From 2a701f2d8b5b024bccbe10ebfcb0e4f1f3ffddf2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 1 Nov 2018 23:58:41 +0100 Subject: mod_pep: Remove incorrect features advertised on the bare host --- plugins/mod_pep.lua | 3 --- 1 file changed, 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 1d8c55bf..cb775fb5 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -250,9 +250,6 @@ end module:hook("iq/bare/"..xmlns_pubsub..":pubsub", handle_pubsub_iq); module:hook("iq/bare/"..xmlns_pubsub_owner..":pubsub", handle_pubsub_iq); -module:add_identity("pubsub", "pep", module:get_option_string("name", "Prosody")); -module:add_feature("http://jabber.org/protocol/pubsub#publish"); - local function get_caps_hash_from_presence(stanza, current) local t = stanza.attr.type; if not t then -- cgit v1.2.3 From eb0947ba4f77172073a21be7c20e17e5f016c203 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 10 Nov 2018 15:50:32 +0100 Subject: MUC: Fix spelling in comments --- plugins/muc/muc.lib.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 4060535a..d9fa37f5 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -39,7 +39,7 @@ function room_mt:__tostring() end function room_mt.save() - -- overriden by mod_muc.lua + -- overridden by mod_muc.lua end function room_mt:get_occupant_jid(real_jid) @@ -279,7 +279,7 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason) self_p = st.clone(base_presence):add_child(self_x); end - -- General populance + -- General populace for occupant_nick, n_occupant in self:each_occupant() do if occupant_nick ~= occupant.nick then local pr; @@ -609,7 +609,7 @@ function room_mt:handle_normal_presence(origin, stanza) x:tag("status", {code = "303";}):up(); x:tag("status", {code = "110";}):up(); self:route_stanza(generated_unavail:add_child(x)); - dest_nick = nil; -- set dest_nick to nil; so general populance doesn't see it for whole orig_occupant + dest_nick = nil; -- set dest_nick to nil; so general populace doesn't see it for whole orig_occupant end end @@ -966,7 +966,7 @@ function room_mt:handle_admin_query_get_command(origin, stanza) local _aff_rank = valid_affiliations[_aff or "none"]; local _rol = item.attr.role; if _aff and _aff_rank and not _rol then - -- You need to be at least an admin, and be requesting info about your affifiliation or lower + -- You need to be at least an admin, and be requesting info about your affiliation or lower -- e.g. an admin can't ask for a list of owners local affiliation_rank = valid_affiliations[affiliation or "none"]; if (affiliation_rank >= valid_affiliations.admin and affiliation_rank >= _aff_rank) @@ -1291,7 +1291,7 @@ function room_mt:set_affiliation(actor, jid, affiliation, reason, data) -- Outcast can be by host. is_host_only and affiliation == "outcast" and select(2, jid_split(occupant.bare_jid)) == host ) then - -- need to publcize in all cases; as affiliation in has changed. + -- need to publicize in all cases; as affiliation in has changed. occupants_updated[occupant] = occupant.role; if occupant.role ~= role and ( is_downgrade or -- cgit v1.2.3 From cf22878c983c7ebd6cf2a6bef90ed44b7295298d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 27 Nov 2018 17:01:47 +0100 Subject: MUC: Move check for explicit room join earlier in room creation flow --- plugins/muc/mod_muc.lua | 2 +- plugins/muc/muc.lib.lua | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 954bae92..89e67744 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -453,7 +453,7 @@ for event_name, method in pairs { if room == nil then -- Watch presence to create rooms - if stanza.attr.type == nil and stanza.name == "presence" then + if stanza.attr.type == nil and stanza.name == "presence" and stanza:get_child("x", "http://jabber.org/protocol/muc") then room = muclib.new_room(room_jid); return room:handle_first_presence(origin, stanza); elseif stanza.attr.type ~= "error" then diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 96f58023..0009e9b2 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -428,13 +428,6 @@ module:hook("muc-occupant-pre-change", function(event) end, 1); function room_mt:handle_first_presence(origin, stanza) - if not stanza:get_child("x", "http://jabber.org/protocol/muc") then - module:log("debug", "Room creation without , possibly desynced"); - - origin.send(st.error_reply(stanza, "cancel", "item-not-found")); - return true; - end - local real_jid = stanza.attr.from; local dest_jid = stanza.attr.to; local bare_jid = jid_bare(real_jid); -- cgit v1.2.3 From 3836d03c37dbd7f3dcd07eb68dab3ca5f0290329 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 1 Dec 2018 22:13:24 +0000 Subject: rostermanager, mod_presence: Store stanza for incoming subscription requests (fixes #689) (thanks Zash, Ge0rG) --- plugins/mod_presence.lua | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 5056a3a3..51254c63 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -80,8 +80,10 @@ function handle_normal_presence(origin, stanza) res.presence.attr.to = nil; end end - for jid in pairs(roster[false].pending) do -- resend incoming subscription requests - origin.send(st.presence({type="subscribe", from=jid})); -- TODO add to attribute? Use original? + for jid, pending_request in pairs(roster[false].pending) do -- resend incoming subscription requests + local subscribe = st.clone(st.deserialize(pending_request)); + subscribe.attr.type, subscribe.attr.from = "subscribe", jid; + origin.send(subscribe); end local request = st.presence({type="subscribe", from=origin.username.."@"..origin.host}); for jid, item in pairs(roster) do -- resend outgoing subscription requests @@ -225,7 +227,7 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b else core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- acknowledging receipt if not rostermanager.is_contact_pending_in(node, host, from_bare) then - if rostermanager.set_contact_pending_in(node, host, from_bare) then + if rostermanager.set_contact_pending_in(node, host, from_bare, stanza) then sessionmanager.send_to_available_resources(node, host, stanza); end -- TODO else return error, unable to save end -- cgit v1.2.3 From c083a55ca54508f51320cc412c544c481ba25fd1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 2 Dec 2018 17:20:44 +0100 Subject: mod_presence: Remove unnecessary stanza clone call --- plugins/mod_presence.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 51254c63..1ea837e8 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -81,7 +81,7 @@ function handle_normal_presence(origin, stanza) end end for jid, pending_request in pairs(roster[false].pending) do -- resend incoming subscription requests - local subscribe = st.clone(st.deserialize(pending_request)); + local subscribe = st.deserialize(pending_request); subscribe.attr.type, subscribe.attr.from = "subscribe", jid; origin.send(subscribe); end -- cgit v1.2.3 From e3d678dd679de143a9dd46fa77360f4874ecdf60 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 2 Dec 2018 17:22:26 +0100 Subject: mod_presence: Handle older boolean subscription request data (thanks Martin) --- plugins/mod_presence.lua | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index 1ea837e8..5aed5854 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -81,9 +81,13 @@ function handle_normal_presence(origin, stanza) end end for jid, pending_request in pairs(roster[false].pending) do -- resend incoming subscription requests - local subscribe = st.deserialize(pending_request); - subscribe.attr.type, subscribe.attr.from = "subscribe", jid; - origin.send(subscribe); + if type(pending_request) == "table" then + local subscribe = st.deserialize(pending_request); + subscribe.attr.type, subscribe.attr.from = "subscribe", jid; + origin.send(subscribe); + else + origin.send(st.presence({type="subscribe", from=jid})); + end end local request = st.presence({type="subscribe", from=origin.username.."@"..origin.host}); for jid, item in pairs(roster) do -- resend outgoing subscription requests -- cgit v1.2.3 From c250892998c3734ed355b60ff3975279eaef7a9d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 4 Dec 2018 19:49:31 +0100 Subject: MUC/subject: Don't consider messages with or (fixes #667) --- plugins/muc/subject.lib.