7 files changed, 282 insertions, 28 deletions

diff --git a/util/filters.lua b/util/filters.lua
new file mode 100644
index 00000000..0ac4cb56
--- /dev/null
+++ b/util/filters.lua
@@ -0,0 +1,68 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+-- 
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+local t_insert, t_remove = table.insert, table.remove;
+
+module "filters"
+
+function initialize(session)
+	if not session.filters then
+		local filters = {};
+		session.filters = filters;
+		
+		function session.filter(type, data)
+			local filter_list = filters[type];
+			if filter_list then
+				for i = 1, #filter_list do
+					data = filter_list[i](data);
+					if data == nil then break; end
+				end
+			end
+			return data;
+		end
+	end
+	return session.filter;
+end
+
+function add_filter(session, type, callback, priority)
+	if not session.filters then
+		initialize(session);
+	end
+	
+	local filter_list = session.filters[type];
+	if not filter_list then
+		filter_list = {};
+		session.filters[type] = filter_list;
+	end
+	
+	priority = priority or 0;
+	
+	local i = 0;
+	repeat
+		i = i + 1;
+	until not filter_list[i] or filter_list[filter_list[i]] >= priority;
+	
+	t_insert(filter_list, i, callback);
+	filter_list[callback] = priority;
+end
+
+function remove_filter(session, type, callback)
+	if not session.filters then return; end
+	local filter_list = session.filters[type];
+	if filter_list and filter_list[callback] then
+		for i=1, #filter_list do
+			if filter_list[i] == callback then
+				t_remove(filter_list, i);
+				filter_list[callback] = nil;
+				return true;
+			end
+		end
+	end
+end
+
+return _M;
\ No newline at end of file
diff --git a/util/prosodyctl.lua b/util/prosodyctl.lua
index 04d58d1d..1be67883 100644
--- a/util/prosodyctl.lua
+++ b/util/prosodyctl.lua
@@ -21,6 +21,8 @@ local tostring, tonumber = tostring, tonumber;
 
 local CFG_SOURCEDIR = _G.CFG_SOURCEDIR;
 
+local prosody = prosody;
+
 module "prosodyctl"
 
 function adduser(params)
@@ -30,6 +32,11 @@ function adduser(params)
 	elseif not host then
 		return false, "invalid-hostname";
 	end
+
+	local provider = prosody.hosts[host].users;
+	if not(provider) or provider.name == "null" then
+		usermanager.initialize_host(host);
+	end
 	
 	local ok = usermanager.create_user(user, password, host);
 	if not ok then
@@ -39,6 +46,11 @@ function adduser(params)
 end
 
 function user_exists(params)
+	local provider = prosody.hosts[host].users;
+	if not(provider) or provider.name == "null" then
+		usermanager.initialize_host(host);
+	end
+	
 	return usermanager.user_exists(params.user, params.host);
 end
 
diff --git a/util/sasl.lua b/util/sasl.lua
index 306acc0c..c9225f0d 100644
--- a/util/sasl.lua
+++ b/util/sasl.lua
@@ -108,11 +108,8 @@ function method:select(mechanism)
 		return false;
 	end
 	
-	self.mech_i = mechanisms[mechanism]
-	if self.mech_i == nil then 
-		return false;
-	end
-	return true;
+	self.mech_i = mechanisms[mechanism];
+	return (self.mech_i ~= nil);
 end
 
 -- feed new messages to process into the library
diff --git a/util/sasl/anonymous.lua b/util/sasl/anonymous.lua
index 7b5a5081..6e6f0949 100644
--- a/util/sasl/anonymous.lua
+++ b/util/sasl/anonymous.lua
@@ -20,12 +20,22 @@ module "anonymous"
 
 --=========================
 --SASL ANONYMOUS according to RFC 4505
+
+--[[
+Supported Authentication Backends
+
+anonymous:
+	function(username, realm)
+		return true; --for normal usage just return true; if you don't like the supplied username you can return false.
+	end
+]]
+
 local function anonymous(self, message)
 	local username;
 	repeat
 		username = generate_uuid();
 	until self.profile.anonymous(username, self.realm);
-	self["username"] = username;
+	self.username = username;
 	return "success"
 end
 
