aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_bosh.lua57
-rw-r--r--plugins/mod_groups.lua10
-rw-r--r--plugins/mod_presence.lua60
-rw-r--r--plugins/mod_privacy.lua60
-rw-r--r--plugins/mod_private.lua6
-rw-r--r--plugins/mod_saslauth.lua32
6 files changed, 115 insertions, 110 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 02f3ce38..66a79785 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -31,6 +31,8 @@ local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or
local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2;
local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300;
+local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure");
+
local default_headers = { ["Content-Type"] = "text/xml; charset=utf-8" };
local session_close_reply = { headers = default_headers, body = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" }), attr = {} };
@@ -63,8 +65,11 @@ function on_destroy_request(request)
local session = sessions[request.sid];
if session then
local requests = session.requests;
- for i,r in pairs(requests) do
- if r == request then requests[i] = nil; break; end
+ for i,r in ipairs(requests) do
+ if r == request then
+ t_remove(requests, i);
+ break;
+ end
end
-- If this session now has no requests open, mark it as inactive
@@ -90,6 +95,8 @@ function handle_request(method, body, request)
--log("debug", "Handling new request %s: %s\n----------", request.id, tostring(body));
request.notopen = true;
request.log = log;
+ request.on_destroy = on_destroy_request;
+
local parser = lxp.new(init_xmlhandlers(request, stream_callbacks), "\1");
parser:parse(body);
@@ -118,14 +125,21 @@ function handle_request(method, body, request)
session.send(resp);
end
- if not request.destroyed and session.bosh_wait then
- request.reply_before = os_time() + session.bosh_wait;
- request.on_destroy = on_destroy_request;
- waiting_requests[request] = true;
+ if not request.destroyed then
+ -- We're keeping this request open, to respond later
+ log("debug", "Have nothing to say, so leaving request unanswered for now");
+ if session.bosh_wait then
+ request.reply_before = os_time() + session.bosh_wait;
+ waiting_requests[request] = true;
+ end
+ if inactive_sessions[session] then
+ -- Session was marked as inactive, since we have
+ -- a request open now, unmark it
+ inactive_sessions[session] = nil;
+ end
end
- log("debug", "Have nothing to say, so leaving request unanswered for now");
- return true;
+ return true; -- Inform httpserver we shall reply later
end
end
@@ -162,10 +176,14 @@ function stream_callbacks.streamopened(request, attr)
-- New session
sid = new_uuid();
- local session = { type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid), host = attr.to, bosh_version = attr.ver, bosh_wait = attr.wait, streamid = sid,
- bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
- requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream,
- dispatch_stanza = core_process_stanza, log = logger.init("bosh"..sid), secure = request.secure };
+ local session = {
+ type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to,
+ bosh_version = attr.ver, bosh_wait = attr.wait, streamid = sid,
+ bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
+ requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream,
+ close = bosh_close_stream, dispatch_stanza = core_process_stanza,
+ log = logger.init("bosh"..sid), secure = consider_bosh_secure or request.secure
+ };
sessions[sid] = session;
log("info", "New BOSH session, assigned it sid '%s'", sid);
@@ -174,11 +192,6 @@ function stream_callbacks.streamopened(request, attr)
function session.send(s)
--log("debug", "Sending BOSH data: %s", tostring(s));
local oldest_request = r[1];
- while oldest_request and oldest_request.destroyed do
- t_remove(r, 1);
- waiting_requests[oldest_request] = nil;
- oldest_request = r[1];
- end
if oldest_request then
log("debug", "We have an open request, so sending on that");
response.body = t_concat{"<body xmlns='http://jabber.org/protocol/httpbind' sid='", sid, "' xmlns:stream = 'http://etherx.jabber.org/streams'>", tostring(s), "</body>" };
@@ -193,7 +206,6 @@ function stream_callbacks.streamopened(request, attr)
else
log("debug", "Destroying the request now...");
oldest_request:destroy();
- t_remove(r, 1);
end
elseif s ~= "" then
log("debug", "Saved to send buffer because there are %d open requests", #r);
@@ -235,8 +247,9 @@ function stream_callbacks.streamopened(request, attr)
session.log("warn", "rid too large (means a request was lost). Last rid: %d New rid: %s", session.rid, attr.rid);
elseif diff <= 0 then
-- Repeated, ignore
- session.log("debug", "rid repeated (on request %s), ignoring: %d", request.id, session.rid);
+ session.log("debug", "rid repeated (on request %s), ignoring: %s (diff %d)", request.id, session.rid, diff);
request.notopen = nil;
+ request.sid = sid;
t_insert(session.requests, request);