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/subject.lib.lua b/plugins/muc/subject.lib.lua index 938abf61..c8b99cc7 100644 --- a/plugins/muc/subject.lib.lua +++ b/plugins/muc/subject.lib.lua @@ -94,6 +94,12 @@ module:hook("muc-occupant-groupchat", function(event) local stanza = event.stanza; local subject = stanza:get_child("subject"); if subject then + if stanza:get_child("body") or stanza:get_child("thread") then + -- Note: A message with a and a or a and + -- a is a legitimate message, but it SHALL NOT be interpreted + -- as a subject change. + return; + end local room = event.room; local occupant = event.occupant; -- Role check for subject changes -- cgit v1.2.3 From 2b289f34f929a69424a22bb0de3b668a58ba80cd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 8 Dec 2018 17:09:55 +0100 Subject: various: Don't rely on _G.unpack existing --- plugins/mod_admin_telnet.lua | 1 + plugins/mod_pep_simple.lua | 1 + plugins/mod_storage_sql.lua | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 1cbe27a4..8a3508db 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -22,6 +22,7 @@ local prosody = _G.prosody; local console_listener = { default_port = 5582; default_mode = "*a"; interface = "127.0.0.1" }; +local unpack = table.unpack or unpack; -- luacheck: ignore 113 local iterators = require "util.iterators"; local keys, values = iterators.keys, iterators.values; local jid_bare, jid_split, jid_join = import("util.jid", "bare", "prepped_split", "join"); diff --git a/plugins/mod_pep_simple.lua b/plugins/mod_pep_simple.lua index f0b5d7ef..f91e5448 100644 --- a/plugins/mod_pep_simple.lua +++ b/plugins/mod_pep_simple.lua @@ -14,6 +14,7 @@ local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed local pairs = pairs; local next = next; local type = type; +local unpack = table.unpack or unpack; -- luacheck: ignore 113 local calculate_hash = require "util.caps".calculate_hash; local core_post_stanza = prosody.core_post_stanza; local bare_sessions = prosody.bare_sessions; diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 56cef569..5c0c0208 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -11,7 +11,7 @@ local is_stanza = require"util.stanza".is_stanza; local t_concat = table.concat; local noop = function() end -local unpack = table.unpack or unpack; +local unpack = table.unpack or unpack; -- luacheck: ignore 113 local function iterator(result) return function(result_) local row = result_(); -- cgit v1.2.3 From 738a1171dc1415544b2289591578670333250d9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Tue, 18 Dec 2018 20:23:33 +0000 Subject: admin_telnet: show when bidi is used on s2s --- plugins/mod_admin_telnet.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 8a3508db..63136d63 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -521,6 +521,9 @@ local function session_flags(session, line) if session.remote then line[#line+1] = "(remote)"; end + if session.is_bidi then + line[#line+1] = "(bidi)"; + end return table.concat(line, " "); end -- cgit v1.2.3 From 5b8df5ea61bf95400c856a65a9e7e24c45bbc17b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 02:50:22 +0100 Subject: mod_pubsub: Add semicolon (code style) --- plugins/mod_pubsub/mod_pubsub.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 40adcafe..1edc721b 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -73,7 +73,7 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj) local msg_type = node_obj and node_obj.config.message_type or "headline"; local message = st.message({ from = module.host, type = msg_type, id = id }) :tag("event", { xmlns = xmlns_pubsub_event }) - :tag(kind, { node = node }) + :tag(kind, { node = node }); if item then message:add_child(item); -- cgit v1.2.3 From 41426ee8d8bb478eb08840412359e4f1e1464832 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 02:53:12 +0100 Subject: mod_pep: Move broadcaster code around to be more like in mod_pubsub This eases comparing and contrasting these two modules. --- plugins/mod_pep.lua | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index cb775fb5..40385616 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -136,9 +136,6 @@ local function get_broadcaster(username) if kind == "retract" then kind = "items"; -- XEP-0060 signals retraction in an container end - local message = st.message({ from = user_bare, type = "headline" }) - :tag("event", { xmlns = xmlns_pubsub_event }) - :tag(kind, { node = node }); if item then item = st.clone(item); item.attr.xmlns = nil; -- Clear the pubsub namespace @@ -147,6 +144,12 @@ local function get_broadcaster(username) item:maptags(function () return nil; end); end end + end + + local message = st.message({ from = user_bare, type = "headline" }) + :tag("event", { xmlns = xmlns_pubsub_event }) + :tag(kind, { node = node }); + if item then message:add_child(item); end for jid in pairs(jids) do -- cgit v1.2.3 From aef3d7a500f54e8d44303b082ade3f5a14883efd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 02:54:39 +0100 Subject: mod_pep: Add some spacing between blocks in broadcaster to improve readability --- plugins/mod_pep.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 40385616..6275d47c 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -136,6 +136,7 @@ local function get_broadcaster(username) if kind == "retract" then kind = "items"; -- XEP-0060 signals retraction in an container end + if item then item = st.clone(item); item.attr.xmlns = nil; -- Clear the pubsub namespace @@ -149,9 +150,11 @@ local function get_broadcaster(username) local message = st.message({ from = user_bare, type = "headline" }) :tag("event", { xmlns = xmlns_pubsub_event }) :tag(kind, { node = node }); + if item then message:add_child(item); end + for jid in pairs(jids) do module:log("debug", "Sending notification to %s from %s: %s", jid, user_bare, tostring(item)); message.attr.to = jid; -- cgit v1.2.3 From 6eb576e9d9282dc9cb27b0a44472183280abaafd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 02:56:10 +0100 Subject: mod_pep: Set an 'id' on notifications mod_pubsub got this in f2d35eee69c9 --- plugins/mod_pep.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 6275d47c..5e3f43f2 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -8,6 +8,7 @@ local calculate_hash = require "util.caps".calculate_hash; local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed; local cache = require "util.cache"; local set = require "util.set"; +local new_id = require "util.id".medium; local xmlns_pubsub = "http://jabber.org/protocol/pubsub"; local xmlns_pubsub_event = "http://jabber.org/protocol/pubsub#event"; @@ -147,7 +148,8 @@ local function get_broadcaster(username) end end - local message = st.message({ from = user_bare, type = "headline" }) + local id = new_id(); + local message = st.message({ from = user_bare, type = "headline", id = id }) :tag("event", { xmlns = xmlns_pubsub_event }) :tag(kind, { node = node }); -- cgit v1.2.3 From 27112c0d94020fc1e24ed2b8c1673042f7a02798 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 03:05:58 +0100 Subject: mod_pubsub: Change order of luacheck directives to match arguments they apply to --- plugins/mod_pubsub/mod_pubsub.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 1edc721b..abc4fee8 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -99,7 +99,7 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj) end local max_max_items = module:get_option_number("pubsub_max_items", 256); -function check_node_config(node, actor, new_config) -- luacheck: ignore 212/actor 212/node +function check_node_config(node, actor, new_config) -- luacheck: ignore 212/node 212/actor if (new_config["max_items"] or 1) > max_max_items then return false; end -- cgit v1.2.3 From 1900ae8261698d59245f589289b88a384bf743cb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 23 Dec 2018 03:06:35 +0100 Subject: mod_pubsub: Split line in config check to improve readability Also makes it easier to compare with mod_pep --- plugins/mod_pubsub/mod_pubsub.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index abc4fee8..0036b48f 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -103,7 +103,8 @@ function check_node_config(node, actor, new_config) -- luacheck: ignore 212/node if (new_config["max_items"] or 1) > max_max_items then return false; end - if new_config["access_model"] ~= "whitelist" and new_config["access_model"] ~= "open" then + if new_config["access_model"] ~= "whitelist" + and new_config["access_model"] ~= "open" then return false; end return true; -- cgit v1.2.3 From 9a412b02e9ab54e2201986bae39e5c7c1d664d3d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Dec 2018 20:56:01 +0100 Subject: mod_admin_telnet: Invert host existence check Simplifies and reduces indentation --- plugins/mod_admin_telnet.lua | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 63136d63..5ba88b84 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1067,13 +1067,12 @@ def_env.xmpp = {}; local st = require "util.stanza"; function def_env.xmpp:ping(localhost, remotehost) - if prosody.hosts[localhost] then - module:send(st.iq{ from=localhost, to=remotehost, type="get", id="ping" } - :tag("ping", {xmlns="urn:xmpp:ping"}), prosody.hosts[localhost]); - return true, "Sent ping"; - else + if not prosody.hosts[localhost] then return nil, "No such host"; end + module:send(st.iq{ from=localhost, to=remotehost, type="get", id="ping" } + :tag("ping", {xmlns="urn:xmpp:ping"}), prosody.hosts[localhost]); + return true, "Sent ping"; end def_env.dns = {}; -- cgit v1.2.3 From 851f33034886b3d25d698497139cb51bf40ed506 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 27 Dec 2018 02:53:34 +0100 Subject: mod_admin_telnet: Enable async processing using util.async --- plugins/mod_admin_telnet.lua | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5ba88b84..bb97a09b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -31,6 +31,7 @@ local cert_verify_identity = require "util.x509".verify_identity; local envload = require "util.envload".envload; local