local daemonize = module:get_option("daemonize", prosody.installed);
local function remove_log_sinks()
diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua
index 268a2f0c..f7f458ca 100644
--- a/plugins/mod_presence.lua
+++ b/plugins/mod_presence.lua
@@ -81,8 +81,14 @@ function handle_normal_presence(origin, stanza)
res.presence.attr.to = nil;
end
end
- for jid in pairs(roster[false].pending) do -- resend incoming subscription requests
- origin.send(st.presence({type="subscribe", from=jid})); -- TODO add to attribute? Use original?
+ for jid, pending_request in pairs(roster[false].pending) do -- resend incoming subscription requests
+ if type(pending_request) == "table" then
+ local subscribe = st.deserialize(pending_request);
+ subscribe.attr.type, subscribe.attr.from = "subscribe", jid;
+ origin.send(subscribe);
+ else
+ origin.send(st.presence({type="subscribe", from=jid}));
+ end
end
local request = st.presence({type="subscribe", from=origin.username.."@"..origin.host});
for jid, item in pairs(roster) do -- resend outgoing subscription requests
@@ -226,7 +232,7 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b
else
core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- acknowledging receipt
if not rostermanager.is_contact_pending_in(node, host, from_bare) then
- if rostermanager.set_contact_pending_in(node, host, from_bare) then
+ if rostermanager.set_contact_pending_in(node, host, from_bare, stanza) then
sessionmanager.send_to_available_resources(node, host, stanza);
end -- TODO else return error, unable to save
end
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index 855c5fd2..05f80365 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -75,7 +75,7 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj)
local msg_type = node_obj and node_obj.config.message_type or "headline";
local message = st.message({ from = module.host, type = msg_type, id = id })
:tag("event", { xmlns = xmlns_pubsub_event })
- :tag(kind, { node = node })
+ :tag(kind, { node = node });
if item then
message:add_child(item);
@@ -101,11 +101,12 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj)
end
local max_max_items = module:get_option_number("pubsub_max_items", 256);
-function check_node_config(node, actor, new_config) -- luacheck: ignore 212/actor 212/node
+function check_node_config(node, actor, new_config) -- luacheck: ignore 212/node 212/actor
if (new_config["max_items"] or 1) > max_max_items then
return false;
end
- if new_config["access_model"] ~= "whitelist" and new_config["access_model"] ~= "open" then
+ if new_config["access_model"] ~= "whitelist"
+ and new_config["access_model"] ~= "open" then
return false;
end
return true;
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index aae37b7f..f0fdc5fb 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -595,8 +595,7 @@ local function initialize_session(session)
if data then
local ok, err = stream:feed(data);
if ok then return; end
- log("warn", "Received invalid XML: %s", data);
- log("warn", "Problem was: %s", err);
+ log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300));
session:close("not-well-formed");
end
end
@@ -739,6 +738,9 @@ module:provides("net", {
listener = listener;
default_port = 5269;
encryption = "starttls";
+ ssl_config = { -- FIXME This is not used atm, see mod_tls
+ verify = { "peer", "client_once", };
+ };
multiplex = {
pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
};
diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua
index 5f765da8..34e322d2 100644
--- a/plugins/mod_s2s/s2sout.lib.lua
+++ b/plugins/mod_s2s/s2sout.lib.lua
@@ -318,7 +318,7 @@ module:hook_global("service-added", function (event)
local s2s_sources = portmanager.get_active_services():get("s2s");
if not s2s_sources then
- module:log("warn", "s2s not listening on any ports, outgoing connections may fail");
+ module:log_status("warn", "s2s not listening on any ports, outgoing connections may fail");
return;
end
for source, _ in pairs(s2s_sources) do
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index fba84ef8..3145cf9b 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -248,7 +248,7 @@ module:hook("stream-features", function(event)
