aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/adhoc/adhoc.lib.lua14
-rw-r--r--plugins/adhoc/mod_adhoc.lua45
-rw-r--r--plugins/mod_admin_adhoc.lua98
-rw-r--r--plugins/mod_admin_shell.lua590
-rw-r--r--plugins/mod_admin_socket.lua8
-rw-r--r--plugins/mod_admin_telnet.lua4
-rw-r--r--plugins/mod_announce.lua10
-rw-r--r--plugins/mod_auth_anonymous.lua4
-rw-r--r--plugins/mod_auth_insecure.lua10
-rw-r--r--plugins/mod_auth_internal_hashed.lua62
-rw-r--r--plugins/mod_auth_internal_plain.lua27
-rw-r--r--plugins/mod_auth_ldap.lua28
-rw-r--r--plugins/mod_authz_internal.lua331
-rw-r--r--plugins/mod_blocklist.lua20
-rw-r--r--plugins/mod_bookmarks.lua6
-rw-r--r--plugins/mod_bosh.lua20
-rw-r--r--plugins/mod_c2s.lua42
-rw-r--r--plugins/mod_carbons.lua6
-rw-r--r--plugins/mod_component.lua41
-rw-r--r--plugins/mod_cron.lua4
-rw-r--r--plugins/mod_csi.lua20
-rw-r--r--plugins/mod_csi_simple.lua17
-rw-r--r--plugins/mod_debug_reset.lua36
-rw-r--r--plugins/mod_debug_stanzas/watcher.lib.lua220
-rw-r--r--plugins/mod_dialback.lua12
-rw-r--r--plugins/mod_disco.lua21
-rw-r--r--plugins/mod_external_services.lua16
-rw-r--r--plugins/mod_groups.lua4
-rw-r--r--plugins/mod_http.lua21
-rw-r--r--plugins/mod_http_errors.lua8
-rw-r--r--plugins/mod_http_file_share.lua98
-rw-r--r--plugins/mod_http_files.lua6
-rw-r--r--plugins/mod_http_openmetrics.lua4
-rw-r--r--plugins/mod_invites.lua24
-rw-r--r--plugins/mod_invites_adhoc.lua44
-rw-r--r--plugins/mod_invites_register.lua23
-rw-r--r--plugins/mod_iq.lua2
-rw-r--r--plugins/mod_lastactivity.lua8
-rw-r--r--plugins/mod_legacyauth.lua10
-rw-r--r--plugins/mod_limits.lua6
-rw-r--r--plugins/mod_mam/mamprefsxml.lib.lua4
-rw-r--r--plugins/mod_mam/mod_mam.lua46
-rw-r--r--plugins/mod_message.lua8
-rw-r--r--plugins/mod_mimicking.lua8
-rw-r--r--plugins/mod_motd.lua2
-rw-r--r--plugins/mod_muc_mam.lua22
-rw-r--r--plugins/mod_muc_unique.lua4
-rw-r--r--plugins/mod_net_multiplex.lua4
-rw-r--r--plugins/mod_offline.lua4
-rw-r--r--plugins/mod_pep.lua35
-rw-r--r--plugins/mod_pep_simple.lua12
-rw-r--r--plugins/mod_ping.lua2
-rw-r--r--plugins/mod_posix.lua6
-rw-r--r--plugins/mod_presence.lua14
-rw-r--r--plugins/mod_private.lua2
-rw-r--r--plugins/mod_proxy65.lua10
-rw-r--r--plugins/mod_pubsub/mod_pubsub.lua28
-rw-r--r--plugins/mod_pubsub/pubsub.lib.lua40
-rw-r--r--plugins/mod_register_ibr.lua16
-rw-r--r--plugins/mod_register_limits.lua8
-rw-r--r--plugins/mod_roster.lua16
-rw-r--r--plugins/mod_s2s.lua121
-rw-r--r--plugins/mod_s2s_auth_certs.lua18
-rw-r--r--plugins/mod_s2s_bidi.lua6
-rw-r--r--plugins/mod_saslauth.lua60
-rw-r--r--plugins/mod_scansion_record.lua10
-rw-r--r--plugins/mod_server_contact_info.lua23
-rw-r--r--plugins/mod_smacks.lua368
-rw-r--r--plugins/mod_stanza_debug.lua2
-rw-r--r--plugins/mod_storage_internal.lua18
-rw-r--r--plugins/mod_storage_memory.lua12
-rw-r--r--plugins/mod_storage_sql.lua46
-rw-r--r--plugins/mod_storage_xep0227.lua28
-rw-r--r--plugins/mod_time.lua21
-rw-r--r--plugins/mod_tls.lua23
-rw-r--r--plugins/mod_tokenauth.lua298
-rw-r--r--plugins/mod_tombstones.lua10
-rw-r--r--plugins/mod_turn_external.lua2
-rw-r--r--plugins/mod_uptime.lua2
-rw-r--r--plugins/mod_user_account_management.lua10
-rw-r--r--plugins/mod_vcard.lua4
-rw-r--r--plugins/mod_vcard4.lua4
-rw-r--r--plugins/mod_vcard_legacy.lua8
-rw-r--r--plugins/mod_version.lua4
-rw-r--r--plugins/mod_watchregistrations.lua4
-rw-r--r--plugins/mod_websocket.lua24
-rw-r--r--plugins/mod_welcome.lua2
-rw-r--r--plugins/muc/hats.lib.lua2
-rw-r--r--plugins/muc/hidden.lib.lua8
-rw-r--r--plugins/muc/history.lib.lua4
-rw-r--r--plugins/muc/lock.lib.lua2
-rw-r--r--plugins/muc/members_only.lib.lua2
-rw-r--r--plugins/muc/mod_muc.lua62
-rw-r--r--plugins/muc/muc.lib.lua24
-rw-r--r--plugins/muc/occupant.lib.lua2
-rw-r--r--plugins/muc/occupant_id.lib.lua6
-rw-r--r--plugins/muc/password.lib.lua2
-rw-r--r--plugins/muc/persistent.lib.lua11
-rw-r--r--plugins/muc/presence_broadcast.lib.lua2
-rw-r--r--plugins/muc/register.lib.lua10
-rw-r--r--plugins/muc/request.lib.lua6
-rw-r--r--plugins/muc/subject.lib.lua4
102 files changed, 2431 insertions, 1105 deletions
diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua
index 4cf6911d..0ce45e19 100644
--- a/plugins/adhoc/adhoc.lib.lua
+++ b/plugins/adhoc/adhoc.lib.lua
@@ -4,7 +4,7 @@
-- COPYING file in the source package for more information.
--
-local st, uuid = require "util.stanza", require "util.uuid";
+local st, uuid = require "prosody.util.stanza", require "prosody.util.uuid";
local xmlns_cmd = "http://jabber.org/protocol/commands";
@@ -23,10 +23,16 @@ end
function _M.new(name, node, handler, permission)
if not permission then
error "adhoc.new() expects a permission argument, none given"
- end
- if permission == "user" then
+ elseif permission == "user" then
error "the permission mode 'user' has been renamed 'any', please update your code"
end
+ if permission == "admin" then
+ module:default_permission("prosody:admin", "adhoc:"..node);
+ permission = "check";
+ elseif permission == "global_admin" then
+ module:default_permission("prosody:operator", "adhoc:"..node);
+ permission = "check";
+ end
return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = permission };
end
@@ -34,6 +40,8 @@ function _M.handle_cmd(command, origin, stanza)
local cmdtag = stanza.tags[1]
local sessionid = cmdtag.attr.sessionid or uuid.generate();
local dataIn = {
+ origin = origin;
+ stanza = stanza;
to = stanza.attr.to;
from = stanza.attr.from;
action = cmdtag.attr.action or "execute";
diff --git a/plugins/adhoc/mod_adhoc.lua b/plugins/adhoc/mod_adhoc.lua
index 09a72075..4482682d 100644
--- a/plugins/adhoc/mod_adhoc.lua
+++ b/plugins/adhoc/mod_adhoc.lua
@@ -5,28 +5,26 @@
-- COPYING file in the source package for more information.
--
-local it = require "util.iterators";
-local st = require "util.stanza";
-local is_admin = require "core.usermanager".is_admin;
-local jid_host = require "util.jid".host;
+local it = require "prosody.util.iterators";
+local st = require "prosody.util.stanza";
+local jid_host = require "prosody.util.jid".host;
local adhoc_handle_cmd = module:require "adhoc".handle_cmd;
local xmlns_cmd = "http://jabber.org/protocol/commands";
local commands = {};
module:add_feature(xmlns_cmd);
+local function check_permissions(event, node, command)
+ return (command.permission == "check" and module:may("adhoc:"..node, event))
+ or (command.permission == "local_user" and jid_host(event.stanza.attr.from) == module.host)
+ or (command.permission == "any");
+end
+
module:hook("host-disco-info-node", function (event)
local stanza, origin, reply, node = event.stanza, event.origin, event.reply, event.node;
if commands[node] then
- local from = stanza.attr.from;
- local privileged = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
local command = commands[node];
- if (command.permission == "admin" and privileged)
- or (command.permission == "global_admin" and global_admin)
- or (command.permission == "local_user" and hostname == module.host)
- or (command.permission == "any") then
+ if check_permissions(event, node, command) then
reply:tag("identity", { name = command.name,
category = "automation", type = "command-node" }):up();
reply:tag("feature", { var = xmlns_cmd }):up();
@@ -44,20 +42,13 @@ module:hook("host-disco-info-node", function (event)
end);
module:hook("host-disco-items-node", function (event)
- local stanza, reply, disco_node = event.stanza, event.reply, event.node;
+ local reply, disco_node = event.reply, event.node;
if disco_node ~= xmlns_cmd then
return;
end
- local from = stanza.attr.from;
- local admin = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
for node, command in it.sorted_pairs(commands) do
- if (command.permission == "admin" and admin)
- or (command.permission == "global_admin" and global_admin)
- or (command.permission == "local_user" and hostname == module.host)
- or (command.permission == "any") then
+ if check_permissions(event, node, command) then
reply:tag("item", { name = command.name,
node = node, jid = module:get_host() });
reply:up();
@@ -71,20 +62,14 @@ module:hook("iq-set/host/"..xmlns_cmd..":command", function (event)
local node = stanza.tags[1].attr.node
local command = commands[node];
if command then
- local from = stanza.attr.from;
- local admin = is_admin(from, stanza.attr.to);
- local global_admin = is_admin(from);
- local hostname = jid_host(from);
- if (command.permission == "admin" and not admin)
- or (command.permission == "global_admin" and not global_admin)
- or (command.permission == "local_user" and hostname ~= module.host) then
+ if not check_permissions(event, node, command) then
origin.send(st.error_reply(stanza, "auth", "forbidden", "You don't have permission to execute this command"):up()
- :add_child(commands[node]:cmdtag("canceled")
+ :add_child(command:cmdtag("canceled")
:tag("note", {type="error"}):text("You don't have permission to execute this command")));
return true
end
-- User has permission now execute the command
- adhoc_handle_cmd(commands[node], origin, stanza);
+ adhoc_handle_cmd(command, origin, stanza);
return true;
end
end, 500);
diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua
index d0b0d452..ee26b7e5 100644
--- a/plugins/mod_admin_adhoc.lua
+++ b/plugins/mod_admin_adhoc.lua
@@ -14,23 +14,25 @@ local t_sort = table.sort;
local module_host = module:get_host();
-local keys = require "util.iterators".keys;
-local usermanager_user_exists = require "core.usermanager".user_exists;
-local usermanager_create_user = require "core.usermanager".create_user;
-local usermanager_delete_user = require "core.usermanager".delete_user;
-local usermanager_set_password = require "core.usermanager".set_password;
-local hostmanager_activate = require "core.hostmanager".activate;
-local hostmanager_deactivate = require "core.hostmanager".deactivate;
-local rm_load_roster = require "core.rostermanager".load_roster;
-local st, jid = require "util.stanza", require "util.jid";
-local timer_add_task = require "util.timer".add_task;
-local dataforms_new = require "util.dataforms".new;
-local array = require "util.array";
-local modulemanager = require "core.modulemanager";
+local keys = require "prosody.util.iterators".keys;
+local usermanager_user_exists = require "prosody.core.usermanager".user_exists;
+local usermanager_create_user = require "prosody.core.usermanager".create_user;
+local usermanager_delete_user = require "prosody.core.usermanager".delete_user;
+local usermanager_disable_user = require "prosody.core.usermanager".disable_user;
+local usermanager_enable_user = require "prosody.core.usermanager".enable_user;
+local usermanager_set_password = require "prosody.core.usermanager".set_password;
+local hostmanager_activate = require "prosody.core.hostmanager".activate;
+local hostmanager_deactivate = require "prosody.core.hostmanager".deactivate;
+local rm_load_roster = require "prosody.core.rostermanager".load_roster;
+local st, jid = require "prosody.util.stanza", require "prosody.util.jid";
+local timer_add_task = require "prosody.util.timer".add_task;
+local dataforms_new = require "prosody.util.dataforms".new;
+local array = require "prosody.util.array";
+local modulemanager = require "prosody.core.modulemanager";
local core_post_stanza = prosody.core_post_stanza;
-local adhoc_simple = require "util.adhoc".new_simple_form;
-local adhoc_initial = require "util.adhoc".new_initial_data_form;
-local set = require"util.set";
+local adhoc_simple = require "prosody.util.adhoc".new_simple_form;
+local adhoc_initial = require "prosody.util.adhoc".new_initial_data_form;
+local set = require"prosody.util.set";
module:depends("adhoc");
local adhoc_new = module:require "adhoc".new;
@@ -152,6 +154,66 @@ local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fi
"The following accounts could not be deleted:\n"..t_concat(failed, "\n") or "") };
end);
+local disable_user_layout = dataforms_new{
+ title = "Disabling a User";
+ instructions = "Fill out this form to disable a user.";
+
+ { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" };
+ { name = "accountjids", type = "jid-multi", required = true, label = "The Jabber ID(s) to disable" };
+};
+
+local disable_user_command_handler = adhoc_simple(disable_user_layout, function(fields, err, data)
+ if err then
+ return generate_error_message(err);
+ end
+ local failed = {};
+ local succeeded = {};
+ for _, aJID in ipairs(fields.accountjids) do
+ local username, host = jid.split(aJID);
+ if (host == module_host) and usermanager_user_exists(username, host) and usermanager_disable_user(username, host) then
+ module:log("info", "User %s has been disabled by %s", aJID, jid.bare(data.from));
+ succeeded[#succeeded+1] = aJID;
+ else
+ module:log("debug", "Tried to disable non-existent user %s", aJID);
+ failed[#failed+1] = aJID;
+ end
+ end
+ return {status = "completed", info = (#succeeded ~= 0 and
+ "The following accounts were successfully disabled:\n"..t_concat(succeeded, "\n").."\n" or "")..
+ (#failed ~= 0 and
+ "The following accounts could not be disabled:\n"..t_concat(failed, "\n") or "") };
+end);
+
+local enable_user_layout = dataforms_new{
+ title = "Re-Enable a User";
+ instructions = "Fill out this form to enable a user.";
+
+ { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/admin" };
+ { name = "accountjids", type = "jid-multi", required = true, label = "The Jabber ID(s) to re-enable" };
+};
+
+local enable_user_command_handler = adhoc_simple(enable_user_layout, function(fields, err, data)
+ if err then
+ return generate_error_message(err);
+ end
+ local failed = {};
+ local succeeded = {};
+ for _, aJID in ipairs(fields.accountjids) do
+ local username, host = jid.split(aJID);
+ if (host == module_host) and usermanager_user_exists(username, host) and usermanager_enable_user(username, host) then
+ module:log("info", "User %s has been enabled by %s", aJID, jid.bare(data.from));
+ succeeded[#succeeded+1] = aJID;
+ else
+ module:log("debug", "Tried to enable non-existent user %s", aJID);
+ failed[#failed+1] = aJID;
+ end
+ end
+ return {status = "completed", info = (#succeeded ~= 0 and
+ "The following accounts were successfully enabled:\n"..t_concat(succeeded, "\n").."\n" or "")..
+ (#failed ~= 0 and
+ "The following accounts could not be enabled:\n"..t_concat(failed, "\n") or "") };
+end);
+
-- Ending a user's session
local function disconnect_user(match_jid)
local node, hostname, givenResource = jid.split(match_jid);
@@ -804,6 +866,8 @@ local add_user_desc = adhoc_new("Add User", "http://jabber.org/protocol/admin#ad
local change_user_password_desc = adhoc_new("Change User Password", "http://jabber.org/protocol/admin#change-user-password", change_user_password_command_handler, "admin");
local config_reload_desc = adhoc_new("Reload configuration", "http://prosody.im/protocol/config#reload", config_reload_handler, "global_admin");
local delete_user_desc = adhoc_new("Delete User", "http://jabber.org/protocol/admin#delete-user", delete_user_command_handler, "admin");
+local disable_user_desc = adhoc_new("Disable User", "http://jabber.org/protocol/admin#disable-user", disable_user_command_handler, "admin");
+local enable_user_desc = adhoc_new("Re-Enable User", "http://jabber.org/protocol/admin#reenable-user", enable_user_command_handler, "admin");
local end_user_session_desc = adhoc_new("End User Session", "http://jabber.org/protocol/admin#end-user-session", end_user_session_handler, "admin");
local get_user_roster_desc = adhoc_new("Get User Roster","http://jabber.org/protocol/admin#get-user-roster", get_user_roster_handler, "admin");
local get_user_stats_desc = adhoc_new("Get User Statistics","http://jabber.org/protocol/admin#user-stats", get_user_stats_handler, "admin");
@@ -824,6 +888,8 @@ module:provides("adhoc", add_user_desc);
module:provides("adhoc", change_user_password_desc);
module:provides("adhoc", config_reload_desc);
module:provides("adhoc", delete_user_desc);
+module:provides("adhoc", disable_user_desc);
+module:provides("adhoc", enable_user_desc);
module:provides("adhoc", end_user_session_desc);
module:provides("adhoc", get_user_roster_desc);
module:provides("adhoc", get_user_stats_desc);
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua
index ee68a64b..91104cd6 100644
--- a/plugins/mod_admin_shell.lua
+++ b/plugins/mod_admin_shell.lua
@@ -10,38 +10,39 @@
module:set_global();
module:depends("admin_socket");
-local hostmanager = require "core.hostmanager";
-local modulemanager = require "core.modulemanager";
-local s2smanager = require "core.s2smanager";
-local portmanager = require "core.portmanager";
-local helpers = require "util.helpers";
-local server = require "net.server";
-local st = require "util.stanza";
+local hostmanager = require "prosody.core.hostmanager";
+local modulemanager = require "prosody.core.modulemanager";
+local s2smanager = require "prosody.core.s2smanager";
+local portmanager = require "prosody.core.portmanager";
+local helpers = require "prosody.util.helpers";
+local server = require "prosody.net.server";
+local st = require "prosody.util.stanza";
local _G = _G;
local prosody = _G.prosody;
-local unpack = table.unpack or unpack; -- luacheck: ignore 113
-local iterators = require "util.iterators";
+local unpack = table.unpack;
+local iterators = require "prosody.util.iterators";
local keys, values = iterators.keys, iterators.values;
-local jid_bare, jid_split, jid_join = import("util.jid", "bare", "prepped_split", "join");
-local set, array = require "util.set", require "util.array";
-local cert_verify_identity = require "util.x509".verify_identity;
-local envload = require "util.envload".envload;
-local envloadfile = require "util.envload".envloadfile;
-local has_pposix, pposix = pcall(require, "util.pposix");
-local async = require "util.async";
-local serialization = require "util.serialization";
+local jid_bare, jid_split, jid_join, jid_resource, jid_compare = import("prosody.util.jid", "bare", "prepped_split", "join", "resource", "compare");
+local set, array = require "prosody.util.set", require "prosody.util.array";
+local cert_verify_identity = require "prosody.util.x509".verify_identity;
+local envload = require "prosody.util.envload".envload;
+local envloadfile = require "prosody.util.envload".envloadfile;
+local has_pposix, pposix = pcall(require, "prosody.util.pposix");
+local async = require "prosody.util.async";
+local serialization = require "prosody.util.serialization";
local serialize_config = serialization.new ({ fatal = false, unquoted = true});
-local time = require "util.time";
-local promise = require "util.promise";
+local time = require "prosody.util.time";
+local promise = require "prosody.util.promise";
+local logger = require "prosody.util.logger";
local t_insert = table.insert;
local t_concat = table.concat;
-local format_number = require "util.human.units".format;
-local format_table = require "util.human.io".table;
+local format_number = require "prosody.util.human.units".format;
+local format_table = require "prosody.util.human.io".table;
local function capitalize(s)
if not s then return end
@@ -83,8 +84,8 @@ function runner_callbacks:error(err)
self.data.print("Error: "..tostring(err));
end
-local function send_repl_output(session, line)
- return session.send(st.stanza("repl-output"):text(tostring(line)));
+local function send_repl_output(session, line, attr)
+ return session.send(st.stanza("repl-output", attr):text(tostring(line)));
end
function console:new_session(admin_session)
@@ -99,8 +100,14 @@ function console:new_session(admin_session)
end
return send_repl_output(admin_session, table.concat(t, "\t"));
end;
+ write = function (t)
+ return send_repl_output(admin_session, t, { eol = "0" });
+ end;
serialize = tostring;
disconnect = function () admin_session:close(); end;
+ is_connected = function ()
+ return not not admin_session.conn;
+ end
};
session.env = setmetatable({}, default_env_mt);
@@ -126,6 +133,11 @@ local function handle_line(event)
session = console:new_session(event.origin);
event.origin.shell_session = session;
end
+
+ local default_width = 132; -- The common default of 80 is a bit too narrow for e.g. s2s:show(), 132 was another common width for hardware terminals
+ local margin = 2; -- To account for '| ' when lines are printed
+ session.width = (tonumber(event.stanza.attr.width) or default_width)-margin;
+
local line = event.stanza:get_text();
local useglobalenv;
@@ -213,7 +225,7 @@ function commands.help(session, data)
print [[Commands are divided into multiple sections. For help on a particular section, ]]
print [[type: help SECTION (for example, 'help c2s'). Sections are: ]]
print [[]]
- local row = format_table({ { title = "Section"; width = 7 }; { title = "Description"; width = "100%" } })
+ local row = format_table({ { title = "Section", width = 7 }, { title = "Description", width = "100%" } }, session.width)
print(row())
print(row { "c2s"; "Commands to manage local client-to-server sessions" })
print(row { "s2s"; "Commands to manage sessions between this server and others" })
@@ -229,6 +241,7 @@ function commands.help(session, data)
print(row { "dns"; "Commands to manage and inspect the internal DNS resolver" })
print(row { "xmpp"; "Commands for sending XMPP stanzas" })
print(row { "debug"; "Commands for debugging the server" })
+ print(row { "watch"; "Commands for watching live logs from the server" })
print(row { "config"; "Reloading the configuration, etc." })
print(row { "columns"; "Information about customizing session listings" })
print(row { "console"; "Help regarding the console itself" })
@@ -256,28 +269,31 @@ function commands.help(session, data)
print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]]
print [[host:list() - List the currently-activated hosts]]
elseif section == "user" then
- print [[user:create(jid, password, roles) - Create the specified user account]]
+ print [[user:create(jid, password, role) - Create the specified user account]]
print [[user:password(jid, password) - Set the password for the specified user account]]
print [[user:roles(jid, host) - Show current roles for an user]]
- print [[user:setroles(jid, host, roles) - Set roles for an user (see 'help roles')]]
+ print [[user:setrole(jid, host, role) - Set primary role of a user (see 'help roles')]]
+ print [[user:addrole(jid, host, role) - Add a secondary role to a user]]
+ print [[user:delrole(jid, host, role) - Remove a secondary role from a user]]
+ print [[user:disable(jid) - Disable the specified user account, preventing login]]
+ print [[user:enable(jid) - Enable the specified user account, restoring login access]]
print [[user:delete(jid) - Permanently remove the specified user account]]
print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]]
elseif section == "roles" then
print [[Roles may grant access or restrict users from certain operations]]
print [[Built-in roles are:]]
- print [[ prosody:admin - Administrator]]
- print [[ (empty set) - Normal user]]
+ print [[ prosody:user - Normal user (default)]]
+ print [[ prosody:admin - Host administrator]]
+ print [[ prosody:operator - Server administrator]]
print [[]]
- print [[The canonical role format looks like: { ["example:role"] = true }]]
- print [[For convenience, the following formats are also accepted:]]
- print [["admin" - short for "prosody:admin", the normal admin status (like the admins config option)]]
- print [["example:role" - short for {["example:role"]=true}]]
- print [[{"example:role"} - short for {["example:role"]=true}]]
+ print [[Roles can be assigned using the user management commands (see 'help user').]]
elseif section == "muc" then
-- TODO `muc:room():foo()` commands
print [[muc:create(roomjid, { config }) - Create the specified MUC room with the given config]]
print [[muc:list(host) - List rooms on the specified MUC component]]
print [[muc:room(roomjid) - Reference the specified MUC room to access MUC API methods]]
+ print [[muc:occupants(roomjid, filter) - List room occupants, optionally filtered on substring or role]]
+ print [[muc:affiliations(roomjid, filter) - List affiliated members of the room, optionally filtered on substring or affiliation]]
elseif section == "server" then
print [[server:version() - Show the server's version number]]
print [[server:uptime() - Show how long the server has been running]]
@@ -297,6 +313,7 @@ function commands.help(session, data)
elseif section == "config" then
print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]]
print [[config:get([host,] option) - Show the value of a config option.]]
+ print [[config:set([host,] option, value) - Update the value of a config option without writing to the config file.]]
elseif section == "stats" then -- luacheck: ignore 542
print [[stats:show(pattern) - Show internal statistics, optionally filtering by name with a pattern]]
print [[stats:show():cfgraph() - Show a cumulative frequency graph]]
@@ -305,6 +322,9 @@ function commands.help(session, data)
print [[debug:logevents(host) - Enable logging of fired events on host]]
print [[debug:events(host, event) - Show registered event handlers]]
print [[debug:timers() - Show information about scheduled timers]]
+ elseif section == "watch" then
+ print [[watch:log() - Follow debug logs]]
+ print [[watch:stanzas(target, filter) - Watch live stanzas matching the specified target and filter]]
elseif section == "console" then
print [[Hey! Welcome to Prosody's admin console.]]
print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]]
@@ -335,7 +355,7 @@ function commands.help(session, data)
meta_columns[2].width = math.max(meta_columns[2].width or 0, #(spec.title or ""));
meta_columns[3].width = math.max(meta_columns[3].width or 0, #(spec.description or ""));
end
- local row = format_table(meta_columns, 120)
+ local row = format_table(meta_columns, session.width)
print(row());
for column, spec in iterators.sorted_pairs(available_columns) do
print(row({ column, spec.title, spec.description }));
@@ -481,6 +501,16 @@ function def_env.module:info(name, hosts)
local function item_name(item) return item.name; end
+ local function task_timefmt(t)
+ if not t then
+ return "no last run time"
+ elseif os.difftime(os.time(), t) < 86400 then
+ return os.date("last run today at %H:%M", t);
+ else
+ return os.date("last run %A at %H:%M", t);
+ end
+ end
+
local friendly_descriptions = {
["adhoc-provider"] = "Ad-hoc commands",
["auth-provider"] = "Authentication provider",
@@ -498,12 +528,22 @@ function def_env.module:info(name, hosts)
["auth-provider"] = item_name,
["storage-provider"] = item_name,
["http-provider"] = function(item, mod) return mod:http_url(item.name, item.default_path); end,
- ["net-provider"] = item_name,
+ ["net-provider"] = function(item)
+ local service_name = item.name;
+ local ports_list = {};
+ for _, interface, port in portmanager.get_active_services():iter(service_name, nil, nil) do
+ table.insert(ports_list, "["..interface.."]:"..port);
+ end
+ if not ports_list[1] then
+ return service_name..": not listening on any ports";
+ end
+ return service_name..": "..table.concat(ports_list, ", ");
+ end,
["measure"] = function(item) return item.name .. " (" .. suf(item.conf and item.conf.unit, " ") .. item.type .. ")"; end,
["metric"] = function(item)
return ("%s (%s%s)%s"):format(item.name, suf(item.mf.unit, " "), item.mf.type_, pre(": ", item.mf.description));
end,
- ["task"] = function (item) return string.format("%s (%s)", item.name or item.id, item.when); end
+ ["task"] = function (item) return string.format("%s (%s, %s)", item.name or item.id, item.when, task_timefmt(item.last)); end
};
for host in hosts do
@@ -533,21 +573,34 @@ function def_env.module:info(name, hosts)
if mod.module.dependencies and next(mod.module.dependencies) ~= nil then
print(" dependencies:");
for dep in pairs(mod.module.dependencies) do
- print(" - mod_" .. dep);
+ -- Dependencies are per module instance, not per host, so dependencies
+ -- of/on global modules may list modules not actually loaded on the
+ -- current host.