envloadfile = require "util.envload".envloadfile; local has_pposix, pposix = pcall(require, "util.pposix"); +local async = require "util.async"; local commands = module:shared("commands") local def_env = module:shared("env"); @@ -48,6 +49,21 @@ end console = {}; +local runner_callbacks = {}; + +function runner_callbacks:ready() + self.data.conn:resume(); +end + +function runner_callbacks:waiting() + self.data.conn:pause(); +end + +function runner_callbacks:error(err) + module:log("error", "Traceback[telnet]: %s", err); +end + + function console:new_session(conn) local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; local session = { conn = conn; @@ -63,6 +79,11 @@ function console:new_session(conn) }; session.env = setmetatable({}, default_env_mt); + session.thread = async.runner(function (line) + console:process_line(session, line); + session.send(string.char(0)); + end, runner_callbacks, session); + -- Load up environment with helper objects for name, t in pairs(def_env) do if type(t) == "table" then @@ -151,8 +172,7 @@ function console_listener.onincoming(conn, data) for line in data:gmatch("[^\n]*[\n\004]") do if session.closed then return end - console:process_line(session, line); - session.send(string.char(0)); + session.thread:run(line); end session.partial_data = data:match("[^\n]+$"); end -- cgit v1.2.3 From f1f0c276bc41aa4290f06a7b308671d88ee54050 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Dec 2018 20:59:10 +0100 Subject: mod_admin_telnet: Make xmpp:ping command wait and report the reply --- plugins/mod_admin_telnet.lua | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index bb97a09b..ee6a4176 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1086,13 +1086,28 @@ end def_env.xmpp = {}; local st = require "util.stanza"; -function def_env.xmpp:ping(localhost, remotehost) +local new_id = require "util.id".medium; +function def_env.xmpp:ping(localhost, remotehost, timeout) if not prosody.hosts[localhost] then return nil, "No such host"; end - module:send(st.iq{ from=localhost, to=remotehost, type="get", id="ping" } - :tag("ping", {xmlns="urn:xmpp:ping"}), prosody.hosts[localhost]); - return true, "Sent ping"; + local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} + :tag("ping", {xmlns="urn:xmpp:ping"}); + local ret, err; + local wait, done = async.waiter(); + module:context(localhost):send_iq(iq, nil, timeout) + :next(function (ret_) ret = ret_; end, + function (err_) err = err_; end) + :finally(done); + wait(); + if ret then + return true, "pong from " .. ret.stanza.attr.from; + elseif type(err) == "table" and st.is_stanza(err.stanza) then + local t, cond, text = err.stanza:get_error(); + return false, text or cond or t; + else + return false, tostring(err); + end end def_env.dns = {}; -- cgit v1.2.3 From 4fd11623ddc55ce3bbdaf1984834455afef78279 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 24 Nov 2018 02:24:48 +0100 Subject: mod_saslauth: Improve log message when no SASL mechanisms offered (thanks hexa) --- plugins/mod_saslauth.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index fba84ef8..ba30b9e6 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -275,7 +275,8 @@ module:hook("stream-features", function(event) if mechanisms[1] then features:add_child(mechanisms); elseif not next(sasl_mechanisms) then - log("warn", "No available SASL mechanisms, verify that the configured authentication module is working"); + local authmod = module:get_option_string("authentication", "internal_plain"); + log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); else log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection"); end -- cgit v1.2.3 From b9cac1a3fff4d900c66635d7e5bdcf902f52a34c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Dec 2018 00:13:03 +0100 Subject: mod_c2s: Improve log message in case there are no stream features on offer (thanks hexa) --- plugins/mod_c2s.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 8e31a968..36e6a152 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -106,7 +106,13 @@ function stream_callbacks.streamopened(session, attr) if features.tags[1] or session.full_jid then send(features); else - (session.log or log)("warn", "No stream features to offer"); + if session.secure then + -- Normally STARTTLS would be offered + (session.log or log)("warn", "No stream features to offer on secure session. Check authentication settings."); + else + -- Here SASL should be offered + (session.log or log)("warn", "No stream features to offer on insecure session. Check encryption and security settings."); + end session:close{ condition = "undefined-condition", text = "No stream features to proceed with" }; end end -- cgit v1.2.3 From e6b7c91ebc9484c268fd5f0632abf4eb475ad7d6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Dec 2018 00:04:26 +0100 Subject: mod_tls: Keep TLS context errors and repeat them again for each session --- plugins/mod_tls.lua | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 029ddd1d..4ead60dc 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -35,9 +35,10 @@ local host = hosts[module.host]; local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin; +local err_c2s, err_s2sin, err_s2sout; function module.load() - local NULL, err = {}; + local NULL = {}; local modhost = module.host; local parent = modhost:match("%.(.*)$"); @@ -52,14 +53,14 @@ function module.load() local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL; local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s; - ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections - if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end + ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections + if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end - ssl_ctx_s2sout, err, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections - if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err); end + ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections + if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end - ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections - if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end + ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections + if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err_s2sin); end end module:hook_global("config-reloaded", module.load); @@ -74,12 +75,21 @@ local function can_do_tls(session) return session.ssl_ctx; end if session.type == "c2s_unauthed" then + if not ssl_ctx_c2s and c2s_require_encryption then + session.log("error", "No TLS context available for c2s. Earlier error was: %s", err_c2s); + end session.ssl_ctx = ssl_ctx_c2s; session.ssl_cfg = ssl_cfg_c2s; elseif session.type == "s2sin_unauthed" and allow_s2s_tls then + if not ssl_ctx_s2sin and s2s_require_encryption then + session.log("error", "No TLS context available for s2sin. Earlier error was: %s", err_s2sin); + end session.ssl_ctx = ssl_ctx_s2sin; session.ssl_cfg = ssl_cfg_s2sin; elseif session.direction == "outgoing" and allow_s2s_tls then + if not ssl_ctx_s2sout and s2s_require_encryption then + session.log("error", "No TLS context available for s2sout. Earlier error was: %s", err_s2sout); + end session.ssl_ctx = ssl_ctx_s2sout; session.ssl_cfg = ssl_cfg_s2sout; else -- cgit v1.2.3 From 5eb327274aa1ab27ec45b49e419943c264bd237d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 29 Dec 2018 03:21:13 +0100 Subject: mod_admin_telnet: Validate hostnames in xmpp:ping command Attempt to ping some invalid hostnames cause weird behavior --- plugins/mod_admin_telnet.lua | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index ee6a4176..f3731c8a 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1088,8 +1088,17 @@ def_env.xmpp = {}; local st = require "util.stanza"; local new_id = require "util.id".medium; function def_env.xmpp:ping(localhost, remotehost, timeout) - if not prosody.hosts[localhost] then - return nil, "No such host"; + localhost = select(2, jid_split(localhost)); + remotehost = select(2, jid_split(remotehost)); + if not localhost then + return nil, "Invalid sender hostname"; + elseif not prosody.hosts[localhost] then + return nil, "No such local host"; + end + if not remotehost then + return nil, "Invalid destination hostname"; + elseif prosody.hosts[remotehost] then + return nil, "Both hosts are local"; end local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} :tag("ping", {xmlns="urn:xmpp:ping"}); -- cgit v1.2.3 From f102941562aa2228e1949261c91045ecbf71c18d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 30 Dec 2018 16:03:15 +0100 Subject: core.moduleapi: Use util.error for :send_iq errors --- plugins/mod_admin_telnet.lua | 3 --- 1 file changed, 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index f3731c8a..5bb9361e 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1111,9 +1111,6 @@ function def_env.xmpp:ping(localhost, remotehost, timeout) wait(); if ret then return true, "pong from " .. ret.stanza.attr.from; - elseif type(err) == "table" and st.is_stanza(err.stanza) then - local t, cond, text = err.stanza:get_error(); - return