local sasl_handler = usermanager_get_sasl_handler(module.host, origin)
origin.sasl_handler = sasl_handler;
if origin.encrypted then
- -- check wether LuaSec has the nifty binding to the function needed for tls-unique
+ -- check whether LuaSec has the nifty binding to the function needed for tls-unique
-- FIXME: would be nice to have this check only once and not for every socket
if sasl_handler.add_cb_handler then
local socket = origin.conn:socket();
@@ -275,7 +275,8 @@ module:hook("stream-features", function(event)
if mechanisms[1] then
features:add_child(mechanisms);
elseif not next(sasl_mechanisms) then
- log("warn", "No available SASL mechanisms, verify that the configured authentication module is working");
+ local authmod = module:get_option_string("authentication", "internal_plain");
+ log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod);
else
log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection");
end
diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua
index 42b451bd..2556224d 100644
--- a/plugins/mod_storage_internal.lua
+++ b/plugins/mod_storage_internal.lua
@@ -1,12 +1,17 @@
+local cache = require "util.cache";
local datamanager = require "core.storagemanager".olddm;
local array = require "util.array";
local datetime = require "util.datetime";
local st = require "util.stanza";
local now = require "util.time".now;
local id = require "util.id".medium;
+local jid_join = require "util.jid".join;
local host = module.host;
+local archive_item_limit = module:get_option_number("storage_archive_item_limit", 10000);
+local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000));
+
local driver = {};
function driver:open(store, typ)
@@ -43,6 +48,12 @@ end
local archive = {};
driver.archive = { __index = archive };
+archive.caps = {
+ total = true;
+ quota = archive_item_limit;
+ truncate = true;
+};
+
function archive:append(username, key, value, when, with)
when = when or now();
if not st.is_stanza(value) then
@@ -54,28 +65,57 @@ function archive:append(username, key, value, when, with)
value.attr.stamp = datetime.datetime(when);
value.attr.stamp_legacy = datetime.legacy(when);
+ local cache_key = jid_join(username, host, self.store);
+ local item_count = archive_item_count_cache:get(cache_key);
+
if key then
local items, err = datamanager.list_load(username, host, self.store);
if not items and err then return items, err; end
+
+ -- Check the quota
+ item_count = items and #items or 0;
+ archive_item_count_cache:set(cache_key, item_count);
+ if item_count >= archive_item_limit then
+ module:log("debug", "%s reached or over quota, not adding to store", username);
+ return nil, "quota-limit";
+ end
+
if items then
+ -- Filter out any item with the same key as the one being added
items = array(items);
items:filter(function (item)
return item.key ~= key;
end);
+
value.key = key;
items:push(value);
local ok, err = datamanager.list_store(username, host, self.store, items);
if not ok then return ok, err; end
+ archive_item_count_cache:set(cache_key, #items);
return key;
end
else
+ if not item_count then -- Item count not cached?
+ -- We need to load the list to get the number of items currently stored
+ local items, err = datamanager.list_load(username, host, self.store);
+ if not items and err then return items, err; end
+ item_count = items and #items or 0;
+ archive_item_count_cache:set(cache_key, item_count);
+ end
+ if item_count >= archive_item_limit then
+ module:log("debug", "%s reached or over quota, not adding to store", username);
+ return nil, "quota-limit";
+ end
key = id();
end
+ module:log("debug", "%s has %d items out of %d limit in store %s", username, item_count, archive_item_limit, self.store);
+
value.key = key;
local ok, err = datamanager.list_append(username, host, self.store, value);
if not ok then return ok, err; end
+ archive_item_count_cache:set(cache_key, item_count+1);
return key;
end
@@ -84,11 +124,17 @@ function archive:find(username, query)
if not items then
if err then
return items, err;
- else
- return function () end, 0;
+ elseif query then
+ if query.before or query.after then
+ return nil, "item-not-found";
+ end
+ if query.total then
+ return function () end, 0;
+ end
end
+ return function () end;
