aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/mod_actions_http.lua78
-rw-r--r--plugins/mod_bosh.lua97
-rw-r--r--plugins/mod_httpserver.lua2
-rw-r--r--plugins/mod_register.lua30
4 files changed, 190 insertions, 17 deletions
diff --git a/plugins/mod_actions_http.lua b/plugins/mod_actions_http.lua
new file mode 100644
index 00000000..43370a41
--- /dev/null
+++ b/plugins/mod_actions_http.lua
@@ -0,0 +1,78 @@
+
+local httpserver = require "net.httpserver";
+local t_concat, t_insert = table.concat, table.insert;
+
+local log = log;
+
+local response_404 = { status = "404 Not Found", body = "<h1>No such action</h1>Sorry, I don't have the action you requested" };
+
+local control = require "core.actions".actions;
+
+
+local urlcodes = setmetatable({}, { __index = function (t, k) t[k] = string.char(tonumber("0x"..k)); return t[k]; end });
+
+local function urldecode(s)
+ return s and (s:gsub("+", " "):gsub("%%([a-fA-F0-9][a-fA-F0-9])", urlcodes));
+end
+
+local function query_to_table(query)
+ if type(query) == "string" and #query > 0 then
+ if query:match("=") then
+ local params = {};
+ for k, v in query:gmatch("&?([^=%?]+)=([^&%?]+)&?") do
+ if k and v then
+ params[urldecode(k)] = urldecode(v);
+ end
+ end
+ return params;
+ else
+ return urldecode(query);
+ end
+ end
+end
+
+
+
+local http_path = { http_base };
+local function handle_request(method, body, request)
+ local path = request.url.path:gsub("^/[^/]+/", "");
+
+ local curr = control;
+
+ for comp in path:gmatch("([^/]+)") do
+ curr = curr[comp];
+ if not curr then
+ return response_404;
+ end
+ end
+
+ if type(curr) == "table" then
+ local s = {};
+ for k,v in pairs(curr) do
+ t_insert(s, tostring(k));
+ t_insert(s, " = ");
+ if type(v) == "function" then
+ t_insert(s, "action")
+ elseif type(v) == "table" then
+ t_insert(s, "list");
+ else
+ t_insert(s, tostring(v));
+ end
+ t_insert(s, "\n");
+ end
+ return t_concat(s);
+ elseif type(curr) == "function" then
+ local params = query_to_table(request.url.query);
+ params.host = request.headers.host:gsub(":%d+", "");
+ local ok, ret1, ret2 = pcall(curr, params);
+ if not ok then
+ return "EPIC FAIL: "..tostring(ret1);
+ elseif not ret1 then
+ return "FAIL: "..tostring(ret2);
+ else
+ return "OK: "..tostring(ret2);
+ end
+ end
+end
+
+httpserver.new{ port = 5280, base = "control", handler = handle_request, ssl = false } \ No newline at end of file
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index b3b4aebb..b5951e96 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -6,27 +6,29 @@ local init_xmlhandlers = require "core.xmlhandlers"
local server = require "net.server";
local httpserver = require "net.httpserver";
local sm = require "core.sessionmanager";
+local sm_destroy_session = sm.destroy_session;
local new_uuid = require "util.uuid".generate;
local fire_event = require "core.eventmanager".fire_event;
local core_process_stanza = core_process_stanza;
local st = require "util.stanza";
local log = require "util.logger".init("bosh");
local stream_callbacks = { stream_tag = "http://jabber.org/protocol/httpbind|body" };
-
+local config = require "core.configmanager";
local xmlns_bosh = "http://jabber.org/protocol/httpbind"; -- (hard-coded into a literal in session.send)
-local BOSH_DEFAULT_HOLD = 1;
-local BOSH_DEFAULT_INACTIVITY = 30;
-local BOSH_DEFAULT_POLLING = 5;
-local BOSH_DEFAULT_REQUESTS = 2;
-local BOSH_DEFAULT_MAXPAUSE = 120;
+local BOSH_DEFAULT_HOLD = tonumber(config.get("*", "core", "bosh_default_hold")) or 1;
+local BOSH_DEFAULT_INACTIVITY = tonumber(config.get("*", "core", "bosh_max_inactivity")) or 60;
+local BOSH_DEFAULT_POLLING = tonumber(config.get("*", "core", "bosh_max_polling")) or 5;
+local BOSH_DEFAULT_REQUESTS = tonumber(config.get("*", "core", "bosh_max_requests")) or 2;
+local BOSH_DEFAULT_MAXPAUSE = tonumber(config.get("*", "core", "bosh_max_pause")) or 300;
local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat;
local os_time = os.time;
local sessions = {};
+local inactive_sessions = {}; -- Sessions which have no open requests
--- Used to respond to idle sessions
+-- Used to respond to idle sessions (those with waiting requests)
local waiting_requests = {};
function on_destroy_request(request)