false, text or cond or t; else return false, tostring(err); end -- cgit v1.2.3 From c68690726162f0ab0efb62f1cb455001c06b0fa7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 3 Jan 2019 17:25:43 +0100 Subject: mod_mam: Perform message expiry based on building an index by date For each day, store a set of users that have new messages. To expire messages, we collect the union of sets of users from dates that fall outside the cleanup range. The previous algoritm did not work well with many users, especially with the default settings. --- plugins/mod_mam/mod_mam.lua | 70 +++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 31 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 94bedbb1..18f84752 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -33,7 +33,7 @@ local is_stanza = st.is_stanza; local tostring = tostring; local time_now = os.time; local m_min = math.min; -local timestamp, timestamp_parse = require "util.datetime".datetime, require "util.datetime".parse; +local timestamp, timestamp_parse, datestamp = import( "util.datetime", "datetime", "parse", "date"); local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50); local strip_tags = module:get_option_set("dont_archive_namespaces", { "http://jabber.org/protocol/chatstates" }); @@ -46,13 +46,8 @@ if not archive.find then end local use_total = module:get_option_boolean("mam_include_total", true); -local cleanup; - -local function schedule_cleanup(username) - if cleanup and not cleanup[username] then - table.insert(cleanup, username); - cleanup[username] = true; - end +function schedule_cleanup() + -- replaced by non-noop later if cleanup is enabled end -- Handle prefs. @@ -96,7 +91,6 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) local qid = query.attr.queryid; get_prefs(origin.username, true); - schedule_cleanup(origin.username); -- Search query parameters local qwith, qstart, qend; @@ -212,6 +206,7 @@ end local function shall_store(user, who) -- TODO Cache this? if not um.user_exists(user, host) then + module:log("debug", "%s@%s does not exist", user, host) return false; end local prefs = get_prefs(user); @@ -329,6 +324,9 @@ module:hook("pre-message/full", strip_stanza_id_after_other_events, -1); local cleanup_after = module:get_option_string("archive_expires_after", "1w"); local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60); if cleanup_after ~= "never" then + local cleanup_storage = module:open_store("archive_cleanup"); + local cleanup_map = module:open_store("archive_cleanup", "map"); + local day = 86400; local multipliers = { d = day, w = day * 7, m = 31 * day, y = 365.2425 * day }; local n, m = cleanup_after:lower():match("(%d+)%s*([dwmy]?)"); @@ -346,33 +344,43 @@ if cleanup_after ~= "never" then return false; end - -- Set of known users to do message expiry for - -- Populated either below or when new messages are added - cleanup = {}; + -- For each day, store a set of users that have new messages. To expire + -- messages, we collect the union of sets of users from dates that fall + -- outside the cleanup range. - -- Iterating over users is not supported by all authentication modules - -- Catch and ignore error if not supported - pcall(function () - -- If this works, then we schedule cleanup for all known users on startup - for user in um.users(module.host) do - schedule_cleanup(user); - end - end); + function schedule_cleanup(username, date) + cleanup_map:set(date or datestamp(), username, true); + end - -- At odd intervals, delete old messages for one user - module:add_timer(math.random(10, 60), function() - local user = table.remove(cleanup, 1); - if user then - module:log("debug", "Removing old messages for user %q", user); + cleanup_runner = require "util.async".runner(function () + local users = {}; + local cut_off = datestamp(os.time() - cleanup_after); + for date in cleanup_storage:users() do + if date < cut_off then + module:log("debug", "Messages from %q should be expired", date); + local messages_this_day = cleanup_storage:get(date); + if messages_this_day then + for user in pairs(messages_this_day) do + users[user] = true; + end + cleanup_storage:set(date, nil); + end + end + end + local sum, num_users = 0, 0; + for user in pairs(users) do local ok, err = archive:delete(user, { ["end"] = os.time() - cleanup_after; }) - if not ok then - module:log("warn", "Could not expire archives for user %s: %s", user, err); - elseif type(ok) == "number" then - module:log("debug", "Removed %d messages", ok); + if ok then + num_users = num_users + 1; + sum = sum + tonumber(ok) or 0; end - cleanup[user] = nil; end - return math.random(cleanup_interval, cleanup_interval * 2); + module:log("info", "Deleted expired %d messages for %d users", sum, num_users); + end); + + cleanup_task = module:add_timer(1, function () + cleanup_runner:run(true); + return cleanup_interval; end); else module:log("debug", "Archive expiry disabled"); -- cgit v1.2.3 From 3738686f06f0156da85df269050f3f754c7603cd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 10:14:55 +0100 Subject: mod_mam: Fix word order in log message --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 18f84752..35a4b9a0 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -375,7 +375,7 @@ if cleanup_after ~= "never" then sum = sum + tonumber(ok) or 0; end end - module:log("info", "Deleted expired %d messages for %d users", sum, num_users); + module:log("info", "Deleted %d expired messages for %d users", sum, num_users); end); cleanup_task = module:add_timer(1, function () -- cgit v1.2.3 From 11b2a79872902ae26905c006a2171aaecbcb4300 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 13:38:30 +0100 Subject: mod_admin_telnet: Remove the long gone 'section' argument in the undocumented config:get command --- plugins/mod_admin_telnet.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5bb9361e..4c049b95 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -495,9 +495,9 @@ function def_env.config:load(filename, format) return true, "Config loaded"; end -function def_env.config:get(host, section, key) +function def_env.config:get(host, key) local config_get = require "core.configmanager".get - return true, tostring(config_get(host, section, key)); + return true, tostring(config_get(host, key)); end function def_env.config:reload() -- cgit v1.2.3 From 5fb717bbcec4af6aee2bc709f97fbea7b88f3fe6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 13:39:13 +0100 Subject: mod_admin_telnet: config:get: Assume the global section if only one argument is given --- plugins/mod_admin_telnet.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 4c049b95..c6b67b95 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -496,6 +496,9 @@ function def_env.config:load(filename, format) end function def_env.config:get(host, key) + if key == nil then + host, key = "*", host; + end local config_get = require "core.configmanager".get return true, tostring(config_get(host, key)); end -- cgit v1.2.3 From d020a0b57782846653d6145d388143df5b616c64 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 13:41:39 +0100 Subject: mod_admin_telnet: Serialize config values (table: 0x123abc isn't useful) --- plugins/mod_admin_telnet.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index c6b67b95..cd9f8078 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -32,6 +32,7 @@ local envload = require "util.envload".envload; local envloadfile = require "util.envload".envloadfile; local has_pposix, pposix = pcall(require, "util.pposix"); local async = require "util.async"; +local serialize = require "util.serialization".new({ fatal = false, unquoted = true}); local commands = module:shared("commands") local def_env = module:shared("env"); @@ -500,7 +501,7 @@ function def_env.config:get(host, key) host, key = "*", host; end local config_get = require "core.configmanager".get - return true, tostring(config_get(host, key)); + return true, serialize(config_get(host, key)); end function def_env.config:reload() -- cgit v1.2.3 From 51c4d0a0e4d0b1d83bdcfc779bcc9e83be4f3d08 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Jan 2019 15:13:52 +0100 Subject: mod_admin_telnet: Sort stats by name --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index cd9f8078..5ce504f8 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1543,7 +1543,7 @@ function def_env.stats:show(filter) local stats, changed, extra = require "core.statsmanager".get_stats(); local available, displayed = 0, 0; local displayed_stats = new_stats_context(self); - for name, value in pairs(stats) do + for name, value in iterators.sorted_pairs(stats) do available = available + 1; if not filter or name:match(filter) then displayed = displayed + 1; -- cgit v1.2.3 From 2ac699495592895c1cde86cb0ba2dc25c254a4eb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Jan 2019 09:34:59 +0100 Subject: mod_mam: Measure how long it takes to run the message expiry job job --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 35a4b9a0..5ba04d68 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -351,8 +351,10 @@ if cleanup_after ~= "never" then function