end
- local count = #items;
+ local count = nil;
local i = 0;
if query then
items = array(items);
@@ -112,24 +158,36 @@ function archive:find(username, query)
return item.when <= query["end"];
end);
end
- count = #items;
+ if query.total then
+ count = #items;
+ end
if query.reverse then
items:reverse();
if query.before then
- for j = 1, count do
+ local found = false;
+ for j = 1, #items do
if (items[j].key or tostring(j)) == query.before then
+ found = true;
i = j;
break;
end
end
+ if not found then
+ return nil, "item-not-found";
+ end
end
elseif query.after then
- for j = 1, count do
+ local found = false;
+ for j = 1, #items do
if (items[j].key or tostring(j)) == query.after then
+ found = true;
i = j;
break;
end
end
+ if not found then
+ return nil, "item-not-found";
+ end
end
if query.limit and #items - i > query.limit then
items[i+query.limit+1] = nil;
@@ -156,8 +214,24 @@ function archive:dates(username)
return array(items):pluck("when"):map(datetime.date):unique();
end
+function archive:summary(username, query)
+ local iter, err = self:find(username, query)
+ if not iter then return iter, err; end
+ local summary = {};
+ for _, _, _, with in iter do
+ summary[with] = (summary[with] or 0) + 1;
+ end
+ return summary;
+end
+
+function archive:users()
+ return datamanager.users(host, self.store, "list");
+end
+
function archive:delete(username, query)
+ local cache_key = jid_join(username, host, self.store);
if not query or next(query) == nil then
+ archive_item_count_cache:set(cache_key, nil);
return datamanager.list_store(username, host, self.store, nil);
end
local items, err = datamanager.list_load(username, host, self.store);
@@ -165,6 +239,7 @@ function archive:delete(username, query)
if err then
return items, err;
end
+ archive_item_count_cache:set(cache_key, 0);
-- Store is empty
return 0;
end
@@ -214,6 +289,7 @@ function archive:delete(username, query)
end
local ok, err = datamanager.list_store(username, host, self.store, items);
if not ok then return ok, err; end
+ archive_item_count_cache:set(cache_key, #items);
return count;
end
diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua
index 745e394b..376ae277 100644
--- a/plugins/mod_storage_memory.lua
+++ b/plugins/mod_storage_memory.lua
@@ -8,6 +8,8 @@ local new_id = require "util.id".medium;
local auto_purge_enabled = module:get_option_boolean("storage_memory_temporary", false);
local auto_purge_stores = module:get_option_set("storage_memory_temporary_stores", {});
+local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000);
+
local memory = setmetatable({}, {
__index = function(t, k)
local store = module:shared(k)
@@ -51,6 +53,12 @@ archive_store.__index = archive_store;
archive_store.users = _users;
+archive_store.caps = {
+ total = true;
+ quota = archive_item_limit;
+ truncate = true;
+};
+
function archive_store:append(username, key, value, when, with)
if is_stanza(value) then
value = st.preserialize(value);
@@ -70,6 +78,8 @@ function archive_store:append(username, key, value, when, with)
end
if a[key] then
table.remove(a, a[key]);
+ elseif #a >= archive_item_limit then
+ return nil, "quota-limit";
end
local i = #a+1;
a[i] = v;
@@ -80,9 +90,17 @@ end
function archive_store:find(username, query)
local items = self.store[username or NULL];
if not items then
- return function () end, 0;
+ if query then
+ if query.before or query.after then
+ return nil, "item-not-found";
+ end
+ if query.total then
+ return function () end, 0;
+ end
+ end
+ return function () end;
end
- local count = #items;
+ local count = nil;
local i = 0;
if query then
items = array():append(items);
@@ -106,24 +124,36 @@ function archive_store:find(username, query)
return item.when <= query["end"];
end);
end
- count = #items;
+ if query.total then
+ count = #items;
+ end
if query.reverse then
items:reverse();
if query.before then
- for j = 1, count do
+ local found = false;
+ for j = 1, #items do
if (items[j].key or tostring(j)) == query.before then
+ found = true;
i = j;
break;
end
end
+ if not found then
+ return nil, "item-not-found";
+ end
end
elseif query.after then
- for j = 1, count do
+ local found = false;
+ for j = 1, #items do
if (items[j].key or tostring(j)) == query.after then