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 39821182..1a2ba01e 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -29,7 +29,7 @@ plain:
 	end
 
 plain_test:
-	function(username, realm, password)
+	function(username, password, realm)
 		return true or false, state;
 	end
 ]]
@@ -58,9 +58,9 @@ local function plain(self, message)
 	if self.profile.plain then
 		local correct_password;
 		correct_password, state = self.profile.plain(authentication, self.realm);
-		if correct_password == password then correct = true; else correct = false; end
+		correct = (correct_password == password);
 	elseif self.profile.plain_test then
-		correct, state = self.profile.plain_test(authentication, self.realm, password);
+		correct, state = self.profile.plain_test(authentication, password, self.realm);
 	end
 
 	self.username = authentication
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 1340423c..63f6f2fe 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -35,7 +35,7 @@ Supported Authentication Backends
 scram_{MECH}:
 	-- MECH being a standard hash name (like those at IANA's hash registry) with '-' replaced with '_'
 	function(username, realm)
-		return salted_password, iteration_count, salt, state;
+		return stored_key, server_key, iteration_count, salt, state;
 	end
 ]]
 
@@ -93,22 +93,21 @@ local function validate_username(username)
 	return username;
 end
 
-local function hashprep( hashname ) 
-	local hash = hashname:lower()
-	hash = hash:gsub("-", "_")
-	return hash
+local function hashprep(hashname)
+	return hashname:lower():gsub("-", "_");
 end
 
-function saltedPasswordSHA1(password, salt, iteration_count)
-	local salted_password
+function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
 	if type(password) ~= "string" or type(salt) ~= "string" or type(iteration_count) ~= "number" then
 		return false, "inappropriate argument types"
 	end
 	if iteration_count < 4096 then
 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 	end
-
-	return true, Hi(hmac_sha1, password, salt, iteration_count);
+	local salted_password = Hi(hmac_sha1, password, salt, iteration_count);
+	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
+	local server_key = hmac_sha1(salted_password, "Server Key");
+	return true, stored_key, server_key
 end
 
 local function scram_gen(hash_name, H_f, HMAC_f)
@@ -158,17 +157,18 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				self.state.iteration_count = default_i;
 
 				local succ = false;
-				succ, self.state.salted_password = saltedPasswordSHA1(password, self.state.salt, default_i, self.state.iteration_count);
+				succ, self.state.stored_key, self.state.server_key = getAuthenticationDatabaseSHA1(password, self.state.salt, default_i, self.state.iteration_count);
 				if not succ then
-					log("error", "Generating salted password failed. Reason: %s", self.state.salted_password);
+					log("error", "Generating authentication database failed. Reason: %s", self.state.stored_key);
 					return "failure", "temporary-auth-failure";
 				end
 			elseif self.profile["scram_"..hashprep(hash_name)] then
-				local salted_password, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
+				local stored_key, server_key, iteration_count, salt, state = self.profile["scram_"..hashprep(hash_name)](self.state.name, self.realm);
 				if state == nil then return "failure", "not-authorized"
 				elseif state == false then return "failure", "account-disabled" end
 				
-				self.state.salted_password = salted_password;
+				self.state.stored_key = stored_key;
+				self.state.server_key = server_key;
 				self.state.iteration_count = iteration_count;
 				self.state.salt = salt
 			end
@@ -190,16 +190,15 @@ local function scram_gen(hash_name, H_f, HMAC_f)
 				return "failure", "malformed-request", "Wrong nonce in client-final-message.";
 			end
 			
-			local SaltedPassword = self.state.salted_password;
-			local ClientKey = HMAC_f(SaltedPassword, "Client Key")
-			local ServerKey = HMAC_f(SaltedPassword, "Server Key")
-			local StoredKey = H_f(ClientKey)
+			local ServerKey = self.state.server_key;
+			local StoredKey = self.state.stored_key;
+			
 			local AuthMessage = "n=" .. s_match(self.state.client_first_message,"n=(.+)") .. "," .. self.state.server_first_message .. "," .. s_match(client_final_message, "(.+),p=.+")
 			local ClientSignature = HMAC_f(StoredKey, AuthMessage)
-			local ClientProof     = binaryXOR(ClientKey, ClientSignature)
+			local ClientKey = binaryXOR(ClientSignature, base64.decode(self.state.proof))
 			local ServerSignature = HMAC_f(ServerKey, AuthMessage)
 