+ if modulemanager.is_loaded(host, dep) then
+ print(" - mod_" .. dep);
+ end
+ end
+ end
+ if mod.module.reverse_dependencies and next(mod.module.reverse_dependencies) ~= nil then
+ print(" reverse dependencies:");
+ for dep in pairs(mod.module.reverse_dependencies) do
+ if modulemanager.is_loaded(host, dep) then
+ print(" - mod_" .. dep);
+ end
end
end
end
return true;
end
-function def_env.module:load(name, hosts, config)
+function def_env.module:load(name, hosts)
hosts = get_hosts_with_module(hosts);
-- Load the module for each host
local ok, err, count, mod = true, nil, 0;
for host in hosts do
if (not modulemanager.is_loaded(host, name)) then
- mod, err = modulemanager.load(host, name, config);
+ mod, err = modulemanager.load(host, name);
if not mod then
ok = false;
if err == "global-module-already-loaded" then
@@ -644,7 +697,7 @@ end
def_env.config = {};
function def_env.config:load(filename, format)
- local config_load = require "core.configmanager".load;
+ local config_load = require "prosody.core.configmanager".load;
local ok, err = config_load(filename, format);
if not ok then
return false, err or "Unknown error loading config";
@@ -656,10 +709,17 @@ function def_env.config:get(host, key)
if key == nil then
host, key = "*", host;
end
- local config_get = require "core.configmanager".get
+ local config_get = require "prosody.core.configmanager".get
return true, serialize_config(config_get(host, key));
end
+function def_env.config:set(host, key, value)
+ if host ~= "*" and not prosody.hosts[host] then
+ host, key, value = "*", host, key;
+ end
+ return require "prosody.core.configmanager".set(host, key, value);
+end
+
function def_env.config:reload()
local ok, err = prosody.reload_config();
return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err);
@@ -719,7 +779,7 @@ available_columns = {
jid = {
title = "JID";
description = "Full JID of user session";
- width = 32;
+ width = "3p";
key = "full_jid";
mapper = function(full_jid, session) return full_jid or get_jid(session) end;
};
@@ -727,7 +787,7 @@ available_columns = {
title = "Host";
description = "Local hostname";
key = "host";
- width = 22;
+ width = "1p";
mapper = function(host, session)
return host or get_s2s_hosts(session) or "?";
end;
@@ -735,7 +795,7 @@ available_columns = {
remote = {
title = "Remote";
description = "Remote hostname";
- width = 22;
+ width = "1p";
mapper = function(_, session)
return select(2, get_s2s_hosts(session));
end;
@@ -743,7 +803,7 @@ available_columns = {
port = {
title = "Port";
description = "Server port used";
- width = 5;
+ width = #string.format("%d", 0xffff); -- max 16 bit unsigned integer
align = "right";
key = "conn";
mapper = function(conn)
@@ -755,7 +815,7 @@ available_columns = {
dir = {
title = "Dir";
description = "Direction of server-to-server connection";
- width = 3;
+ width = #"<->";
key = "direction";
mapper = function(dir, session)
if session.incoming and session.outgoing then return "<->"; end
@@ -763,12 +823,23 @@ available_columns = {
if dir == "incoming" then return "<--"; end
end;
};
- id = { title = "Session ID"; description = "Internal session ID used in logging"; width = 20; key = "id" };
- type = { title = "Type"; description = "Session type"; width = #"c2s_unauthed"; key = "type" };
+ id = {
+ title = "Session ID";
+ description = "Internal session ID used in logging";
+ -- Depends on log16(?) of pointers which may vary over runtime, so + some margin
+ width = math.max(#"c2s", #"s2sin", #"s2sout") + #(tostring({}):match("%x+$")) + 2;
+ key = "id";
+ };
+ type = {
+ title = "Type";
+ description = "Session type";
+ width = math.max(#"c2s_unauthed", #"s2sout_unauthed");
+ key = "type";
+ };
method = {
title = "Method";
description = "Connection method";
- width = 10;
+ width = math.max(#"BOSH", #"WebSocket", #"TCP");
mapper = function(_, session)
if session.bosh_version then
return "BOSH";
@@ -782,15 +853,20 @@ available_columns = {
ipv = {
title = "IPv";
description = "Internet Protocol version (4 or 6)";
- width = 4;
+ width = #"IPvX";
key = "ip";
mapper = function(ip) if ip then return ip:find(":") and "IPv6" or "IPv4"; end end;
};
- ip = { title = "IP address"; description = "IP address the session connected from"; width = 40; key = "ip" };
+ ip = {
+ title = "IP address";
+ description = "IP address the session connected from";
+ width = module:get_option_boolean("use_ipv6", true) and #"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" or #"198.051.100.255";
+ key = "ip";
+ };
status = {
title = "Status";
description = "Presence status";
- width = 6;
+ width = math.max(#"online", #"chat");
key = "presence";
mapper = function(p)
if not p then return ""; end
@@ -801,24 +877,22 @@ available_columns = {
title = "Security";
description = "TLS version or security status";
key = "conn";
- width = 8;
+ width = math.max(#"secure", #"TLSvX.Y");
mapper = function(conn, session)
if not session.secure then return "insecure"; end
if not conn or not conn:ssl() then return "secure" end
- local sock = conn and conn:socket();
- if not sock then return "secure"; end
- local tls_info = sock.info and sock:info();
+ local tls_info = conn.ssl_info and conn:ssl_info();
return tls_info and tls_info.protocol or "secure";
end;
};
encryption = {
title = "Encryption";
description = "Encryption algorithm used (TLS cipher suite)";
- width = 30;
+ -- openssl ciphers 'ALL:COMPLEMENTOFALL' | tr : \\n | awk 'BEGIN {n=1} length() > n {n=length()} END {print(n)}'
+ width = #"ECDHE-ECDSA-CHACHA20-POLY1305";
key = "conn";
mapper = function(conn)
- local sock = conn and conn:socket();
- local info = sock and sock.info and sock:info();
+ local info = conn and conn.ssl_info and conn:ssl_info();
if info then return info.cipher end
end;
};
@@ -826,7 +900,7 @@ available_columns = {
title = "Certificate";
description = "Validation status of certificate";
key = "cert_identity_status";
- width = 11;
+ width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown");
mapper = function(cert_status, session)
if cert_status then return capitalize(cert_status); end
if session.cert_chain_status == "invalid" then
@@ -846,7 +920,7 @@ available_columns = {
sni = {
title = "SNI";
description = "Hostname requested in TLS";
- width = 22;
+ width = "1p"; -- same as host, remote etc
mapper = function(_, session)
if not session.conn then return end
local sock = session.conn:socket();
@@ -856,7 +930,7 @@ available_columns = {
alpn = {
title = "ALPN";
description = "Protocol requested in TLS";
- width = 11;
+ width = math.max(#"http/1.1", #"xmpp-client", #"xmpp-server");
mapper = function(_, session)
if not session.conn then return end
local sock = session.conn:socket();
@@ -867,7 +941,8 @@ available_columns = {
title = "SM";
description = "Stream Management (XEP-0198) status";
key = "smacks";
- width = 11;
+ -- FIXME shorter synonym for hibernating
+ width = math.max(#"yes", #"no", #"hibernating");
mapper = function(smacks_xmlns, session)
if not smacks_xmlns then return "no"; end
if session.hibernating then return "hibernating"; end
@@ -901,7 +976,7 @@ available_columns = {
title = "Dialback";
description = "Legacy server verification";
key = "dialback_key";
- width = 13;
+ width = math.max(#"Not used", #"Not initiated", #"Initiated", #"Completed");
mapper = function (dialback_key, session)
if not dialback_key then
if session.type == "s2sin" or session.type == "s2sout" then
@@ -915,6 +990,16 @@ available_columns = {
end
end
};
+ role = {
+ title = "Role";
+ description = "Session role with 'prosody:' prefix removed";
+ width = #"admin";
+ key = "role";
+ mapper = function(role)
+ local name = role and role.name;
+ return name and name:match"^prosody:(%w+)" or name;
+ end;
+ }
};
local function get_colspec(colspec, default)
@@ -922,7 +1007,7 @@ local function get_colspec(colspec, default)
local columns = {};
for i, col in pairs(colspec or default) do
if type(col) == "string" then
- columns[i] = available_columns[col] or { title = capitalize(col); width = 20; key = col };
+ columns[i] = available_columns[col] or { title = capitalize(col); width = "1p"; key = col };
elseif type(col) ~= "table" then
return false, ("argument %d: expected string|table but got %s"):format(i, type(col));
else
@@ -935,12 +1020,12 @@ end
function def_env.c2s:show(match_jid, colspec)
local print = self.session.print;
- local columns = get_colspec(colspec, { "id"; "jid"; "ipv"; "status"; "secure"; "smacks"; "csi" });
- local row = format_table(columns, 120);
+ local columns = get_colspec(colspec, { "id"; "jid"; "role"; "ipv"; "status"; "secure"; "smacks"; "csi" });
+ local row = format_table(columns, self.session.width);
local function match(session)
local jid = get_jid(session)
- return (not match_jid) or jid == match_jid;
+ return (not match_jid) or match_jid == "*" or jid_compare(jid, match_jid);
end
local group_by_host = true;
@@ -1016,14 +1101,30 @@ local function _sort_s2s(a, b)
return _sort_hosts(a_local or "", b_local or "");
end
+local function match_wildcard(match_jid, jid)
+ -- host == host or (host) == *.(host) or sub(.host) == *(.host)
+ return jid == match_jid or jid == match_jid:sub(3) or jid:sub(-#match_jid + 1) == match_jid:sub(2);
+end
+
+local function match_s2s_jid(session, match_jid)
+ local host, remote = get_s2s_hosts(session);
+ if not match_jid or match_jid == "*" then
+ return true;
+ elseif host == match_jid or remote == match_jid then
+ return true;
+ elseif match_jid:sub(1, 2) == "*." then
+ return match_wildcard(match_jid, host) or match_wildcard(match_jid, remote);
+ end
+ return false;
+end
+
function def_env.s2s:show(match_jid, colspec)
local print = self.session.print;
local columns = get_colspec(colspec, { "id"; "host"; "dir"; "remote"; "ipv"; "secure"; "s2s_sasl"; "dialback" });
- local row = format_table(columns, 132);
+ local row = format_table(columns, self.session.width);
local function match(session)
- local host, remote = get_s2s_hosts(session);
- return not match_jid or host == match_jid or remote == match_jid;
+ return match_s2s_jid(session, match_jid);
end
local group_by_host = true;
@@ -1090,7 +1191,7 @@ function def_env.s2s:showcert(domain)
local print = self.session.print;
local s2s_sessions = module:shared"/*/s2s/sessions";
local domain_sessions = set.new(array.collect(values(s2s_sessions)))
- /function(session) return (session.to_host == domain or session.from_host == domain) and session or nil; end;
+ /function(session) return match_s2s_jid(session, domain) and session or nil; end;
local cert_set = {};
for session in domain_sessions do
local conn = session.conn;
@@ -1193,12 +1294,11 @@ function def_env.s2s:close(from, to, text, condition)
end
for _, session in pairs(s2s_sessions) do
- local id = session.id or (session.type..tostring(session):match("[a-f0-9]+$"));
- if (match_id and match_id == id)
- or (session.from_host == from and session.to_host == to) then
+ local id = session.id or (session.type .. tostring(session):match("[a-f0-9]+$"));
+ if (match_id and match_id == id) or ((from and match_wildcard(from, session.to_host)) or (to and match_wildcard(to, session.to_host))) then
print(("Closing connection from %s to %s [%s]"):format(session.from_host, session.to_host, id));
(session.close or s2smanager.destroy_session)(session, build_reason(text, condition));
- count = count + 1 ;
+ count = count + 1;
end
end
return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s");
@@ -1208,7 +1308,7 @@ function def_env.s2s:closeall(host, text, condition)
local count = 0;
local s2s_sessions = module:shared"/*/s2s/sessions";
for _,session in pairs(s2s_sessions) do
- if not host or session.from_host == host or session.to_host == host then
+ if not host or host == "*" or match_s2s_jid(session, host) then
session:close(build_reason(text, condition));
count = count + 1;
end
@@ -1229,18 +1329,18 @@ end
function def_env.host:list()
local print = self.session.print;
local i = 0;
- local type;
+ local host_type;
for host, host_session in iterators.sorted_pairs(prosody.hosts, _sort_hosts) do
i = i + 1;
- type = host_session.type;
- if type == "local" then
+ host_type = host_session.type;
+ if host_type == "local" then
print(host);
else
- type = module:context(host):get_option_string("component_module", type);
- if type ~= "component" then
- type = type .. " component";
+ host_type = module:context(host):get_option_string("component_module", host_type);
+ if host_type ~= "component" then
+ host_type = host_type .. " component";
end
- print(("%s (%s)"):format(host, type));
+ print(("%s (%s)"):format(host, host_type));
end
end
return true, i.." hosts";
@@ -1307,6 +1407,20 @@ local function check_muc(jid)
return room_name, host;
end
+local function get_muc(room_jid)
+ local room_name, host = check_muc(room_jid);
+ if not room_name then
+ return room_name, host;
+ end
+ local room_obj = prosody.hosts[host].modules.muc.get_room_from_jid(room_jid);
+ if not room_obj then
+ return nil, "No such room: "..room_jid;
+ end
+ return room_obj;
+end
+
+local muc_util = module:require"muc/util";
+
function def_env.muc:create(room_jid, config)
local room_name, host = check_muc(room_jid);
if not room_name then
@@ -1319,13 +1433,9 @@ function def_env.muc:create(room_jid, config)
end
function def_env.muc:room(room_jid)
- local room_name, host = check_muc(room_jid);
- if not room_name then
- return room_name, host;
- end
- local room_obj = prosody.hosts[host].modules.muc.get_room_from_jid(room_jid);
+ local room_obj, err = get_muc(room_jid);
if not room_obj then
- return nil, "No such room: "..room_jid;
+ return room_obj, err;
end
return setmetatable({ room = room_obj }, console_room_mt);
end
@@ -1344,33 +1454,170 @@ function def_env.muc:list(host)
return true, c.." rooms";
end
-local um = require"core.usermanager";
+function def_env.muc:occupants(room_jid, filter)
+ local room_obj, err = get_muc(room_jid);
+ if not room_obj then
+ return room_obj, err;
+ end
-local function coerce_roles(roles)
- if roles == "admin" then roles = "prosody:admin"; end
- if type(roles) == "string" then roles = { [roles] = true }; end
- if roles[1] then for i, role in ipairs(roles) do roles[role], roles[i] = true, nil; end end
- return roles;
+ local print = self.session.print;
+ local row = format_table({
+ { title = "Role"; width = 12; key = "role" }; -- longest role name
+ { title = "JID"; width = "75%"; key = "bare_jid" };
+ { title = "Nickname"; width = "25%"; key = "nick"; mapper = jid_resource };
+ }, self.session.width);
+ local occupants = array.collect(iterators.select(2, room_obj:each_occupant()));
+ local total = #occupants;
+ if filter then
+ occupants:filter(function(occupant)
+ return occupant.role == filter or jid_resource(occupant.nick):find(filter, 1, true);
+ end);
+ end
+ local displayed = #occupants;
+ occupants:sort(function(a, b)
+ if a.role ~= b.role then
+ return muc_util.valid_roles[a.role] > muc_util.valid_roles[b.role];
+ else
+ return a.bare_jid < b.bare_jid;
+ end
+ end);
+
+ if displayed == 0 then
+ return true, ("%d out of %d occupant%s listed"):format(displayed, total, total ~= 1 and "s" or "")
+ end
+
+ print(row());
+ for _, occupant in ipairs(occupants) do
+ print(row(occupant));
+ end
+
+ if total == displayed then
+ return true, ("%d occupant%s listed"):format(total, total ~= 1 and "s" or "")
+ else
+ return true, ("%d out of %d occupant%s listed"):format(displayed, total, total ~= 1 and "s" or "")
+ end
+end
+
+function def_env.muc:affiliations(room_jid, filter)
+ local room_obj, err = get_muc(room_jid);
+ if not room_obj then
+ return room_obj, err;
+ end
+
+ local print = self.session.print;
+ local row = format_table({
+ { title = "Affiliation"; width = 12 }; -- longest affiliation name
+ { title = "JID"; width = "75%" };
+ { title = "Nickname"; width = "25%"; key = "reserved_nickname" };
+ }, self.session.width);
+ local affiliated = array();
+ for affiliated_jid, affiliation, affiliation_data in room_obj:each_affiliation() do
+ affiliated:push(setmetatable({ affiliation; affiliated_jid }, { __index = affiliation_data }));
+ end
+
+ local total = #affiliated;
+ if filter then
+ affiliated:filter(function(affiliation)
+ return filter == affiliation[1] or affiliation[2]:find(filter, 1, true);
+ end);
+ end
+ local displayed = #affiliated;
+ local aff_ranking = muc_util.valid_affiliations;
+ affiliated:sort(function(a, b)
+ if a[1] ~= b[1] then
+ return aff_ranking[a[1]] > aff_ranking[b[1]];
+ else
+ return a[2] < b[2];
+ end
+ end);
+
+ if displayed == 0 then
+ return true, ("%d out of %d affiliations%s listed"):format(displayed, total, total ~= 1 and "s" or "")
+ end
+
+ print(row());
+ for _, affiliation in ipairs(affiliated) do
+ print(row(affiliation));
+ end
+
+
+ if total == displayed then
+ return true, ("%d affiliation%s listed"):format(total, total ~= 1 and "s" or "")
+ else
+ return true, ("%d out of %d affiliation%s listed"):format(displayed, total, total ~= 1 and "s" or "")
+ end
end
+local um = require"prosody.core.usermanager";
+
def_env.user = {};
-function def_env.user:create(jid, password, roles)
+function def_env.user:create(jid, password, role)
local username, host = jid_split(jid);
if not prosody.hosts[host] then
return nil, "No such host: "..host;
elseif um.user_exists(username, host) then
return nil, "User exists";
end
- local ok, err = um.create_user(username, password, host);
- if ok then
- if ok and roles then
- roles = coerce_roles(roles);
- local roles_ok, rerr = um.set_roles(jid, host, roles);
- if not roles_ok then return nil, "User created, but could not set roles: " .. tostring(rerr); end
+
+ if role then
+ local ok, err = um.create_user(username, nil, host);
+ if not ok then
+ return nil, "Could not create user: "..err;
+ end
+
+ local role_ok, rerr = um.set_user_role(jid, host, role);
+ if not role_ok then
+ return nil, "Could not set role: " .. tostring(rerr);
+ end
+
+ if password then
+ local ok, err = um.set_password(username, password, host, nil);
+ if not ok then
+ return nil, "Could not set password for user: "..err;
+ end
+
+ local ok, err = um.enable_user(username, host);
+ if not ok and err ~= "method not implemented" then
+ return nil, "Could not enable user: "..err;
+ end
end
- return true, "User created";
else
- return nil, "Could not create user: "..err;
+ local ok, err = um.create_user(username, password, host);
+ if not ok then
+ return nil, "Could not create user: "..err;
+ end
+ end
+
+ return true, "User created";
+end
+
+function def_env.user:disable(jid)
+ local username, host = jid_split(jid);
+ if not prosody.hosts[host] then
+ return nil, "No such host: "..host;
+ elseif not um.user_exists(username, host) then
+ return nil, "No such user";
+ end
+ local ok, err = um.disable_user(username, host);
+ if ok then
+ return true, "User disabled";
+ else
+ return nil, "Could not disable user: "..err;
+ end
+end
+
+function def_env.user:enable(jid)
+ local username, host = jid_split(jid);
+ if not prosody.hosts[host] then
+ return nil, "No such host: "..host;
+ elseif not um.user_exists(username, host) then
+ return nil, "No such user";
+ end
+ local ok, err = um.enable_user(username, host);
+ if ok then
+ return true, "User enabled";
+ else
+ return nil, "Could not enable user: "..err;
end
end
@@ -1404,41 +1651,64 @@ function def_env.user:password(jid, password)
end
end
-function def_env.user:roles(jid, host, new_roles)
- if new_roles or type(host) == "table" then
- return nil, "Use user:setroles(jid, host, roles) to change user roles";
- end
+function def_env.user:role(jid, host)
+ local print = self.session.print;
local username, userhost = jid_split(jid);
if host == nil then host = userhost; end
- if host ~= "*" and not prosody.hosts[host] then
+ if not prosody.hosts[host] then
return nil, "No such host: "..host;
elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
return nil, "No such user";
end
- local roles = um.get_roles(jid, host);
- if not roles then return true, "No roles"; end
- local count = 0;
- local print = self.session.print;
- for role in pairs(roles) do
+
+ local primary_role = um.get_user_role(username, host);
+ local secondary_roles = um.get_user_secondary_roles(username, host);
+
+ print(primary_role and primary_role.name or "<none>");
+
+ local count = primary_role and 1 or 0;
+ for role_name in pairs(secondary_roles or {}) do
count = count + 1;
- print(role);
+ print(role_name.." (secondary)");
end
+
return true, count == 1 and "1 role" or count.." roles";
end
-def_env.user.showroles = def_env.user.roles; -- COMPAT
+def_env.user.roles = def_env.user.role;
--- user:roles("someone@example.com", "example.com", {"prosody:admin"})
--- user:roles("someone@example.com", {"prosody:admin"})
-function def_env.user:setroles(jid, host, new_roles)
+-- user:setrole("someone@example.com", "example.com", "prosody:admin")
+-- user:setrole("someone@example.com", "prosody:admin")
+function def_env.user:setrole(jid, host, new_role)
local username, userhost = jid_split(jid);
- if new_roles == nil then host, new_roles = userhost, host; end
- if host ~= "*" and not prosody.hosts[host] then
+ if new_role == nil then host, new_role = userhost, host; end
+ if not prosody.hosts[host] then
return nil, "No such host: "..host;
elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
return nil, "No such user";
end
- if host == "*" then host = nil; end
- return um.set_roles(jid, host, coerce_roles(new_roles));
+ return um.set_user_role(username, host, new_role);
+end
+
+function def_env.user:addrole(jid, host, new_role)
+ local username, userhost = jid_split(jid);
+ if new_role == nil then host, new_role = userhost, host; end
+ if not prosody.hosts[host] then
+ return nil, "No such host: "..host;
+ elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
+ return nil, "No such user";
+ end
+ return um.add_user_secondary_role(username, host, new_role);
+end
+
+function def_env.user:delrole(jid, host, role_name)
+ local username, userhost = jid_split(jid);
+ if role_name == nil then host, role_name = userhost, host; end
+ if not prosody.hosts[host] then
+ return nil, "No such host: "..host;
+ elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
+ return nil, "No such user";
+ end
+ return um.remove_user_secondary_role(username, host, role_name);
end
-- TODO switch to table view, include roles
@@ -1462,7 +1732,7 @@ end
def_env.xmpp = {};
-local new_id = require "util.id".medium;
+local new_id = require "prosody.util.id".medium;
function def_env.xmpp:ping(localhost, remotehost, timeout)
localhost = select(2, jid_split(localhost));
remotehost = select(2, jid_split(remotehost));
@@ -1509,12 +1779,12 @@ function def_env.xmpp:ping(localhost, remotehost, timeout)
module:unhook("s2sin-established", onestablished);
module:unhook("s2s-destroyed", ondestroyed);
end):next(function(pong)
- return ("pong from %s in %gs"):format(pong.stanza.attr.from, time.now() - time_start);
+ return ("pong from %s on %s in %gs"):format(pong.stanza.attr.from, pong.origin.id, time.now() - time_start);
end);
end
def_env.dns = {};
-local adns = require"net.adns";
+local adns = require"prosody.net.adns";
local function get_resolver(session)
local resolver = session.dns_resolver;
@@ -1561,7 +1831,7 @@ function def_env.http:list(hosts)
local output = format_table({
{ title = "Module", width = "20%" },
{ title = "URL", width = "80%" },
- }, 132);
+ }, self.session.width);
for _, host in ipairs(hosts) do
local http_apps = modulemanager.get_items("http-provider", host);
@@ -1592,6 +1862,60 @@ function def_env.http:list(hosts)
return true;
end
+def_env.watch = {};
+
+function def_env.watch:log()
+ local writing = false;
+ local sink = logger.add_simple_sink(function (source, level, message)
+ if writing then return; end
+ writing = true;
+ self.session.print(source, level, message);
+ writing = false;
+ end);
+
+ while self.session.is_connected() do
+ async.sleep(3);
+ end
+ if not logger.remove_sink(sink) then
+ module:log("warn", "Unable to remove watch:log() sink");
+ end
+end
+
+local stanza_watchers = module:require("mod_debug_stanzas/watcher");
+function def_env.watch:stanzas(target_spec, filter_spec)
+ local function handler(event_type, stanza, session)
+ if stanza then
+ if event_type == "sent" then
+ self.session.print(("\n<!-- sent to %s -->"):format(session.id));
+ elseif event_type == "received" then
+ self.session.print(("\n<!-- received from %s -->"):format(session.id));
+ else
+ self.session.print(("\n<!-- %s (%s) -->"):format(event_type, session.id));
+ end
+ self.session.print(stanza);
+ elseif session then
+ self.session.print("\n<!-- session "..session.id.." "..event_type.." -->");
+ elseif event_type then
+ self.session.print("\n<!-- "..event_type.." -->");
+ end
+ end
+
+ stanza_watchers.add({
+ target_spec = {
+ jid = target_spec;
+ };
+ filter_spec = filter_spec and {
+ with_jid = filter_spec;
+ };
+ }, handler);
+
+ while self.session.is_connected() do
+ async.sleep(3);
+ end
+
+ stanza_watchers.remove(handler);
+end
+
def_env.debug = {};
function def_env.debug:logevents(host)
@@ -1603,7 +1927,7 @@ function def_env.debug:events(host, event)
local events_obj;
if host and host ~= "*" then
if host == "http" then
- events_obj = require "net.http.server"._events;
+ events_obj = require "prosody.net.http.server"._events;
elseif not prosody.hosts[host] then
return false, "Unknown host: "..host;
else
@@ -1617,7 +1941,7 @@ end
function def_env.debug:timers()
local print = self.session.print;
- local add_task = require"util.timer".add_task;
+ local add_task = require"prosody.util.timer".add_task;
local h, params = add_task.h, add_task.params;
local function normalize_time(t)
return t;
@@ -1914,7 +2238,7 @@ local function new_stats_context(self)
end
function def_env.stats:show(name_filter)
- local statsman = require "core.statsmanager"
+ local statsman = require "prosody.core.statsmanager"
local collect = statsman.collect
if collect then
-- force collection if in manual mode
@@ -1935,6 +2259,10 @@ function def_env.stats:show(name_filter)
end
+function module.unload()
+ stanza_watchers.cleanup();
+end
+
-------------
diff --git a/plugins/mod_admin_socket.lua b/plugins/mod_admin_socket.lua
index 157e746c..ad6aa5d7 100644
--- a/plugins/mod_admin_socket.lua
+++ b/plugins/mod_admin_socket.lua
@@ -8,7 +8,7 @@ if have_unix and type(unix) == "function" then
-- constructor was exported instead of a module table. Due to the lack of a
-- proper release of LuaSocket, distros have settled on shipping either the
-- last RC tag or some commit since then.
- -- Here we accomodate both variants.
+ -- Here we accommodate both variants.
unix = { stream = unix };
end
if not have_unix or type(unix) ~= "table" then
@@ -16,10 +16,10 @@ if not have_unix or type(unix) ~= "table" then
return;
end
-local server = require "net.server";
+local server = require "prosody.net.server";
-local adminstream = require "util.adminstream";
-local st = require "util.stanza";
+local adminstream = require "prosody.util.adminstream";
+local st = require "prosody.util.stanza";
local socket_path = module:get_option_path("admin_socket", "prosody.sock", "data");
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua
index 15220ec9..e93f61a9 100644
--- a/plugins/mod_admin_telnet.lua
+++ b/plugins/mod_admin_telnet.lua
@@ -12,8 +12,8 @@ module:depends("admin_shell");
local console_listener = { default_port = 5582; default_mode = "*a"; interface = "127.0.0.1" };
-local async = require "util.async";
-local st = require "util.stanza";
+local async = require "prosody.util.async";
+local st = require "prosody.util.stanza";
local def_env = module:shared("admin_shell/env");
local default_env_mt = { __index = def_env };
diff --git a/plugins/mod_announce.lua b/plugins/mod_announce.lua
index c742ebb8..ba62c11b 100644
--- a/plugins/mod_announce.lua
+++ b/plugins/mod_announce.lua
@@ -6,10 +6,9 @@
-- COPYING file in the source package for more information.
--
-local st, jid = require "util.stanza", require "util.jid";
+local st, jid = require "prosody.util.stanza", require "prosody.util.jid";
local hosts = prosody.hosts;
-local is_admin = require "core.usermanager".is_admin;
function send_to_online(message, host)
local sessions;
@@ -34,6 +33,7 @@ function send_to_online(message, host)
return c;
end
+module:default_permission("prosody:admin", ":send-announcement");
-- Old <message>-based jabberd-style announcement sending
function handle_announcement(event)
@@ -45,8 +45,8 @@ function handle_announcement(event)
return; -- Not an announcement
end
- if not is_admin(stanza.attr.from, host) then
- -- Not an admin? Not allowed!
+ if not module:may(":send-announcement", event) then
+ -- Not allowed!
module:log("warn", "Non-admin '%s' tried to send server announcement", stanza.attr.from);
return;
end
@@ -63,7 +63,7 @@ end
module:hook("message/host", handle_announcement);
-- Ad-hoc command (XEP-0133)
-local dataforms_new = require "util.dataforms".new;
+local dataforms_new = require "prosody.util.dataforms".new;
local announce_layout = dataforms_new{
title = "Making an Announcement";
instructions = "Fill out this form to make an announcement to all\nactive users of this service.";
diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua
index 90646e71..21373698 100644
--- a/plugins/mod_auth_anonymous.lua
+++ b/plugins/mod_auth_anonymous.lua
@@ -7,8 +7,8 @@
--
-- luacheck: ignore 212
-local new_sasl = require "util.sasl".new;
-local datamanager = require "util.datamanager";
+local new_sasl = require "prosody.util.sasl".new;
+local datamanager = require "prosody.util.datamanager";
local hosts = prosody.hosts;
local allow_storage = module:get_option_boolean("allow_anonymous_storage", false);
diff --git a/plugins/mod_auth_insecure.lua b/plugins/mod_auth_insecure.lua
index dc5ee616..133c3292 100644
--- a/plugins/mod_auth_insecure.lua
+++ b/plugins/mod_auth_insecure.lua
@@ -7,9 +7,9 @@
--
-- luacheck: ignore 212
-local datamanager = require "util.datamanager";
-local new_sasl = require "util.sasl".new;
-local saslprep = require "util.encodings".stringprep.saslprep;
+local datamanager = require "prosody.util.datamanager";
+local new_sasl = require "prosody.util.sasl".new;
+local saslprep = require "prosody.util.encodings".stringprep.saslprep;
local host = module.host;
local provider = { name = "insecure" };
@@ -27,6 +27,7 @@ function provider.set_password(username, password)
return nil, "Password fails SASLprep.";
end
if account then
+ account.updated = os.time();
account.password = password;
return datamanager.store(username, host, "accounts", account);
end
@@ -38,7 +39,8 @@ function provider.user_exists(username)
end
function provider.create_user(username, password)
- return datamanager.store(username, host, "accounts", {password = password});
+ local now = os.time();
+ return datamanager.store(username, host, "accounts", { created = now; updated = now; password = password });
end
function provider.delete_user(username)
diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index cf851eef..b8fea993 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -9,14 +9,13 @@
local max = math.max;
-local scram_hashers = require "util.sasl.scram".hashers;
-local usermanager = require "core.usermanager";
-local generate_uuid = require "util.uuid".generate;
-local new_sasl = require "util.sasl".new;
-local hex = require"util.hex";
+local scram_hashers = require "prosody.util.sasl.scram".hashers;
+local generate_uuid = require "prosody.util.uuid".generate;
+local new_sasl = require "prosody.util.sasl".new;
+local hex = require"prosody.util.hex";
local to_hex, from_hex = hex.encode, hex.decode;
-local saslprep = require "util.encodings".stringprep.saslprep;
-local secure_equals = require "util.hashes".equals;
+local saslprep = require "prosody.util.encodings".stringprep.saslprep;
+local secure_equals = require "prosody.util.hashes".equals;
local log = module._log;
local host = module.host;
@@ -30,6 +29,8 @@ local scram_name = "scram_"..hash_name:gsub("%-","_"):lower();
-- Default; can be set per-user
local default_iteration_count = module:get_option_number("default_iteration_count", 10000);
+local tokenauth = module:depends("tokenauth");
+
-- define auth provider
local provider = {};
@@ -86,11 +87,22 @@ function provider.set_password(username, password)
account.server_key = server_key_hex
account.password = nil;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ enabled = not account.disabled;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -100,13 +112,35 @@ function provider.user_exists(username)
return true;
end
+function provider.is_enabled(username) -- luacheck: ignore 212
+ local info, err = provider.get_account_info(username);
+ if not info then return nil, err; end
+ return info.enabled;
+end
+
+function provider.enable(username)
+ -- TODO map store?