+ found = true;
i = j;
break;
end
end
+ if not found then
+ return nil, "item-not-found";
+ end
end
if query.limit and #items - i > query.limit then
items[i+query.limit+1] = nil;
@@ -137,6 +167,16 @@ function archive_store:find(username, query)
end, count;
end
+function archive_store:summary(username, query)
+ local iter, err = self:find(username, query)
+ if not iter then return iter, err; end
+ local summary = {};
+ for _, _, _, with in iter do
+ summary[with] = (summary[with] or 0) + 1;
+ end
+ return summary;
+end
+
function archive_store:delete(username, query)
if not query or next(query) == nil then
diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua
index a449091e..518e2654 100644
--- a/plugins/mod_storage_sql.lua
+++ b/plugins/mod_storage_sql.lua
@@ -1,17 +1,19 @@
-- luacheck: ignore 212/self
+local cache = require "util.cache";
local json = require "util.json";
local sql = require "util.sql";
local xml_parse = require "util.xml".parse;
local uuid = require "util.uuid";
local resolve_relative_path = require "util.paths".resolve_relative_path;
+local jid_join = require "util.jid".join;
local is_stanza = require"util.stanza".is_stanza;
local t_concat = table.concat;
local noop = function() end
-local unpack = table.unpack or unpack;
+local unpack = table.unpack or unpack; -- luacheck: ignore 113
local function iterator(result)
return function(result_)
local row = result_();
@@ -148,7 +150,10 @@ end
--- Archive store API
--- luacheck: ignore 512 431/user 431/store
+local archive_item_limit = module:get_option_number("storage_archive_item_limit");
+local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000));
+
+-- luacheck: ignore 512 431/user 431/store 431/err
local map_store = {};
map_store.__index = map_store;
map_store.remove = {};
@@ -228,10 +233,41 @@ end
local archive_store = {}
archive_store.caps = {
total = true;
+ quota = archive_item_limit;
+ truncate = true;
};
archive_store.__index = archive_store
function archive_store:append(username, key, value, when, with)
local user,store = username,self.store;
+ local cache_key = jid_join(username, host, store);
+ local item_count = archive_item_count_cache:get(cache_key);
+ if not item_count then
+ local ok, ret = engine:transaction(function()
+ local count_sql = [[
+ SELECT COUNT(*) FROM "prosodyarchive"
+ WHERE "host"=? AND "user"=? AND "store"=?;
+ ]];
+ local result = engine:select(count_sql, host, user, store);
+ if result then
+ for row in result do
+ item_count = row[1];
+ end
+ end
+ end);
+ if not ok or not item_count then
+ module:log("error", "Failed while checking quota for %s: %s", username, ret);
+ return nil, "Failure while checking quota";
+ end
+ archive_item_count_cache:set(cache_key, item_count);
+ end
+
+ if archive_item_limit then
+ module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit);
+ if item_count >= archive_item_limit then
+ return nil, "quota-limit";
+ end
+ end
+
when = when or os.time();
with = with or "";
local ok, ret = engine:transaction(function()
@@ -245,12 +281,16 @@ function archive_store:append(username, key, value, when, with)
VALUES (?,?,?,?,?,?,?,?);
]];
if key then
- engine:delete(delete_sql, host, user or "", store, key);
+ local result, err = engine:delete(delete_sql, host, user or "", store, key);
+ if result then
+ item_count = item_count - result:affected();
+ end
else
key = uuid.generate();
end
local t, encoded_value = assert(serialize(value));
engine:insert(insert_sql, host, user or "", store, when, with, key, t, encoded_value);
+ archive_item_count_cache:set(cache_key, item_count+1);
return key;
end);
if not ok then return ok, ret; end
@@ -287,45 +327,47 @@ local function archive_where(query, args, where)
end
end
local function archive_where_id_range(query, args, where)
- local args_len = #args
-- Before or after specific item, exclusive
+ local id_lookup_sql = [[
+ SELECT "sort_id"
+ FROM "prosodyarchive"
+ WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ?
+ LIMIT 1;
+ ]];
if query.after then -- keys better be unique!
- where[#where+1] = [[
- "sort_id" > COALESCE(
- (
- SELECT "sort_id"
- FROM "prosodyarchive"
- WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ?