waiting_requests[request] = nil;
@@ -34,7 +36,6 @@ end
function handle_request(method, body, request)
if (not body) or request.method ~= "POST" then
- --return { status = "200 OK", headers = { ["Content-Type"] = "text/html" }, body = "<html><body>You don't look like a BOSH client to me... what do you want?</body></html>" };
return "<html><body>You really don't look like a BOSH client to me... what do you want?</body></html>";
end
if not method then
@@ -60,19 +61,16 @@ function handle_request(method, body, request)
log("debug", "...sending what is in the buffer")
session.send(t_concat(session.send_buffer));
session.send_buffer = {};
- return;
else
-- or an empty response
log("debug", "...sending an empty response");
session.send("");
- return;
end
elseif #session.send_buffer > 0 then
log("debug", "Session has data in the send buffer, will send now..");
local resp = t_concat(session.send_buffer);
session.send_buffer = {};
session.send(resp);
- return;
end
if not request.destroyed and session.bosh_wait then
@@ -86,8 +84,21 @@ function handle_request(method, body, request)
end
end
+
local function bosh_reset_stream(session) session.notopen = true; end
-local function bosh_close_stream(session, reason) end
+
+local session_close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate" });
+local function bosh_close_stream(session, reason)
+ (session.log or log)("info", "BOSH client disconnected");
+ session_close_reply.attr.condition = reason;
+ local session_close_reply = tostring(session_close_reply);
+ for _, held_request in ipairs(session.requests) do
+ held_request:send(session_close_reply);
+ held_request:destroy();
+ end
+ sessions[session.sid] = nil;
+ sm_destroy_session(session);
+end
function stream_callbacks.streamopened(request, attr)
print("Attr:")
@@ -95,14 +106,23 @@ function stream_callbacks.streamopened(request, attr)
log("debug", "BOSH body open (sid: %s)", attr.sid);
local sid = attr.sid
if not sid then
- -- TODO: Sanity checks here (rid, to, known host, etc.)
+ -- New session request
request.notopen = nil; -- Signals that we accept this opening tag
+ -- TODO: Sanity checks here (rid, to, known host, etc.)
+ if not hosts[attr.to] then
+ -- Unknown host
+ session_close_reply.attr.condition = "host-unknown";
+ request:send(tostring(session_close_reply));
+ request.notopen = nil
+ return;
+ end
+
-- New session
sid = tostring(new_uuid());
local session = { type = "c2s_unauthed", conn = {}, sid = sid, rid = attr.rid, host = attr.to, bosh_version = attr.ver, bosh_wait = attr.wait, streamid = sid,
- bosh_hold = BOSH_DEFAULT_HOLD,
- requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream };
+ bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
+ requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream, dispatch_stanza = core_process_stanza };
sessions[sid] = session;
log("info", "New BOSH session, assigned it sid '%s'", sid);
local r, send_buffer = session.requests, session.send_buffer;
@@ -133,6 +153,10 @@ function stream_callbacks.streamopened(request, attr)
end
elseif s ~= "" then
log("debug", "Saved to send buffer because there are %d open requests", #r);
+ if session.bosh_max_inactive and not inactive_sessions[session] then
+ inactive_sessions[session] = os_time();
+ (session.log or log)("debug", "BOSH session marked as inactive at %d", inactive_sessions[session]);
+ end
-- Hmm, no requests are open :(
t_insert(session.send_buffer, tostring(s));
log("debug", "There are now %d things in the send_buffer", #session.send_buffer);
@@ -145,7 +169,7 @@ function stream_callbacks.streamopened(request, attr)
fire_event("stream-features", session, features);
--xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'
local response = st.stanza("body", { xmlns = xmlns_bosh,
- inactivity = "30", polling = "5", requests = "2", hold = tostring(session.bosh_hold), maxpause = "120",
+ inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120",
sid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0",
["xmlns:xmpp"] = "urn:xmpp:xbosh", ["xmlns:stream"] = "http://etherx.jabber.org/streams" }):add_child(features);
request:send(tostring(response));
@@ -163,6 +187,19 @@ function stream_callbacks.streamopened(request, attr)
return;
end