+ local account = accounts:get(username);
+ account.disabled = nil;
+ account.updated = os.time();
+ return accounts:set(username, account);
+end
+
+function provider.disable(username)
+ local account = accounts:get(username);
+ account.disabled = true;
+ account.updated = os.time();
+ return accounts:set(username, account);
+end
+
function provider.users()
return accounts:users();
end
function provider.create_user(username, password)
+ local now = os.time();
if password == nil then
- return accounts:set(username, {});
+ return accounts:set(username, { created = now; updated = now; disabled = true });
end
local salt = generate_uuid();
local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count);
@@ -117,7 +151,8 @@ function provider.create_user(username, password)
local server_key_hex = to_hex(server_key);
return accounts:set(username, {
stored_key = stored_key_hex, server_key = server_key_hex,
- salt = salt, iteration_count = default_iteration_count
+ salt = salt, iteration_count = default_iteration_count,
+ created = now, updated = now;
});
end
@@ -127,8 +162,8 @@ end
function provider.get_sasl_handler()
local testpass_authentication_profile = {
- plain_test = function(_, username, password, realm)
- return usermanager.test_password(username, realm, password), true;
+ plain_test = function(_, username, password)
+ return provider.test_password(username, password), provider.is_enabled(username);
end,
[scram_name] = function(_, username)
local credentials = accounts:get(username);
@@ -145,8 +180,9 @@ function provider.get_sasl_handler()
local iteration_count, salt = credentials.iteration_count, credentials.salt;
stored_key = stored_key and from_hex(stored_key);
server_key = server_key and from_hex(server_key);
- return stored_key, server_key, iteration_count, salt, true;
- end
+ return stored_key, server_key, iteration_count, salt, not credentials.disabled;
+ end;
+ oauthbearer = tokenauth.sasl_handler(provider, "oauth2", module:shared("tokenauth/oauthbearer_config"));
};
return new_sasl(host, testpass_authentication_profile);
end
diff --git a/plugins/mod_auth_internal_plain.lua b/plugins/mod_auth_internal_plain.lua
index 8a50e820..98df1983 100644
--- a/plugins/mod_auth_internal_plain.lua
+++ b/plugins/mod_auth_internal_plain.lua
@@ -6,10 +6,10 @@
-- COPYING file in the source package for more information.
--
-local usermanager = require "core.usermanager";
-local new_sasl = require "util.sasl".new;
-local saslprep = require "util.encodings".stringprep.saslprep;
-local secure_equals = require "util.hashes".equals;
+local usermanager = require "prosody.core.usermanager";
+local new_sasl = require "prosody.util.sasl".new;
+local saslprep = require "prosody.util.encodings".stringprep.saslprep;
+local secure_equals = require "prosody.util.hashes".equals;
local log = module._log;
local host = module.host;
@@ -48,11 +48,21 @@ function provider.set_password(username, password)
local account = accounts:get(username);
if account then
account.password = password;
+ account.updated = os.time();
return accounts:set(username, account);
end
return nil, "Account not available.";
end
+function provider.get_account_info(username)
+ local account = accounts:get(username);
+ if not account then return nil, "Account not available"; end
+ return {
+ created = account.created;
+ password_updated = account.updated;
+ };
+end
+
function provider.user_exists(username)
local account = accounts:get(username);
if not account then
@@ -67,11 +77,18 @@ function provider.users()
end
function provider.create_user(username, password)
+ local now = os.time();
+ if password == nil then
+ return accounts:set(username, { created = now, updated = now, disabled = true });
+ end
password = saslprep(password);
if not password then
return nil, "Password fails SASLprep.";
end
- return accounts:set(username, {password = password});
+ return accounts:set(username, {
+ password = password;
+ created = now, updated = now;
+ });
end
function provider.delete_user(username)
diff --git a/plugins/mod_auth_ldap.lua b/plugins/mod_auth_ldap.lua
index 4d484aaa..7900b3fe 100644
--- a/plugins/mod_auth_ldap.lua
+++ b/plugins/mod_auth_ldap.lua
@@ -1,7 +1,6 @@
-- mod_auth_ldap
-local jid_split = require "util.jid".split;
-local new_sasl = require "util.sasl".new;
+local new_sasl = require "prosody.util.sasl".new;
local lualdap = require "lualdap";
local function ldap_filter_escape(s)
@@ -21,6 +20,13 @@ local ldap_admins = module:get_option_string("ldap_admin_filter",
module:get_option_string("ldap_admins")); -- COMPAT with mistake in documentation
local host = ldap_filter_escape(module:get_option_string("realm", module.host));
+if ldap_admins then
+ module:log("error", "The 'ldap_admin_filter' option has been deprecated, "..
+ "and will be ignored. Equivalent functionality may be added in "..
+ "the future if there is demand."
+ );
+end
+
-- Initiate connection
local ld = nil;
module.unload = function() if ld then pcall(ld, ld.close); end end
@@ -133,22 +139,4 @@ else
module:log("error", "Unsupported ldap_mode %s", tostring(ldap_mode));
end
-if ldap_admins then
- function provider.is_admin(jid)
- local username, user_host = jid_split(jid);
- if user_host ~= module.host then
- return false;
- end
- return ldap_do("search", 2, {
- base = ldap_base;
- scope = ldap_scope;
- sizelimit = 1;
- filter = ldap_admins:gsub("%$(%a+)", {
- user = ldap_filter_escape(username);
- host = host;
- });
- });
- end
-end
-
module:provides("auth", provider);
diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua
index 17687959..9c0833bc 100644
--- a/plugins/mod_authz_internal.lua
+++ b/plugins/mod_authz_internal.lua
@@ -1,59 +1,334 @@
-local array = require "util.array";
-local it = require "util.iterators";
-local set = require "util.set";
-local jid_split = require "util.jid".split;
-local normalize = require "util.jid".prep;
+local array = require "prosody.util.array";
+local it = require "prosody.util.iterators";
+local set = require "prosody.util.set";
+local jid_split, jid_bare, jid_host = import("prosody.util.jid", "split", "bare", "host");
+local normalize = require "prosody.util.jid".prep;
+local roles = require "prosody.util.roles";
+
+local config_global_admin_jids = module:context("*"):get_option_set("admins", {}) / normalize;
local config_admin_jids = module:get_option_inherited_set("admins", {}) / normalize;
local host = module.host;
-local role_store = module:open_store("roles");
-local role_map_store = module:open_store("roles", "map");
+local host_suffix = host:gsub("^[^%.]+%.", "");
+
+local hosts = prosody.hosts;
+local is_component = hosts[host].type == "component";
+local host_user_role, server_user_role, public_user_role;
+if is_component then
+ host_user_role = module:get_option_string("host_user_role", "prosody:user");
+ server_user_role = module:get_option_string("server_user_role");
+ public_user_role = module:get_option_string("public_user_role");
+end
+
+local role_store = module:open_store("account_roles");
+local role_map_store = module:open_store("account_roles", "map");
+
+local role_registry = {};
+
+function register_role(role)
+ if role_registry[role.name] ~= nil then
+ return error("A role '"..role.name.."' is already registered");
+ end
+ if not roles.is_role(role) then
+ -- Convert table syntax to real role object
+ for i, inherited_role in ipairs(role.inherits or {}) do
+ if type(inherited_role) == "string" then
+ role.inherits[i] = assert(role_registry[inherited_role], "The named role '"..inherited_role.."' is not registered");
+ end
+ end
+ if not role.permissions then role.permissions = {}; end
+ for _, allow_permission in ipairs(role.allow or {}) do
+ role.permissions[allow_permission] = true;
+ end
+ for _, deny_permission in ipairs(role.deny or {}) do
+ role.permissions[deny_permission] = false;
+ end
+ role = roles.new(role);
+ end
+ role_registry[role.name] = role;
+end
+
+-- Default roles
+register_role {
+ name = "prosody:restricted";
+ priority = 15;
+};
+
+register_role {
+ name = "prosody:user";
+ priority = 25;
+ inherits = { "prosody:restricted" };
+};
+
+register_role {
+ name = "prosody:admin";
+ priority = 50;
+ inherits = { "prosody:user" };
+};
+
+register_role {
+ name = "prosody:operator";
+ priority = 75;
+ inherits = { "prosody:admin" };
+};
-local admin_role = { ["prosody:admin"] = true };
-function get_user_roles(user)
- if config_admin_jids:contains(user.."@"..host) then
- return admin_role;
+-- Process custom roles from config
+
+local custom_roles = module:get_option("custom_roles", {});
+for n, role_config in ipairs(custom_roles) do
+ local ok, err = pcall(register_role, role_config);
+ if not ok then
+ module:log("error", "Error registering custom role %s: %s", role_config.name or tostring(n), err);
end
- return role_store:get(user);
end
-function set_user_roles(user, roles)
- role_store:set(user, roles)
- return true;
+-- Process custom permissions from config
+
+local config_add_perms = module:get_option("add_permissions", {});
+local config_remove_perms = module:get_option("remove_permissions", {});
+
+for role_name, added_permissions in pairs(config_add_perms) do
+ if not role_registry[role_name] then
+ module:log("error", "Cannot add permissions to unknown role '%s'", role_name);
+ else
+ for _, permission in ipairs(added_permissions) do
+ role_registry[role_name]:set_permission(permission, true, true);
+ end
+ end
+end
+
+for role_name, removed_permissions in pairs(config_remove_perms) do
+ if not role_registry[role_name] then
+ module:log("error", "Cannot remove permissions from unknown role '%s'", role_name);
+ else
+ for _, permission in ipairs(removed_permissions) do
+ role_registry[role_name]:set_permission(permission, false, true);
+ end
+ end
+end
+
+-- Public API
+
+-- Get the primary role of a user
+function get_user_role(user)
+ local bare_jid = user.."@"..host;
+
+ -- Check config first
+ if config_global_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:operator"];
+ elseif config_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:admin"];
+ end
+
+ -- Check storage
+ local stored_roles, err = role_store:get(user);
+ if not stored_roles then
+ if err then
+ -- Unable to fetch role, fail
+ return nil, err;
+ end
+ -- No role set, use default role
+ return role_registry["prosody:user"];
+ end
+ if stored_roles._default == nil then
+ -- No primary role explicitly set, return default
+ return role_registry["prosody:user"];
+ end
+ local primary_stored_role = role_registry[stored_roles._default];
+ if not primary_stored_role then
+ return nil, "unknown-role";
+ end
+ return primary_stored_role;
+end
+
+-- Set the primary role of a user
+function set_user_role(user, role_name)
+ local role = role_registry[role_name];
+ if not role then
+ return error("Cannot assign default user an unknown role: "..tostring(role_name));
+ end
+ local keys_update = {
+ _default = role_name;
+ -- Primary role cannot be secondary role
+ [role_name] = role_map_store.remove;
+ };
+ if role_name == "prosody:user" then
+ -- Don't store default
+ keys_update._default = role_map_store.remove;
+ end
+ local ok, err = role_map_store:set_keys(user, keys_update);
+ if not ok then
+ return nil, err;
+ end
+ return role;
end
-function get_users_with_role(role)
- local storage_role_users = it.to_array(it.keys(role_map_store:get_all(role) or {}));
- if role == "prosody:admin" then
- local config_admin_users = config_admin_jids / function (admin_jid)
+function add_user_secondary_role(user, role_name)
+ if not role_registry[role_name] then
+ return error("Cannot assign default user an unknown role: "..tostring(role_name));
+ end
+ role_map_store:set(user, role_name, true);
+end
+
+function remove_user_secondary_role(user, role_name)
+ role_map_store:set(user, role_name, nil);
+end
+
+function get_user_secondary_roles(user)
+ local stored_roles, err = role_store:get(user);
+ if not stored_roles then
+ if err then
+ -- Unable to fetch role, fail
+ return nil, err;
+ end
+ -- No role set
+ return {};
+ end
+ stored_roles._default = nil;
+ for role_name in pairs(stored_roles) do
+ stored_roles[role_name] = role_registry[role_name];
+ end
+ return stored_roles;
+end
+
+function user_can_assume_role(user, role_name)
+ local primary_role = get_user_role(user);
+ if primary_role and primary_role.name == role_name then
+ return true;
+ end
+ local secondary_roles = get_user_secondary_roles(user);
+ if secondary_roles and secondary_roles[role_name] then
+ return true;
+ end
+ return false;
+end
+
+-- This function is *expensive*
+function get_users_with_role(role_name)
+ local function role_filter(username, default_role) --luacheck: ignore 212/username
+ return default_role == role_name;
+ end
+ local primary_role_users = set.new(it.to_array(it.filter(role_filter, pairs(role_map_store:get_all("_default") or {}))));
+ local secondary_role_users = set.new(it.to_array(it.keys(role_map_store:get_all(role_name) or {})));
+
+ local config_set;
+ if role_name == "prosody:admin" then
+ config_set = config_admin_jids;
+ elseif role_name == "prosody:operator" then
+ config_set = config_global_admin_jids;
+ end
+ if config_set then
+ local config_admin_users = config_set / function (admin_jid)
local j_node, j_host = jid_split(admin_jid);
if j_host == host then
return j_node;
end
end;
- return it.to_array(config_admin_users + set.new(storage_role_users));
+ return it.to_array(config_admin_users + primary_role_users + secondary_role_users);
end
- return storage_role_users;
+ return it.to_array(primary_role_users + secondary_role_users);
end
-function get_jid_roles(jid)
- if config_admin_jids:contains(jid) then
- return admin_role;
+function get_jid_role(jid)
+ local bare_jid = jid_bare(jid);
+ if config_global_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:operator"];
+ elseif config_admin_jids:contains(bare_jid) then
+ return role_registry["prosody:admin"];
+ elseif is_component then
+ local user_host = jid_host(bare_jid);
+ if host_user_role and user_host == host_suffix then
+ return role_registry[host_user_role];
+ elseif server_user_role and hosts[user_host] then
+ return role_registry[server_user_role];
+ elseif public_user_role then
+ return role_registry[public_user_role];
+ end
end
return nil;
end
-function set_jid_roles(jid) -- luacheck: ignore 212
+function set_jid_role(jid, role_name) -- luacheck: ignore 212
return false;
end
-function get_jids_with_role(role)
+function get_jids_with_role(role_name)
-- Fetch role users from storage
- local storage_role_jids = array.map(get_users_with_role(role), function (username)
+ local storage_role_jids = array.map(get_users_with_role(role_name), function (username)
return username.."@"..host;
end);
- if role == "prosody:admin" then
+ if role_name == "prosody:admin" then
return it.to_array(config_admin_jids + set.new(storage_role_jids));
+ elseif role_name == "prosody:operator" then
+ return it.to_array(config_global_admin_jids + set.new(storage_role_jids));
end
return storage_role_jids;
end
+
+function add_default_permission(role_name, action, policy)
+ local role = role_registry[role_name];
+ if not role then
+ module:log("warn", "Attempt to add default permission for unknown role: %s", role_name);
+ return nil, "no-such-role";
+ end
+ if policy == nil then policy = true; end
+ module:log("debug", "Adding policy %s for permission %s on role %s", policy, action, role_name);
+ return role:set_permission(action, policy);
+end
+
+function get_role_by_name(role_name)
+ return assert(role_registry[role_name], role_name);
+end
+
+function get_all_roles()
+ return role_registry;
+end
+
+-- COMPAT: Migrate from 0.12 role storage
+local function do_migration(migrate_host)
+ local old_role_store = assert(module:context(migrate_host):open_store("roles"));
+ local new_role_store = assert(module:context(migrate_host):open_store("account_roles"));
+
+ local migrated, failed, skipped = 0, 0, 0;
+ -- Iterate all users
+ for username in assert(old_role_store:users()) do
+ local old_roles = it.to_array(it.filter(function (k) return k:sub(1,1) ~= "_"; end, it.keys(old_role_store:get(username))));
+ if #old_roles == 1 then
+ local ok, err = new_role_store:set(username, {
+ _default = old_roles[1];
+ });
+ if ok then
+ migrated = migrated + 1;
+ else
+ failed = failed + 1;
+ print("EE: Failed to store new role info for '"..username.."': "..err);
+ end
+ else
+ print("WW: User '"..username.."' has multiple roles and cannot be automatically migrated");
+ skipped = skipped + 1;
+ end
+ end
+ return migrated, failed, skipped;
+end
+
+function module.command(arg)
+ if arg[1] == "migrate" then
+ table.remove(arg, 1);
+ local migrate_host = arg[1];
+ if not migrate_host or not prosody.hosts[migrate_host] then
+ print("EE: Please supply a valid host to migrate to the new role storage");
+ return 1;
+ end
+
+ -- Initialize storage layer
+ require "prosody.core.storagemanager".initialize_host(migrate_host);
+
+ print("II: Migrating roles...");
+ local migrated, failed, skipped = do_migration(migrate_host);
+ print(("II: %d migrated, %d failed, %d skipped"):format(migrated, failed, skipped));
+ return (failed + skipped == 0) and 0 or 1;
+ else
+ print("EE: Unknown command: "..(arg[1] or "<none given>"));
+ print(" Hint: try 'migrate'?");
+ end
+end
diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua
index dad06b62..c6be198b 100644
--- a/plugins/mod_blocklist.lua
+++ b/plugins/mod_blocklist.lua
@@ -9,16 +9,16 @@
-- This module implements XEP-0191: Blocking Command
--
-local user_exists = require"core.usermanager".user_exists;
-local rostermanager = require"core.rostermanager";
+local user_exists = require"prosody.core.usermanager".user_exists;
+local rostermanager = require"prosody.core.rostermanager";
local is_contact_subscribed = rostermanager.is_contact_subscribed;
local is_contact_pending_in = rostermanager.is_contact_pending_in;
local load_roster = rostermanager.load_roster;
local save_roster = rostermanager.save_roster;
-local st = require"util.stanza";
+local st = require"prosody.util.stanza";
local st_error_reply = st.error_reply;
-local jid_prep = require"util.jid".prep;
-local jid_split = require"util.jid".split;
+local jid_prep = require"prosody.util.jid".prep;
+local jid_split = require"prosody.util.jid".split;
local storage = module:open_store();
local sessions = prosody.hosts[module.host].sessions;
@@ -36,7 +36,7 @@ local cache = setmetatable({}, { __mode = "v" });
-- want to use too much memory either, so this can be tuned by advanced
-- users. TODO use science to figure out a better default, 64 is just a guess.
local cache_size = module:get_option_number("blocklist_cache_size", 64);
-local cache2 = require"util.cache".new(cache_size);
+local cache2 = require"prosody.util.cache".new(cache_size);
local null_blocklist = {};
@@ -54,6 +54,7 @@ local function set_blocklist(username, blocklist)
end
-- Migrates from the old mod_privacy storage
+-- TODO mod_privacy was removed in 0.10.0, this should be phased out
local function migrate_privacy_list(username)
local legacy_data = module:open_store("privacy"):get(username);
if not legacy_data or not legacy_data.lists or not legacy_data.default then return; end
@@ -77,6 +78,13 @@ local function migrate_privacy_list(username)
return migrated_data;
end
+if not module:get_option_boolean("migrate_legacy_blocking", true) then
+ migrate_privacy_list = function (username)
+ module:log("debug", "Migrating from mod_privacy disabled, user '%s' will start with a fresh blocklist", username);
+ return nil;
+ end
+end
+
local function get_blocklist(username)
local blocklist = cache2:get(username);
if not blocklist then
diff --git a/plugins/mod_bookmarks.lua b/plugins/mod_bookmarks.lua
index d67915f8..be665d0f 100644
--- a/plugins/mod_bookmarks.lua
+++ b/plugins/mod_bookmarks.lua
@@ -1,10 +1,10 @@
-local mm = require "core.modulemanager";
+local mm = require "prosody.core.modulemanager";
if mm.get_modules_for_host(module.host):contains("bookmarks2") then
error("mod_bookmarks and mod_bookmarks2 are conflicting, please disable one of them.", 0);
end
-local st = require "util.stanza";
-local jid_split = require "util.jid".split;
+local st = require "prosody.util.stanza";
+local jid_split = require "prosody.util.jid".split;
local mod_pep = module:depends "pep";
local private_storage = module:open_store("private", "map");
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index 11bfb51d..34d801d9 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -8,21 +8,21 @@
module:set_global();
-local new_xmpp_stream = require "util.xmppstream".new;
-local sm = require "core.sessionmanager";
+local new_xmpp_stream = require "prosody.util.xmppstream".new;
+local sm = require "prosody.core.sessionmanager";
local sm_destroy_session = sm.destroy_session;
-local new_uuid = require "util.uuid".generate;
+local new_uuid = require "prosody.util.uuid".generate;
local core_process_stanza = prosody.core_process_stanza;
-local st = require "util.stanza";
-local logger = require "util.logger";
+local st = require "prosody.util.stanza";
+local logger = require "prosody.util.logger";
local log = module._log;
-local initialize_filters = require "util.filters".initialize;
+local initialize_filters = require "prosody.util.filters".initialize;
local math_min = math.min;
local tostring, type = tostring, type;
local traceback = debug.traceback;
-local runner = require"util.async".runner;
-local nameprep = require "util.encodings".stringprep.nameprep;
-local cache = require "util.cache";
+local runner = require"prosody.util.async".runner;
+local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local cache = require "prosody.util.cache";
local xmlns_streams = "http://etherx.jabber.org/streams";
local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams";
@@ -559,6 +559,6 @@ function module.add_host(module)
});
end
-if require"core.modulemanager".get_modules_for_host("*"):contains(module.name) then
+if require"prosody.core.modulemanager".get_modules_for_host("*"):contains(module.name) then
module:add_host();
end
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index c8f54fa7..871875e9 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -8,15 +8,15 @@
module:set_global();
-local add_task = require "util.timer".add_task;
-local new_xmpp_stream = require "util.xmppstream".new;
-local nameprep = require "util.encodings".stringprep.nameprep;
-local sessionmanager = require "core.sessionmanager";
-local statsmanager = require "core.statsmanager";
-local st = require "util.stanza";
+local add_task = require "prosody.util.timer".add_task;
+local new_xmpp_stream = require "prosody.util.xmppstream".new;
+local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local sessionmanager = require "prosody.core.sessionmanager";
+local statsmanager = require "prosody.core.statsmanager";
+local st = require "prosody.util.stanza";
local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session;
-local uuid_generate = require "util.uuid".generate;
-local async = require "util.async";
+local uuid_generate = require "prosody.util.uuid".generate;
+local async = require "prosody.util.async";
local runner = async.runner;
local tostring, type = tostring, type;
@@ -117,8 +117,7 @@ function stream_callbacks._streamopened(session, attr)
session.secure = true;
session.encrypted = true;
- local sock = session.conn:socket();
- local info = sock.info and sock:info();
+ local info = session.conn:ssl_info();
if type(info) == "table" then
(session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
session.compressed = info.compression;
@@ -129,8 +128,13 @@ function stream_callbacks._streamopened(session, attr)
end
local features = st.stanza("stream:features");
- hosts[session.host].events.fire_event("stream-features", { origin = session, features = features });
+ hosts[session.host].events.fire_event("stream-features", { origin = session, features = features, stream = attr });
if features.tags[1] or session.full_jid then
+ if stanza_size_limit then
+ features:reset();
+ features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
+ :text_tag("max-size", string.format("%d", stanza_size_limit)):up();
+ end
send(features);
else
if session.secure then
@@ -260,8 +264,17 @@ local function disconnect_user_sessions(reason, leave_resource)
end
module:hook_global("user-password-changed", disconnect_user_sessions({ condition = "reset", text = "Password changed" }, true), 200);
-module:hook_global("user-roles-changed", disconnect_user_sessions({ condition = "reset", text = "Roles changed" }), 200);
+module:hook_global("user-role-changed", disconnect_user_sessions({ condition = "reset", text = "Role changed" }), 200);
module:hook_global("user-deleted", disconnect_user_sessions({ condition = "not-authorized", text = "Account deleted" }), 200);
+module:hook_global("user-disabled", disconnect_user_sessions({ condition = "not-authorized", text = "Account disabled" }), 200);
+
+module:hook_global("c2s-session-updated", function (event)
+ sessions[event.session.conn] = event.session;
+ local replaced_conn = event.replaced_conn;
+ if replaced_conn then
+ sessions[replaced_conn] = nil;
+ end
+end);
function runner_callbacks:ready()
if self.data.conn then
@@ -295,8 +308,7 @@ function listener.onconnect(conn)
session.encrypted = true;
-- Check if TLS compression is used
- local sock = conn:socket();
- local info = sock.info and sock:info();
+ local info = conn:ssl_info();
if type(info) == "table" then
(session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
session.compressed = info.compression;
@@ -426,7 +438,7 @@ module:hook("c2s-read-timeout", keepalive, -1);
module:hook("server-stopping", function(event) -- luacheck: ignore 212/event
-- Close ports
- local pm = require "core.portmanager";
+ local pm = require "prosody.core.portmanager";
for _, netservice in pairs(module.items["net-provider"]) do
pm.unregister_service(netservice.name, netservice);
end
diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua
index 7a5b757c..3fa34be7 100644
--- a/plugins/mod_carbons.lua
+++ b/plugins/mod_carbons.lua
@@ -3,9 +3,9 @@
--
-- This file is MIT/X11 licensed.