schedule_cleanup(username, date) cleanup_map:set(date or datestamp(), username, true); end + local cleanup_time = module:measure("cleanup", "times"); cleanup_runner = require "util.async".runner(function () + local cleanup_done = cleanup_time(); local users = {}; local cut_off = datestamp(os.time() - cleanup_after); for date in cleanup_storage:users() do @@ -376,6 +378,7 @@ if cleanup_after ~= "never" then end end module:log("info", "Deleted %d expired messages for %d users", sum, num_users); + cleanup_done(); end); cleanup_task = module:add_timer(1, function () -- cgit v1.2.3 From bdfc36fc8caa83c2919c0df1f46b91232af09096 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Jan 2019 09:44:55 +0100 Subject: mod_mam: Handle expiry of messages that expire in the middle of the cut-off day --- plugins/mod_mam/mod_mam.lua | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 5ba04d68..d2ca709b 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -358,14 +358,18 @@ if cleanup_after ~= "never" then local users = {}; local cut_off = datestamp(os.time() - cleanup_after); for date in cleanup_storage:users() do - if date < cut_off then + if date <= cut_off then module:log("debug", "Messages from %q should be expired", date); local messages_this_day = cleanup_storage:get(date); if messages_this_day then for user in pairs(messages_this_day) do users[user] = true; end - cleanup_storage:set(date, nil); + if date < cut_off then + -- Messages from the same day as the cut-off might not have expired yet, + -- but all earlier will have, so clear storage for those days. + cleanup_storage:set(date, nil); + end end end end -- cgit v1.2.3 From c3c38cd2b33d37dfe980c4e21c9b369c138f20c5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Jan 2019 10:42:45 +0100 Subject: mod_http_errors: Normalize CSS --- plugins/mod_http_errors.lua | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index 13473219..2bb13298 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -26,21 +26,24 @@ local html = [[ {title} -- cgit v1.2.3 From 90f8c75467e26c7a9dc74a55c615304ee4a3569e Mon Sep 17 00:00:00 2001 From: Jonas Wielicki Date: Sun, 6 Jan 2019 11:28:54 +0100 Subject: MUC: add ID to message if no ID is present --- plugins/muc/muc.lib.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index bb79cda6..a34e912b 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -23,6 +23,7 @@ local resourceprep = require "util.encodings".stringprep.resourceprep; local st = require "util.stanza"; local base64 = require "util.encodings".base64; local md5 = require "util.hashes".md5; +local id = require "util.id"; local log = module._log; @@ -1037,6 +1038,9 @@ end function room_mt:handle_groupchat_to_room(origin, stanza) local from = stanza.attr.from; local occupant = self:get_occupant_by_real_jid(from); + if not stanza.attr.id then + stanza.attr.id = id.medium() + end if module:fire_event("muc-occupant-groupchat", { room = self; origin = origin; stanza = stanza; from = from; occupant = occupant; }) then return true; end -- cgit v1.2.3 From f0550233fa24e17773e0c7cc21885cd195ad8c1f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Jan 2019 12:20:57 +0100 Subject: MUC: Rename import to avoid name clash [luacheck] --- plugins/muc/muc.lib.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index a34e912b..7259dde2 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -23,7 +23,7 @@ local resourceprep = require "util.encodings".stringprep.resourceprep; local st = require "util.stanza"; local base64 = require "util.encodings".base64; local md5 = require "util.hashes".md5; -local id = require "util.id"; +local new_id = require "util.id".medium; local log = module._log; @@ -1039,7 +1039,7 @@ function room_mt:handle_groupchat_to_room(origin, stanza) local from = stanza.attr.from; local occupant = self:get_occupant_by_real_jid(from); if not stanza.attr.id then - stanza.attr.id = id.medium() + stanza.attr.id = new_id() end if module:fire_event("muc-occupant-groupchat", { room = self; origin = origin; stanza = stanza; from = from; occupant = occupant; -- cgit v1.2.3 From 4b6a1153f46fbb1c14ca7a67cc82701572227811 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 14 Jan 2019 00:17:02 +0100 Subject: mod_storage_memory: Implement :user iteration API --- plugins/mod_storage_memory.lua | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index ed04a5fb..3a9de1cc 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -22,6 +22,10 @@ local function _purge_store(self, username) return true; end +local function _users(self) + return next, self.store, nil; +end + local keyval_store = {}; keyval_store.__index = keyval_store; @@ -39,9 +43,13 @@ end keyval_store.purge = _purge_store; +keyval_store.users = _users; + local archive_store = {}; archive_store.__index = archive_store; +archive_store.users = _users; + function archive_store:append(username, key, value, when, with) if is_stanza(value) then value = st.preserialize(value); -- cgit v1.2.3 From cf984835d120a714e2ed4337f8522e935cf85498 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Jan 2019 20:08:30 +0100 Subject: mod_c2s, mod_s2s, mod_component: Log invalid XML escaped (fixes #734) See 6ed0d6224d64 --- plugins/mod_c2s.lua | 2 +- plugins/mod_component.lua | 2 +- plugins/mod_s2s/mod_s2s.lua | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 36e6a152..8d7b92fe 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -290,7 +290,7 @@ function listener.onconnect(conn) if data then local ok, err = stream:feed(data); if not ok then - log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); + log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); session:close("not-well-formed"); end end diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index b41204a2..b8c87dee 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -310,7 +310,7 @@ function listener.onconnect(conn) function session.data(_, data) local ok, err = stream:feed(data); if ok then return; end - module:log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); + log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); session:close("not-well-formed"); end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index aae37b7f..79308847 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -595,8 +595,7 @@ local function initialize_session(session) if data then local ok, err = stream:feed(data); if ok then return; end - log("warn", "Received invalid XML: %s", data); - log("warn", "Problem was: %s", err); + log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); session:close("not-well-formed"); end end -- cgit v1.2.3 From b2c3b2f740d777f1e04df40494f2be0637f946a6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 16 Jan 2019 14:20:16 +0100 Subject: mod_admin_telnet: sttas:show: Use format option that allows float numbers string.format("%d", 0.5) causes an error on Lua 5.3 --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5ce504f8..7fae8983 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1255,7 +1255,7 @@ local function format_stat(type, value, ref_value) --do return tostring(value) end if type == "duration" then if ref_value < 0.001 then - return ("%d µs"):format(value*1000000); + return ("%g µs"):format(value*1000000); elseif ref_value < 0.9 then return ("%0.2f ms"):format(value*1000); end -- cgit v1.2.3 From 87639540e4ea43c57eb3d31b78e0b5acaf68f97a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Oct 2018 12:22:12 +0200 Subject: mod_http: Solve CORS problems once and for all This blindly allows any cross-site requests. Future work should add an API to allow each HTTP app some influence over this for each HTTP path --- plugins/mod_http.lua | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index a1d409bd..07d1094b 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -22,6 +22,11 @@ server.set_default_host(module:get_option_string("http_default_host")); server.set_option("body_size_limit", module:get_option_number("http_max_content_size")); server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); +-- CORS settigs +local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "POST", "PUT", "OPTIONS" }); +local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); +local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); + local function get_http_event(host, app_path, key) local method, path = key:match("^(%S+)%s+(.