+ if attr.type == "terminate" then
+ -- Client wants to end this session
+ session:close();
+ request.notopen = nil;
+ return;
+ end
+
+ -- If session was inactive, make sure it is now marked as not
+ if #session.requests == 0 then
+ (session.log or log)("debug", "BOSH client now active again at %d", os_time());
+ inactive_sessions[session] = nil;
+ end
+
if session.notopen then
local features = st.stanza("stream:features");
fire_event("stream-features", session, features);
@@ -200,7 +237,33 @@ function on_timer()
end
end
end
+
+ now = now - 3;
+ for session, inactive_since in pairs(inactive_sessions) do
+ if session.bosh_max_inactive then
+ if now - inactive_since > session.bosh_max_inactive then
+ (session.log or log)("debug", "BOSH client inactive too long, destroying session at %d", now);
+ sessions[session.sid] = nil;
+ inactive_sessions[session] = nil;
+ sm_destroy_session(session, "BOSH client silent for over "..session.bosh_max_inactive.." seconds");
+ end
+ else
+ inactive_sessions[session] = nil;
+ end
+ end
+end
+
+local ports = config.get(module.host, "core", "bosh_ports") or { 5280 };
+for _, options in ipairs(ports) do
+ local port, base, ssl, interface = 5280, "http-bind", false, nil;
+ if type(options) == "number" then
+ port = options;
+ elseif type(options) == "table" then
+ port, base, ssl, interface = options.port or 5280, options.path or "http-bind", options.ssl or false, options.interface;
+ elseif type(options) == "string" then
+ base = options;
+ end
+ httpserver.new{ port = port, base = base, handler = handle_request, ssl = ssl }
end
-httpserver.new{ port = 5280, base = "http-bind", handler = handle_request, ssl = false}
server.addtimer(on_timer);
diff --git a/plugins/mod_httpserver.lua b/plugins/mod_httpserver.lua
index 02a9fd78..2bcdab43 100644
--- a/plugins/mod_httpserver.lua
+++ b/plugins/mod_httpserver.lua
@@ -1,4 +1,6 @@
+local httpserver = require "net.httpserver";
+
local open = io.open;
local t_concat = table.concat;
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index 377bf153..44bbf700 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -23,6 +23,7 @@ local st = require "util.stanza";
local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_create_user = require "core.usermanager".create_user;
local datamanager_store = require "util.datamanager".store;
+local os_time = os.time;
module:add_feature("jabber:iq:register");
@@ -93,6 +94,15 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza)
end;
end);
+local recent_ips = {};
+local min_seconds_between_registrations = config.get(module.host, "core", "min_seconds_between_registrations");
+local whitelist_only = config.get(module.host, "core", "whitelist_registration_only");
+local whitelisted_ips = config.get(module.host, "core", "registration_whitelist") or { "127.0.0.1" };
+local blacklisted_ips = config.get(module.host, "core", "registration_blacklist") or {};
+
+for _, ip in ipairs(whitelisted_ips) do whitelisted_ips[ip] = true; end
+for _, ip in ipairs(blacklisted_ips) do blacklisted_ips[ip] = true; end
+
module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, stanza)
if config.get(module.host, "core", "allow_registration") == false then
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
@@ -112,6 +122,26 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s
local username = query:child_with_name("username");
local password = query:child_with_name("password");
if username and password then
+ -- Check that the user is not blacklisted or registering too often
+ if blacklisted_ips[session.ip] or (whitelist_only and not whitelisted_ips[session.ip]) then
+ session.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+ return;
+ elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then
+ if not recent_ips[session.ip] then
+ recent_ips[session.ip] = { time = os_time(), count = 1 };
+ else
+
+ local ip = recent_ips[session.ip];
+ ip.count = ip.count + 1;
+
+ if os_time() - ip.time < min_seconds_between_registrations then
+ ip.time = os_time();
+ session.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+ return;
+ end
+ ip.time = os_time();
+ end
+ end
-- FIXME shouldn't use table.concat
username = table.concat(username);
password = table.concat(password);