-local st = require "util.stanza";
-local jid_bare = require "util.jid".bare;
-local jid_resource = require "util.jid".resource;
+local st = require "prosody.util.stanza";
+local jid_bare = require "prosody.util.jid".bare;
+local jid_resource = require "prosody.util.jid".resource;
local xmlns_carbons = "urn:xmpp:carbons:2";
local xmlns_forward = "urn:xmpp:forward:0";
local full_sessions, bare_sessions = prosody.full_sessions, prosody.bare_sessions;
diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua
index f57c4381..7050dcbb 100644
--- a/plugins/mod_component.lua
+++ b/plugins/mod_component.lua
@@ -10,16 +10,16 @@ module:set_global();
local t_concat = table.concat;
local tostring, type = tostring, type;
-local xpcall = require "util.xpcall".xpcall;
+local xpcall = require "prosody.util.xpcall".xpcall;
local traceback = debug.traceback;
-local logger = require "util.logger";
-local sha1 = require "util.hashes".sha1;
-local st = require "util.stanza";
+local logger = require "prosody.util.logger";
+local sha1 = require "prosody.util.hashes".sha1;
+local st = require "prosody.util.stanza";
-local jid_split = require "util.jid".split;
-local new_xmpp_stream = require "util.xmppstream".new;
-local uuid_gen = require "util.uuid".generate;
+local jid_host = require "prosody.util.jid".host;
+local new_xmpp_stream = require "prosody.util.xmppstream".new;
+local uuid_gen = require "prosody.util.uuid".generate;
local core_process_stanza = prosody.core_process_stanza;
local hosts = prosody.hosts;
@@ -222,22 +222,19 @@ function stream_callbacks.handlestanza(session, stanza)
end
if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then
local from = stanza.attr.from;
- if from then
- if session.component_validate_from then
- local _, domain = jid_split(stanza.attr.from);
- if domain ~= session.host then
- -- Return error
- session.log("warn", "Component sent stanza with missing or invalid 'from' address");
- session:close{
- condition = "invalid-from";
- text = "Component tried to send from address <"..tostring(from)
- .."> which is not in domain <"..tostring(session.host)..">";
- };
- return;
- end
+ if session.component_validate_from then
+ if not from or (jid_host(from) ~= session.host) then
+ -- Return error
+ session.log("warn", "Component sent stanza with missing or invalid 'from' address");
+ session:close{
+ condition = "invalid-from";
+ text = "Component tried to send from address <"..(from or "< [missing 'from' attribute] >")
+ .."> which is not in domain <"..tostring(session.host)..">";
+ };
+ return;
end
- else
- stanza.attr.from = session.host; -- COMPAT: Strictly we shouldn't allow this
+ elseif not from then
+ stanza.attr.from = session.host;
end
if not stanza.attr.to then
session.log("warn", "Rejecting stanza with no 'to' address");
diff --git a/plugins/mod_cron.lua b/plugins/mod_cron.lua
index 33d97df6..eef25755 100644
--- a/plugins/mod_cron.lua
+++ b/plugins/mod_cron.lua
@@ -1,7 +1,7 @@
module:set_global();
-local async = require("util.async");
-local datetime = require("util.datetime");
+local async = require("prosody.util.async");
+local datetime = require("prosody.util.datetime");
local periods = { hourly = 3600; daily = 86400; weekly = 7 * 86400 }
diff --git a/plugins/mod_csi.lua b/plugins/mod_csi.lua
index 458ff491..82efd831 100644
--- a/plugins/mod_csi.lua
+++ b/plugins/mod_csi.lua
@@ -1,10 +1,11 @@
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local xmlns_csi = "urn:xmpp:csi:0";
local csi_feature = st.stanza("csi", { xmlns = xmlns_csi });
-local csi_handler_available = nil;
+local change = module:metric("counter", "changes", "events", "CSI state changes", {"csi_state"});
+
module:hook("stream-features", function (event)
- if event.origin.username and csi_handler_available then
+ if event.origin.username then
event.features:add_child(csi_feature);
end
end);
@@ -13,6 +14,7 @@ function refire_event(name)
return function (event)
if event.origin.username then
event.origin.state = event.stanza.name;
+ change:with_labels(event.stanza.name):add(1);
module:fire_event(name, event);
return true;
end
@@ -21,15 +23,3 @@ end
module:hook("stanza/"..xmlns_csi..":active", refire_event("csi-client-active"));
module:hook("stanza/"..xmlns_csi..":inactive", refire_event("csi-client-inactive"));
-
-function module.load()
- if prosody.hosts[module.host].events._handlers["csi-client-active"] then
- csi_handler_available = true;
- module:set_status("core", "CSI handler module loaded");
- else
- csi_handler_available = false;
- module:set_status("warn", "No CSI handler module loaded");
- end
-end
-module:hook("module-loaded", module.load);
-module:hook("module-unloaded", module.load);
diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua
index 569916b0..d48a7d4e 100644
--- a/plugins/mod_csi_simple.lua
+++ b/plugins/mod_csi_simple.lua
@@ -6,11 +6,11 @@
module:depends"csi"
-local jid = require "util.jid";
-local st = require "util.stanza";
-local dt = require "util.datetime";
-local filters = require "util.filters";
-local timer = require "util.timer";
+local jid = require "prosody.util.jid";
+local st = require "prosody.util.stanza";
+local dt = require "prosody.util.datetime";
+local filters = require "prosody.util.filters";
+local timer = require "prosody.util.timer";
local queue_size = module:get_option_number("csi_queue_size", 256);
local resume_delay = module:get_option_number("csi_resume_inactive_delay", 5);
@@ -116,6 +116,9 @@ local flush_reasons = module:metric(
{ "reason" }
);
+local flush_sizes = module:metric("histogram", "flush_stanza_count", "", "Number of stanzas flushed at once", {},
+ { buckets = { 0, 1, 2, 4, 8, 16, 32, 64, 128, 256 } }):with_labels();
+
local function manage_buffer(stanza, session)
local ctr = session.csi_counter or 0;
if session.state ~= "inactive" then
@@ -129,6 +132,7 @@ local function manage_buffer(stanza, session)
session.csi_measure_buffer_hold = nil;
end
flush_reasons:with_labels(why or "important"):add(1);
+ flush_sizes:sample(ctr);
session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter);
session.state = "flushing";
module:fire_event("csi-flushing", { session = session });
@@ -147,6 +151,7 @@ local function flush_buffer(data, session)
session.log("debug", "Flushing buffer (%s; queue size is %d)", "client activity", session.csi_counter);
session.state = "flushing";
module:fire_event("csi-flushing", { session = session });
+ flush_sizes:sample(ctr);
flush_reasons:with_labels("client activity"):add(1);
if session.csi_measure_buffer_hold then
session.csi_measure_buffer_hold();
@@ -250,7 +255,7 @@ function module.command(arg)
return 1;
end
-- luacheck: ignore 212/self
- local xmppstream = require "util.xmppstream";
+ local xmppstream = require "prosody.util.xmppstream";
local input_session = { notopen = true }
local stream_callbacks = { stream_ns = "jabber:client", default_ns = "jabber:client" };
function stream_callbacks:handlestanza(stanza)
diff --git a/plugins/mod_debug_reset.lua b/plugins/mod_debug_reset.lua
new file mode 100644
index 00000000..5964aff0
--- /dev/null
+++ b/plugins/mod_debug_reset.lua
@@ -0,0 +1,36 @@
+-- This module will "reset" the server when the client connection count drops
+-- to zero. This is somewhere between a reload and a full process restart.
+-- It is useful to ensure isolation between test runs, for example. It may
+-- also be of use for some kinds of manual testing.
+
+module:set_global();
+
+local hostmanager = require "prosody.core.hostmanager";
+
+local function do_reset()
+ module:log("info", "Performing reset...");
+ local hosts = {};
+ for host in pairs(prosody.hosts) do
+ table.insert(hosts, host);
+ end
+ module:fire_event("server-resetting");
+ for _, host in ipairs(hosts) do
+ hostmanager.deactivate(host);
+ hostmanager.activate(host);
+ module:log("info", "Reset complete");
+ module:fire_event("server-reset");
+ end
+end
+
+function module.add_host(host_module)
+ host_module:hook("resource-unbind", function ()
+ if next(prosody.full_sessions) == nil then
+ do_reset();
+ end
+ end);
+end
+
+local console_env = module:shared("/*/admin_shell/env");
+console_env.debug_reset = {
+ reset = do_reset;
+};
diff --git a/plugins/mod_debug_stanzas/watcher.lib.lua b/plugins/mod_debug_stanzas/watcher.lib.lua
new file mode 100644
index 00000000..1e673648
--- /dev/null
+++ b/plugins/mod_debug_stanzas/watcher.lib.lua
@@ -0,0 +1,220 @@
+local filters = require "prosody.util.filters";
+local jid = require "prosody.util.jid";
+local set = require "prosody.util.set";
+
+local client_watchers = {};
+
+-- active_filters[session] = {
+-- filter_func = filter_func;
+-- downstream = { cb1, cb2, ... };
+-- }
+local active_filters = {};
+
+local function subscribe_session_stanzas(session, handler, reason)
+ if active_filters[session] then
+ table.insert(active_filters[session].downstream, handler);
+ if reason then
+ handler(reason, nil, session);
+ end
+ return;
+ end
+ local downstream = { handler };
+ active_filters[session] = {
+ filter_in = function (stanza)
+ module:log("debug", "NOTIFY WATCHER %d", #downstream);
+ for i = 1, #downstream do
+ downstream[i]("received", stanza, session);
+ end
+ return stanza;
+ end;
+ filter_out = function (stanza)
+ module:log("debug", "NOTIFY WATCHER %d", #downstream);
+ for i = 1, #downstream do
+ downstream[i]("sent", stanza, session);
+ end
+ return stanza;
+ end;
+ downstream = downstream;
+ };
+ filters.add_filter(session, "stanzas/in", active_filters[session].filter_in);
+ filters.add_filter(session, "stanzas/out", active_filters[session].filter_out);
+ if reason then
+ handler(reason, nil, session);
+ end
+end
+
+local function unsubscribe_session_stanzas(session, handler, reason)
+ local active_filter = active_filters[session];
+ if not active_filter then
+ return;
+ end
+ for i = #active_filter.downstream, 1, -1 do
+ if active_filter.downstream[i] == handler then
+ table.remove(active_filter.downstream, i);
+ if reason then
+ handler(reason, nil, session);
+ end
+ end
+ end
+ if #active_filter.downstream == 0 then
+ filters.remove_filter(session, "stanzas/in", active_filter.filter_in);
+ filters.remove_filter(session, "stanzas/out", active_filter.filter_out);
+ end
+ active_filters[session] = nil;
+end
+
+local function unsubscribe_all_from_session(session, reason)
+ local active_filter = active_filters[session];
+ if not active_filter then
+ return;
+ end
+ for i = #active_filter.downstream, 1, -1 do
+ local handler = table.remove(active_filter.downstream, i);
+ if reason then
+ handler(reason, nil, session);
+ end
+ end
+ filters.remove_filter(session, "stanzas/in", active_filter.filter_in);
+ filters.remove_filter(session, "stanzas/out", active_filter.filter_out);
+ active_filters[session] = nil;
+end
+
+local function unsubscribe_handler_from_all(handler, reason)
+ for session in pairs(active_filters) do
+ unsubscribe_session_stanzas(session, handler, reason);
+ end
+end
+
+local s2s_watchers = {};
+
+module:hook("s2sin-established", function (event)
+ for _, watcher in ipairs(s2s_watchers) do
+ if watcher.target_spec == event.session.from_host then
+ subscribe_session_stanzas(event.session, watcher.handler, "opened");
+ end
+ end
+end);
+
+module:hook("s2sout-established", function (event)
+ for _, watcher in ipairs(s2s_watchers) do
+ if watcher.target_spec == event.session.to_host then
+ subscribe_session_stanzas(event.session, watcher.handler, "opened");
+ end
+ end
+end);
+
+module:hook("s2s-closed", function (event)
+ unsubscribe_all_from_session(event.session, "closed");
+end);
+
+local watched_hosts = set.new();
+
+local handler_map = setmetatable({}, { __mode = "kv" });
+
+local function add_stanza_watcher(spec, orig_handler)
+ local function filtering_handler(event_type, stanza, session)
+ if stanza and spec.filter_spec then
+ if spec.filter_spec.with_jid then
+ if event_type == "sent" and (not stanza.attr.from or not jid.compare(stanza.attr.from, spec.filter_spec.with_jid)) then
+ return;
+ elseif event_type == "received" and (not stanza.attr.to or not jid.compare(stanza.attr.to, spec.filter_spec.with_jid)) then
+ return;
+ end
+ end
+ end
+ return orig_handler(event_type, stanza, session);
+ end
+ handler_map[orig_handler] = filtering_handler;
+ if spec.target_spec.jid then
+ local target_is_remote_host = not jid.node(spec.target_spec.jid) and not prosody.hosts[spec.target_spec.jid];
+
+ if target_is_remote_host then
+ -- Watch s2s sessions
+ table.insert(s2s_watchers, {
+ target_spec = spec.target_spec.jid;
+ handler = filtering_handler;
+ orig_handler = orig_handler;
+ });
+
+ -- Scan existing s2sin for matches
+ for session in pairs(prosody.incoming_s2s) do
+ if spec.target_spec.jid == session.from_host then
+ subscribe_session_stanzas(session, filtering_handler, "attached");
+ end
+ end
+ -- Scan existing s2sout for matches
+ for local_host, local_session in pairs(prosody.hosts) do --luacheck: ignore 213/local_host
+ for remote_host, remote_session in pairs(local_session.s2sout) do
+ if spec.target_spec.jid == remote_host then
+ subscribe_session_stanzas(remote_session, filtering_handler, "attached");
+ end
+ end
+ end
+ else
+ table.insert(client_watchers, {
+ target_spec = spec.target_spec.jid;
+ handler = filtering_handler;
+ orig_handler = orig_handler;
+ });
+ local host = jid.host(spec.target_spec.jid);
+ if not watched_hosts:contains(host) and prosody.hosts[host] then
+ module:context(host):hook("resource-bind", function (event)
+ for _, watcher in ipairs(client_watchers) do
+ module:log("debug", "NEW CLIENT: %s vs %s", event.session.full_jid, watcher.target_spec);
+ if jid.compare(event.session.full_jid, watcher.target_spec) then
+ module:log("debug", "MATCH");
+ subscribe_session_stanzas(event.session, watcher.handler, "opened");
+ else
+ module:log("debug", "NO MATCH");
+ end
+ end
+ end);
+
+ module:context(host):hook("resource-unbind", function (event)
+ unsubscribe_all_from_session(event.session, "closed");
+ end);
+
+ watched_hosts:add(host);
+ end
+ for full_jid, session in pairs(prosody.full_sessions) do
+ if jid.compare(full_jid, spec.target_spec.jid) then
+ subscribe_session_stanzas(session, filtering_handler, "attached");
+ end
+ end
+ end
+ else
+ error("No recognized target selector");
+ end
+end
+
+local function remove_stanza_watcher(orig_handler)
+ local handler = handler_map[orig_handler];
+ unsubscribe_handler_from_all(handler, "detached");
+ handler_map[orig_handler] = nil;
+
+ for i = #client_watchers, 1, -1 do
+ if client_watchers[i].orig_handler == orig_handler then
+ table.remove(client_watchers, i);
+ end
+ end
+
+ for i = #s2s_watchers, 1, -1 do
+ if s2s_watchers[i].orig_handler == orig_handler then
+ table.remove(s2s_watchers, i);
+ end
+ end
+end
+
+local function cleanup(reason)
+ client_watchers = {};
+ s2s_watchers = {};
+ for session in pairs(active_filters) do
+ unsubscribe_all_from_session(session, reason or "cancelled");
+ end
+end
+
+return {
+ add = add_stanza_watcher;
+ remove = remove_stanza_watcher;
+ cleanup = cleanup;
+};
diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index 66082333..a0a8bcb9 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -10,12 +10,12 @@ local hosts = _G.hosts;
local log = module._log;
-local st = require "util.stanza";
-local sha256_hash = require "util.hashes".sha256;
-local sha256_hmac = require "util.hashes".hmac_sha256;
-local secure_equals = require "util.hashes".equals;
-local nameprep = require "util.encodings".stringprep.nameprep;
-local uuid_gen = require"util.uuid".generate;
+local st = require "prosody.util.stanza";
+local sha256_hash = require "prosody.util.hashes".sha256;
+local sha256_hmac = require "prosody.util.hashes".hmac_sha256;
+local secure_equals = require "prosody.util.hashes".equals;
+local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local uuid_gen = require"prosody.util.uuid".generate;
local xmlns_stream = "http://etherx.jabber.org/streams";
diff --git a/plugins/mod_disco.lua b/plugins/mod_disco.lua
index 79249c52..540678e2 100644
--- a/plugins/mod_disco.lua
+++ b/plugins/mod_disco.lua
@@ -6,13 +6,12 @@
-- COPYING file in the source package for more information.
--
-local get_children = require "core.hostmanager".get_children;
-local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
-local um_is_admin = require "core.usermanager".is_admin;
-local jid_split = require "util.jid".split;
-local jid_bare = require "util.jid".bare;
-local st = require "util.stanza"
-local calculate_hash = require "util.caps".calculate_hash;
+local get_children = require "prosody.core.hostmanager".get_children;
+local is_contact_subscribed = require "prosody.core.rostermanager".is_contact_subscribed;
+local jid_split = require "prosody.util.jid".split;
+local jid_bare = require "prosody.util.jid".bare;
+local st = require "prosody.util.stanza"
+local calculate_hash = require "prosody.util.caps".calculate_hash;
local expose_admins = module:get_option_boolean("disco_expose_admins", false);
@@ -162,14 +161,16 @@ module:hook("s2s-stream-features", function (event)
end
end);
+module:default_permission("prosody:admin", ":be-discovered-admin");
+
-- Handle disco requests to user accounts
if module:get_host_type() ~= "local" then return end -- skip for components
module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(event)
local origin, stanza = event.origin, event.stanza;
local node = stanza.tags[1].attr.node;
local username = jid_split(stanza.attr.to) or origin.username;
- local is_admin = um_is_admin(stanza.attr.to or origin.full_jid, module.host)
- if not stanza.attr.to or (expose_admins and is_admin) or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then
+ local target_is_admin = module:may(":be-discovered-admin", stanza.attr.to or origin.full_jid);
+ if not stanza.attr.to or (expose_admins and target_is_admin) or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then
if node and node ~= "" then
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info', node=node});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
@@ -185,7 +186,7 @@ module:hook("iq-get/bare/http://jabber.org/protocol/disco#info:query", function(
end
local reply = st.reply(stanza):tag('query', {xmlns='http://jabber.org/protocol/disco#info'});
if not reply.attr.from then reply.attr.from = origin.username.."@"..origin.host; end -- COMPAT To satisfy Psi when querying own account
- if is_admin then
+ if target_is_admin then
reply:tag('identity', {category='account', type='admin'}):up();
elseif prosody.hosts[module.host].users.name == "anonymous" then
reply:tag('identity', {category='account', type='anonymous'}):up();
diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua
index ae418fd8..2d18fc99 100644
--- a/plugins/mod_external_services.lua
+++ b/plugins/mod_external_services.lua
@@ -1,11 +1,11 @@
-local dt = require "util.datetime";
-local base64 = require "util.encodings".base64;
-local hashes = require "util.hashes";
-local st = require "util.stanza";
-local jid = require "util.jid";
-local array = require "util.array";
-local set = require "util.set";
+local dt = require "prosody.util.datetime";
+local base64 = require "prosody.util.encodings".base64;
+local hashes = require "prosody.util.hashes";
+local st = require "prosody.util.stanza";
+local jid = require "prosody.util.jid";
+local array = require "prosody.util.array";
+local set = require "prosody.util.set";
local default_host = module:get_option_string("external_service_host", module.host);
local default_port = module:get_option_number("external_service_port");
@@ -16,7 +16,7 @@ local configured_services = module:get_option_array("external_services", {});
local access = module:get_option_set("external_service_access", {});
--- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
+-- https://datatracker.ietf.org/doc/html/draft-uberti-behave-turn-rest-00
local function behave_turn_rest_credentials(srv, item, secret)
local ttl = default_ttl;
if type(item.ttl) == "number" then
diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua
index 0c44f481..1a31c51f 100644
--- a/plugins/mod_groups.lua
+++ b/plugins/mod_groups.lua
@@ -10,8 +10,8 @@
local groups;
local members;
-local datamanager = require "util.datamanager";
-local jid_prep = require "util.jid".prep;
+local datamanager = require "prosody.util.datamanager";
+local jid_prep = require "prosody.util.jid".prep;
local module_host = module:get_host();
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 01bb1f6f..b50755df 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -11,19 +11,20 @@ pcall(function ()
module:depends("http_errors");
end);
-local portmanager = require "core.portmanager";
-local moduleapi = require "core.moduleapi";
+local portmanager = require "prosody.core.portmanager";
+local moduleapi = require "prosody.core.moduleapi";
local url_parse = require "socket.url".parse;
local url_build = require "socket.url".build;
-local normalize_path = require "util.http".normalize_path;
-local set = require "util.set";
+local normalize_path = require "prosody.util.http".normalize_path;
+local set = require "prosody.util.set";
+local array = require "util.array";
-local ip_util = require "util.ip";
+local ip_util = require "prosody.util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
-local server = require "net.http.server";
+local server = require "prosody.net.http.server";
server.set_default_host(module:get_option_string("http_default_host"));
@@ -112,12 +113,16 @@ function moduleapi.http_url(module, app_name, default_path)
return "http://disabled.invalid/";
end
+local function header_set_tostring(header_value)
+ return array(pairs(header_value._items)):concat(", ");
+end
+
local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin)
if allowed_origins and not allowed_origins[origin] then
return;
end
- response.headers.access_control_allow_methods = tostring(methods);
- response.headers.access_control_allow_headers = tostring(headers);
+ response.headers.access_control_allow_methods = header_set_tostring(methods);
+ response.headers.access_control_allow_headers = header_set_tostring(headers);
response.headers.access_control_max_age = tostring(max_age)
response.headers.access_control_allow_origin = origin or "*";
if allow_credentials then
diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua
index ec54860c..d0e61d79 100644
--- a/plugins/mod_http_errors.lua
+++ b/plugins/mod_http_errors.lua
@@ -1,9 +1,9 @@
module:set_global();
-local server = require "net.http.server";
-local codes = require "net.http.codes";
-local xml_escape = require "util.stanza".xml_escape;
-local render = require "util.interpolation".new("%b{}", xml_escape);
+local server = require "prosody.net.http.server";
+local codes = require "prosody.net.http.codes";
+local xml_escape = require "prosody.util.stanza".xml_escape;
+local render = require "prosody.util.interpolation".new("%b{}", xml_escape);
local show_private = module:get_option_boolean("http_errors_detailed", false);
local always_serve = module:get_option_boolean("http_errors_always_show", true);
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua
index b6200628..bc7962ad 100644
--- a/plugins/mod_http_file_share.lua
+++ b/plugins/mod_http_file_share.lua
@@ -8,18 +8,18 @@
-- Again, from the top!
local t_insert = table.insert;
-local jid = require "util.jid";
-local st = require "util.stanza";
+local jid = require "prosody.util.jid";
+local st = require "prosody.util.stanza";
local url = require "socket.url";
-local dm = require "core.storagemanager".olddm;
-local jwt = require "util.jwt";
-local errors = require "util.error";
-local dataform = require "util.dataforms".new;
-local urlencode = require "util.http".urlencode;
-local dt = require "util.datetime";
-local hi = require "util.human.units";
-local cache = require "util.cache";
+local dm = require "prosody.core.storagemanager".olddm;
+local errors = require "prosody.util.error";
+local dataform = require "prosody.util.dataforms".new;
+local urlencode = require "prosody.util.http".urlencode;
+local dt = require "prosody.util.datetime";
+local hi = require "prosody.util.human.units";
+local cache = require "prosody.util.cache";
local lfs = require "lfs";
+local parse_duration = require "prosody.util.human.io".parse_duration;
local unknown = math.abs(0/0);
local unlimited = math.huge;
@@ -35,15 +35,22 @@ local uploads = module:open_store("uploads", "archive");
local persist_stats = module:open_store("upload_stats", "map");
-- id, <request>, time, owner
-local secret = module:get_option_string(module.name.."_secret", require"util.id".long());
+local secret = module:get_option_string(module.name.."_secret", require"prosody.util.id".long());
local external_base_url = module:get_option_string(module.name .. "_base_url");
local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
local file_types = module:get_option_set(module.name .. "_allowed_file_types", {});
local safe_types = module:get_option_set(module.name .. "_safe_file_types", {"image/*","video/*","audio/*","text/plain"});
-local expiry = module:get_option_number(module.name .. "_expires_after", 7 * 86400);
+local expiry_str = module:get_option_string(module.name .. "_expires_after", "1w");
+local expiry, parse_err = parse_duration(expiry_str);
+if expiry == nil then
+ module:log("error", "Could not parse "..module.name.."_expire_after string %q: %s", expiry_str, parse_err);
+ return false;
+end
local daily_quota = module:get_option_number(module.name .. "_daily_quota", file_size_limit*10); -- 100 MB / day
local total_storage_limit = module:get_option_number(module.name.."_global_quota", unlimited);
+local create_jwt, verify_jwt = require "prosody.util.jwt".init("HS256", secret);
+
local access = module:get_option_set(module.name .. "_access", {});
if not external_base_url then
@@ -169,16 +176,13 @@ function may_upload(uploader, filename, filesize, filetype) -- > boolean, error
end
function get_authz(slot, uploader, filename, filesize, filetype)
-local now = os.time();
- return jwt.sign(secret, {
+ return create_jwt({
-- token properties
sub = uploader;
- iat = now;
- exp = now+300;
-- slot properties
slot = slot;
- expires = expiry >= 0 and (now+expiry) or nil;
+ expires = expiry >= 0 and (os.time()+expiry) or nil;
-- file properties
filename = filename;
filesize = filesize;
@@ -249,32 +253,34 @@ end
function handle_upload(event, path) -- PUT /upload/:slot
local request = event.request;
- local authz = request.headers.authorization;
- if authz then
- authz = authz:match("^Bearer (.*)")
- end
- if not authz then
- module:log("debug", "Missing or malformed Authorization header");
- event.response.headers.www_authenticate = "Bearer";
- return 401;
- end
- local authed, upload_info = jwt.verify(secret, authz);
- if not (authed and type(upload_info) == "table" and type(upload_info.exp) == "number") then
- module:log("debug", "Unauthorized or invalid token: %s, %q", authed, upload_info);
- return 401;
- end
- if not request.body_sink and upload_info.exp < os.time() then
- module:log("debug", "Authorization token expired on %s", dt.datetime(upload_info.exp));
- return 410;
- end
- if not path or upload_info.slot ~= path:match("^[^/]+") then
- module:log("debug", "Invalid upload slot: %q, path: %q", upload_info.slot, path);
- return 400;
- end
- if request.headers.content_length and tonumber(request.headers.content_length) ~= upload_info.filesize then
- return 413;
- -- Note: We don't know the size if the upload is streamed in chunked encoding,
- -- so we also check the final file size on completion.
+ local upload_info = request.http_file_share_upload_info;
+
+ if not upload_info then -- Initial handling of request
+ local authz = request.headers.authorization;
+ if authz then
+ authz = authz:match("^Bearer (.*)")
+ end
+ if not authz then
+ module:log("debug", "Missing or malformed Authorization header");
+ event.response.headers.www_authenticate = "Bearer";
+ return 401;
+ end
+ local authed, authed_upload_info = verify_jwt(authz);
+ if not authed then
+ module:log("debug", "Unauthorized or invalid token: %s, %q", authz, authed_upload_info);
+ return 401;
+ end
+ if not path or authed_upload_info.slot ~= path:match("^[^/]+") then
+ module:log("debug", "Invalid upload slot: %q, path: %q", authed_upload_info.slot, path);
+ return 400;
+ end
+ if request.headers.content_length and tonumber(request.headers.content_length) ~= authed_upload_info.filesize then
+ return 413;
+ -- Note: We don't know the size if the upload is streamed in chunked encoding,
+ -- so we also check the final file size on completion.
+ end
+ upload_info = authed_upload_info;
+ request.http_file_share_upload_info = upload_info;
end
local filename = get_filename(upload_info.slot, true);
@@ -452,9 +458,9 @@ end
if expiry >= 0 and not external_base_url then
-- TODO HTTP DELETE to the external endpoint?
- local array = require "util.array";
- local async = require "util.async";
- local ENOENT = require "util.pposix".ENOENT;
+ local array = require "prosody.util.array";
+ local async = require "prosody.util.async";
+ local ENOENT = require "prosody.util.pposix".ENOENT;
local function sleep(t)
local wait, done = async.waiter();
diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua
index b921116a..f91cde86 100644
--- a/plugins/mod_http_files.lua
+++ b/plugins/mod_http_files.lua
@@ -9,7 +9,7 @@
module:depends("http");
local open = io.open;
-local fileserver = require"net.http.files";
+local fileserver = require"prosody.net.http.files";
local base_path = module:get_option_path("http_files_dir", module:get_option_path("http_path"));
local cache_size = module:get_option_number("http_files_cache_size", 128);
@@ -74,12 +74,12 @@ function serve(opts)
if opts.index_files == nil then
opts.index_files = dir_indices;
end
- module:log("warn", "%s should be updated to use 'net.http.files' instead of mod_http_files", get_calling_module());
+ module:log("warn", "%s should be updated to use 'prosody.net.http.files' instead of mod_http_files", get_calling_module());
return fileserver.serve(opts);
end
function wrap_route(routes)
- module:log("debug", "%s should be updated to use 'net.http.files' instead of mod_http_files", get_calling_module());
+ module:log("debug", "%s should be updated to use 'prosody.net.http.files' instead of mod_http_files", get_calling_module());
for route,handler in pairs(routes) do
if type(handler) ~= "function" then
routes[route] = fileserver.serve(handler);
diff --git a/plugins/mod_http_openmetrics.lua b/plugins/mod_http_openmetrics.lua
index 0c204ff4..5f151521 100644
--- a/plugins/mod_http_openmetrics.lua
+++ b/plugins/mod_http_openmetrics.lua
@@ -8,8 +8,8 @@
module:set_global();
-local statsman = require "core.statsmanager";
-local ip = require "util.ip";
+local statsman = require "prosody.core.statsmanager";
+local ip = require "prosody.util.ip";
local get_metric_registry = statsman.get_metric_registry;
local collect = statsman.collect;
diff --git a/plugins/mod_invites.lua b/plugins/mod_invites.lua
index 881b851e..024b86cf 100644
--- a/plugins/mod_invites.lua
+++ b/plugins/mod_invites.lua
@@ -1,8 +1,8 @@
-local id = require "util.id";
-local it = require "util.iterators";
+local id = require "prosody.util.id";
+local it = require "prosody.util.iterators";
local url = require "socket.url";
-local jid_node = require "util.jid".node;
-local jid_split = require "util.jid".split;
+local jid_node = require "prosody.util.jid".node;
+local jid_split = require "prosody.util.jid".split;
local default_ttl = module:get_option_number("invite_expiry", 86400 * 7);
@@ -205,7 +205,7 @@ do
-- Since the console is global this overwrites the command for
-- each host it's loaded on, but this should be fine.
- local get_module = require "core.modulemanager".get_module;
+ local get_module = require "prosody.core.modulemanager".get_module;
local console_env = module:shared("/*/admin_shell/env");
@@ -238,8 +238,8 @@ function module.command(arg)
end
table.remove(arg, 1); -- pop command
- local sm = require "core.storagemanager";
- local mm = require "core.modulemanager";
+ local sm = require "prosody.core.storagemanager";
+ local mm = require "prosody.core.modulemanager";
local host = arg[1];
assert(prosody.hosts[host], "Host "..tostring(host).." does not exist");
@@ -257,7 +257,7 @@ function module.command(arg)
end
local allow_reset;
- local roles;
+ local roles = {};
local groups = {};
while #arg > 0 do
@@ -282,13 +282,13 @@ function module.command(arg)
print(" --group GROUPID Add the user to the group with the given ID")
print(" Can be specified multiple times")
print()
- print("--role and --admin override each other; the last one wins")
+ print("--role and --admin can be specified multiple times; the first role becomes the primary role, the rest become secondary roles")
print("--group can be specified multiple times; the user will be added to all groups.")
print()
print("--reset and the other options cannot be mixed.")
return 2
elseif value == "--reset" then
- local nodeprep = require "util.encodings".stringprep.nodeprep;
+ local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
local username = nodeprep(arg[1])
table.remove(arg, 1);
if not username then
@@ -297,14 +297,14 @@ function module.command(arg)
end
allow_reset = username;
elseif value == "--admin" then
- roles = { ["prosody:admin"] = true };
+ table.insert(roles, "prosody:admin");
elseif value == "--role" then
local rolename = arg[1];
if not rolename then
print("Please supply a role name");
return 2;
end
- roles = { [rolename] = true };
+ table.insert(roles, rolename);
table.remove(arg, 1);
elseif value == "--group" or value == "-g" then
local groupid = arg[1];
diff --git a/plugins/mod_invites_adhoc.lua b/plugins/mod_invites_adhoc.lua
index bd6f0c2e..5518743d 100644
--- a/plugins/mod_invites_adhoc.lua
+++ b/plugins/mod_invites_adhoc.lua
@@ -1,8 +1,7 @@
-- XEP-0401: Easy User Onboarding
-local dataforms = require "util.dataforms";
-local datetime = require "util.datetime";
-local split_jid = require "util.jid".split;
-local usermanager = require "core.usermanager";
+local dataforms = require "prosody.util.dataforms";
+local datetime = require "prosody.util.datetime";
+local split_jid = require "prosody.util.jid".split;
local new_adhoc = module:require("adhoc").new;
@@ -13,8 +12,7 @@ local allow_user_invites = module:get_option_boolean("allow_user_invites", false
-- on the server, use the option above instead.
local allow_contact_invites = module:get_option_boolean("allow_contact_invites", true);
-local allow_user_invite_roles = module:get_option_set("allow_user_invites_by_roles");
-local deny_user_invite_roles = module:get_option_set("deny_user_invites_by_roles");
+module:default_permission(allow_user_invites and "prosody:user" or "prosody:admin", ":invite-users");
local invites;
if prosody.shutdown then -- COMPAT hack to detect prosodyctl
@@ -42,36 +40,8 @@ local invite_result_form = dataforms.new({
-- This is for checking if the specified JID may create invites
-- that allow people to register accounts on this host.