- LIMIT 1
- ), 0)
- ]];
- args[args_len+1], args[args_len+2], args[args_len+3], args[args_len+4] = query.after, args[1], args[2], args[3];
- args_len = args_len + 4
+ local after_id = nil;
+ for row in engine:select(id_lookup_sql, query.after, args[1], args[2], args[3]) do
+ after_id = row[1];
+ end
+ if not after_id then
+ return nil, "item-not-found";
+ end
+ where[#where+1] = '"sort_id" > ?';
+ args[#args+1] = after_id;
end
if query.before then
- where[#where+1] = [[
- "sort_id" < COALESCE(
- (
- SELECT "sort_id"
- FROM "prosodyarchive"
- WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ?
- LIMIT 1
- ),
- (
- SELECT MAX("sort_id")+1
- FROM "prosodyarchive"
- )
- )
- ]]
- args[args_len+1], args[args_len+2], args[args_len+3], args[args_len+4] = query.before, args[1], args[2], args[3];
+ local before_id = nil;
+ for row in engine:select(id_lookup_sql, query.after, args[1], args[2], args[3]) do
+ before_id = row[1];
+ end
+ if not before_id then
+ return nil, "item-not-found";
+ end
+ where[#where+1] = '"sort_id" < ?';
+ args[#args+1] = before_id;
end
+ return true;
end
function archive_store:find(username, query)
query = query or {};
local user,store = username,self.store;
- local total;
- local ok, result = engine:transaction(function()
+ local cache_key = jid_join(username, host, self.store);
+ local total = archive_item_count_cache:get(cache_key);
+ if total ~= nil and query.limit == 0 and query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then
+ return noop, total;
+ end
+ local ok, result, err = engine:transaction(function()
local sql_query = [[
SELECT "key", "type", "value", "when", "with"
FROM "prosodyarchive"
@@ -346,12 +388,16 @@ function archive_store:find(username, query)
total = row[1];
end
end
+ if query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then
+ archive_item_count_cache:set(cache_key, total);
+ end
if query.limit == 0 then -- Skip the real query
return noop, total;
end
end
- archive_where_id_range(query, args, where);
+ local ok, err = archive_where_id_range(query, args, where);
+ if not ok then return ok, err; end
if query.limit then
args[#args+1] = query.limit;
@@ -361,7 +407,8 @@ function archive_store:find(username, query)
and "DESC" or "ASC", query.limit and " LIMIT ?" or "");
return engine:select(sql_query, unpack(args));
end);
- if not ok then return ok, result end
+ if not ok then return ok, result; end
+ if not result then return nil, err; end
return function()
local row = result();
if row ~= nil then
@@ -372,6 +419,41 @@ function archive_store:find(username, query)
end, total;
end
+function archive_store:summary(username, query)
+ query = query or {};
+ local user,store = username,self.store;
+ local ok, result = engine:transaction(function()
+ local sql_query = [[
+ SELECT DISTINCT "with", COUNT(*)
+ FROM "prosodyarchive"
+ WHERE %s
+ GROUP BY "with"
+ ORDER BY "sort_id" %s%s;
+ ]];
+ local args = { host, user or "", store, };
+ local where = { "\"host\" = ?", "\"user\" = ?", "\"store\" = ?", };
+
+ archive_where(query, args, where);
+
+ archive_where_id_range(query, args, where);
+
+ if query.limit then
+ args[#args+1] = query.limit;
+ end
+
+ sql_query = sql_query:format(t_concat(where, " AND "), query.reverse
+ and "DESC" or "ASC", query.limit and " LIMIT ?" or "");
+ return engine:select(sql_query, unpack(args));
+ end);
+ if not ok then return ok, result end
+ local summary = {};
+ for row in result do
+ local with, count = row[1], row[2];
+ summary[with] = count;
+ end
+ return summary;
+end
+
function archive_store:delete(username, query)
query = query or {};
local user,store = username,self.store;
@@ -384,7 +466,8 @@ function archive_store:delete(username, query)
table.remove(where, 2);
end
archive_where(query, args, where);
- archive_where_id_range(query, args, where);
+ local ok, err = archive_where_id_range(query, args, where);
+ if not ok then return ok, err; end
if query.truncate == nil then
sql_query = sql_query:format(t_concat(where, " AND "));
else
@@ -423,9 +506,24 @@ function archive_store:delete(username, query)
end
return engine:delete(sql_query, unpack(args));
end);
+ local cache_key = jid_join(username, host, self.store);
+ archive_item_count_cache:set(cache_key, nil);
return ok and stmt:affected(), stmt;
end
+function archive_store:users()
+ local ok, result = engine:transaction(function()
+ local select_sql = [[
+ SELECT DISTINCT "user"
+ FROM "prosodyarchive"
+ WHERE "host"=? AND "store"=?;
+ ]];