return;
end
@@ -250,12 +263,6 @@ function stream_callbacks.streamopened(request, attr)
return;
end
- -- If session was inactive, make sure it is now marked as not
- if #session.requests == 0 then
- (session.log or log)("debug", "BOSH client now active again at %d", os_time());
- inactive_sessions[session] = nil;
- end
-
if session.notopen then
local features = st.stanza("stream:features");
hosts[session.host].events.fire_event("stream-features", { origin = session, features = features });
diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua
index d4604b1e..5f821cbc 100644
--- a/plugins/mod_groups.lua
+++ b/plugins/mod_groups.lua
@@ -18,7 +18,7 @@ local jid_bare, jid_prep = jid.bare, jid.prep;
local module_host = module:get_host();
function inject_roster_contacts(username, host, roster)
- module:log("warn", "Injecting group members to roster");
+ --module:log("debug", "Injecting group members to roster");
local bare_jid = username.."@"..host;
if not members[bare_jid] and not members[false] then return; end -- Not a member of any groups
@@ -41,7 +41,7 @@ function inject_roster_contacts(username, host, roster)
-- Find groups this JID is a member of
if members[bare_jid] then
for _, group_name in ipairs(members[bare_jid]) do
- module:log("debug", "Importing group %s", group_name);
+ --module:log("debug", "Importing group %s", group_name);
import_jids_to_roster(group_name);
end
end
@@ -49,7 +49,7 @@ function inject_roster_contacts(username, host, roster)
-- Import public groups
if members[false] then
for _, group_name in ipairs(members[false]) do
- module:log("debug", "Importing group %s", group_name);
+ --module:log("debug", "Importing group %s", group_name);
import_jids_to_roster(group_name);
end
end
@@ -67,7 +67,9 @@ function remove_virtual_contacts(username, host, datastore, data)
new_roster[jid] = contact;
end
end
- new_roster[false].version = nil; -- Version is void
+ if new_roster[false] then
+ new_roster[false].version = nil; -- Version is void
+ end
return username, host, datastore, new_roster;
end
diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua
index 5ad3bfdf..9071ae4c 100644
--- a/plugins/mod_presence.lua
+++ b/plugins/mod_presence.lua
@@ -38,42 +38,23 @@ function core_route_stanza(origin, stanza)
_core_route_stanza(origin, stanza);
end
-local select_top_resources;
-local bare_message_delivery_policy = module:get_option("bare_message_delivery_policy") or "priority";
-if bare_message_delivery_policy == "broadcast" then
- function select_top_resources(user)
- local recipients = {};
- for _, session in pairs(user.sessions) do -- find resources with non-negative priority
+local function select_top_resources(user)
+ local priority = 0;
+ local recipients = {};
+ for _, session in pairs(user.sessions) do -- find resource with greatest priority
+ if session.presence then
+ -- TODO check active privacy list for session
local p = session.priority;
- if p and p >= 0 then
+ if p > priority then
+ priority = p;
+ recipients = {session};
+ elseif p == priority then
t_insert(recipients, session);
end
end
- return recipients;
- end
-else
- if bare_message_delivery_policy ~= "priority" then
- module:log("warn", "Invalid value for config option bare_message_delivery_policy");
- end
- function select_top_resources(user)
- local priority = 0;
- local recipients = {};
- for _, session in pairs(user.sessions) do -- find resource with greatest priority
- if session.presence then
- -- TODO check active privacy list for session
- local p = session.priority;
- if p > priority then
- priority = p;
- recipients = {session};
- elseif p == priority then
- t_insert(recipients, session);
- end
- end
- end
- return recipients;
end
+ return recipients;
end
-
local function recalc_resource_map(user)
if user then
user.top_resources = select_top_resources(user);
@@ -81,7 +62,17 @@ local function recalc_resource_map(user)
end
end
+local ignore_presence_priority = module:get_option("ignore_presence_priority");
+
function handle_normal_presence(origin, stanza, core_route_stanza)
+ if ignore_presence_priority then
+ local priority = stanza:child_with_name("priority");
+ if priority and priority[1] ~= "0" then
+ for i=#priority.tags,1,-1 do priority.tags[i] = nil; end
+ for i=#priority,1,-1 do priority[i] = nil; end
+ priority[1] = "0";
+ end
+ end
if full_sessions[origin.full_jid] then -- if user is still connected
origin.send(stanza); -- reflect their presence back to them
end
@@ -236,16 +227,13 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b
stanza.attr.from, stanza.attr.to = from_bare, to_bare;
log("debug", "inbound presence "..stanza.attr.type.." from "..from_bare.." for "..to_bare);
- if not node then
- log("debug", "dropping presence sent to host or invalid address '%s'", tostring(to_bare));
- end
-
if stanza.attr.type == "probe" then
- if rostermanager.is_contact_subscribed(node, host, from_bare) then