+)$"); if not method then -- No path specified, default to "" (base path) @@ -83,6 +88,13 @@ function moduleapi.http_url(module, app_name, default_path) return "http://disabled.invalid/"; end +local function apply_cors_headers(response, methods, headers, max_age, origin) + response.headers.access_control_allow_methods = tostring(methods); + response.headers.access_control_allow_headers = tostring(headers); + response.headers.access_control_max_age = tostring(max_age) + response.headers.access_control_allow_origin = origin or "*"; +end + function module.add_host(module) local host = module.host; if host ~= "*" then @@ -101,6 +113,12 @@ function module.add_host(module) end apps[app_name] = apps[app_name] or {}; local app_handlers = apps[app_name]; + + local function cors_handler(event_data) + local request, response = event_data.request, event_data.response; + apply_cors_headers(response, opt_methods, opt_headers, opt_max_age, request.headers.origin); + end + for key, handler in pairs(event.item.route or {}) do local event_name = get_http_event(host, app_path, key); if event_name then @@ -121,6 +139,7 @@ function module.add_host(module) if not app_handlers[event_name] then app_handlers[event_name] = handler; module:hook_object_event(server, event_name, handler); + module:hook_object_event(server, event_name, cors_handler, 1); else module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); end -- cgit v1.2.3 From 467260e6f51942bc4a113bc0ca23808002289147 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Oct 2018 12:23:06 +0200 Subject: mod_bosh: Drop CORS code in favor of than in mod_http This deprecates the cross_domain_bosh setting. As a compat measure, if it is set, mod_http_crossdomain is loaded. --- plugins/mod_bosh.lua | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index d4701148..82615161 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -44,10 +44,12 @@ local bosh_max_polling = module:get_option_number("bosh_max_polling", 5); local bosh_max_wait = module:get_option_number("bosh_max_wait", 120); local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure"); -local cross_domain = module:get_option("cross_domain_bosh", false); +local cross_domain = module:get_option("cross_domain_bosh"); -if cross_domain == true then cross_domain = "*"; end -if type(cross_domain) == "table" then cross_domain = table.concat(cross_domain, ", "); end +if cross_domain ~= nil then + module:log("info", "The 'cross_domain_bosh' option has been deprecated"); + module:depends("http_crossdomain"); +end local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; @@ -91,22 +93,6 @@ function check_inactive(now, session, context, reason) -- luacheck: ignore 212/n end end -local function set_cross_domain_headers(response) - local headers = response.headers; - headers.access_control_allow_methods = "GET, POST, OPTIONS"; - headers.access_control_allow_headers = "Content-Type"; - headers.access_control_max_age = "7200"; - headers.access_control_allow_origin = cross_domain; - return response; -end - -function handle_OPTIONS(event) - if cross_domain and event.request.headers.origin then - set_cross_domain_headers(event.response); - end - return ""; -end - function handle_POST(event) log("debug", "Handling new request %s: %s\n----------", tostring(event.request), tostring(event.request.body)); @@ -121,10 +107,6 @@ function handle_POST(event) local headers = response.headers; headers.content_type = "text/xml; charset=utf-8"; - if cross_domain and request.headers.origin then - set_cross_domain_headers(response); - end - -- stream:feed() calls the stream_callbacks, so all stanzas in -- the body are processed in this next line before it returns. -- In particular, the streamopened() stream callback is where @@ -511,8 +493,6 @@ module:provides("http", { route = { ["GET"] = GET_response; ["GET /"] = GET_response; - ["OPTIONS"] = handle_OPTIONS; - ["OPTIONS /"] = handle_OPTIONS; ["POST"] = handle_POST; ["POST /"] = handle_POST; }; -- cgit v1.2.3 From 7fefafa8f6cc312b41f69d8149d5a926657bc9fb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Oct 2018 12:24:08 +0200 Subject: mod_websocket: Drop CORS code in favor of that in mod_http Like for mod_bosh, deprecates consider_websocket_secure and depend on mod_http_crossdomain if it is set. --- plugins/mod_websocket.lua | 38 ++++---------------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index a668b4fa..da0ce8a6 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -29,18 +29,11 @@ local t_concat = table.concat; local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local consider_websocket_secure = module:get_option_boolean("consider_websocket_secure"); -local cross_domain = module:get_option_set("cross_domain_websocket", {}); -if cross_domain:contains("*") or cross_domain:contains(true) then - cross_domain = true; +local cross_domain = module:get_option("cross_domain_websocket"); +if cross_domain ~= nil then + module:log("info", "The 'cross_domain_websocket' option has been deprecated"); + module:depends("http_crossdomain"); end - -local function check_origin(origin) - if cross_domain == true then - return true; - end - return cross_domain:contains(origin); -end - local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; local xmlns_streams = "http://etherx.jabber.org/streams"; local xmlns_client = "jabber:client"; @@ -158,11 +151,6 @@ function handle_request(event) return 501; end - if not check_origin(request.headers.origin or "") then - module:log("debug", "Origin %s is not allowed by 'cross_domain_websocket'", request.headers.origin or "(missing header)"); - return 403; - end - local function websocket_close(code, message) conn:write(build_close(code, message)); conn:close(); @@ -329,22 +317,4 @@ module:provides("http", { function module.add_host(module) module:hook("c2s-read-timeout", keepalive, -0.9); - - if cross_domain ~= true then - local url = require "socket.url"; - local ws_url = module:http_url("websocket", "xmpp-websocket"); - local url_components = url.parse(ws_url); - -- The 'Origin' consists of the base URL without path - url_components.path = nil; - local this_origin = url.build(url_components); - local local_cross_domain = module:get_option_set("cross_domain_websocket", { this_origin }); - -- Don't add / remove something added by another host - -- This might be weird with random load order - local_cross_domain:exclude(cross_domain); - cross_domain:include(local_cross_domain); - module:log("debug", "cross_domain = %s", tostring(cross_domain)); - function module.unload() - cross_domain:exclude(local_cross_domain); - end - end end -- cgit v1.2.3 From 19d344e092421bd84cd52de74bcd6b7b1e9a0a13 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 18 Jan 2019 02:03:40 +0100 Subject: mod_http: Set up to handle OPTIONS Lower priority to allow http modules to handle it themselves, should they wish to --- plugins/mod_http.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 07d1094b..01f20f76 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -119,9 +119,15 @@ function module.add_host(module) apply_cors_headers(response, opt_methods, opt_headers, opt_max_age, request.headers.origin); end + local function options_handler(event_data) + cors_handler(event_data); + return ""; + end + for key, handler in pairs(event.item.route or {}) do local event_name = get_http_event(host, app_path, key); if event_name then + local options_event_name = event_name:gsub("^%S+", "OPTIONS"); if type(handler) ~= "function" then local data = handler; handler = function () return data; end @@ -140,6 +146,7 @@ function module.add_host(module) app_handlers[event_name] = handler; module:hook_object_event(server, event_name, handler); module:hook_object_event(server, event_name, cors_handler, 1); + module:hook_object_event(server, options_event_name, options_handler, -1); else module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); end -- cgit v1.2.3 From 3434e4560f79c834411e0c1d117a96e8b94ff4db Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 17 Jan 2019 20:42:38 +0100 Subject: mod_http: Determine CORS methods to whitelist from actual methods used --- plugins/mod_http.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 01f20f76..829c2d02 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -14,6 +14,7 @@ local moduleapi = require "core.moduleapi"; local url_parse = require "socket.url".parse; local url_build = require "socket.url".build; local normalize_path = require "util.http".normalize_path; +local set = require "util.set"; local server = require "net.http.server"; @@ -23,7 +24,7 @@ server.set_option("body_size_limit", module:get_option_number("http_max_content_ server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); -- CORS settigs -local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "POST", "PUT", "OPTIONS" }); +local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); @@ -114,9 +115,11 @@ function module.add_host(module) apps[app_name] = apps[app_name] or {}; local app_handlers = apps[app_name]; + local app_methods = opt_methods; + local function cors_handler(event_data) local request, response = event_data.request, event_data.response; - apply_cors_headers(response, opt_methods, opt_headers, opt_max_age, request.headers.origin); + apply_cors_headers(response, app_methods, opt_headers, opt_max_age, request.headers.origin); end local function options_handler(event_data) @@ -127,6 +130,10 @@ function module.add_host(module) for key, handler in pairs(event.item.route or {}) do local event_name = get_http_event(host, app_path, key); if event_name then + local method = event_name:match("^%S+"); + if not app_methods:contains(method) then + app_methods = app_methods + set.new{ method }; + end local options_event_name = event_name:gsub("^%S+", "OPTIONS"); if type(handler) ~= "function" then local data = handler; -- cgit v1.2.3 From 2612e75c8a206c174071c66a6fe938b07349e55a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 19 Jan 2019 20:03:04 +0100 Subject: mod_bosh, mod_websocket: Remove accidentally included dependency on non-existant module --- plugins/mod_bosh.lua | 1 - plugins/mod_websocket.lua | 1 - 2 files changed, 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 82615161..082ed961 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -48,7 +48,6 @@ local cross_domain = module:get_option("cross_domain_bosh"); if cross_domain ~= nil then module:log("info", "The 'cross_domain_bosh' option has been deprecated"); - module:depends("http_crossdomain"); end local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index da0ce8a6..008f6823 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -32,7 +32,6 @@ local consider_websocket_secure = module:get_option_boolean("consider_websocket_ local cross_domain = module:get_option("cross_domain_websocket"); if cross_domain ~= nil then module:log("info", "The 'cross_domain_websocket' option has been deprecated"); - module:depends("http_crossdomain"); end local xmlns_framing = "urn:ietf:params:xml:ns:xmpp-framing"; local xmlns_streams = "http://etherx.jabber.org/streams"; -- cgit v1.2.3 From de09c462e53b412b30463d55400328b4316a4c45 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 20 Jan 2019 20:24:17 +0100 Subject: mod_mam: Fix operator precedence (thanks mimi89999) --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index d2ca709b..67bf177e 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -378,7 +378,7 @@ if cleanup_after ~= "never" then local ok, err = archive:delete(user, { ["end"] = os.time() - cleanup_after; }) if ok then num_users = num_users + 1; - sum = sum + tonumber(ok) or 0; + sum = sum + (tonumber(ok) or 0); end end module:log("info", "Deleted %d expired messages for %d users", sum, num_users); -- cgit v1.2.3 From 10e58af1abd74cd1bb668fc75b506b57fd77d86f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Feb 2019 16:18:30 +0100 Subject: MUC: Factor out role change permission check into its own method I would like to invert this logic so that it checks if the role change is allowed instead of checking if it is not allowed as it does now, in order to make it easier to understand. --- plugins/muc/muc.lib.lua | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 9b168e93..2b6a7d76 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1368,6 +1368,30 @@ function room_mt:get_role(nick) return occupant and occupant.role or nil; end +function room_mt:may_set_role(actor, occupant, role) + -- Can't do anything to other owners or admins + local occupant_affiliation = self:get_affiliation(occupant.bare_jid); + if occupant_affiliation == "owner" or occupant_affiliation == "admin" then + return nil, "cancel", "not-allowed"; + end + + -- If you are trying to give or take moderator role you need to be an owner or admin + if occupant.role == "moderator" or role == "moderator" then + local actor_affiliation = self:get_affiliation(actor); + if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then + return nil, "cancel", "not-allowed"; + end + end + + -- Need to be in the room and a moderator + local actor_occupant = self:get_occupant_by_real_jid(actor); + if not actor_occupant or actor_occupant.role ~= "moderator" then + return nil, "cancel", "not-allowed"; + end + + return true; +end + function room_mt:set_role(actor, occupant_jid, role, reason) if not actor then return nil, "modify", "not-acceptable"; end @@ -1382,24 +1406,9 @@ function room_mt:set_role(actor, occupant_jid, role, reason) if actor == true then actor = nil -- So we can pass it safely to 'publicise_occupant_status' below else - -- Can't do anything to other owners or admins - local occupant_affiliation = self:get_affiliation(occupant.bare_jid); - if occupant_affiliation == "owner" or occupant_affiliation == "admin" then - return nil, "cancel", "not-allowed"; - end - - -- If you are trying to give or take moderator role you need to be an owner or admin - if occupant.role == "moderator" or role == "moderator" then - local actor_affiliation = self:get_affiliation(actor); - if actor_affiliation ~= "owner" and actor_affiliation ~= "admin" then - return nil, "cancel", "not-allowed"; - end - end - - -- Need to be in the room and a moderator - local actor_occupant = self:get_occupant_by_real_jid(actor); - if not actor_occupant or actor_occupant.role ~= "moderator" then - return nil, "cancel", "not-allowed"; + local allowed, err, condition = self:may_set_role(actor, occupant, role) + if not allowed then + return allowed, err, condition; end end -- cgit v1.2.3 From 8518868d4192e48f1f7529970dca3bae4364f43b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Feb 2019 16:30:11 +0100 Subject: MUC: Fire an event to allow affecting decision of whether to allow a role change --- plugins/muc/muc.lib.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 2b6a7d76..a8d3d790 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1369,6 +1369,18 @@ function room_mt:get_role(nick) end function room_mt:may_set_role(actor, occupant, role) + local event = { + room = self, + actor = actor, + occupant = occupant, + role = role, + }; + + module:fire_event("muc-pre-set-role", event); + if event.allowed ~= nil then + return event.allowed, event.error, event.condition; + end + -- Can't do anything to other owners or admins local occupant_affiliation = self:get_affiliation(occupant.bare_jid); if occupant_affiliation == "owner" or occupant_affiliation == "admin" then -- cgit v1.2.3 From 9c9d32e7e69af9aa59c1937b91bc41525d584144 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 4 Mar 2019 13:13:37 +0100 Subject: mod_muc_mam: Validate that the FORM_TYPE of a query is as expected --- plugins/mod_muc_mam.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 166a5c71..963e5255 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -21,6 +21,7 @@ local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; local jid_prep = require "util.jid".prep; local dataform = require "util.dataforms".new; +local get_form_type = require "util.dataforms".get_type; local mod_muc = module:depends"muc"; local get_room_from_jid = mod_muc.get_room_from_jid; @@ -131,7 +132,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) local qstart, qend; local form = query:get_child("x", "jabber:x:data"); if form then - local err; + local form_type, err = get_form_type(form); + if form_type ~= xmlns_mam then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'")); + return true; + end form, err = query_form:data(form); if err then origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err)))); -- cgit v1.2.3 From 9f65ce71893ef10485442ee209472a38865da081 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 10 Mar 2019 19:58:28 +0100 Subject: core.certmanager: Do not ask for client certificates by default Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it. --- plugins/mod_http.lua | 3 --- plugins/mod_s2s/mod_s2s.lua | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 829c2d02..17ea27e1 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -228,9 +228,6 @@ module:provides("net", { listener = server.listener; default_port = 5281; encryption = "ssl"; - ssl_config = { - verify = "none"; - }; multiplex = { pattern = "^[A-Z]"; }; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 79308847..b0d551fe 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -738,6 +738,9 @@ module:provides("net", { listener = listener; default_port = 5269; encryption = "starttls"; + ssl_config = { + verify = { "peer", "client_once", }; + }; multiplex = { pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; }; -- cgit v1.2.3 From b246b00f85b1973058f8b607190a72168380dbc3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 11 Mar 2019 13:07:59 +0100 Subject: mod_tls: Restore querying for certificates on s2s The 'ssl_config' setting in the mod_s2s network service is not used. Only direct TLS ports use this currently. --- plugins/mod_s2s/mod_s2s.lua | 2 +- plugins/mod_tls.lua | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index b0d551fe..f0fdc5fb 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -738,7 +738,7 @@ module:provides("net", { listener = listener; default_port = 5269; encryption = "starttls"; - ssl_config = { + ssl_config = { -- FIXME This is not used atm, see mod_tls verify = { "peer", "client_once", }; }; multiplex = { diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 4ead60dc..d8bf02c4 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -53,13 +53,17 @@ function module.load() local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL; local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s; + local request_client_certs = { verify = { "peer", "client_once", }; }; + ssl_ctx_c2s, err_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err_c2s); end - ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections + -- for outgoing server connections + ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, request_client_certs); if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end - ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections + -- for incoming server connections + ssl_ctx_s2sin, err_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s, request_client_certs); if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err_s2sin); end end -- cgit v1.2.3 From 62f33cd891e824a8d9c5a99c5d1a51af6c23835d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 18 Mar 2019 09:50:23 +0000 Subject: MUC: Update error message for consistency --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index a8d3d790..c828d17d 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -498,7 +498,7 @@ function room_mt:handle_normal_presence(origin, stanza) if orig_occupant == nil and not muc_x and stanza.attr.type == nil then module:log("debug", "Attempted join without , possibly desynced"); origin.send(st.error_reply(stanza, "cancel", "item-not-found", - "You must join the room before sending presence updates")); + "You are not currently connected to this chat")); return true; end -- cgit v1.2.3 From ab545f19a339c76afe6d24912a79e05ee5f4d94c Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:05:37 +0000 Subject: mod_admin_telnet: Show module status in module:list() --- plugins/mod_admin_telnet.