+ return engine:select(select_sql, host, self.store);
+ end);
+ if not ok then error(result); end
+ return iterator(result);
+end
+
local stores = {
keyval = keyval_store;
map = map_store;
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index eb208e28..b16acd09 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -35,9 +35,10 @@ local host = hosts[module.host];
local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
+local err_c2s, err_s2sin, err_s2sout;
function module.load()
- local NULL, err = {};
+ local NULL = {};
local modhost = module.host;
local parent = modhost:match("%.(.*)$");
@@ -53,16 +54,20 @@ function module.load()
local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s;
module:log("debug", "Creating context for c2s");
- ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
- if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end
+ local request_client_certs = { verify = { "peer", "client_once", }; };
module:log("debug", "Creating context for s2sout");
- ssl_ctx_s2sout, err, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
- if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err); end
+ ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
+ if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end
module:log("debug", "Creating context for s2sin");
- ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
- if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end
+ -- for outgoing server connections
+ ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs);
+ if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
+
+ -- for incoming server connections
+ ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s, request_client_certs);
+ if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err_s2sin); end
end
module:hook_global("config-reloaded", module.load);
@@ -77,12 +82,21 @@ local function can_do_tls(session)
return session.ssl_ctx;
end
if session.type == "c2s_unauthed" then
+ if not ssl_ctx_c2s and c2s_require_encryption then
+ session.log("error", "No TLS context available for c2s. Earlier error was: %s", err_c2s);
+ end
session.ssl_ctx = ssl_ctx_c2s;
session.ssl_cfg = ssl_cfg_c2s;
elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
+ if not ssl_ctx_s2sin and s2s_require_encryption then
+ session.log("error", "No TLS context available for s2sin. Earlier error was: %s", err_s2sin);
+ end
session.ssl_ctx = ssl_ctx_s2sin;
session.ssl_cfg = ssl_cfg_s2sin;
elseif session.direction == "outgoing" and allow_s2s_tls then
+ if not ssl_ctx_s2sout and s2s_require_encryption then
+ session.log("error", "No TLS context available for s2sout. Earlier error was: %s", err_s2sout);
+ end
session.ssl_ctx = ssl_ctx_s2sout;
session.ssl_cfg = ssl_cfg_s2sout;
else
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index b4aba338..008f6823 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -29,18 +29,10 @@ local t_concat = table.concat;
local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5);
local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure");
-local cross_domain = module:get_option_set("cross_domain_websocket", {});
-if cross_domain:contains("*") or cross_domain:contains(true) then
- cross_domain = true;
+local cross_domain = module:get_option("cross_domain_websocket");
+if cross_domain ~= nil then
+ module:log("info", "The 'cross_domain_websocket' option has been deprecated");
end
-
-local function check_origin(origin)
- if cross_domain == true then
- return true;
- end
- return cross_domain:contains(origin);
-end
-
local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing";
local xmlns_streams = "http://etherx.jabber.org/streams";
local xmlns_client = "jabber:client";
@@ -158,11 +150,6 @@ function handle_request(event)
return 501;
end
- if not check_origin(request.headers.origin or "") then
- module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket' [ %s ]", request.headers.origin or "(missing header)", cross_domain);
- return 403;
- end
-
local function websocket_close(code, message)
conn:write(build_close(code, message));
conn:close();
@@ -329,27 +316,4 @@ module:provides("http", {
function module.add_host(module)
module:hook("c2s-read-timeout", keepalive, -0.9);
-
- if cross_domain ~= true then
- local url = require "socket.url";
- local ws_url = module:http_url("websocket", "xmpp-websocket");
- local url_components = url.parse(ws_url);
- -- The 'Origin' consists of the base URL without path
- url_components.path = nil;