-local function may_invite_new_users(jid)
- if usermanager.get_roles then
- local user_roles = usermanager.get_roles(jid, module.host);
- if not user_roles then
- -- User has no roles we can check, just return default
- return allow_user_invites;
- end
-
- if user_roles["prosody:admin"] then
- return true;
- end
- if allow_user_invite_roles then
- for allowed_role in allow_user_invite_roles do
- if user_roles[allowed_role] then
- return true;
- end
- end
- end
- if deny_user_invite_roles then
- for denied_role in deny_user_invite_roles do
- if user_roles[denied_role] then
- return false;
- end
- end
- end
- elseif usermanager.is_admin(jid, module.host) then -- COMPAT w/0.11
- return true; -- Admins may always create invitations
- end
- -- No role matches, so whatever the default is
- return allow_user_invites;
+local function may_invite_new_users(context)
+ return module:may(":invite-users", context);
end
module:depends("adhoc");
@@ -91,7 +61,7 @@ module:provides("adhoc", new_adhoc("Create new contact invite", "urn:xmpp:invite
};
};
end
- local invite = invites.create_contact(username, may_invite_new_users(data.from), {
+ local invite = invites.create_contact(username, may_invite_new_users(data), {
source = data.from
});
--TODO: check errors
diff --git a/plugins/mod_invites_register.lua b/plugins/mod_invites_register.lua
index d1d801ad..d9274ce4 100644
--- a/plugins/mod_invites_register.lua
+++ b/plugins/mod_invites_register.lua
@@ -1,7 +1,7 @@
-local st = require "util.stanza";
-local jid_split = require "util.jid".split;
-local jid_bare = require "util.jid".bare;
-local rostermanager = require "core.rostermanager";
+local st = require "prosody.util.stanza";
+local jid_split = require "prosody.util.jid".split;
+local jid_bare = require "prosody.util.jid".bare;
+local rostermanager = require "prosody.core.rostermanager";
local require_encryption = module:get_option_boolean("c2s_require_encryption",
module:get_option_boolean("require_encryption", true));
@@ -147,7 +147,20 @@ module:hook("user-registered", function (event)
if validated_invite.additional_data then
module:log("debug", "Importing roles from invite");
local roles = validated_invite.additional_data.roles;
- if roles then
+ if roles and roles[1] ~= nil then
+ local um = require "prosody.core.usermanager";
+ local ok, err = um.set_user_role(event.username, module.host, roles[1]);
+ if not ok then
+ module:log("error", "Could not set role %s for newly registered user %s: %s", roles[1], event.username, err);
+ end
+ for i = 2, #roles do
+ local ok, err = um.add_user_secondary_role(event.username, module.host, roles[i]);
+ if not ok then
+ module:log("warn", "Could not add secondary role %s for newly registered user %s: %s", roles[i], event.username, err);
+ end
+ end
+ elseif roles and type(next(roles)) == "string" then
+ module:log("warn", "Invite carries legacy, migration required for user '%s' for role set %q to take effect", event.username, roles);
module:open_store("roles"):set(contact_username, roles);
end
end
diff --git a/plugins/mod_iq.lua b/plugins/mod_iq.lua
index 87c3a467..77969147 100644
--- a/plugins/mod_iq.lua
+++ b/plugins/mod_iq.lua
@@ -7,7 +7,7 @@
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local full_sessions = prosody.full_sessions;
diff --git a/plugins/mod_lastactivity.lua b/plugins/mod_lastactivity.lua
index 91d11bd2..e41bc02a 100644
--- a/plugins/mod_lastactivity.lua
+++ b/plugins/mod_lastactivity.lua
@@ -6,10 +6,10 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
-local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
+local st = require "prosody.util.stanza";
+local is_contact_subscribed = require "prosody.core.rostermanager".is_contact_subscribed;
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
module:add_feature("jabber:iq:last");
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index 52f2c143..048cd3e1 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -8,17 +8,17 @@
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local t_concat = table.concat;
local secure_auth_only = module:get_option("c2s_require_encryption",
module:get_option("require_encryption", true))
or not(module:get_option("allow_unencrypted_plain_auth"));
-local sessionmanager = require "core.sessionmanager";
-local usermanager = require "core.usermanager";
-local nodeprep = require "util.encodings".stringprep.nodeprep;
-local resourceprep = require "util.encodings".stringprep.resourceprep;
+local sessionmanager = require "prosody.core.sessionmanager";
+local usermanager = require "prosody.core.usermanager";
+local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
+local resourceprep = require "prosody.util.encodings".stringprep.resourceprep;
module:add_feature("jabber:iq:auth");
module:hook("stream-features", function(event)
diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua
index 4f1b618e..73f92b34 100644
--- a/plugins/mod_limits.lua
+++ b/plugins/mod_limits.lua
@@ -1,9 +1,9 @@
-- Because we deal with pre-authed sessions and streams we can't be host-specific
module:set_global();
-local filters = require "util.filters";
-local throttle = require "util.throttle";
-local timer = require "util.timer";
+local filters = require "prosody.util.filters";
+local throttle = require "prosody.util.throttle";
+local timer = require "prosody.util.timer";
local ceil = math.ceil;
local limits_cfg = module:get_option("limits", {});
diff --git a/plugins/mod_mam/mamprefsxml.lib.lua b/plugins/mod_mam/mamprefsxml.lib.lua
index c408fbea..b325e886 100644
--- a/plugins/mod_mam/mamprefsxml.lib.lua
+++ b/plugins/mod_mam/mamprefsxml.lib.lua
@@ -10,8 +10,8 @@
-- XEP-0313: Message Archive Management for Prosody
--
-local st = require"util.stanza";
-local jid_prep = require"util.jid".prep;
+local st = require"prosody.util.stanza";
+local jid_prep = require"prosody.util.jid".prep;
local xmlns_mam = "urn:xmpp:mam:2";
local default_attrs = {
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua
index bebee812..ea9de2a7 100644
--- a/plugins/mod_mam/mod_mam.lua
+++ b/plugins/mod_mam/mod_mam.lua
@@ -15,28 +15,29 @@ local xmlns_delay = "urn:xmpp:delay";
local xmlns_forward = "urn:xmpp:forward:0";
local xmlns_st_id = "urn:xmpp:sid:0";
-local um = require "core.usermanager";
-local st = require "util.stanza";
-local rsm = require "util.rsm";
+local um = require "prosody.core.usermanager";
+local st = require "prosody.util.stanza";
+local rsm = require "prosody.util.rsm";
local get_prefs = module:require"mamprefs".get;
local set_prefs = module:require"mamprefs".set;
local prefs_to_stanza = module:require"mamprefsxml".tostanza;
local prefs_from_stanza = module:require"mamprefsxml".fromstanza;
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
-local jid_resource = require "util.jid".resource;
-local jid_prepped_split = require "util.jid".prepped_split;
-local dataform = require "util.dataforms".new;
-local get_form_type = require "util.dataforms".get_type;
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
+local jid_resource = require "prosody.util.jid".resource;
+local jid_prepped_split = require "prosody.util.jid".prepped_split;
+local dataform = require "prosody.util.dataforms".new;
+local get_form_type = require "prosody.util.dataforms".get_type;
local host = module.host;
-local rm_load_roster = require "core.rostermanager".load_roster;
+local rm_load_roster = require "prosody.core.rostermanager".load_roster;
local is_stanza = st.is_stanza;
local tostring = tostring;
-local time_now = os.time;
+local time_now = require "prosody.util.time".now;
local m_min = math.min;
local timestamp, datestamp = import( "util.datetime", "datetime", "date");
+local parse_duration = require "util.human.io".parse_duration;
local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50);
local strip_tags = module:get_option_set("dont_archive_namespaces", { "http://jabber.org/protocol/chatstates" });
@@ -53,8 +54,12 @@ if not archive.find then
end
local use_total = module:get_option_boolean("mam_include_total", true);
-function schedule_cleanup()
- -- replaced later if cleanup is enabled
+function schedule_cleanup(_username, _date) -- luacheck: ignore 212
+ -- Called to make a note of which users have messages on which days, which in
+ -- turn is used to optimize the message expiry routine.
+ --
+ -- This noop is conditionally replaced later depending on retention settings
+ -- and storage backend capabilities.
end
-- Handle prefs.
@@ -506,15 +511,12 @@ if cleanup_after ~= "never" then
local cleanup_storage = module:open_store("archive_cleanup");
local cleanup_map = module:open_store("archive_cleanup", "map");
- local day = 86400;
- local multipliers = { d = day, w = day * 7, m = 31 * day, y = 365.2425 * day };
- local n, m = cleanup_after:lower():match("(%d+)%s*([dwmy]?)");
- if not n then
- module:log("error", "Could not parse archive_expires_after string %q", cleanup_after);
+ local cleanup_after_seconds, parse_err = parse_duration(cleanup_after);
+ if parse_err ~= nil then
+ module:log("error", "Could not parse archive_expires_after string %q: %s", cleanup_after, parse_err);
return false;
end
-
- cleanup_after = tonumber(n) * ( multipliers[m] or 1 );
+ cleanup_after = cleanup_after_seconds;
module:log("debug", "archive_expires_after = %d -- in seconds", cleanup_after);
@@ -528,7 +530,7 @@ if cleanup_after ~= "never" then
-- outside the cleanup range.
if not (archive.caps and archive.caps.wildcard_delete) then
- local last_date = require "util.cache".new(module:get_option_number("archive_cleanup_date_cache_size", 1000));
+ local last_date = require "prosody.util.cache".new(module:get_option_number("archive_cleanup_date_cache_size", 1000));
function schedule_cleanup(username, date)
date = date or datestamp();
if last_date:get(username) == date then return end
@@ -541,7 +543,7 @@ if cleanup_after ~= "never" then
local cleanup_time = module:measure("cleanup", "times");
- local async = require "util.async";
+ local async = require "prosody.util.async";
module:daily("Remove expired messages", function ()
local cleanup_done = cleanup_time();
diff --git a/plugins/mod_message.lua b/plugins/mod_message.lua
index 9c07e796..aa9f5c2d 100644
--- a/plugins/mod_message.lua
+++ b/plugins/mod_message.lua
@@ -10,10 +10,10 @@
local full_sessions = prosody.full_sessions;
local bare_sessions = prosody.bare_sessions;
-local st = require "util.stanza";
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
-local user_exists = require "core.usermanager".user_exists;
+local st = require "prosody.util.stanza";
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
+local user_exists = require "prosody.core.usermanager".user_exists;
local function process_to_bare(bare, origin, stanza)
local user = bare_sessions[bare];
diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua
index ab7612cb..52a070f5 100644
--- a/plugins/mod_mimicking.lua
+++ b/plugins/mod_mimicking.lua
@@ -6,13 +6,13 @@
-- COPYING file in the source package for more information.
--
-local encodings = require "util.encodings";
+local encodings = require "prosody.util.encodings";
assert(encodings.confusable, "This module requires that Prosody be built with ICU");
local skeleton = encodings.confusable.skeleton;
-local usage = require "util.prosodyctl".show_usage;
-local usermanager = require "core.usermanager";
-local storagemanager = require "core.storagemanager";
+local usage = require "prosody.util.prosodyctl".show_usage;
+local usermanager = require "prosody.core.usermanager";
+local storagemanager = require "prosody.core.storagemanager";
local skeletons
function module.load()
diff --git a/plugins/mod_motd.lua b/plugins/mod_motd.lua
index 47e64be3..bee0820c 100644
--- a/plugins/mod_motd.lua
+++ b/plugins/mod_motd.lua
@@ -13,7 +13,7 @@ local motd_jid = module:get_option_string("motd_jid", host);
if not motd_text then return; end
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
motd_text = motd_text:gsub("^%s*(.-)%s*$", "%1"):gsub("\n[ \t]+", "\n"); -- Strip indentation from the config
diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua
index 1c34b8af..6d91d0ed 100644
--- a/plugins/mod_muc_mam.lua
+++ b/plugins/mod_muc_mam.lua
@@ -16,22 +16,22 @@ local xmlns_st_id = "urn:xmpp:sid:0";
local xmlns_muc_user = "http://jabber.org/protocol/muc#user";
local muc_form_enable = "muc#roomconfig_enablearchiving"
-local st = require "util.stanza";
-local rsm = require "util.rsm";
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
-local jid_prep = require "util.jid".prep;
-local dataform = require "util.dataforms".new;
-local get_form_type = require "util.dataforms".get_type;
+local st = require "prosody.util.stanza";
+local rsm = require "prosody.util.rsm";
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
+local jid_prep = require "prosody.util.jid".prep;
+local dataform = require "prosody.util.dataforms".new;
+local get_form_type = require "prosody.util.dataforms".get_type;
local mod_muc = module:depends"muc";
local get_room_from_jid = mod_muc.get_room_from_jid;
local is_stanza = st.is_stanza;
local tostring = tostring;
-local time_now = os.time;
+local time_now = require "prosody.util.time".now;
local m_min = math.min;
-local timestamp, datestamp = import("util.datetime", "datetime", "date");
+local timestamp, datestamp = import("prosody.util.datetime", "datetime", "date");
local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50);
local cleanup_after = module:get_option_string("muc_log_expires_after", "1w");
@@ -492,7 +492,7 @@ if cleanup_after ~= "never" then
-- messages, we collect the union of sets of rooms from dates that fall
-- outside the cleanup range.
- local last_date = require "util.cache".new(module:get_option_number("muc_log_cleanup_date_cache_size", 1000));
+ local last_date = require "prosody.util.cache".new(module:get_option_number("muc_log_cleanup_date_cache_size", 1000));
if not ( archive.caps and archive.caps.wildcard_delete ) then
function schedule_cleanup(roomname, date)
date = date or datestamp();
@@ -506,7 +506,7 @@ if cleanup_after ~= "never" then
local cleanup_time = module:measure("cleanup", "times");
- local async = require "util.async";
+ local async = require "prosody.util.async";
module:daily("Remove expired messages", function ()
local cleanup_done = cleanup_time();
diff --git a/plugins/mod_muc_unique.lua b/plugins/mod_muc_unique.lua
index 13284745..62ec74b8 100644
--- a/plugins/mod_muc_unique.lua
+++ b/plugins/mod_muc_unique.lua
@@ -1,6 +1,6 @@
-- XEP-0307: Unique Room Names for Multi-User Chat
-local st = require "util.stanza";
-local unique_name = require "util.id".medium;
+local st = require "prosody.util.stanza";
+local unique_name = require "prosody.util.id".medium;
module:add_feature "http://jabber.org/protocol/muc#unique"
module:hook("iq-get/host/http://jabber.org/protocol/muc#unique:unique", function(event)
local origin, stanza = event.origin, event.stanza;
diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua
index ddd58463..767b22c8 100644
--- a/plugins/mod_net_multiplex.lua
+++ b/plugins/mod_net_multiplex.lua
@@ -1,10 +1,10 @@
module:set_global();
-local array = require "util.array";
+local array = require "prosody.util.array";
local max_buffer_len = module:get_option_number("multiplex_buffer_size", 1024);
local default_mode = module:get_option_number("network_default_read_size", 4096);
-local portmanager = require "core.portmanager";
+local portmanager = require "prosody.core.portmanager";
local available_services = {};
local service_by_protocol = {};
diff --git a/plugins/mod_offline.lua b/plugins/mod_offline.lua
index dffe8357..b71bbfd9 100644
--- a/plugins/mod_offline.lua
+++ b/plugins/mod_offline.lua
@@ -7,8 +7,8 @@
--
-local datetime = require "util.datetime";
-local jid_split = require "util.jid".split;
+local datetime = require "prosody.util.datetime";
+local jid_split = require "prosody.util.jid".split;
local offline_messages = module:open_store("offline", "archive");
diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua
index 71e45e7c..dc4b72c3 100644
--- a/plugins/mod_pep.lua
+++ b/plugins/mod_pep.lua
@@ -1,16 +1,16 @@
-local pubsub = require "util.pubsub";
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
-local jid_join = require "util.jid".join;
-local set_new = require "util.set".new;
-local st = require "util.stanza";
-local calculate_hash = require "util.caps".calculate_hash;
-local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
-local cache = require "util.cache";
-local set = require "util.set";
-local new_id = require "util.id".medium;
-local storagemanager = require "core.storagemanager";
-local usermanager = require "core.usermanager";
+local pubsub = require "prosody.util.pubsub";
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
+local jid_join = require "prosody.util.jid".join;
+local set_new = require "prosody.util.set".new;
+local st = require "prosody.util.stanza";
+local calculate_hash = require "prosody.util.caps".calculate_hash;
+local is_contact_subscribed = require "prosody.core.rostermanager".is_contact_subscribed;
+local cache = require "prosody.util.cache";
+local set = require "prosody.util.set";
+local new_id = require "prosody.util.id".medium;
+local storagemanager = require "prosody.core.storagemanager";
+local usermanager = require "prosody.core.usermanager";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
local xmlns_pubsub_event = "http://jabber.org/protocol/pubsub#event";
@@ -136,10 +136,14 @@ end
local function get_broadcaster(username)
local user_bare = jid_join(username, host);
local function simple_broadcast(kind, node, jids, item, _, node_obj)
+ local expose_publisher;
if node_obj then
if node_obj.config["notify_"..kind] == false then
return;
end
+ if node_obj.config.itemreply == "publisher" then
+ expose_publisher = true;
+ end
end
if kind == "retract" then
kind = "items"; -- XEP-0060 signals retraction in an <items> container
@@ -151,6 +155,9 @@ local function get_broadcaster(username)
if node_obj and node_obj.config.include_payload == false then
item:maptags(function () return nil; end);
end
+ if not expose_publisher then
+ item.attr.publisher = nil;
+ end
end
end
@@ -306,7 +313,7 @@ local function resend_last_item(jid, node, service)
if ok and config.send_last_published_item ~= "on_sub_and_presence" then return end
local ok, id, item = service:get_last_item(node, jid);
if not (ok and id) then return; end
- service.config.broadcaster("items", node, { [jid] = true }, item);
+ service.config.broadcaster("items", node, { [jid] = true }, item, true, service.nodes[node], service);
end
local function update_subscriptions(recipient, service_name, nodes)
diff --git a/plugins/mod_pep_simple.lua b/plugins/mod_pep_simple.lua
index e686b99b..a196a0ff 100644
--- a/plugins/mod_pep_simple.lua
+++ b/plugins/mod_pep_simple.lua
@@ -7,15 +7,15 @@
--
-local jid_bare = require "util.jid".bare;
-local jid_split = require "util.jid".split;
-local st = require "util.stanza";
-local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed;
+local jid_bare = require "prosody.util.jid".bare;
+local jid_split = require "prosody.util.jid".split;
+local st = require "prosody.util.stanza";
+local is_contact_subscribed = require "prosody.core.rostermanager".is_contact_subscribed;
local pairs = pairs;
local next = next;
local type = type;
-local unpack = table.unpack or unpack; -- luacheck: ignore 113
-local calculate_hash = require "util.caps".calculate_hash;
+local unpack = table.unpack;
+local calculate_hash = require "prosody.util.caps".calculate_hash;
local core_post_stanza = prosody.core_post_stanza;
local bare_sessions = prosody.bare_sessions;
diff --git a/plugins/mod_ping.lua b/plugins/mod_ping.lua
index b6ccc928..018f815a 100644
--- a/plugins/mod_ping.lua
+++ b/plugins/mod_ping.lua
@@ -6,7 +6,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
module:add_feature("urn:xmpp:ping");
diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua
index 7f048be3..3aa6a895 100644
--- a/plugins/mod_posix.lua
+++ b/plugins/mod_posix.lua
@@ -9,13 +9,13 @@
local want_pposix_version = "0.4.0";
-local pposix = assert(require "util.pposix");
+local pposix = assert(require "prosody.util.pposix");
if pposix._VERSION ~= want_pposix_version then
module:log("warn", "Unknown version (%s) of binary pposix module, expected %s."
.. "Perhaps you need to recompile?", tostring(pposix._VERSION), want_pposix_version);
end
-local have_signal, signal = pcall(require, "util.signal");
+local have_signal, signal = pcall(require, "prosody.util.signal");
if not have_signal then
module:log("warn", "Couldn't load signal library, won't respond to SIGTERM");
end
@@ -97,7 +97,7 @@ if daemonize == nil then
end
local function remove_log_sinks()
- local lm = require "core.loggingmanager";
+ local lm = require "prosody.core.loggingmanager";
lm.register_sink_type("console", nil);
lm.register_sink_type("stdout", nil);
lm.reload_logging();
diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua
index 3f9a0c12..f939fa00 100644
--- a/plugins/mod_presence.lua
+++ b/plugins/mod_presence.lua
@@ -15,19 +15,19 @@ local tonumber = tonumber;
local core_post_stanza = prosody.core_post_stanza;
local core_process_stanza = prosody.core_process_stanza;
-local st = require "util.stanza";
-local jid_split = require "util.jid".split;
-local jid_bare = require "util.jid".bare;
-local datetime = require "util.datetime";
+local st = require "prosody.util.stanza";
+local jid_split = require "prosody.util.jid".split;
+local jid_bare = require "prosody.util.jid".bare;
+local datetime = require "prosody.util.datetime";
local hosts = prosody.hosts;
local bare_sessions = prosody.bare_sessions;
local full_sessions = prosody.full_sessions;
local NULL = {};
-local rostermanager = require "core.rostermanager";
-local sessionmanager = require "core.sessionmanager";
+local rostermanager = require "prosody.core.rostermanager";
+local sessionmanager = require "prosody.core.sessionmanager";
-local recalc_resource_map = require "util.presence".recalc_resource_map;
+local recalc_resource_map = require "prosody.util.presence".recalc_resource_map;
local ignore_presence_priority = module:get_option_boolean("ignore_presence_priority", false);
diff --git a/plugins/mod_private.lua b/plugins/mod_private.lua
index 6046d490..2359494c 100644
--- a/plugins/mod_private.lua
+++ b/plugins/mod_private.lua
@@ -7,7 +7,7 @@
--
-local st = require "util.stanza"
+local st = require "prosody.util.stanza"
local private_storage = module:open_store("private", "map");
diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua
index 069ce0a9..38acc79a 100644
--- a/plugins/mod_proxy65.lua
+++ b/plugins/mod_proxy65.lua
@@ -9,11 +9,11 @@
module:set_global();
-local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep;
-local st = require "util.stanza";
-local sha1 = require "util.hashes".sha1;
-local server = require "net.server";
-local portmanager = require "core.portmanager";
+local jid_compare, jid_prep = require "prosody.util.jid".compare, require "prosody.util.jid".prep;
+local st = require "prosody.util.stanza";
+local sha1 = require "prosody.util.hashes".sha1;
+local server = require "prosody.net.server";
+local portmanager = require "prosody.core.portmanager";
local sessions = module:shared("sessions");
local transfers = module:shared("transfers");
diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua
index ef31f326..088f6a87 100644
--- a/plugins/mod_pubsub/mod_pubsub.lua
+++ b/plugins/mod_pubsub/mod_pubsub.lua
@@ -1,10 +1,9 @@
-local pubsub = require "util.pubsub";
-local st = require "util.stanza";
-local jid_bare = require "util.jid".bare;
-local usermanager = require "core.usermanager";
-local new_id = require "util.id".medium;
-local storagemanager = require "core.storagemanager";
-local xtemplate = require "util.xtemplate";
+local pubsub = require "prosody.util.pubsub";
+local st = require "prosody.util.stanza";
+local jid_bare = require "prosody.util.jid".bare;
+local new_id = require "prosody.util.id".medium;
+local storagemanager = require "prosody.core.storagemanager";
+local xtemplate = require "prosody.util.xtemplate";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
local xmlns_pubsub_event = "http://jabber.org/protocol/pubsub#event";
@@ -13,7 +12,7 @@ local xmlns_pubsub_owner = "http://jabber.org/protocol/pubsub#owner";
local autocreate_on_publish = module:get_option_boolean("autocreate_on_publish", false);
local autocreate_on_subscribe = module:get_option_boolean("autocreate_on_subscribe", false);
local pubsub_disco_name = module:get_option_string("name", "Prosody PubSub Service");
-local expose_publisher = module:get_option_boolean("expose_publisher", false)
+local service_expose_publisher = module:get_option_boolean("expose_publisher")
local service;
@@ -82,7 +81,11 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj, service) --lu
if node_obj and node_obj.config.include_payload == false then
item:maptags(function () return nil; end);
end
- if not expose_publisher then
+ local node_expose_publisher = service_expose_publisher;
+ if node_expose_publisher == nil and node_obj and node_obj.config.itemreply == "publisher" then
+ node_expose_publisher = true;
+ end
+ if not node_expose_publisher then
item.attr.publisher = nil;
elseif not item.attr.publisher and actor ~= true then
item.attr.publisher = service.config.normalize_jid(actor);
@@ -177,9 +180,10 @@ module:hook("host-disco-items", function (event)
end);
local admin_aff = module:get_option_string("default_admin_affiliation", "owner");
+module:default_permission("prosody:admin", ":service-admin");
local function get_affiliation(jid)
local bare_jid = jid_bare(jid);
- if bare_jid == module.host or usermanager.is_admin(bare_jid, module.host) then
+ if bare_jid == module.host or module:may(":service-admin", bare_jid) then
return admin_aff;
end
end
@@ -192,7 +196,7 @@ function set_service(new_service)
service = new_service;
service.config.autocreate_on_publish = autocreate_on_publish;
service.config.autocreate_on_subscribe = autocreate_on_subscribe;
- service.config.expose_publisher = expose_publisher;
+ service.config.expose_publisher = service_expose_publisher;
service.config.nodestore = node_store;
service.config.itemstore = create_simple_itemstore;
@@ -219,7 +223,7 @@ function module.load()
set_service(pubsub.new({
autocreate_on_publish = autocreate_on_publish;
autocreate_on_subscribe = autocreate_on_subscribe;
- expose_publisher = expose_publisher;
+ expose_publisher = service_expose_publisher;
node_defaults = {
["persist_items"] = true;
diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua
index 83cef808..c8b2469b 100644
--- a/plugins/mod_pubsub/pubsub.lib.lua
+++ b/plugins/mod_pubsub/pubsub.lib.lua
@@ -1,13 +1,13 @@
-local t_unpack = table.unpack or unpack; -- luacheck: ignore 113
+local t_unpack = table.unpack;
local time_now = os.time;
-local jid_prep = require "util.jid".prep;
-local set = require "util.set";
-local st = require "util.stanza";
-local it = require "util.iterators";
-local uuid_generate = require "util.uuid".generate;
-local dataform = require"util.dataforms".new;
-local errors = require "util.error";
+local jid_prep = require "prosody.util.jid".prep;
+local set = require "prosody.util.set";
+local st = require "prosody.util.stanza";
+local it = require "prosody.util.iterators";
+local uuid_generate = require "prosody.util.uuid".generate;
+local dataform = require"prosody.util.dataforms".new;
+local errors = require "prosody.util.error";
local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
local xmlns_pubsub_errors = "http://jabber.org/protocol/pubsub#errors";
@@ -164,6 +164,17 @@ local node_config_form = dataform {
var = "pubsub#notify_retract";
value = true;
};
+ {
+ type = "list-single";
+ label = "Specify whose JID to include as the publisher of items";
+ name = "itemreply";
+ var = "pubsub#itemreply";
+ options = {
+ { label = "Include the node owner's JID", value = "owner" };
+ { label = "Include the item publisher's JID", value = "publisher" };
+ { label = "Don't include any JID with items", value = "none", default = true };
+ };
+ };
};
_M.node_config_form = node_config_form;
@@ -347,6 +358,13 @@ function handlers.get_items(origin, stanza, items, service)
origin.send(pubsub_error_reply(stanza, "nodeid-required"));
return true;
end
+
+ local node_obj = service.nodes[node];
+ if not node_obj then
+ origin.send(pubsub_error_reply(stanza, "item-not-found"));
+ return true;
+ end
+
local resultspec; -- TODO rsm.get()
if items.attr.max_items then
resultspec = { max = tonumber(items.attr.max_items) };
@@ -358,6 +376,9 @@ function handlers.get_items(origin, stanza, items, service)
end
local expose_publisher = service.config.expose_publisher;
+ if expose_publisher == nil and node_obj.config.itemreply == "publisher" then
+ expose_publisher = true;
+ end
local data = st.stanza("items", { node = node });
local iter, v, i = ipairs(results);
@@ -678,8 +699,7 @@ end
function handlers.set_retract(origin, stanza, retract, service)
local node, notify = retract.attr.node, retract.attr.notify;
notify = (notify == "1") or (notify == "true");
- local item = retract:get_child("item");
- local id = item and item.attr.id
+ local id = retract:get_child_attr("item", nil, "id");
if not (node and id) then
origin.send(pubsub_error_reply(stanza, node and "item-not-found" or "nodeid-required"));
return true;
diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua
index 8042de7e..1f3f2818 100644
--- a/plugins/mod_register_ibr.lua
+++ b/plugins/mod_register_ibr.lua
@@ -7,14 +7,14 @@
--
-local st = require "util.stanza";
-local dataform_new = require "util.dataforms".new;
-local usermanager_user_exists = require "core.usermanager".user_exists;
-local usermanager_create_user = require "core.usermanager".create_user;
-local usermanager_set_password = require "core.usermanager".create_user;
-local usermanager_delete_user = require "core.usermanager".delete_user;
-local nodeprep = require "util.encodings".stringprep.nodeprep;
-local util_error = require "util.error";
+local st = require "prosody.util.stanza";
+local dataform_new = require "prosody.util.dataforms".new;