-			if base64.encode(ClientProof) == self.state.proof then
+			if StoredKey == H_f(ClientKey) then
 				local server_final_message = "v="..base64.encode(ServerSignature);
 				self["username"] = self.state.name;
 				return "success", server_final_message;
diff --git a/util/xmppstream.lua b/util/xmppstream.lua
new file mode 100644
index 00000000..ed5395b5
--- /dev/null
+++ b/util/xmppstream.lua
@@ -0,0 +1,168 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+-- 
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+
+local lxp = require "lxp";
+local st = require "util.stanza";
+
+local tostring = tostring;
+local t_insert = table.insert;
+local t_concat = table.concat;
+
+local default_log = require "util.logger".init("xmlhandlers");
+
+local error = error;
+
+module "xmppstream"
+
+local new_parser = lxp.new;
+
+local ns_prefixes = {
+	["http://www.w3.org/XML/1998/namespace"] = "xml";
+};
+
+local xmlns_streams = "http://etherx.jabber.org/streams";
+
+local ns_separator = "\1";
+local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$";
+
+function new_sax_handlers(session, stream_callbacks)
+	local xml_handlers = {};
+	
+	local log = session.log or default_log;
+	
+	local cb_streamopened = stream_callbacks.streamopened;
+	local cb_streamclosed = stream_callbacks.streamclosed;
+	local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end;
+	local cb_handlestanza = stream_callbacks.handlestanza;
+	
+	local stream_ns = stream_callbacks.stream_ns or xmlns_streams;
+	local stream_tag = stream_ns..ns_separator..(stream_callbacks.stream_tag or "stream");
+	local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error");
+	
+	local stream_default_ns = stream_callbacks.default_ns;
+	
+	local chardata, stanza = {};
+	function xml_handlers:StartElement(tagname, attr)
+		if stanza and #chardata > 0 then
+			-- We have some character data in the buffer
+			stanza:text(t_concat(chardata));
+			chardata = {};
+		end
+		local curr_ns,name = tagname:match(ns_pattern);
+		if name == "" then
+			curr_ns, name = "", curr_ns;
+		end
+
+		if curr_ns ~= stream_default_ns then
+			attr.xmlns = curr_ns;
+		end
+		
+		-- FIXME !!!!!
+		for i=1,#attr do
+			local k = attr[i];
+			attr[i] = nil;
+			local ns, nm = k:match(ns_pattern);
+			if nm ~= "" then
+				ns = ns_prefixes[ns]; 
+				if ns then 
+					attr[ns..":"..nm] = attr[k];
+					attr[k] = nil;
+				end
+			end
+		end
+		
+		if not stanza then --if we are not currently inside a stanza
+			if session.notopen then
+				if tagname == stream_tag then
+					if cb_streamopened then
+						cb_streamopened(session, attr);
+					end
+				else
+					-- Garbage before stream?
+					cb_error(session, "no-stream");
+				end
+				return;
+			end
+			if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
+				cb_error(session, "invalid-top-level-element");
+			end
+			
+			stanza = st.stanza(name, attr);
+		else -- we are inside a stanza, so add a tag
+			attr.xmlns = nil;
+			if curr_ns ~= stream_default_ns then
+				attr.xmlns = curr_ns;
+			end
+			stanza:tag(name, attr);
+		end
+	end
+	function xml_handlers:CharacterData(data)
+		if stanza then
+			t_insert(chardata, data);
+		end
+	end
+	function xml_handlers:EndElement(tagname)
+		if stanza then
+			if #chardata > 0 then
+				-- We have some character data in the buffer
+				stanza:text(t_concat(chardata));
+				chardata = {};
+			end
+			-- Complete stanza
+			if #stanza.last_add == 0 then
+				if tagname ~= stream_error_tag then
+					cb_handlestanza(session, stanza);
+				else
+					cb_error(session, "stream-error", stanza);
+				end
+				stanza = nil;
+			else
+				stanza:up();
+			end
+		else
+			if tagname == stream_tag then
+				if cb_streamclosed then
+					cb_streamclosed(session);
+				end
+			else
+				local curr_ns,name = tagname:match(ns_pattern);
+				if name == "" then
+					curr_ns, name = "", curr_ns;
+				end
+				cb_error(session, "parse-error", "unexpected-element-close", name);
+			end
+			stanza, chardata = nil, {};
+		end
+	end
+	
+	local function reset()
+		stanza, chardata = nil, {};
+	end
+	
+	return xml_handlers, { reset = reset };
+end
+
+function new(session, stream_callbacks)
+	local handlers, meta = new_sax_handlers(session, stream_callbacks);
+	local parser = new_parser(handlers, ns_separator);
+	local parse = parser.parse;
+
+	return {
+		reset = function ()
+			parser = new_parser(handlers, ns_separator);
+			parse = parser.parse;
+			meta.reset();
+		end,
+		feed = function (self, data)
+			return parse(parser, data);
+		end
+	};
+end
+
+return _M;