- local this_origin = url.build(url_components);
- local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin });
- if local_cross_domain:contains(true) then
- module:log("error", "cross_domain_websocket = true only works in the global section");
- return;
- end
-
- -- Don't add / remove something added by another host
- -- This might be weird with random load order
- local_cross_domain:exclude(cross_domain);
- cross_domain:include(local_cross_domain);
- module:log("debug", "cross_domain = %s", tostring(cross_domain));
- function module.unload()
- cross_domain:exclude(local_cross_domain);
- end
- end
end
diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua
index 954bae92..89e67744 100644
--- a/plugins/muc/mod_muc.lua
+++ b/plugins/muc/mod_muc.lua
@@ -453,7 +453,7 @@ for event_name, method in pairs {
if room == nil then
-- Watch presence to create rooms
- if stanza.attr.type == nil and stanza.name == "presence" then
+ if stanza.attr.type == nil and stanza.name == "presence" and stanza:get_child("x", "http://jabber.org/protocol/muc") then
room = muclib.new_room(room_jid);
return room:handle_first_presence(origin, stanza);
elseif stanza.attr.type ~= "error" then
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua
index 9648ea78..c828d17d 100644
--- a/plugins/muc/muc.lib.lua
+++ b/plugins/muc/muc.lib.lua
@@ -23,6 +23,7 @@ local resourceprep = require "util.encodings".stringprep.resourceprep;
local st = require "util.stanza";
local base64 = require "util.encodings".base64;
local md5 = require "util.hashes".md5;
+local new_id = require "util.id".medium;
local log = module._log;
@@ -39,7 +40,7 @@ function room_mt:__tostring()
end
function room_mt.save()
- -- overriden by mod_muc.lua
+ -- overridden by mod_muc.lua
end
function room_mt:get_occupant_jid(real_jid)
@@ -279,7 +280,7 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason)
self_p = st.clone(base_presence):add_child(self_x);
end
- -- General populance
+ -- General populace
for occupant_nick, n_occupant in self:each_occupant() do
if occupant_nick ~= occupant.nick then
local pr;
@@ -428,13 +429,6 @@ module:hook("muc-occupant-pre-change", function(event)
end, 1);
function room_mt:handle_first_presence(origin, stanza)
- if not stanza:get_child("x", "http://jabber.org/protocol/muc") then
- module:log("debug", "Room creation without <x>, possibly desynced");
-
- origin.send(st.error_reply(stanza, "cancel", "item-not-found"));
- return true;
- end
-
local real_jid = stanza.attr.from;
local dest_jid = stanza.attr.to;
local bare_jid = jid_bare(real_jid);
@@ -504,7 +498,7 @@ function room_mt:handle_normal_presence(origin, stanza)
if orig_occupant == nil and not muc_x and stanza.attr.type == nil then
module:log("debug", "Attempted join without <x>, possibly desynced");
origin.send(st.error_reply(stanza, "cancel", "item-not-found",
- "You must join the room before sending presence updates"));
+ "You are not currently connected to this chat"));
return true;
end
@@ -609,7 +603,7 @@ function room_mt:handle_normal_presence(origin, stanza)
x:tag("status", {code = "303";}):up();
x:tag("status", {code = "110";}):up();
self:route_stanza(generated_unavail:add_child(x));
- dest_nick = nil; -- set dest_nick to nil; so general populance doesn't see it for whole orig_occupant
+ dest_nick = nil; -- set dest_nick to nil; so general populace doesn't see it for whole orig_occupant
end
end
@@ -967,7 +961,7 @@ function room_mt:handle_admin_query_get_command(origin, stanza)
local _aff_rank = valid_affiliations[_aff or "none"];
local _rol = item.attr.role;
if _aff and _aff_rank and not _rol then
- -- You need to be at least an admin, and be requesting info about your affifiliation or lower
+ -- You need to be at least an admin, and be requesting info about your affiliation or lower
-- e.g. an admin can't ask for a list of owners
local affiliation_rank = valid_affiliations[affiliation or "none"];
if (affiliation_rank >= valid_affiliations.admin and affiliation_rank >= _aff_rank)
@@ -1044,6 +1038,9 @@ end
function room_mt:handle_groupchat_to_room(origin, stanza)
local from = stanza.attr.from;
local occupant = self:get_occupant_by_real_jid(from);
+ if not stanza.attr.id then
+ stanza.attr.id = new_id()
+ end
if module:fire_event("muc-occupant-groupchat", {
room = self; origin = origin; stanza = stanza; from = from; occupant = occupant;
}) then return true; end
@@ -1292,7 +1289,7 @@ function room_mt:set_affiliation(actor, jid, affiliation, reason, data)
-- Outcast can be by host.