+local usermanager_user_exists = require "prosody.core.usermanager".user_exists;
+local usermanager_create_user = require "prosody.core.usermanager".create_user;
+local usermanager_set_password = require "prosody.core.usermanager".create_user;
+local usermanager_delete_user = require "prosody.core.usermanager".delete_user;
+local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
+local util_error = require "prosody.util.error";
local additional_fields = module:get_option("additional_registration_fields", {});
local require_encryption = module:get_option_boolean("c2s_require_encryption",
diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua
index cb430f7f..b3c6806c 100644
--- a/plugins/mod_register_limits.lua
+++ b/plugins/mod_register_limits.lua
@@ -7,13 +7,13 @@
--
-local create_throttle = require "util.throttle".create;
-local new_cache = require "util.cache".new;
-local ip_util = require "util.ip";
+local create_throttle = require "prosody.util.throttle".create;
+local new_cache = require "prosody.util.cache".new;
+local ip_util = require "prosody.util.ip";
local new_ip = ip_util.new_ip;
local match_ip = ip_util.match;
local parse_cidr = ip_util.parse_cidr;
-local errors = require "util.error";
+local errors = require "prosody.util.error";
-- COMPAT drop old option names
local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations");
diff --git a/plugins/mod_roster.lua b/plugins/mod_roster.lua
index 37fa197a..53b404f7 100644
--- a/plugins/mod_roster.lua
+++ b/plugins/mod_roster.lua
@@ -7,18 +7,18 @@
--
-local st = require "util.stanza"
+local st = require "prosody.util.stanza"
-local jid_split = require "util.jid".split;
-local jid_resource = require "util.jid".resource;
-local jid_prep = require "util.jid".prep;
+local jid_split = require "prosody.util.jid".split;
+local jid_resource = require "prosody.util.jid".resource;
+local jid_prep = require "prosody.util.jid".prep;
local tonumber = tonumber;
local pairs = pairs;
-local rm_load_roster = require "core.rostermanager".load_roster;
-local rm_remove_from_roster = require "core.rostermanager".remove_from_roster;
-local rm_add_to_roster = require "core.rostermanager".add_to_roster;
-local rm_roster_push = require "core.rostermanager".roster_push;
+local rm_load_roster = require "prosody.core.rostermanager".load_roster;
+local rm_remove_from_roster = require "prosody.core.rostermanager".remove_from_roster;
+local rm_add_to_roster = require "prosody.core.rostermanager".add_to_roster;
+local rm_roster_push = require "prosody.core.rostermanager".roster_push;
module:add_feature("jabber:iq:roster");
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 300a747e..484c01eb 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -16,23 +16,23 @@ local tostring, type = tostring, type;
local t_insert = table.insert;
local traceback = debug.traceback;
-local add_task = require "util.timer".add_task;
-local stop_timer = require "util.timer".stop;
-local st = require "util.stanza";
-local initialize_filters = require "util.filters".initialize;
-local nameprep = require "util.encodings".stringprep.nameprep;
-local new_xmpp_stream = require "util.xmppstream".new;
-local s2s_new_incoming = require "core.s2smanager".new_incoming;
-local s2s_new_outgoing = require "core.s2smanager".new_outgoing;
-local s2s_destroy_session = require "core.s2smanager".destroy_session;
-local uuid_gen = require "util.uuid".generate;
-local async = require "util.async";
+local add_task = require "prosody.util.timer".add_task;
+local stop_timer = require "prosody.util.timer".stop;
+local st = require "prosody.util.stanza";
+local initialize_filters = require "prosody.util.filters".initialize;
+local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local new_xmpp_stream = require "prosody.util.xmppstream".new;
+local s2s_new_incoming = require "prosody.core.s2smanager".new_incoming;
+local s2s_new_outgoing = require "prosody.core.s2smanager".new_outgoing;
+local s2s_destroy_session = require "prosody.core.s2smanager".destroy_session;
+local uuid_gen = require "prosody.util.uuid".generate;
+local async = require "prosody.util.async";
local runner = async.runner;
-local connect = require "net.connect".connect;
-local service = require "net.resolvers.service";
-local resolver_chain = require "net.resolvers.chain";
-local errors = require "util.error";
-local set = require "util.set";
+local connect = require "prosody.net.connect".connect;
+local service = require "prosody.net.resolvers.service";
+local resolver_chain = require "prosody.net.resolvers.chain";
+local errors = require "prosody.util.error";
+local set = require "prosody.util.set";
local connect_timeout = module:get_option_number("s2s_timeout", 90);
local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5);
@@ -146,17 +146,17 @@ local function bounce_sendq(session, reason)
elseif type(reason) == "string" then
reason_text = reason;
end
- for i, data in ipairs(sendq) do
- local reply = data[2];
- if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then
- reply.attr.type = "error";
- reply:tag("error", {type = error_type, by = session.from_host})
- :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up();
- if reason_text then
- reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"})
- :text("Server-to-server connection failed: "..reason_text):up();
- end
+ for i, stanza in ipairs(sendq) do
+ if not stanza.attr.xmlns and bouncy_stanzas[stanza.name] and stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then
+ local reply = st.error_reply(
+ stanza,
+ error_type,
+ condition,
+ reason_text and ("Server-to-server connection failed: "..reason_text) or nil
+ );
core_process_stanza(dummy, reply);
+ else
+ (session.log or log)("debug", "Not eligible for bouncing, discarding %s", stanza:top_tag());
end
sendq[i] = nil;
end
@@ -182,15 +182,11 @@ function route_to_existing_session(event)
(host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host);
-- Queue stanza until we are able to send it
- local queued_item = {
- tostring(stanza),
- stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza);
- };
if host.sendq then
- t_insert(host.sendq, queued_item);
+ t_insert(host.sendq, st.clone(stanza));
else
-- luacheck: ignore 122
- host.sendq = { queued_item };
+ host.sendq = { st.clone(stanza) };
end
host.log("debug", "stanza [%s] queued ", stanza.name);
return true;
@@ -215,7 +211,7 @@ function route_to_new_session(event)
-- Store in buffer
host_session.bounce_sendq = bounce_sendq;
- host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} };
+ host_session.sendq = { st.clone(stanza) };
log("debug", "stanza [%s] queued until connection complete", stanza.name);
-- FIXME Cleaner solution to passing extra data from resolvers to net.server
-- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
@@ -251,9 +247,26 @@ function module.add_host(module)
end
module:hook("route/remote", route_to_existing_session, -1);
module:hook("route/remote", route_to_new_session, -10);
+ module:hook("s2sout-stream-features", function (event)
+ if stanza_size_limit then
+ event.features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
+ :text_tag("max-size", string.format("%d", stanza_size_limit)):up();
+ end
+ end);
+ module:hook_tag("urn:xmpp:bidi", "bidi", function(session, stanza)
+ -- Advertising features on bidi connections where no <stream:features> is sent in the other direction
+ local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
+ if limits then
+ session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-size"));
+ end
+ end, 100);
module:hook("s2s-authenticated", make_authenticated, -1);
module:hook("s2s-read-timeout", keepalive, -1);
module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza
+ local limits = stanza:get_child("limits", "urn:xmpp:stream-limits:0");
+ if limits then
+ session.outgoing_stanza_size_limit = tonumber(limits:get_child_text("max-size"));
+ end
if session.type == "s2sout" then
-- Stream is authenticated and we are seem to be done with feature negotiation,
-- so the stream is ready for stanzas. RFC 6120 Section 4.3
@@ -279,7 +292,7 @@ function module.add_host(module)
function module.unload()
if module.reloading then return end
for _, session in pairs(sessions) do
- if session.to_host == module.host or session.from_host == module.host then
+ if session.host == module.host then
session:close("host-gone");
end
end
@@ -324,8 +337,8 @@ function mark_connected(session)
if sendq then
session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host);
local send = session.sends2s;
- for i, data in ipairs(sendq) do
- send(data[1]);
+ for i, stanza in ipairs(sendq) do
+ send(stanza);
sendq[i] = nil;
end
session.sendq = nil;
@@ -389,10 +402,10 @@ end
--- Helper to check that a session peer's certificate is valid
local function check_cert_status(session)
local host = session.direction == "outgoing" and session.to_host or session.from_host
- local conn = session.conn:socket()
+ local conn = session.conn
local cert
- if conn.getpeercertificate then
- cert = conn:getpeercertificate()
+ if conn.ssl_peercertificate then
+ cert = conn:ssl_peercertificate()
end
return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert });
@@ -404,8 +417,7 @@ local function session_secure(session)
session.secure = true;
session.encrypted = true;
- local sock = session.conn:socket();
- local info = sock.info and sock:info();
+ local info = session.conn:ssl_info();
if type(info) == "table" then
(session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher);
session.compressed = info.compression;
@@ -434,7 +446,8 @@ function stream_callbacks._streamopened(session, attr)
session.had_stream = true; -- Had a stream opened at least once
-- TODO: Rename session.secure to session.encrypted
- if session.secure == false then
+ if session.secure == false then -- Set by mod_tls during STARTTLS handshake
+ session.starttls = "completed";
session_secure(session);
end
@@ -522,6 +535,12 @@ function stream_callbacks._streamopened(session, attr)
end
if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then
+ if stanza_size_limit then
+ features:reset();
+ features:tag("limits", { xmlns = "urn:xmpp:stream-limits:0" })
+ :text_tag("max-size", string.format("%d", stanza_size_limit)):up();
+ end
+
log("debug", "Sending stream features: %s", features);
session.sends2s(features);
else
@@ -756,6 +775,7 @@ local function initialize_session(session)
local w = conn.write;
if conn:ssl() then
+ -- Direct TLS was used
session_secure(session);
end
@@ -766,6 +786,11 @@ local function initialize_session(session)
end
if t then
t = filter("bytes/out", tostring(t));
+ if session.outgoing_stanza_size_limit and #t > session.outgoing_stanza_size_limit then
+ log("warn", "Attempt to send a stanza exceeding session limit of %dB (%dB)!", session.outgoing_stanza_size_limit, #t);
+ -- TODO Pass identifiable error condition back to allow appropriate handling
+ return false
+ end
if t then
return w(conn, t);
end
@@ -935,6 +960,16 @@ local function friendly_cert_error(session) --> string
elseif cert_errors:contains("self signed certificate") then
return "is self-signed";
end
+
+ local chain_errors = set.new(session.cert_chain_errors[2]);
+ for i, e in pairs(session.cert_chain_errors) do
+ if i > 2 then chain_errors:add_list(e); end
+ end
+ if chain_errors:contains("certificate has expired") then
+ return "has an expired certificate chain";
+ elseif chain_errors:contains("No matching DANE TLSA records") then
+ return "does not match any DANE TLSA records";
+ end
end
return "is not trusted"; -- for some other reason
elseif session.cert_identity_status == "invalid" then
@@ -972,7 +1007,7 @@ module:hook("s2s-check-certificate", check_auth_policy, -1);
module:hook("server-stopping", function(event)
-- Close ports
- local pm = require "core.portmanager";
+ local pm = require "prosody.core.portmanager";
for _, netservice in pairs(module.items["net-provider"]) do
pm.unregister_service(netservice.name, netservice);
end
diff --git a/plugins/mod_s2s_auth_certs.lua b/plugins/mod_s2s_auth_certs.lua
index 992ee934..df91f341 100644
--- a/plugins/mod_s2s_auth_certs.lua
+++ b/plugins/mod_s2s_auth_certs.lua
@@ -1,6 +1,6 @@
module:set_global();
-local cert_verify_identity = require "util.x509".verify_identity;
+local cert_verify_identity = require "prosody.util.x509".verify_identity;
local NULL = {};
local log = module._log;
@@ -9,17 +9,19 @@ local measure_cert_statuses = module:metric("counter", "checked", "", "Certifica
module:hook("s2s-check-certificate", function(event)
local session, host, cert = event.session, event.host, event.cert;
- local conn = session.conn:socket();
+ local conn = session.conn;
local log = session.log or log;
+ local secure_hostname = conn.extra and conn.extra.secure_hostname;
+
if not cert then
log("warn", "No certificate provided by %s", host or "unknown host");
return;
end
local chain_valid, errors;
- if conn.getpeerverification then
- chain_valid, errors = conn:getpeerverification();
+ if conn.ssl_peerverification then
+ chain_valid, errors = conn:ssl_peerverification();
else
chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
end
@@ -45,6 +47,14 @@ module:hook("s2s-check-certificate", function(event)
end
log("debug", "certificate identity validation result: %s", session.cert_identity_status);
end
+
+ -- Check for DNSSEC-signed SRV hostname
+ if secure_hostname and session.cert_identity_status ~= "valid" then
+ if cert_verify_identity(secure_hostname, "xmpp-server", cert) then
+ module:log("info", "Secure SRV name delegation %q -> %q", secure_hostname, host);
+ session.cert_identity_status = "valid"
+ end
+ end
end
measure_cert_statuses:with_labels(session.cert_chain_status or "unknown", session.cert_identity_status or "unknown"):add(1);
end, 509);
diff --git a/plugins/mod_s2s_bidi.lua b/plugins/mod_s2s_bidi.lua
index addcd6e2..22415293 100644
--- a/plugins/mod_s2s_bidi.lua
+++ b/plugins/mod_s2s_bidi.lua
@@ -5,7 +5,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";
@@ -25,7 +25,9 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
if bidi then
session.incoming = true;
session.log("debug", "Requesting bidirectional stream");
- session.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi }));
+ local request_bidi = st.stanza("bidi", { xmlns = xmlns_bidi });
+ module:fire_event("s2sout-stream-features", { origin = session, features = request_bidi });
+ session.sends2s(request_bidi);
end
end
end, 200);
diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index ab863aa3..47f33a87 100644
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -8,14 +8,14 @@
-- luacheck: ignore 431/log
-local st = require "util.stanza";
-local sm_bind_resource = require "core.sessionmanager".bind_resource;
-local sm_make_authenticated = require "core.sessionmanager".make_authenticated;
-local base64 = require "util.encodings".base64;
-local set = require "util.set";
-local errors = require "util.error";
+local st = require "prosody.util.stanza";
+local sm_bind_resource = require "prosody.core.sessionmanager".bind_resource;
+local sm_make_authenticated = require "prosody.core.sessionmanager".make_authenticated;
+local base64 = require "prosody.util.encodings".base64;
+local set = require "prosody.util.set";
+local errors = require "prosody.util.error";
-local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
+local usermanager_get_sasl_handler = require "prosody.core.usermanager".get_sasl_handler;
local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", true));
local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
@@ -52,8 +52,9 @@ local function handle_status(session, status, ret, err_msg)
module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg });
session.sasl_handler = session.sasl_handler:clean_clone();
elseif status == "success" then
- local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.scope);
+ local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.role);
if ok then
+ session.sasl_resource = session.sasl_handler.resource;
module:fire_event("authentication-success", { session = session });
session.sasl_handler = nil;
session:reset_stream();
@@ -242,7 +243,16 @@ module:hook("stanza/urn:ietf:params:xml:ns:xmpp-sasl:abort", function(event)
end);
local function tls_unique(self)
- return self.userdata["tls-unique"]:getpeerfinished();
+ return self.userdata["tls-unique"]:ssl_peerfinished();
+end
+
+local function tls_exporter(conn)
+ if not conn.ssl_exportkeyingmaterial then return end
+ return conn:ssl_exportkeyingmaterial("EXPORTER-Channel-Binding", 32, "");
+end
+
+local function sasl_tls_exporter(self)
+ return tls_exporter(self.userdata["tls-exporter"]);
end
local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' };
@@ -258,22 +268,29 @@ module:hook("stream-features", function(event)
end
local sasl_handler = usermanager_get_sasl_handler(module.host, origin)
origin.sasl_handler = sasl_handler;
+ local channel_bindings = set.new()
if origin.encrypted then
-- check whether LuaSec has the nifty binding to the function needed for tls-unique
-- FIXME: would be nice to have this check only once and not for every socket
if sasl_handler.add_cb_handler then
- local socket = origin.conn:socket();
- local info = socket.info and socket:info();
- if info.protocol == "TLSv1.3" then
+ local info = origin.conn:ssl_info();
+ if info and info.protocol == "TLSv1.3" then
log("debug", "Channel binding 'tls-unique' undefined in context of TLS 1.3");
- elseif socket.getpeerfinished and socket:getpeerfinished() then
+ if tls_exporter(origin.conn) then
+ log("debug", "Channel binding 'tls-exporter' supported");
+ sasl_handler:add_cb_handler("tls-exporter", sasl_tls_exporter);
+ channel_bindings:add("tls-exporter");
+ end
+ elseif origin.conn.ssl_peerfinished and origin.conn:ssl_peerfinished() then
log("debug", "Channel binding 'tls-unique' supported");
sasl_handler:add_cb_handler("tls-unique", tls_unique);
+ channel_bindings:add("tls-unique");
else
log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)");
end
sasl_handler["userdata"] = {
- ["tls-unique"] = socket;
+ ["tls-unique"] = origin.conn;
+ ["tls-exporter"] = origin.conn;
};
else
log("debug", "Channel binding not supported by SASL handler");
@@ -306,6 +323,14 @@ module:hook("stream-features", function(event)
mechanisms:tag("mechanism"):text(mechanism):up();
end
features:add_child(mechanisms);
+ if not channel_bindings:empty() then
+ -- XXX XEP-0440 is Experimental
+ features:tag("sasl-channel-binding", {xmlns='urn:xmpp:sasl-cb:0'})
+ for channel_binding in channel_bindings do
+ features:tag("channel-binding", {type=channel_binding}):up()
+ end
+ features:up();
+ end
return;
end
@@ -328,7 +353,7 @@ module:hook("stream-features", function(event)
authmod, available_disabled);
end
- else
+ elseif not origin.full_jid then
features:tag("bind", bind_attr):tag("required"):up():up();
features:tag("session", xmpp_session_attr):tag("optional"):up():up();
end
@@ -350,14 +375,15 @@ end);
module:hook("stanza/iq/urn:ietf:params:xml:ns:xmpp-bind:bind", function(event)
local origin, stanza = event.origin, event.stanza;
- local resource;
- if stanza.attr.type == "set" then
+ local resource = origin.sasl_resource;
+ if stanza.attr.type == "set" and not resource then
local bind = stanza.tags[1];
resource = bind:get_child("resource");
resource = resource and #resource.tags == 0 and resource[1] or nil;
end
local success, err_type, err, err_msg = sm_bind_resource(origin, resource);
if success then
+ origin.sasl_resource = nil;
origin.send(st.reply(stanza)
:tag("bind", { xmlns = xmlns_bind })
:tag("jid"):text(origin.full_jid));
diff --git a/plugins/mod_scansion_record.lua b/plugins/mod_scansion_record.lua
index 5fefd398..1ec55952 100644
--- a/plugins/mod_scansion_record.lua
+++ b/plugins/mod_scansion_record.lua
@@ -2,11 +2,11 @@ local names = { "Romeo", "Juliet", "Mercutio", "Tybalt", "Benvolio" };
local devices = { "", "phone", "laptop", "tablet", "toaster", "fridge", "shoe" };
local users = {};
-local filters = require "util.filters";
-local id = require "util.id";
-local dt = require "util.datetime";
-local dm = require "util.datamanager";
-local st = require "util.stanza";
+local filters = require "prosody.util.filters";
+local id = require "prosody.util.id";
+local dt = require "prosody.util.datetime";
+local dm = require "prosody.util.datamanager";
+local st = require "prosody.util.stanza";
local record_id = id.short():lower();
local record_date = os.date("%Y%b%d"):lower();
diff --git a/plugins/mod_server_contact_info.lua b/plugins/mod_server_contact_info.lua
index 42316078..b7f4c7f3 100644
--- a/plugins/mod_server_contact_info.lua
+++ b/plugins/mod_server_contact_info.lua
@@ -6,20 +6,21 @@
-- COPYING file in the source package for more information.
--
-local array = require "util.array";
-local jid = require "util.jid";
+local array = require "prosody.util.array";
+local dataforms = require "prosody.util.dataforms";
+local jid = require "prosody.util.jid";
local url = require "socket.url";
-- Source: http://xmpp.org/registrar/formtypes.html#http:--jabber.org-network-serverinfo
-local form_layout = require "util.dataforms".new({
- { var = "FORM_TYPE"; type = "hidden"; value = "http://jabber.org/network/serverinfo"; };
- { name = "abuse", var = "abuse-addresses", type = "list-multi" },
- { name = "admin", var = "admin-addresses", type = "list-multi" },
- { name = "feedback", var = "feedback-addresses", type = "list-multi" },
- { name = "sales", var = "sales-addresses", type = "list-multi" },
- { name = "security", var = "security-addresses", type = "list-multi" },
- { name = "status", var = "status-addresses", type = "list-multi" },
- { name = "support", var = "support-addresses", type = "list-multi" },
+local form_layout = dataforms.new({
+ { var = "FORM_TYPE"; type = "hidden"; value = "http://jabber.org/network/serverinfo" };
+ { type = "list-multi"; name = "abuse"; var = "abuse-addresses" };
+ { type = "list-multi"; name = "admin"; var = "admin-addresses" };
+ { type = "list-multi"; name = "feedback"; var = "feedback-addresses" };
+ { type = "list-multi"; name = "sales"; var = "sales-addresses" };
+ { type = "list-multi"; name = "security"; var = "security-addresses" };
+ { type = "list-multi"; name = "status"; var = "status-addresses" };
+ { type = "list-multi"; name = "support"; var = "support-addresses" };
});
-- JIDs of configured service admins are used as fallback
diff --git a/plugins/mod_smacks.lua b/plugins/mod_smacks.lua
index e0a7bbfb..c432ebda 100644
--- a/plugins/mod_smacks.lua
+++ b/plugins/mod_smacks.lua
@@ -2,7 +2,7 @@
--
-- Copyright (C) 2010-2015 Matthew Wild
-- Copyright (C) 2010 Waqas Hussain
--- Copyright (C) 2012-2021 Kim Alvefur
+-- Copyright (C) 2012-2022 Kim Alvefur
-- Copyright (C) 2012 Thijs Alkemade
-- Copyright (C) 2014 Florian Zeitz
-- Copyright (C) 2016-2020 Thilo Molitor
@@ -10,6 +10,7 @@
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
+-- TODO unify sendq and smqueue
local tonumber = tonumber;
local tostring = tostring;
@@ -44,17 +45,17 @@ local sessions_expired = module:measure("sessions_expired", "counter");
local sessions_started = module:measure("sessions_started", "counter");
-local datetime = require "util.datetime";
-local add_filter = require "util.filters".add_filter;
-local jid = require "util.jid";
-local smqueue = require "util.smqueue";
-local st = require "util.stanza";
-local timer = require "util.timer";
-local new_id = require "util.id".short;
-local watchdog = require "util.watchdog";
-local it = require"util.iterators";
+local datetime = require "prosody.util.datetime";
+local add_filter = require "prosody.util.filters".add_filter;
+local jid = require "prosody.util.jid";
+local smqueue = require "prosody.util.smqueue";
+local st = require "prosody.util.stanza";
+local timer = require "prosody.util.timer";
+local new_id = require "prosody.util.id".short;
+local watchdog = require "prosody.util.watchdog";
+local it = require"prosody.util.iterators";
-local sessionmanager = require "core.sessionmanager";
+local sessionmanager = require "prosody.core.sessionmanager";
local xmlns_errors = "urn:ietf:params:xml:ns:xmpp-stanzas";
local xmlns_delay = "urn:xmpp:delay";
@@ -83,13 +84,43 @@ local all_old_sessions = module:open_store("smacks_h");
local old_session_registry = module:open_store("smacks_h", "map");
local session_registry = module:shared "/*/smacks/resumption-tokens"; -- > user@host/resumption-token --> resource
-local ack_errors = require"util.error".init("mod_smacks", xmlns_sm3, {
+local function registry_key(session, id)
+ return jid.join(session.username, session.host, id or session.resumption_token);
+end
+
+local function track_session(session, id)
+ session_registry[registry_key(session, id)] = session;
+ session.resumption_token = id;
+end
+
+local function save_old_session(session)
+ session_registry[registry_key(session)] = nil;
+ return old_session_registry:set(session.username, session.resumption_token,
+ { h = session.handled_stanza_count; t = os.time() })
+end
+
+local function clear_old_session(session, id)
+ session_registry[registry_key(session, id)] = nil;
+ return old_session_registry:set(session.username, id or session.resumption_token, nil)
+end
+
+local ack_errors = require"prosody.util.error".init("mod_smacks", xmlns_sm3, {
head = { condition = "undefined-condition"; text = "Client acknowledged more stanzas than sent by server" };
tail = { condition = "undefined-condition"; text = "Client acknowledged less stanzas than already acknowledged" };
pop = { condition = "internal-server-error"; text = "Something went wrong with Stream Management" };
overflow = { condition = "resource-constraint", text = "Too many unacked stanzas remaining, session can't be resumed" }
});
+local enable_errors = require "prosody.util.error".init("mod_smacks", xmlns_sm3, {
+ already_enabled = { condition = "unexpected-request", text = "Stream management is already enabled" };
+ bind_required = { condition = "unexpected-request", text = "Client must bind a resource before enabling stream management" };
+ unavailable = { condition = "service-unavailable", text = "Stream management is not available for this stream" };
+ -- Resumption
+ expired = { condition = "item-not-found", text = "Session expired, and cannot be resumed" };
+ already_bound = { condition = "unexpected-request", text = "Cannot resume another session after a resource is bound" };
+ unknown_session = { condition = "item-not-found", text = "Unknown session" };
+});
+
-- COMPAT note the use of compatibility wrapper in events (queue:table())
local function ack_delayed(session, stanza)
@@ -104,18 +135,18 @@ local function ack_delayed(session, stanza)
end
local function can_do_smacks(session, advertise_only)
- if session.smacks then return false, "unexpected-request", "Stream management is already enabled"; end
+ if session.smacks then return false, enable_errors.new("already_enabled"); end
local session_type = session.type;
if session.username then
if not(advertise_only) and not(session.resource) then -- Fail unless we're only advertising sm
- return false, "unexpected-request", "Client must bind a resource before enabling stream management";
+ return false, enable_errors.new("bind_required");
end
return true;
elseif s2s_smacks and (session_type == "s2sin" or session_type == "s2sout") then
return true;
end
- return false, "service-unavailable", "Stream management is not available for this stream";
+ return false, enable_errors.new("unavailable");
end
module:hook("stream-features",
@@ -155,13 +186,12 @@ end
local function request_ack(session, reason)
local queue = session.outgoing_stanza_queue;
- session.log("debug", "Sending <r> (inside timer, before send) from %s - #queue=%d", reason, queue:count_unacked());
+ session.log("debug", "Sending <r> from %s - #queue=%d", reason, queue:count_unacked());
session.awaiting_ack = true;
(session.sends2s or session.send)(st.stanza("r", { xmlns = session.smacks }))
if session.destroyed then return end -- sending something can trigger destruction
-- expected_h could be lower than this expression e.g. more stanzas added to the queue meanwhile)
session.last_requested_h = queue:count_acked() + queue:count_unacked();
- session.log("debug", "Sending <r> (inside timer, after send) from %s - #queue=%d", reason, queue:count_unacked());
if not session.delayed_ack_timer then
session.delayed_ack_timer = timer.add_task(delayed_ack_timeout, function()
ack_delayed(session, nil); -- we don't know if this is the only new stanza in the queue
@@ -180,7 +210,6 @@ local function outgoing_stanza_filter(stanza, session)
-- supposed to be nil.
-- However, when using mod_smacks with mod_websocket, then mod_websocket's
-- stanzas/out filter can get called before this one and adds the xmlns.
- if session.resending_unacked then return stanza end
if not session.smacks then return stanza end
local is_stanza = st.is_stanza(stanza) and
(not stanza.attr.xmlns or stanza.attr.xmlns == 'jabber:client')
@@ -234,8 +263,7 @@ module:hook("pre-session-close", function(event)
if session.smacks == nil then return end
if session.resumption_token then
session.log("debug", "Revoking resumption token");
- session_registry[jid.join(session.username, session.host, session.resumption_token)] = nil;
- old_session_registry:set(session.username, session.resumption_token, nil);
+ clear_old_session(session);
session.resumption_token = nil;
else
session.log("debug", "Session not resumable");
@@ -274,17 +302,16 @@ local function wrap_session(session, resume)
return session;
end
-function handle_enable(session, stanza, xmlns_sm)
- local ok, err, err_text = can_do_smacks(session);
+function do_enable(session, stanza)
+ local ok, err = can_do_smacks(session);
if not ok then
- session.log("warn", "Failed to enable smacks: %s", err_text); -- TODO: XEP doesn't say we can send error text, should it?
- (session.sends2s or session.send)(st.stanza("failed", { xmlns = xmlns_sm }):tag(err, { xmlns = xmlns_errors}));
- return true;
+ session.log("warn", "Failed to enable smacks: %s", err.text); -- TODO: XEP doesn't say we can send error text, should it?