+ local result, err = rostermanager.is_contact_subscribed(node, host, from_bare);
+ if result then
if 0 == send_presence_of_available_resources(node, host, st_from, origin, core_route_stanza) then
core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"})); -- TODO send last activity
end
- else
+ elseif not err then
core_route_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unsubscribed"}));
end
elseif stanza.attr.type == "subscribe" then
diff --git a/plugins/mod_privacy.lua b/plugins/mod_privacy.lua
index 77b4dd12..ca5d51fa 100644
--- a/plugins/mod_privacy.lua
+++ b/plugins/mod_privacy.lua
@@ -13,7 +13,7 @@ local datamanager = require "util.datamanager";
local bare_sessions, full_sessions = bare_sessions, full_sessions;
local util_Jid = require "util.jid";
local jid_bare = util_Jid.bare;
-local jid_split = util_Jid.split;
+local jid_split, jid_join = util_Jid.split, util_Jid.join;
local load_roster = require "core.rostermanager".load_roster;
local to_number = tonumber;
@@ -160,26 +160,7 @@ function createOrReplaceList (privacy_lists, origin, stanza, name, entries, rost
end
end
- if tmp.type == "group" then
- local found = false;
- local roster = load_roster(origin.username, origin.host);
- for jid,item in pairs(roster) do
- if item.groups ~= nil then
- for group in pairs(item.groups) do
- if group == tmp.value then
- found = true;
- break;
- end
- end
- if found == true then
- break;
- end
- end
- end
- if found == false then
- return {"cancel", "item-not-found", "Specifed roster group not existing."};
- end
- elseif tmp.type == "subscription" then
+ if tmp.type == "subscription" then
if tmp.value ~= "both" and
tmp.value ~= "to" and
tmp.value ~= "from" and
@@ -326,7 +307,7 @@ function checkIfNeedToBeBlocked(e, session)
local is_to_user = bare_jid == jid_bare(to);
local is_from_user = bare_jid == jid_bare(from);
- module:log("debug", "stanza: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from));
+ --module:log("debug", "stanza: %s, to: %s, from: %s", tostring(stanza.name), tostring(to), tostring(from));
if privacy_lists.lists == nil or
not (session.activePrivacyList or privacy_lists.default)
@@ -334,7 +315,7 @@ function checkIfNeedToBeBlocked(e, session)
return; -- Nothing to block, default is Allow all
end
if is_from_user and is_to_user then
- module:log("debug", "Not blocking communications between user's resources");
+ --module:log("debug", "Not blocking communications between user's resources");
return; -- from one of a user's resource to another => HANDS OFF!
end
@@ -344,8 +325,8 @@ function checkIfNeedToBeBlocked(e, session)
listname = privacy_lists.default; -- no active list selected, use default list
end
local list = privacy_lists.lists[listname];
- if not list then
- module:log("debug", "given privacy list not found. name: %s", listname);
+ if not list then -- should never happen
+ module:log("warn", "given privacy list not found. name: %s for user %s", listname, bare_jid);
return;
end
for _,item in ipairs(list.items) do
@@ -364,10 +345,10 @@ function checkIfNeedToBeBlocked(e, session)
local evilJid = {};
apply = false;
if is_to_user then
- module:log("debug", "evil jid is (from): %s", from);
+ --module:log("debug", "evil jid is (from): %s", from);
evilJid.node, evilJid.host, evilJid.resource = jid_split(from);
else
- module:log("debug", "evil jid is (to): %s", to);
+ --module:log("debug", "evil jid is (to): %s", to);
evilJid.node, evilJid.host, evilJid.resource = jid_split(to);
end
if item.type == "jid" and
@@ -379,17 +360,22 @@ function checkIfNeedToBeBlocked(e, session)
block = (item.action == "deny");
elseif item.type == "group" then
local roster = load_roster(session.username, session.host);
- local groups = roster[evilJid.node .. "@" .. evilJid.host].groups;
- for group in pairs(groups) do
- if group == item.value then
- apply = true;
- block = (item.action == "deny");
- break;
+ local roster_entry = roster[jid_join(evilJid.node, evilJid.host)];
+ if roster_entry then
+ local groups = roster_entry.groups;
+ for group in pairs(groups) do
+ if group == item.value then
+ apply = true;
+ block = (item.action == "deny");
+ break;
+ end
end
end
- elseif item.type == "subscription" and evilJid.node ~= nil and evilJid.host ~= nil then -- we need a valid bare evil jid
+ elseif item.type == "subscription" then -- we need a valid bare evil jid
local roster = load_roster(session.username, session.host);
- if roster[evilJid.node .. "@" .. evilJid.host].subscription == item.value then
+ local roster_entry = roster[jid_join(evilJid.node, evilJid.host)];
+ if (not(roster_entry) and item.value == "none")
+ or (roster_entry and roster_entry.subscription == item.value) then
apply = true;
block = (item.action == "deny");
end
@@ -408,7 +394,7 @@ function checkIfNeedToBeBlocked(e, session)
end
return true; -- stanza blocked !
else
- module:log("debug", "stanza explicitly allowed!")