is_host_only and affiliation == "outcast" and select(2, jid_split(occupant.bare_jid)) == host
) then
- -- need to publcize in all cases; as affiliation in <item/> has changed.
+ -- need to publicize in all cases; as affiliation in <item/> has changed.
occupants_updated[occupant] = occupant.role;
if occupant.role ~= role and (
is_downgrade or
@@ -1371,6 +1368,42 @@ function room_mt:get_role(nick)
return occupant and occupant.role or nil;
end
+function room_mt:may_set_role(actor, occupant, role)
+ local event = {
+ room = self,
+ actor = actor,
+ occupant = occupant,
+ role = role,
+ };
+
+ module:fire_event("muc-pre-set-role", event);
+ if event.allowed ~= nil then
+ return event.allowed, event.error, event.condition;
+ end
+
+ -- Can't do anything to other owners or admins
+ local occupant_affiliation = self:get_affiliation(occupant.bare_jid);
+ if occupant_affiliation == "owner" or occupant_affiliation == "admin" then
+ return nil, "cancel", "not-allowed";
+ end
+
+ -- If you are trying to give or take moderator role you need to be an owner or admin
+ if occupant.role == "moderator" or role == "moderator" then
+ local actor_affiliation = self:get_affiliation(actor);
+ if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then
+ return nil, "cancel", "not-allowed";
+ end
+ end
+
+ -- Need to be in the room and a moderator
+ local actor_occupant = self:get_occupant_by_real_jid(actor);
+ if not actor_occupant or actor_occupant.role ~= "moderator" then
+ return nil, "cancel", "not-allowed";
+ end
+
+ return true;
+end
+
function room_mt:set_role(actor, occupant_jid, role, reason)
if not actor then return nil, "modify", "not-acceptable"; end
@@ -1385,24 +1418,9 @@ function room_mt:set_role(actor, occupant_jid, role, reason)
if actor == true then
actor = nil -- So we can pass it safely to 'publicise_occupant_status' below
else
- -- Can't do anything to other owners or admins
- local occupant_affiliation = self:get_affiliation(occupant.bare_jid);
- if occupant_affiliation == "owner" or occupant_affiliation == "admin" then
- return nil, "cancel", "not-allowed";
- end
-
- -- If you are trying to give or take moderator role you need to be an owner or admin
- if occupant.role == "moderator" or role == "moderator" then
- local actor_affiliation = self:get_affiliation(actor);
- if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then
- return nil, "cancel", "not-allowed";
- end
- end
-
- -- Need to be in the room and a moderator
- local actor_occupant = self:get_occupant_by_real_jid(actor);
- if not actor_occupant or actor_occupant.role ~= "moderator" then
- return nil, "cancel", "not-allowed";
+ local allowed, err, condition = self:may_set_role(actor, occupant, role)
+ if not allowed then
+ return allowed, err, condition;
end
end
diff --git a/plugins/muc/subject.lib.lua b/plugins/muc/subject.lib.lua
index 938abf61..c8b99cc7 100644
--- a/plugins/muc/subject.lib.lua
+++ b/plugins/muc/subject.lib.lua
@@ -94,6 +94,12 @@ module:hook("muc-occupant-groupchat", function(event)
local stanza = event.stanza;
local subject = stanza:get_child("subject");
if subject then
+ if stanza:get_child("body") or stanza:get_child("thread") then
+ -- Note: A message with a <subject/> and a <body/> or a <subject/> and
+ -- a <thread/> is a legitimate message, but it SHALL NOT be interpreted
+ -- as a subject change.
+ return;
+ end
local room = event.room;
local occupant = event.occupant;
-- Role check for subject changes