+ return nil, err;
end
if session.username then
local old_sessions, err = all_old_sessions:get(session.username);
- module:log("debug", "Old sessions: %q", old_sessions)
+ session.log("debug", "Old sessions: %q", old_sessions)
if old_sessions then
local keep, count = {}, 0;
for token, info in it.sorted_pairs(old_sessions, function(a, b)
@@ -296,54 +323,73 @@ function handle_enable(session, stanza, xmlns_sm)
end
all_old_sessions:set(session.username, keep);
elseif err then
- module:log("error", "Unable to retrieve old resumption counters: %s", err);
+ session.log("error", "Unable to retrieve old resumption counters: %s", err);
end
end
- module:log("debug", "Enabling stream management");
- session.smacks = xmlns_sm;
-
- wrap_session(session, false);
-
- local resume_max;
local resume_token;
local resume = stanza.attr.resume;
if (resume == "true" or resume == "1") and session.username then
-- resumption on s2s is not currently supported
resume_token = new_id();
- session_registry[jid.join(session.username, session.host, resume_token)] = session;
- session.resumption_token = resume_token;
- resume_max = tostring(resume_timeout);
end
- (session.sends2s or session.send)(st.stanza("enabled", { xmlns = xmlns_sm, id = resume_token, resume = resume, max = resume_max }));
+
+ return {
+ type = "enabled";
+ id = resume_token;
+ resume_max = resume_token and tostring(resume_timeout) or nil;
+ session = session;
+ finish = function ()
+ session.log("debug", "Enabling stream management");
+
+ session.smacks = stanza.attr.xmlns;
+ if resume_token then
+ track_session(session, resume_token);
+ end
+ wrap_session(session, false);
+ end;
+ };
+end
+
+function handle_enable(session, stanza, xmlns_sm)
+ local enabled, err = do_enable(session, stanza);
+ if not enabled then
+ (session.sends2s or session.send)(st.stanza("failed", { xmlns = xmlns_sm }):add_error(err));
+ return true;
+ end
+
+ (session.sends2s or session.send)(st.stanza("enabled", {
+ xmlns = xmlns_sm;
+ id = enabled.id;
+ resume = enabled.id and "true" or nil; -- COMPAT w/ Conversations 2.10.10 requires 'true' not '1'
+ max = enabled.resume_max;
+ }));
+
+ session.smacks = xmlns_sm;
+ enabled.finish();
+
return true;
end
module:hook_tag(xmlns_sm2, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm2); end, 100);
module:hook_tag(xmlns_sm3, "enable", function (session, stanza) return handle_enable(session, stanza, xmlns_sm3); end, 100);
-module:hook_tag("http://etherx.jabber.org/streams", "features",
- function (session, stanza)
- -- Needs to be done after flushing sendq since those aren't stored as
- -- stanzas and counting them is weird.
- -- TODO unify sendq and smqueue
- timer.add_task(1e-6, function ()
- if can_do_smacks(session) then
- if stanza:get_child("sm", xmlns_sm3) then
- session.sends2s(st.stanza("enable", sm3_attr));
- session.smacks = xmlns_sm3;
- elseif stanza:get_child("sm", xmlns_sm2) then
- session.sends2s(st.stanza("enable", sm2_attr));
- session.smacks = xmlns_sm2;
- else
- return;
- end
- wrap_session_out(session, false);
- end
- end);
- end);
+module:hook_tag("http://etherx.jabber.org/streams", "features", function(session, stanza)
+ if can_do_smacks(session) then
+ session.smacks_feature = stanza:get_child("sm", xmlns_sm3) or stanza:get_child("sm", xmlns_sm2);
+ end
+end);
+
+module:hook("s2sout-established", function (event)
+ local session = event.session;
+ if not session.smacks_feature then return end
+
+ session.smacks = session.smacks_feature.attr.xmlns;
+ wrap_session_out(session, false);
+ session.sends2s(st.stanza("enable", { xmlns = session.smacks }));
+end);
function handle_enabled(session, stanza, xmlns_sm) -- luacheck: ignore 212/stanza
- module:log("debug", "Enabling stream management");
+ session.log("debug", "Enabling stream management");
session.smacks = xmlns_sm;
wrap_session_in(session, false);
@@ -357,10 +403,10 @@ module:hook_tag(xmlns_sm3, "enabled", function (session, stanza) return handle_e
function handle_r(origin, stanza, xmlns_sm) -- luacheck: ignore 212/stanza
if not origin.smacks then
- module:log("debug", "Received ack request from non-smack-enabled session");
+ origin.log("debug", "Received ack request from non-smack-enabled session");
return;
end
- module:log("debug", "Received ack request, acking for %d", origin.handled_stanza_count);
+ origin.log("debug", "Received ack request, acking for %d", origin.handled_stanza_count);
-- Reply with <a>
(origin.sends2s or origin.send)(st.stanza("a", { xmlns = xmlns_sm, h = format_h(origin.handled_stanza_count) }));
-- piggyback our own ack request if needed (see request_ack_if_needed() for explanation of last_requested_h)
@@ -413,13 +459,14 @@ local function handle_unacked_stanzas(session)
local queue = session.outgoing_stanza_queue;
local unacked = queue:count_unacked()
if unacked > 0 then
+ local error_from = jid.join(session.username, session.host or module.host);
tx_dropped_stanzas:sample(unacked);
session.smacks = false; -- Disable queueing
session.outgoing_stanza_queue = nil;
for stanza in queue._queue:consume() do
if not module:fire_event("delivery/failure", { session = session, stanza = stanza }) then
if stanza.attr.type ~= "error" and stanza.attr.from ~= session.full_jid then
- local reply = st.error_reply(stanza, "cancel", "recipient-unavailable");
+ local reply = st.error_reply(stanza, "cancel", "recipient-unavailable", nil, error_from);
module:send(reply);
end
end
@@ -495,11 +542,8 @@ module:hook("pre-resource-unbind", function (event)
end
session.log("debug", "Destroying session for hibernating too long");
- session_registry[jid.join(session.username, session.host, session.resumption_token)] = nil;
- old_session_registry:set(session.username, session.resumption_token,
- { h = session.handled_stanza_count; t = os.time() });
+ save_old_session(session);
session.resumption_token = nil;
- session.resending_unacked = true; -- stop outgoing_stanza_filter from re-queueing anything anymore
sessionmanager.destroy_session(session, "Hibernating too long");
sessions_expired(1);
end);
@@ -533,131 +577,110 @@ end
module:hook("s2sout-destroyed", handle_s2s_destroyed);
module:hook("s2sin-destroyed", handle_s2s_destroyed);
-local function get_session_id(session)
- return session.id or (tostring(session):match("[a-f0-9]+$"));
-end
-
-function handle_resume(session, stanza, xmlns_sm)
+function do_resume(session, stanza)
if session.full_jid then
session.log("warn", "Tried to resume after resource binding");
- session.send(st.stanza("failed", { xmlns = xmlns_sm })
- :tag("unexpected-request", { xmlns = xmlns_errors })
- );
- return true;
+ return nil, enable_errors.new("already_bound");
end
local id = stanza.attr.previd;
- local original_session = session_registry[jid.join(session.username, session.host, id)];
+ local original_session = session_registry[registry_key(session, id)];
if not original_session then
local old_session = old_session_registry:get(session.username, id);
if old_session then
session.log("debug", "Tried to resume old expired session with id %s", id);
- session.send(st.stanza("failed", { xmlns = xmlns_sm, h = format_h(old_session.h) })
- :tag("item-not-found", { xmlns = xmlns_errors })
- );
- old_session_registry:set(session.username, id, nil);
+ clear_old_session(session, id);
resumption_expired(1);
- else
- session.log("debug", "Tried to resume non-existent session with id %s", id);
- session.send(st.stanza("failed", { xmlns = xmlns_sm })
- :tag("item-not-found", { xmlns = xmlns_errors })
- );
- end;
- else
- if original_session.hibernating_watchdog then
- original_session.log("debug", "Letting the watchdog go");
- original_session.hibernating_watchdog:cancel();
- original_session.hibernating_watchdog = nil;
- elseif session.hibernating then
- original_session.log("error", "Hibernating session has no watchdog!")
- end
- -- zero age = was not hibernating yet
- local age = 0;
- if original_session.hibernating then
- local now = os_time();
- age = now - original_session.hibernating;
- end
- session.log("debug", "mod_smacks resuming existing session %s...", get_session_id(original_session));
- original_session.log("debug", "mod_smacks session resumed from %s...", get_session_id(session));
- -- TODO: All this should move to sessionmanager (e.g. session:replace(new_session))
- if original_session.conn then
- original_session.log("debug", "mod_smacks closing an old connection for this session");
- local conn = original_session.conn;
- c2s_sessions[conn] = nil;
- conn:close();
+ return nil, enable_errors.new("expired", { h = old_session.h });
end
+ session.log("debug", "Tried to resume non-existent session with id %s", id);
+ return nil, enable_errors.new("unknown_session");
+ end
- local migrated_session_log = session.log;
- original_session.ip = session.ip;
- original_session.conn = session.conn;
- original_session.rawsend = session.rawsend;
- original_session.rawsend.session = original_session;
- original_session.rawsend.conn = original_session.conn;
- original_session.send = session.send;
- original_session.send.session = original_session;
- original_session.close = session.close;
- original_session.filter = session.filter;
- original_session.filter.session = original_session;
- original_session.filters = session.filters;
- original_session.send.filter = original_session.filter;
- original_session.stream = session.stream;
- original_session.secure = session.secure;
- original_session.hibernating = nil;
- original_session.resumption_counter = (original_session.resumption_counter or 0) + 1;
- session.log = original_session.log;
- session.type = original_session.type;
- wrap_session(original_session, true);
- -- Inform xmppstream of the new session (passed to its callbacks)
- original_session.stream:set_session(original_session);
- -- Similar for connlisteners
- c2s_sessions[session.conn] = original_session;
-
- local queue = original_session.outgoing_stanza_queue;
- local h = tonumber(stanza.attr.h);
-
- original_session.log("debug", "Pre-resumption #queue = %d", queue:count_unacked())
- local acked, err = ack_errors.coerce(queue:ack(h)); -- luacheck: ignore 211/acked
-
- if not err and not queue:resumable() then
- err = ack_errors.new("overflow");
- end
+ if original_session.hibernating_watchdog then
+ original_session.log("debug", "Letting the watchdog go");
+ original_session.hibernating_watchdog:cancel();
+ original_session.hibernating_watchdog = nil;
+ elseif session.hibernating then
+ original_session.log("error", "Hibernating session has no watchdog!")
+ end
+ -- zero age = was not hibernating yet
+ local age = 0;
+ if original_session.hibernating then
+ local now = os_time();
+ age = now - original_session.hibernating;
+ end
- if err or not queue:resumable() then
- original_session.send(st.stanza("failed",
- { xmlns = xmlns_sm; h = format_h(original_session.handled_stanza_count); previd = id }));
- original_session:close(err);
- return false;
- end
+ session.log("debug", "mod_smacks resuming existing session %s...", original_session.id);
- original_session.send(st.stanza("resumed", { xmlns = xmlns_sm,
- h = format_h(original_session.handled_stanza_count), previd = id }));
+ local queue = original_session.outgoing_stanza_queue;
+ local h = tonumber(stanza.attr.h);
- -- Ok, we need to re-send any stanzas that the client didn't see
- -- ...they are what is now left in the outgoing stanza queue
- -- We have to use the send of "session" because we don't want to add our resent stanzas
- -- to the outgoing queue again
+ original_session.log("debug", "Pre-resumption #queue = %d", queue:count_unacked())
+ local acked, err = ack_errors.coerce(queue:ack(h)); -- luacheck: ignore 211/acked
- session.log("debug", "resending all unacked stanzas that are still queued after resume, #queue = %d", queue:count_unacked());
- -- FIXME Which session is it that the queue filter sees?
- session.resending_unacked = true;
- original_session.resending_unacked = true;
- for _, queued_stanza in queue:resume() do
- session.send(queued_stanza);
- end
- session.resending_unacked = nil;
- original_session.resending_unacked = nil;
- session.log("debug", "all stanzas resent, now disabling send() in this migrated session, #queue = %d", queue:count_unacked());
- function session.send(stanza) -- luacheck: ignore 432
- migrated_session_log("error", "Tried to send stanza on old session migrated by smacks resume (maybe there is a bug?): %s", tostring(stanza));
- return false;
- end
- module:fire_event("smacks-hibernation-end", {origin = session, resumed = original_session, queue = queue:table()});
- original_session.awaiting_ack = nil; -- Don't wait for acks from before the resumption
- request_ack_now_if_needed(original_session, true, "handle_resume", nil);
- resumption_age:sample(age);
+ if not err and not queue:resumable() then
+ err = ack_errors.new("overflow");
end
+
+ if err then
+ session.log("debug", "Resumption failed: %s", err);
+ return nil, err;
+ end
+
+ -- Update original_session with the parameters (connection, etc.) from the new session
+ sessionmanager.update_session(original_session, session);
+
+ return {
+ type = "resumed";
+ session = original_session;
+ id = id;
+ -- Return function to complete the resumption and resync unacked stanzas
+ -- This is two steps so we can support SASL2/ISR
+ finish = function ()
+ -- Ok, we need to re-send any stanzas that the client didn't see
+ -- ...they are what is now left in the outgoing stanza queue
+ -- We have to use the send of "session" because we don't want to add our resent stanzas
+ -- to the outgoing queue again
+
+ original_session.log("debug", "resending all unacked stanzas that are still queued after resume, #queue = %d", queue:count_unacked());
+ for _, queued_stanza in queue:resume() do
+ original_session.send(queued_stanza);
+ end
+ original_session.log("debug", "all stanzas resent, enabling stream management on resumed stream, #queue = %d", queue:count_unacked());
+
+ -- Add our own handlers to the resumed session (filters have been reset in the update)
+ wrap_session(original_session, true);
+
+ -- Let everyone know that we are no longer hibernating
+ module:fire_event("smacks-hibernation-end", {origin = session, resumed = original_session, queue = queue:table()});
+ original_session.awaiting_ack = nil; -- Don't wait for acks from before the resumption
+ request_ack_now_if_needed(original_session, true, "handle_resume", nil);
+ resumption_age:sample(age);
+ end;
+ };
+end
+
+function handle_resume(session, stanza, xmlns_sm)
+ local resumed, err = do_resume(session, stanza);
+ if not resumed then
+ session.send(st.stanza("failed", { xmlns = xmlns_sm, h = format_h(err.context.h) })
+ :tag(err.condition, { xmlns = xmlns_errors }));
+ return true;
+ end
+
+ session = resumed.session;
+
+ -- Inform client of successful resumption
+ session.send(st.stanza("resumed", { xmlns = xmlns_sm,
+ h = format_h(session.handled_stanza_count), previd = resumed.id }));
+
+ -- Complete resume (sync stanzas, etc.)
+ resumed.finish();
+
return true;
end
+
module:hook_tag(xmlns_sm2, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm2); end);
module:hook_tag(xmlns_sm3, "resume", function (session, stanza) return handle_resume(session, stanza, xmlns_sm3); end);
@@ -712,8 +735,7 @@ module:hook_global("server-stopping", function(event)
for _, user in pairs(local_sessions) do
for _, session in pairs(user.sessions) do
if session.resumption_token then
- if old_session_registry:set(session.username, session.resumption_token,
- { h = session.handled_stanza_count; t = os.time() }) then
+ if save_old_session(session) then
session.resumption_token = nil;
-- Deal with unacked stanzas
diff --git a/plugins/mod_stanza_debug.lua b/plugins/mod_stanza_debug.lua
index af98670c..4feab7ae 100644
--- a/plugins/mod_stanza_debug.lua
+++ b/plugins/mod_stanza_debug.lua
@@ -1,6 +1,6 @@
module:set_global();
-local filters = require "util.filters";
+local filters = require "prosody.util.filters";
local function log_send(t, session)
if t and t ~= "" and t ~= " " then
diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua
index fa87e495..c1f117ce 100644
--- a/plugins/mod_storage_internal.lua
+++ b/plugins/mod_storage_internal.lua
@@ -1,12 +1,12 @@
-local cache = require "util.cache";
-local datamanager = require "core.storagemanager".olddm;
-local array = require "util.array";
-local datetime = require "util.datetime";
-local st = require "util.stanza";
-local now = require "util.time".now;
-local id = require "util.id".medium;
-local jid_join = require "util.jid".join;
-local set = require "util.set";
+local cache = require "prosody.util.cache";
+local datamanager = require "prosody.core.storagemanager".olddm;
+local array = require "prosody.util.array";
+local datetime = require "prosody.util.datetime";
+local st = require "prosody.util.stanza";
+local now = require "prosody.util.time".now;
+local id = require "prosody.util.id".medium;
+local jid_join = require "prosody.util.jid".join;
+local set = require "prosody.util.set";
local host = module.host;
diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua
index 9b0024ab..a3ff22f6 100644
--- a/plugins/mod_storage_memory.lua
+++ b/plugins/mod_storage_memory.lua
@@ -1,10 +1,10 @@
-local serialize = require "util.serialization".serialize;
-local array = require "util.array";
-local envload = require "util.envload".envload;
-local st = require "util.stanza";
+local serialize = require "prosody.util.serialization".serialize;
+local array = require "prosody.util.array";
+local envload = require "prosody.util.envload".envload;
+local st = require "prosody.util.stanza";
local is_stanza = st.is_stanza or function (s) return getmetatable(s) == st.stanza_mt end
-local new_id = require "util.id".medium;
-local set = require "util.set";
+local new_id = require "prosody.util.id".medium;
+local set = require "prosody.util.set";
local auto_purge_enabled = module:get_option_boolean("storage_memory_temporary", false);
local auto_purge_stores = module:get_option_set("storage_memory_temporary_stores", {});
diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua
index b3ed7638..f9a5912e 100644
--- a/plugins/mod_storage_sql.lua
+++ b/plugins/mod_storage_sql.lua
@@ -1,19 +1,21 @@
-- luacheck: ignore 212/self
-local cache = require "util.cache";
-local json = require "util.json";
-local sql = require "util.sql";
-local xml_parse = require "util.xml".parse;
-local uuid = require "util.uuid";
-local resolve_relative_path = require "util.paths".resolve_relative_path;
-local jid_join = require "util.jid".join;
-
-local is_stanza = require"util.stanza".is_stanza;
+local deps = require "prosody.util.dependencies";
+local cache = require "prosody.util.cache";
+local json = require "prosody.util.json";
+local sqlite = deps.softreq "prosody.util.sqlite3";
+local dbisql = (sqlite and deps.softreq or require) "prosody.util.sql";
+local xml_parse = require "prosody.util.xml".parse;
+local uuid = require "prosody.util.uuid";
+local resolve_relative_path = require "prosody.util.paths".resolve_relative_path;
+local jid_join = require "prosody.util.jid".join;
+
+local is_stanza = require"prosody.util.stanza".is_stanza;
local t_concat = table.concat;
local noop = function() end
-local unpack = table.unpack or unpack; -- luacheck: ignore 113
+local unpack = table.unpack;
local function iterator(result)
return function(result_)
local row = result_();
@@ -321,7 +323,8 @@ function archive_store:append(username, key, value, when, with)
end
end
- when = when or os.time();
+ -- FIXME update the schema to allow precision timestamps
+ when = when and math.floor(when) or os.time();
with = with or "";
local ok, ret = engine:transaction(function()
local delete_sql = [[
@@ -354,12 +357,12 @@ end
local function archive_where(query, args, where)
-- Time range, inclusive
if query.start then
- args[#args+1] = query.start
+ args[#args+1] = math.floor(query.start);
where[#where+1] = "\"when\" >= ?"
end
if query["end"] then
- args[#args+1] = query["end"];
+ args[#args+1] = math.floor(query["end"]);
if query.start then
where[#where] = "\"when\" BETWEEN ? AND ?" -- is this inclusive?
else
@@ -382,8 +385,7 @@ local function archive_where(query, args, where)
-- Set of ids
if query.ids then
local nids, nargs = #query.ids, #args;
- -- COMPAT Lua 5.1: No separator argument to string.rep
- where[#where + 1] = "\"key\" IN (" .. string.rep("?,", nids):sub(1,-2) .. ")";
+ where[#where + 1] = "\"key\" IN (" .. string.rep("?", nids, ",") .. ")";
for i, id in ipairs(query.ids) do
args[nargs+i] = id;
end
@@ -692,6 +694,7 @@ end
local function create_table(engine) -- luacheck: ignore 431/engine
+ local sql = engine.params.driver == "SQLite3" and sqlite or dbisql;
local Table, Column, Index = sql.Table, sql.Column, sql.Index;
local ProsodyTable = Table {
@@ -732,6 +735,7 @@ end
local function upgrade_table(engine, params, apply_changes) -- luacheck: ignore 431/engine
local changes = false;
if params.driver == "MySQL" then
+ local sql = dbisql;
local success,err = engine:transaction(function()
do
local result = assert(engine:execute("SHOW COLUMNS FROM \"prosody\" WHERE \"Field\"='value' and \"Type\"='text'"));
@@ -831,6 +835,7 @@ end
function module.load()
local engines = module:shared("/*/sql/connections");
local params = normalize_params(module:get_option("sql", default_params));
+ local sql = params.driver == "SQLite3" and sqlite or dbisql;
local db_uri = sql.db2uri(params);
engine = engines[db_uri];
if not engine then
@@ -853,22 +858,28 @@ function module.load()
end
end
end
+ module:set_status("info", "Connected to " .. engine.params.driver);
+ end, function (engine) -- luacheck: ignore 431/engine
+ module:set_status("error", "Disconnected from " .. engine.params.driver);
end);
engines[sql.db2uri(params)] = engine;
+ else
+ module:set_status("info", "Using existing engine");
end
module:provides("storage", driver);
end
function module.command(arg)
- local config = require "core.configmanager";
- local hi = require "util.human.io";
+ local config = require "prosody.core.configmanager";
+ local hi = require "prosody.util.human.io";
local command = table.remove(arg, 1);
if command == "upgrade" then
-- We need to find every unique dburi in the config
local uris = {};
for host in pairs(prosody.hosts) do -- luacheck: ignore 431/host
local params = normalize_params(config.get(host, "sql") or default_params);
+ local sql = engine.params.driver == "SQLite3" and sqlite or dbisql;
uris[sql.db2uri(params)] = params;
end
print("We will check and upgrade the following databases:\n");
@@ -884,6 +895,7 @@ function module.command(arg)
-- Upgrade each one
for _, params in pairs(uris) do
print("Checking "..params.database.."...");
+ local sql = params.driver == "SQLite3" and sqlite or dbisql;
engine = sql:create_engine(params);
upgrade_table(engine, params, true);
end
diff --git a/plugins/mod_storage_xep0227.lua b/plugins/mod_storage_xep0227.lua
index 5c3cf7f6..af61031f 100644
--- a/plugins/mod_storage_xep0227.lua
+++ b/plugins/mod_storage_xep0227.lua
@@ -2,22 +2,22 @@
local ipairs, pairs = ipairs, pairs;
local setmetatable = setmetatable;
local tostring = tostring;
-local next, unpack = next, table.unpack or unpack; --luacheck: ignore 113/unpack
+local next, unpack = next, table.unpack;
local os_remove = os.remove;
local io_open = io.open;
-local jid_bare = require "util.jid".bare;
-local jid_prep = require "util.jid".prep;
-local jid_join = require "util.jid".join;
-
-local array = require "util.array";
-local base64 = require "util.encodings".base64;
-local dt = require "util.datetime";
-local hex = require "util.hex";
-local it = require "util.iterators";
-local paths = require"util.paths";
-local set = require "util.set";
-local st = require "util.stanza";
-local parse_xml_real = require "util.xml".parse;
+local jid_bare = require "prosody.util.jid".bare;
+local jid_prep = require "prosody.util.jid".prep;
+local jid_join = require "prosody.util.jid".join;
+
+local array = require "prosody.util.array";
+local base64 = require "prosody.util.encodings".base64;
+local dt = require "prosody.util.datetime";
+local hex = require "prosody.util.hex";
+local it = require "prosody.util.iterators";
+local paths = require"prosody.util.paths";
+local set = require "prosody.util.set";
+local st = require "prosody.util.stanza";
+local parse_xml_real = require "prosody.util.xml".parse;
local lfs = require "lfs";
diff --git a/plugins/mod_time.lua b/plugins/mod_time.lua
index 0cd5a4ea..4d9e4f4f 100644
--- a/plugins/mod_time.lua
+++ b/plugins/mod_time.lua
@@ -6,9 +6,9 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
-local datetime = require "util.datetime".datetime;
-local legacy = require "util.datetime".legacy;
+local st = require "prosody.util.stanza";
+local datetime = require "prosody.util.datetime".datetime;
+local now = require "prosody.util.time".now;
-- XEP-0202: Entity Time
@@ -18,23 +18,10 @@ local function time_handler(event)
local origin, stanza = event.origin, event.stanza;
origin.send(st.reply(stanza):tag("time", {xmlns="urn:xmpp:time"})
:tag("tzo"):text("+00:00"):up() -- TODO get the timezone in a platform independent fashion
- :tag("utc"):text(datetime()));
+ :tag("utc"):text(datetime(now())));
return true;
end
module:hook("iq-get/bare/urn:xmpp:time:time", time_handler);
module:hook("iq-get/host/urn:xmpp:time:time", time_handler);
--- XEP-0090: Entity Time (deprecated)
-
-module:add_feature("jabber:iq:time");
-
-local function legacy_time_handler(event)
- local origin, stanza = event.origin, event.stanza;
- origin.send(st.reply(stanza):tag("query", {xmlns="jabber:iq:time"})
- :tag("utc"):text(legacy()));
- return true;
-end
-
-module:hook("iq-get/bare/jabber:iq:time:query", legacy_time_handler);
-module:hook("iq-get/host/jabber:iq:time:query", legacy_time_handler);
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index afc1653a..6fd089ff 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -6,9 +6,9 @@
-- COPYING file in the source package for more information.
--
-local create_context = require "core.certmanager".create_context;
-local rawgetopt = require"core.configmanager".rawget;
-local st = require "util.stanza";
+local create_context = require "prosody.core.certmanager".create_context;
+local rawgetopt = require"prosody.core.configmanager".rawget;
+local st = require "prosody.util.stanza";
local c2s_require_encryption = module:get_option("c2s_require_encryption", module:get_option("require_encryption", true));
local s2s_require_encryption = module:get_option("s2s_require_encryption", true);
@@ -62,7 +62,7 @@ function module.load(reload)
module:log("debug", "Creating context for s2sout");
-- for outgoing server connections
- ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs, xmpp_alpn);
+ ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn);
if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
module:log("debug", "Creating context for s2sin");
@@ -80,6 +80,9 @@ end
module:hook_global("config-reloaded", module.load);
local function can_do_tls(session)
+ if session.secure then
+ return false;
+ end
if session.conn and not session.conn.starttls then
if not session.secure then
session.log("debug", "Underlying connection does not support STARTTLS");
@@ -125,7 +128,15 @@ end);
-- Hook <starttls/>
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
local origin = event.origin;
+ origin.starttls = "requested";
if can_do_tls(origin) then
+ if origin.conn.block_reads then
+ -- we need to ensure that no data is read anymore, otherwise we could end up in a situation where
+ -- <proceed/> is sent and the socket receives the TLS handshake (and passes the data to lua) before
+ -- it is asked to initiate TLS
+ -- (not with the classical single-threaded server backends)
+ origin.conn:block_reads()
+ end
(origin.sends2s or origin.send)(starttls_proceed);
if origin.destroyed then return end
origin:reset_stream();
@@ -166,6 +177,7 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio
module:log("debug", "%s is not offering TLS", session.to_host);
return;
end
+ session.starttls = "initiated";
session.sends2s(starttls_initiate);
return true;
end
@@ -183,7 +195,8 @@ module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luachec
if session.type == "s2sout_unauthed" and can_do_tls(session) then
module:log("debug", "Proceeding with TLS on s2sout...");
session:reset_stream();
- session.conn:starttls(session.ssl_ctx);
+ session.starttls = "proceeding"
+ session.conn:starttls(session.ssl_ctx, session.to_host);
session.secure = false;
return true;
end
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index c04a1aa4..ccd06155 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -1,82 +1,306 @@
-local id = require "util.id";
-local jid = require "util.jid";
-local base64 = require "util.encodings".base64;
+local base64 = require "prosody.util.encodings".base64;
+local hashes = require "prosody.util.hashes";
+local id = require "prosody.util.id";
+local jid = require "prosody.util.jid";
+local random = require "prosody.util.random";
+local usermanager = require "prosody.core.usermanager";
+local generate_identifier = require "prosody.util.id".short;
-local token_store = module:open_store("auth_tokens", "map");
+local token_store = module:open_store("auth_tokens", "keyval+");
-function create_jid_token(actor_jid, token_jid, token_scope, token_ttl)
- token_jid = jid.prep(token_jid);
- if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then
+local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60);
+
+local function select_role(username, host, role)
+ if role then
+ return prosody.hosts[host].authz.get_role_by_name(role);
+ end
+ return usermanager.get_user_role(username, host);
+end
+
+function create_grant(actor_jid, grant_jid, grant_ttl, grant_data)
+ grant_jid = jid.prep(grant_jid);
+ if not actor_jid or actor_jid ~= grant_jid and not jid.compare(grant_jid, actor_jid) then
+ module:log("debug", "Actor <%s> is not permitted to create a token granting access to JID <%s>", actor_jid, grant_jid);
return nil, "not-authorized";
end
- local token_username, token_host, token_resource = jid.split(token_jid);
+ local grant_username, grant_host, grant_resource = jid.split(grant_jid);
- if token_host ~= module.host then
+ if grant_host ~= module.host then
return nil, "invalid-host";
end
- local token_info = {
+ local grant_id = id.short();
+ local now = os.time();
+
+ local grant = {
+ id = grant_id;
+
owner = actor_jid;
- created = os.time();
- expires = token_ttl and (os.time() + token_ttl) or nil;
- jid = token_jid;
- session = {
- username = token_username;
- host = token_host;
- resource = token_resource;
-
- auth_scope = token_scope;
- };
+ created = now;
+ expires = grant_ttl and (now + grant_ttl) or nil;
+ accessed = now;
+
+ jid = grant_jid;
+ resource = grant_resource;
+
+ data = grant_data;
+
+ -- tokens[<hash-name>..":"..<secret>] = token_info
+ tokens = {};
+ };
+
+ local ok, err = token_store:set_key(grant_username, grant_id, grant);
+ if not ok then
+ return nil, err;
+ end
+
+ module:fire_event("token-grant-created", {
+ id = grant_id;
+ grant = grant;
+ username = grant_username;
+ host = grant_host;
+ });
+
+ return grant;
+end
+
+function create_token(grant_jid, grant, token_role, token_ttl, token_purpose, token_data)
+ if (token_data and type(token_data) ~= "table") or (token_purpose and type(token_purpose) ~= "string") then
+ return nil, "bad-request";
+ end
+ local grant_username, grant_host = jid.split(grant_jid);
+ if grant_host ~= module.host then
+ return nil, "invalid-host";
+ end
+ if type(grant) == "string" then -- lookup by id
+ grant = token_store:get_key(grant_username, grant);
+ if not grant then return nil; end
+ end
+
+ if not grant.tokens then return nil, "internal-server-error"; end -- old-style token?