+ --module:log("debug", "stanza explicitly allowed!")
return;
end
end
@@ -439,7 +425,7 @@ function preCheckIncoming(e)
if session ~= nil then
return checkIfNeedToBeBlocked(e, session);
else
- module:log("debug", "preCheckIncoming: Couldn't get session for jid: %s@%s/%s", tostring(node), tostring(host), tostring(resource));
+ --module:log("debug", "preCheckIncoming: Couldn't get session for jid: %s@%s/%s", tostring(node), tostring(host), tostring(resource));
end
end
end
diff --git a/plugins/mod_private.lua b/plugins/mod_private.lua
index 859bf45a..abf1ec03 100644
--- a/plugins/mod_private.lua
+++ b/plugins/mod_private.lua
@@ -26,7 +26,11 @@ module:add_iq_handler("c2s", "jabber:iq:private",
if #query.tags == 1 then
local tag = query.tags[1];
local key = tag.name..":"..tag.attr.xmlns;
- local data = datamanager.load(node, host, "private");
+ local data, err = datamanager.load(node, host, "private");
+ if err then
+ session.send(st.error_reply(stanza, "wait", "internal-server-error"));
+ return true;
+ end
if stanza.attr.type == "get" then
if data and data[key] then
session.send(st.reply(stanza):tag("query", {xmlns = "jabber:iq:private"}):add_child(st.deserialize(data[key])));
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index c0360553..9f940c37 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -28,6 +28,12 @@ local config = require "core.configmanager";
local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
local sasl_backend = module:get_option("sasl_backend") or "builtin";
+-- Cyrus config options
+local require_provisioning = module:get_option("cyrus_require_provisioning") or false;
+local cyrus_service_realm = module:get_option("cyrus_service_realm");
+local cyrus_service_name = module:get_option("cyrus_service_name");
+local cyrus_application_name = module:get_option("cyrus_application_name");
+
local log = module._log;
local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl';
@@ -45,7 +51,11 @@ elseif sasl_backend == "cyrus" then
if ok then
local cyrus_new = cyrus.new;
new_sasl = function(realm)
- return cyrus_new(realm, module:get_option("cyrus_service_name") or "xmpp");
+ return cyrus_new(
+ cyrus_service_realm or realm,
+ cyrus_service_name or "xmpp",
+ cyrus_application_name or "prosody"
+ );
end
else
module:log("error", "Failed to load Cyrus SASL because: %s", cyrus);
@@ -94,7 +104,7 @@ local function build_reply(status, ret, err_msg)
return reply;
end
-local function handle_status(session, status)
+local function handle_status(session, status, ret, err_msg)
if status == "failure" then
session.sasl_handler = session.sasl_handler:clean_clone();
elseif status == "success" then
@@ -103,12 +113,20 @@ local function handle_status(session, status)
module:log("warn", "SASL succeeded but we didn't get a username!");
session.sasl_handler = nil;
session:reset_stream();
- return;
+ return status, ret, err_msg;
+ end
+
+ if not(require_provisioning) or usermanager_user_exists(username, session.host) then
+ sm_make_authenticated(session, session.sasl_handler.username);
+ session.sasl_handler = nil;
+ session:reset_stream();
+ else
+ module:log("warn", "SASL succeeded but we don't have an account provisioned for %s", username);
+ session.sasl_handler = session.sasl_handler:clean_clone();
+ return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP";
end
- sm_make_authenticated(session, session.sasl_handler.username);
- session.sasl_handler = nil;
- session:reset_stream();
end
+ return status, ret, err_msg;
end
local function sasl_handler(session, stanza)
@@ -142,7 +160,7 @@ local function sasl_handler(session, stanza)
end
end
local status, ret, err_msg = session.sasl_handler:process(text);
- handle_status(session, status);
+ status, ret, err_msg = handle_status(session, status, ret, err_msg);
local s = build_reply(status, ret, err_msg);
log("debug", "sasl reply: %s", tostring(s));
session.send(s);