+
+ local now = os.time();
+ local expires = grant.expires; -- Default to same expiry as grant
+ if token_ttl then -- explicit lifetime requested
+ if expires then
+ -- Grant has an expiry, so limit to that or shorter
+ expires = math.min(now + token_ttl, expires);
+ else
+ -- Grant never expires, just use whatever expiry is requested for the token
+ expires = now + token_ttl;
+ end
+ end
+
+ local token_info = {
+ role = token_role;
+
+ created = now;
+ expires = expires;
+ purpose = token_purpose;
+
+ data = token_data;
};
- local token_id = id.long();
- local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id);
- token_store:set(token_username, token_id, token_info);
+ local token_secret = random.bytes(18);
+ grant.tokens["sha256:"..hashes.sha256(token_secret, true)] = token_info;
- return token, token_info;
+ local ok, err = token_store:set_key(grant_username, grant.id, grant);
+ if not ok then
+ return nil, err;
+ end
+
+ local token_string = "secret-token:"..base64.encode("2;"..grant.id..";"..token_secret..";"..grant.jid);
+ return token_string, token_info;
end
local function parse_token(encoded_token)
- local token = base64.decode(encoded_token);
+ if not encoded_token then return nil; end
+ local encoded_data = encoded_token:match("^secret%-token:(.+)$");
+ if not encoded_data then return nil; end
+ local token = base64.decode(encoded_data);
if not token then return nil; end
- local token_jid, token_id = token:match("^1;([^;]+);(.+)$");
- if not token_jid then return nil; end
+ local token_id, token_secret, token_jid = token:match("^2;([^;]+);(..................);(.+)$");
+ if not token_id then return nil; end
local token_user, token_host = jid.split(token_jid);
- return token_id, token_user, token_host;
+ return token_id, token_user, token_host, token_secret;
end
-function get_token_info(token)
- local token_id, token_user, token_host = parse_token(token);
- if not token_id then
- return nil, "invalid-token-format";
+local function clear_expired_grant_tokens(grant, now)
+ local updated;
+ now = now or os.time();
+ for secret, token_info in pairs(grant.tokens) do
+ local expires = token_info.expires;
+ if expires and expires < now then
+ grant.tokens[secret] = nil;
+ updated = true;
+ end
end
+ return updated;
+end
+
+local function _get_validated_grant_info(username, grant)
+ if type(grant) == "string" then
+ grant = token_store:get_key(username, grant);
+ end
+ if not grant or not grant.created then return nil; end
+
+ -- Invalidate grants from before last password change
+ local account_info = usermanager.get_account_info(username, module.host);
+ local password_updated_at = account_info and account_info.password_updated;
+ if password_updated_at and grant.created < password_updated_at then
+ module:log("debug", "Token grant issued before last password change, invalidating it now");
+ token_store:set_key(username, grant.id, nil);
+ return nil, "not-authorized";
+ elseif grant.expires and grant.expires < os.time() then
+ module:log("debug", "Token grant expired, cleaning up");
+ token_store:set_key(username, grant.id, nil);
+ return nil, "expired";
+ end
+
+ return grant;
+end
+
+local function _get_validated_token_info(token_id, token_user, token_host, token_secret)
if token_host ~= module.host then
return nil, "invalid-host";
end
- local token_info, err = token_store:get(token_user, token_id);
- if not token_info then
+ local grant, err = token_store:get_key(token_user, token_id);
+ if not grant or not grant.tokens then
if err then
+ module:log("error", "Unable to read from token storage: %s", err);
return nil, "internal-error";
end
+ module:log("warn", "Invalid token in storage (%s / %s)", token_user, token_id);
return nil, "not-authorized";
end
- if token_info.expires and token_info.expires < os.time() then
+ -- Check provided secret
+ local secret_hash = "sha256:"..hashes.sha256(token_secret, true);
+ local token_info = grant.tokens[secret_hash];
+ if not token_info then
+ module:log("debug", "No tokens matched the given secret");
return nil, "not-authorized";
end
- return token_info
+ -- Check expiry
+ local now = os.time();
+ if token_info.expires and token_info.expires < now then
+ module:log("debug", "Token has expired, cleaning it up");
+ grant.tokens[secret_hash] = nil;
+ token_store:set_key(token_user, token_id, grant);
+ return nil, "not-authorized";
+ end
+
+ -- Verify grant validity (expiry, etc.)
+ grant = _get_validated_grant_info(token_user, grant);
+ if not grant then
+ return nil, "not-authorized";
+ end
+
+ -- Update last access time if necessary
+ local last_accessed = grant.accessed;
+ if not last_accessed or (now - last_accessed) > access_time_granularity then
+ grant.accessed = now;
+ clear_expired_grant_tokens(grant); -- Clear expired tokens while we're here
+ token_store:set_key(token_user, token_id, grant);
+ end
+
+ token_info.id = token_id;
+ token_info.grant = grant;
+ token_info.jid = grant.jid;
+
+ return token_info;
+end
+
+function get_grant_info(username, grant_id)
+ local grant = _get_validated_grant_info(username, grant_id);
+ if not grant then return nil; end
+
+ -- Caller is only interested in the grant, no need to expose token stuff to them
+ grant.tokens = nil;
+
+ return grant;
+end
+
+function get_user_grants(username)
+ local grants = token_store:get(username);
+ if not grants then return nil; end
+ for grant_id, grant in pairs(grants) do
+ grants[grant_id] = _get_validated_grant_info(username, grant);
+ end
+ return grants;
+end
+
+function get_token_info(token)
+ local token_id, token_user, token_host, token_secret = parse_token(token);
+ if not token_id then
+ module:log("warn", "Failed to verify access token: %s", token_user);
+ return nil, "invalid-token-format";
+ end
+ return _get_validated_token_info(token_id, token_user, token_host, token_secret);
+end
+
+function get_token_session(token, resource)
+ local token_id, token_user, token_host, token_secret = parse_token(token);
+ if not token_id then
+ module:log("warn", "Failed to verify access token: %s", token_user);
+ return nil, "invalid-token-format";
+ end
+
+ local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret);
+ if not token_info then return nil, err; end
+
+ return {
+ username = token_user;
+ host = token_host;
+ resource = token_info.resource or resource or generate_identifier();
+
+ role = select_role(token_user, token_host, token_info.role);
+ };
end
function revoke_token(token)
local token_id, token_user, token_host = parse_token(token);
if not token_id then
+ module:log("warn", "Failed to verify access token: %s", token_user);
return nil, "invalid-token-format";
end
if token_host ~= module.host then
return nil, "invalid-host";
end
- return token_store:set(token_user, token_id, nil);
+ local ok, err = token_store:set_key(token_user, token_id, nil);
+ if not ok then
+ return nil, err;
+ end
+ module:fire_event("token-grant-revoked", { id = token_id, username = token_user, host = token_host });
+ return true;
+end
+
+function revoke_grant(username, grant_id)
+ local ok, err = token_store:set_key(username, grant_id, nil);
+ if not ok then return nil, err; end
+ module:fire_event("token-grant-revoked", { id = grant_id, username = username, host = module.host });
+ return true;
+end
+
+function sasl_handler(auth_provider, purpose, extra)
+ return function (sasl, token, realm, _authzid)
+ local token_info, err = get_token_info(token);
+ if not token_info then
+ module:log("debug", "SASL handler failed to verify token: %s", err);
+ return nil, nil, extra;
+ end
+ local token_user, token_host, resource = jid.split(token_info.grant.jid);
+ if realm ~= token_host or (purpose and token_info.purpose ~= purpose) then
+ return nil, nil, extra;
+ end
+ if auth_provider.is_enabled and not auth_provider.is_enabled(token_user) then
+ return true, false, token_info;
+ end
+ sasl.resource = resource;
+ sasl.token_info = token_info;
+ return token_user, true, token_info;
+ end;
end
diff --git a/plugins/mod_tombstones.lua b/plugins/mod_tombstones.lua
index b5a04c9f..275c5d15 100644
--- a/plugins/mod_tombstones.lua
+++ b/plugins/mod_tombstones.lua
@@ -1,14 +1,14 @@
-- TODO warn when trying to create an user before the tombstone expires
-- e.g. via telnet or other admin interface
-local datetime = require "util.datetime";
-local errors = require "util.error";
-local jid_node = require"util.jid".node;
-local st = require "util.stanza";
+local datetime = require "prosody.util.datetime";
+local errors = require "prosody.util.error";
+local jid_node = require"prosody.util.jid".node;
+local st = require "prosody.util.stanza";
-- Using a map store as key-value store so that removal of all user data
-- does not also remove the tombstone, which would defeat the point
local graveyard = module:open_store(nil, "map");
-local graveyard_cache = require "util.cache".new(module:get_option_number("tombstone_cache_size", 1024));
+local graveyard_cache = require "prosody.util.cache".new(module:get_option_number("tombstone_cache_size", 1024));
local ttl = module:get_option_number("user_tombstone_expiry", nil);
-- Keep tombstones forever by default
diff --git a/plugins/mod_turn_external.lua b/plugins/mod_turn_external.lua
index ee50740c..2009002a 100644
--- a/plugins/mod_turn_external.lua
+++ b/plugins/mod_turn_external.lua
@@ -1,4 +1,4 @@
-local set = require "util.set";
+local set = require "prosody.util.set";
local secret = module:get_option_string("turn_external_secret");
local host = module:get_option_string("turn_external_host", module.host);
diff --git a/plugins/mod_uptime.lua b/plugins/mod_uptime.lua
index 8a01fb17..9fbf7612 100644
--- a/plugins/mod_uptime.lua
+++ b/plugins/mod_uptime.lua
@@ -6,7 +6,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local start_time = prosody.start_time;
module:hook_global("server-started", function() start_time = prosody.start_time end);
diff --git a/plugins/mod_user_account_management.lua b/plugins/mod_user_account_management.lua
index 130ed089..3eb9aa58 100644
--- a/plugins/mod_user_account_management.lua
+++ b/plugins/mod_user_account_management.lua
@@ -7,11 +7,11 @@
--
-local st = require "util.stanza";
-local usermanager_set_password = require "core.usermanager".set_password;
-local usermanager_delete_user = require "core.usermanager".delete_user;
-local nodeprep = require "util.encodings".stringprep.nodeprep;
-local jid_bare = require "util.jid".bare;
+local st = require "prosody.util.stanza";
+local usermanager_set_password = require "prosody.core.usermanager".set_password;
+local usermanager_delete_user = require "prosody.core.usermanager".delete_user;
+local nodeprep = require "prosody.util.encodings".stringprep.nodeprep;
+local jid_bare = require "prosody.util.jid".bare;
local compat = module:get_option_boolean("registration_compat", true);
diff --git a/plugins/mod_vcard.lua b/plugins/mod_vcard.lua
index c3d6fb8b..ea6839bb 100644
--- a/plugins/mod_vcard.lua
+++ b/plugins/mod_vcard.lua
@@ -6,8 +6,8 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza"
-local jid_split = require "util.jid".split;
+local st = require "prosody.util.stanza"
+local jid_split = require "prosody.util.jid".split;
local vcards = module:open_store();
diff --git a/plugins/mod_vcard4.lua b/plugins/mod_vcard4.lua
index 04dbca9e..1917f609 100644
--- a/plugins/mod_vcard4.lua
+++ b/plugins/mod_vcard4.lua
@@ -1,5 +1,5 @@
-local st = require "util.stanza"
-local jid_split = require "util.jid".split;
+local st = require "prosody.util.stanza"
+local jid_split = require "prosody.util.jid".split;
local mod_pep = module:depends("pep");
diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua
index 107f20da..eb392309 100644
--- a/plugins/mod_vcard_legacy.lua
+++ b/plugins/mod_vcard_legacy.lua
@@ -1,10 +1,10 @@
-local st = require "util.stanza";
-local jid_split = require "util.jid".split;
+local st = require "prosody.util.stanza";
+local jid_split = require "prosody.util.jid".split;
local mod_pep = module:depends("pep");
-local sha1 = require "util.hashes".sha1;
-local base64_decode = require "util.encodings".base64.decode;
+local sha1 = require "prosody.util.hashes".sha1;
+local base64_decode = require "prosody.util.encodings".base64.decode;
local vcards = module:open_store("vcard");
diff --git a/plugins/mod_version.lua b/plugins/mod_version.lua
index 1d24001c..d9d3844c 100644
--- a/plugins/mod_version.lua
+++ b/plugins/mod_version.lua
@@ -6,7 +6,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
module:add_feature("jabber:iq:version");
@@ -20,7 +20,7 @@ if not module:get_option_boolean("hide_os_type") then
platform = "Windows";
else
local os_version_command = module:get_option_string("os_version_command");
- local ok, pposix = pcall(require, "util.pposix");
+ local ok, pposix = pcall(require, "prosody.util.pposix");
if not os_version_command and (ok and pposix and pposix.uname) then
platform = pposix.uname().sysname;
end
diff --git a/plugins/mod_watchregistrations.lua b/plugins/mod_watchregistrations.lua
index 825b8a73..21025360 100644
--- a/plugins/mod_watchregistrations.lua
+++ b/plugins/mod_watchregistrations.lua
@@ -8,14 +8,14 @@
local host = module:get_host();
-local jid_prep = require "util.jid".prep;
+local jid_prep = require "prosody.util.jid".prep;
local registration_watchers = module:get_option_set("registration_watchers", module:get_option("admins", {})) / jid_prep;
local registration_from = module:get_option_string("registration_from", host);
local registration_notification = module:get_option_string("registration_notification", "User $username just registered on $host from $ip");
local msg_type = module:get_option_string("registration_notification_type", "chat");
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
module:hook("user-registered", function (user)
module:log("debug", "Notifying of new registration");
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index f0caa968..d03a4110 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -8,19 +8,19 @@
module:set_global();
-local add_task = require "util.timer".add_task;
-local add_filter = require "util.filters".add_filter;
-local sha1 = require "util.hashes".sha1;
-local base64 = require "util.encodings".base64.encode;
-local st = require "util.stanza";
-local parse_xml = require "util.xml".parse;
-local contains_token = require "util.http".contains_token;
-local portmanager = require "core.portmanager";
-local sm_destroy_session = require"core.sessionmanager".destroy_session;
+local add_task = require "prosody.util.timer".add_task;
+local add_filter = require "prosody.util.filters".add_filter;
+local sha1 = require "prosody.util.hashes".sha1;
+local base64 = require "prosody.util.encodings".base64.encode;
+local st = require "prosody.util.stanza";
+local parse_xml = require "prosody.util.xml".parse;
+local contains_token = require "prosody.util.http".contains_token;
+local portmanager = require "prosody.core.portmanager";
+local sm_destroy_session = require"prosody.core.sessionmanager".destroy_session;
local log = module._log;
-local dbuffer = require "util.dbuffer";
+local dbuffer = require "prosody.util.dbuffer";
-local websocket_frames = require"net.websocket.frames";
+local websocket_frames = require"prosody.net.websocket.frames";
local parse_frame = websocket_frames.parse;
local build_frame = websocket_frames.build;
local build_close = websocket_frames.build_close;
@@ -370,6 +370,6 @@ function module.add_host(module)
module:hook("c2s-read-timeout", keepalive, -0.9);
end
-if require"core.modulemanager".get_modules_for_host("*"):contains(module.name) then
+if require"prosody.core.modulemanager".get_modules_for_host("*"):contains(module.name) then
module:add_host();
end
diff --git a/plugins/mod_welcome.lua b/plugins/mod_welcome.lua
index f6b13df5..0dd0c069 100644
--- a/plugins/mod_welcome.lua
+++ b/plugins/mod_welcome.lua
@@ -9,7 +9,7 @@
local host = module:get_host();
local welcome_text = module:get_option_string("welcome_message", "Hello $username, welcome to the $host IM server!");
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
module:hook("user-registered",
function (user)
diff --git a/plugins/muc/hats.lib.lua b/plugins/muc/hats.lib.lua
index 358e5100..e1587974 100644
--- a/plugins/muc/hats.lib.lua
+++ b/plugins/muc/hats.lib.lua
@@ -1,4 +1,4 @@
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local muc_util = module:require "muc/util";
local xmlns_hats = "xmpp:prosody.im/protocol/hats:1";
diff --git a/plugins/muc/hidden.lib.lua b/plugins/muc/hidden.lib.lua
index 153df21a..087fa102 100644
--- a/plugins/muc/hidden.lib.lua
+++ b/plugins/muc/hidden.lib.lua
@@ -8,7 +8,7 @@
--
local restrict_public = not module:get_option_boolean("muc_room_allow_public", true);
-local um_is_admin = require "core.usermanager".is_admin;
+module:default_permission(restrict_public and "prosody:admin" or "prosody:user", ":create-public-room");
local function get_hidden(room)
return room._data.hidden;
@@ -22,8 +22,8 @@ local function set_hidden(room, hidden)
end
module:hook("muc-config-form", function(event)
- if restrict_public and not um_is_admin(event.actor, module.host) then
- -- Don't show option if public rooms are restricted and user is not admin of this host
+ if not module:may(":create-public-room", event.actor) then
+ -- Hide config option if this user is not allowed to create public rooms
return;
end
table.insert(event.form, {
@@ -36,7 +36,7 @@ module:hook("muc-config-form", function(event)
end, 100-9);
module:hook("muc-config-submitted/muc#roomconfig_publicroom", function(event)
- if restrict_public and not um_is_admin(event.actor, module.host) then
+ if not module:may(":create-public-room", event.actor) then
return; -- Not allowed
end
if set_hidden(event.room, not event.value) then
diff --git a/plugins/muc/history.lib.lua b/plugins/muc/history.lib.lua
index 075b1890..9fad4721 100644
--- a/plugins/muc/history.lib.lua
+++ b/plugins/muc/history.lib.lua
@@ -8,8 +8,8 @@
--
local gettime = os.time;
-local datetime = require "util.datetime";
-local st = require "util.stanza";
+local datetime = require "prosody.util.datetime";
+local st = require "prosody.util.stanza";
local default_history_length = 20;
local max_history_length = module:get_option_number("max_history_messages", math.huge);
diff --git a/plugins/muc/lock.lib.lua b/plugins/muc/lock.lib.lua
index 32f2647b..27264816 100644
--- a/plugins/muc/lock.lib.lua
+++ b/plugins/muc/lock.lib.lua
@@ -7,7 +7,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local lock_rooms = module:get_option_boolean("muc_room_locking", true);
local lock_room_timeout = module:get_option_number("muc_room_lock_timeout", 300);
diff --git a/plugins/muc/members_only.lib.lua b/plugins/muc/members_only.lib.lua
index b10dc120..4f4e88fa 100644
--- a/plugins/muc/members_only.lib.lua
+++ b/plugins/muc/members_only.lib.lua
@@ -7,7 +7,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local muc_util = module:require "muc/util";
local valid_affiliations = muc_util.valid_affiliations;
diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua
index 5873b1a2..0d216588 100644
--- a/plugins/muc/mod_muc.lua
+++ b/plugins/muc/mod_muc.lua
@@ -89,18 +89,17 @@ room_mt.handle_register_iq = register.handle_register_iq;
local presence_broadcast = module:require "muc/presence_broadcast";
room_mt.get_presence_broadcast = presence_broadcast.get;
room_mt.set_presence_broadcast = presence_broadcast.set;
-room_mt.get_valid_broadcast_roles = presence_broadcast.get_valid_broadcast_roles;
+room_mt.get_valid_broadcast_roles = presence_broadcast.get_valid_broadcast_roles; -- FIXME doesn't exist in the library
local occupant_id = module:require "muc/occupant_id";
room_mt.get_salt = occupant_id.get_room_salt;
room_mt.get_occupant_id = occupant_id.get_occupant_id;
-local jid_split = require "util.jid".split;
-local jid_prep = require "util.jid".prep;
-local jid_bare = require "util.jid".bare;
-local st = require "util.stanza";
-local cache = require "util.cache";
-local um_is_admin = require "core.usermanager".is_admin;
+local jid_split = require "prosody.util.jid".split;
+local jid_prep = require "prosody.util.jid".prep;
+local jid_bare = require "prosody.util.jid".bare;
+local st = require "prosody.util.stanza";
+local cache = require "prosody.util.cache";
module:require "muc/config_form_sections";
@@ -111,21 +110,23 @@ module:depends "muc_unique"
module:require "muc/hats";
module:require "muc/lock";
-local function is_admin(jid)
- return um_is_admin(jid, module.host);
-end
+module:default_permissions("prosody:admin", {
+ ":automatic-ownership";
+ ":create-room";
+ ":recreate-destroyed-room";
+});
if module:get_option_boolean("component_admins_as_room_owners", true) then
-- Monkey patch to make server admins room owners
local _get_affiliation = room_mt.get_affiliation;
function room_mt:get_affiliation(jid)
- if is_admin(jid) then return "owner"; end
+ if module:may(":automatic-ownership", jid) then return "owner"; end
return _get_affiliation(self, jid);
end
local _set_affiliation = room_mt.set_affiliation;
function room_mt:set_affiliation(actor, jid, affiliation, reason, data)
- if affiliation ~= "owner" and is_admin(jid) then return nil, "modify", "not-acceptable"; end
+ if affiliation ~= "owner" and module:may(":automatic-ownership", jid) then return nil, "modify", "not-acceptable"; end
return _set_affiliation(self, actor, jid, affiliation, reason, data);
end
end
@@ -412,26 +413,15 @@ if module:get_option_boolean("muc_tombstones", true) then
end, -10);
end
-do
- local restrict_room_creation = module:get_option("restrict_room_creation");
- if restrict_room_creation == true then
- restrict_room_creation = "admin";
- end
- if restrict_room_creation then
- local host_suffix = module.host:gsub("^[^%.]+%.", "");
- module:hook("muc-room-pre-create", function(event)
- local origin, stanza = event.origin, event.stanza;
- local user_jid = stanza.attr.from;
- if not is_admin(user_jid) and not (
- restrict_room_creation == "local" and
- select(2, jid_split(user_jid)) == host_suffix
- ) then
- origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host));
- return true;
- end
- end);
+local restrict_room_creation = module:get_option("restrict_room_creation");
+module:default_permission(restrict_room_creation == true and "prosody:admin" or "prosody:user", ":create-room");
+module:hook("muc-room-pre-create", function(event)
+ local origin, stanza = event.origin, event.stanza;
+ if restrict_room_creation ~= false and not module:may(":create-room", event) then
+ origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host));
+ return true;
end
-end
+end);
for event_name, method in pairs {
-- Normal room interactions
@@ -465,7 +455,7 @@ for event_name, method in pairs {
if room and room._data.destroyed then
if room._data.locked < os.time()
- or (is_admin(stanza.attr.from) and stanza.name == "presence" and stanza.attr.type == nil) then
+ or (module:may(":recreate-destroyed-room", event) and stanza.name == "presence" and stanza.attr.type == nil) then
-- Allow the room to be recreated by admin or after time has passed
delete_room(room);
room = nil;
@@ -516,10 +506,10 @@ do -- Ad-hoc commands
module:depends "adhoc";
local t_concat = table.concat;
local adhoc_new = module:require "adhoc".new;
- local adhoc_initial = require "util.adhoc".new_initial_data_form;
- local adhoc_simple = require "util.adhoc".new_simple_form;
- local array = require "util.array";
- local dataforms_new = require "util.dataforms".new;
+ local adhoc_initial = require "prosody.util.adhoc".new_initial_data_form;
+ local adhoc_simple = require "prosody.util.adhoc".new_simple_form;
+ local array = require "prosody.util.array";
+ local dataforms_new = require "prosody.util.dataforms".new;
local destroy_rooms_layout = dataforms_new {
title = "Destroy rooms";
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua
index 01427dbe..76b722ba 100644
--- a/plugins/muc/muc.lib.lua
+++ b/plugins/muc/muc.lib.lua
@@ -12,18 +12,18 @@ local pairs = pairs;
local next = next;
local setmetatable = setmetatable;
-local dataform = require "util.dataforms";
-local iterators = require "util.iterators";
-local jid_split = require "util.jid".split;
-local jid_bare = require "util.jid".bare;
-local jid_prep = require "util.jid".prep;
-local jid_join = require "util.jid".join;
-local jid_resource = require "util.jid".resource;
-local resourceprep = require "util.encodings".stringprep.resourceprep;
-local st = require "util.stanza";
-local base64 = require "util.encodings".base64;
-local hmac_sha256 = require "util.hashes".hmac_sha256;
-local new_id = require "util.id".medium;
+local dataform = require "prosody.util.dataforms";
+local iterators = require "prosody.util.iterators";
+local jid_split = require "prosody.util.jid".split;
+local jid_bare = require "prosody.util.jid".bare;
+local jid_prep = require "prosody.util.jid".prep;
+local jid_join = require "prosody.util.jid".join;
+local jid_resource = require "prosody.util.jid".resource;
+local resourceprep = require "prosody.util.encodings".stringprep.resourceprep;
+local st = require "prosody.util.stanza";
+local base64 = require "prosody.util.encodings".base64;
+local hmac_sha256 = require "prosody.util.hashes".hmac_sha256;
+local new_id = require "prosody.util.id".medium;
local log = module._log;
diff --git a/plugins/muc/occupant.lib.lua b/plugins/muc/occupant.lib.lua
index 8fe4bbdf..a7d9cef7 100644
--- a/plugins/muc/occupant.lib.lua
+++ b/plugins/muc/occupant.lib.lua
@@ -1,6 +1,6 @@
local pairs = pairs;
local setmetatable = setmetatable;
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local util = module:require "muc/util";
local function get_filtered_presence(stanza)
diff --git a/plugins/muc/occupant_id.lib.lua b/plugins/muc/occupant_id.lib.lua
index 1d310b3d..b1081c9b 100644
--- a/plugins/muc/occupant_id.lib.lua
+++ b/plugins/muc/occupant_id.lib.lua
@@ -4,9 +4,9 @@
-- (C) 2020 Maxime “pep” Buquet <pep@bouah.net>
-- (C) 2020 Matthew Wild <mwild1@gmail.com>
-local uuid = require "util.uuid";
-local hmac_sha256 = require "util.hashes".hmac_sha256;
-local b64encode = require "util.encodings".base64.encode;
+local uuid = require "prosody.util.uuid";
+local hmac_sha256 = require "prosody.util.hashes".hmac_sha256;
+local b64encode = require "prosody.util.encodings".base64.encode;
local xmlns_occupant_id = "urn:xmpp:occupant-id:0";
diff --git a/plugins/muc/password.lib.lua b/plugins/muc/password.lib.lua
index dd3cb658..9d3c0cca 100644
--- a/plugins/muc/password.lib.lua
+++ b/plugins/muc/password.lib.lua
@@ -7,7 +7,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local function get_password(room)
return room._data.password;
diff --git a/plugins/muc/persistent.lib.lua b/plugins/muc/persistent.lib.lua
index c3b16ea4..4c753921 100644
--- a/plugins/muc/persistent.lib.lua
+++ b/plugins/muc/persistent.lib.lua
@@ -8,7 +8,10 @@
--
local restrict_persistent = not module:get_option_boolean("muc_room_allow_persistent", true);
-local um_is_admin = require "core.usermanager".is_admin;
+module:default_permission(
+ restrict_persistent and "prosody:admin" or "prosody:user",
+ ":create-persistent-room"
+);
local function get_persistent(room)
return room._data.persistent;
@@ -22,8 +25,8 @@ local function set_persistent(room, persistent)
end
module:hook("muc-config-form", function(event)
- if restrict_persistent and not um_is_admin(event.actor, module.host) then
- -- Don't show option if hidden rooms are restricted and user is not admin of this host
+ if not module:may(":create-persistent-room", event.actor) then
+ -- Hide config option if this user is not allowed to create persistent rooms
return;
end
table.insert(event.form, {
@@ -36,7 +39,7 @@ module:hook("muc-config-form", function(event)
end, 100-5);
module:hook("muc-config-submitted/muc#roomconfig_persistentroom", function(event)
- if restrict_persistent and not um_is_admin(event.actor, module.host) then
+ if not module:may(":create-persistent-room", event.actor) then
return; -- Not allowed
end
if set_persistent(event.room, event.value) then
diff --git a/plugins/muc/presence_broadcast.lib.lua b/plugins/muc/presence_broadcast.lib.lua
index 82a89fee..721c47aa 100644
--- a/plugins/muc/presence_broadcast.lib.lua
+++ b/plugins/muc/presence_broadcast.lib.lua
@@ -7,7 +7,7 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
+local st = require "prosody.util.stanza";
local valid_roles = { "none", "visitor", "participant", "moderator" };
local default_broadcast = {
diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua
index 84045f33..24ae7153 100644
--- a/plugins/muc/register.lib.lua
+++ b/plugins/muc/register.lib.lua
@@ -1,8 +1,8 @@
-local jid_bare = require "util.jid".bare;
-local jid_resource = require "util.jid".resource;
-local resourceprep = require "util.encodings".stringprep.resourceprep;
-local st = require "util.stanza";
-local dataforms = require "util.dataforms";
+local jid_bare = require "prosody.util.jid".bare;
+local jid_resource = require "prosody.util.jid".resource;
+local resourceprep = require "prosody.util.encodings".stringprep.resourceprep;
+local st = require "prosody.util.stanza";
+local dataforms = require "prosody.util.dataforms";
local allow_unaffiliated = module:get_option_boolean("allow_unaffiliated_register", false);
diff --git a/plugins/muc/request.lib.lua b/plugins/muc/request.lib.lua
index 4e95fdc3..f3786595 100644
--- a/plugins/muc/request.lib.lua
+++ b/plugins/muc/request.lib.lua
@@ -7,14 +7,14 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
-local jid_resource = require "util.jid".resource;
+local st = require "prosody.util.stanza";
+local jid_resource = require "prosody.util.jid".resource;
module:hook("muc-disco#info", function(event)
event.reply:tag("feature", {var = "http://jabber.org/protocol/muc#request"}):up();
end);
-local voice_request_form = require "util.dataforms".new({
+local voice_request_form = require "prosody.util.dataforms".new({
title = "Voice Request";
{
name = "FORM_TYPE";
diff --git a/plugins/muc/subject.lib.lua b/plugins/muc/subject.lib.lua
index 3230817c..047ea2df 100644
--- a/plugins/muc/subject.lib.lua
+++ b/plugins/muc/subject.lib.lua
@@ -7,8 +7,8 @@
-- COPYING file in the source package for more information.
--
-local st = require "util.stanza";
-local dt = require "util.datetime";
+local st = require "prosody.util.stanza";
+local dt = require "prosody.util.datetime";
local muc_util = module:require "muc/util";
local valid_roles = muc_util.valid_roles;