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 7fae8983..34cc4dc6 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -480,7 +480,12 @@ function def_env.module:list(hosts) end else for _, name in ipairs(modules) do - print(" "..name); + local status, status_text = modulemanager.get_module(host, name).module:get_status(); + local status_summary = ""; + if status == "warn" or status == "error" then + status_summary = (" (%s: %s)"):format(status, status_text); + end + print((" %s%s"):format(name, status_summary)); end end end -- cgit v1.2.3 From c6efcf09bec3f89c768ebab216c69ce116b091e6 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:08:06 +0000 Subject: mod_component: Set module status to indicate whether component is connected --- plugins/mod_component.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index b8c87dee..b1ffc81d 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -49,6 +49,7 @@ function module.add_host(module) local send; local function on_destroy(session, err) --luacheck: ignore 212/err + module:set_status("warn", err and ("Disconnected: "..err) or "Disconnected"); env.connected = false; env.session = false; send = nil; @@ -102,6 +103,7 @@ function module.add_host(module) module:log("info", "External component successfully authenticated"); session.send(st.stanza("handshake")); module:fire_event("component-authenticated", { session = session }); + module:set_status("info", "Connected"); return true; end -- cgit v1.2.3 From 755b5076441531a8c8b6f2b2ab831800768402ef Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:08:33 +0000 Subject: mod_s2s: Set warning status if not listening on any ports --- plugins/mod_s2s/s2sout.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua index 5f765da8..34e322d2 100644 --- a/plugins/mod_s2s/s2sout.lib.lua +++ b/plugins/mod_s2s/s2sout.lib.lua @@ -318,7 +318,7 @@ module:hook_global("service-added", function (event) local s2s_sources = portmanager.get_active_services():get("s2s"); if not s2s_sources then - module:log("warn", "s2s not listening on any ports, outgoing connections may fail"); + module:log_status("warn", "s2s not listening on any ports, outgoing connections may fail"); return; end for source, _ in pairs(s2s_sources) do -- cgit v1.2.3 From 992497531e9000cc9139a159cd21ea808e1b636e Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 19 Mar 2019 09:08:56 +0000 Subject: mod_muc_mam: Set error status if loaded on incorrect host type --- plugins/mod_muc_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index d414a449..7d429482 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -4,7 +4,7 @@ -- This file is MIT/X11 licensed. if module:get_host_type() ~= "component" then - module:log("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name); + module:log_status("error", "mod_%s should be loaded only on a MUC component, not normal hosts", module.name); return; end -- cgit v1.2.3 From d7761bd914bd38e43de12c248196bc81307c71c5 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 20 Oct 2017 12:53:53 +0200 Subject: mod_storage_internal,_sql: Add limit to number of items in an archive store (fixes #733) --- plugins/mod_storage_internal.lua | 35 +++++++++++++++++++++++++++++++++++ plugins/mod_storage_sql.lua | 39 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 42b451bd..d812c0e9 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -1,3 +1,4 @@ +local cache = require "util.cache"; local datamanager = require "core.storagemanager".olddm; local array = require "util.array"; local datetime = require "util.datetime"; @@ -7,6 +8,9 @@ local id = require "util.id".medium; local host = module.host; +local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000); +local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); + local driver = {}; function driver:open(store, typ) @@ -54,28 +58,56 @@ function archive:append(username, key, value, when, with) value.attr.stamp = datetime.datetime(when); value.attr.stamp_legacy = datetime.legacy(when); + local item_count = archive_item_count_cache:get(username); + if key then local items, err = datamanager.list_load(username, host, self.store); if not items and err then return items, err; end + + -- Check the quota + item_count = items and #items or 0; + archive_item_count_cache:set(username, item_count); + if item_count >= archive_item_limit then + module:log("debug", "%s reached or over quota, not adding to store", username); + return nil, "quota-limit"; + end + if items then + -- Filter out any item with the same key as the one being added items = array(items); items:filter(function (item) return item.key ~= key; end); + value.key = key; items:push(value); local ok, err = datamanager.list_store(username, host, self.store, items); if not ok then return ok, err; end + archive_item_count_cache:set(username, #items); return key; end else + if not item_count then -- Item count not cached? + -- We need to load the list to get the number of items currently stored + local items, err = datamanager.list_load(username, host, self.store); + if not items and err then return items, err; end + item_count = items and #items or 0; + archive_item_count_cache:set(username, item_count); + end + if item_count >= archive_item_limit then + module:log("debug", "%s reached or over quota, not adding to store", username); + return nil, "quota-limit"; + end key = id(); end + module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); + value.key = key; local ok, err = datamanager.list_append(username, host, self.store, value); if not ok then return ok, err; end + archive_item_count_cache:set(username, item_count+1); return key; end @@ -158,6 +190,7 @@ end function archive:delete(username, query) if not query or next(query) == nil then + archive_item_count_cache:set(username, nil); return datamanager.list_store(username, host, self.store, nil); end local items, err = datamanager.list_load(username, host, self.store); @@ -165,6 +198,7 @@ function archive:delete(username, query) if err then return items, err; end + archive_item_count_cache:set(username, 0); -- Store is empty return 0; end @@ -214,6 +248,7 @@ function archive:delete(username, query) end local ok, err = datamanager.list_store(username, host, self.store, items); if not ok then return ok, err; end + archive_item_count_cache:set(username, #items); return count; end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 5c0c0208..4fe2a262 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -1,6 +1,7 @@ -- luacheck: ignore 212/self +local cache = require "util.cache"; local json = require "util.json"; local sql = require "util.sql"; local xml_parse = require "util.xml".parse; @@ -148,6 +149,9 @@ end --- Archive store API +local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000); +local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); + -- luacheck: ignore 512 431/user 431/store local map_store = {}; map_store.__index = map_store; @@ -231,6 +235,32 @@ archive_store.caps = { }; archive_store.__index = archive_store function archive_store:append(username, key, value, when, with) + local item_count = archive_item_count_cache:get(username); + if not item_count then + local ok, ret = engine:transaction(function() + local count_sql = [[ + SELECT COUNT(*) FROM "prosodyarchive" + WHERE "host"=? AND "user"=? AND "store"=?; + ]]; + local result = engine:select(count_sql, host, user, store); + if result then + for row in result do + item_count = row[1]; + end + end + end); + if not ok or not item_count then + module:log("error", "Failed while checking quota for %s: %s", username, ret); + return nil, "Failure while checking quota"; + end + archive_item_count_cache:set(username, item_count); + end + + module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); + if item_count >= archive_item_limit then + return nil, "quota-limit"; + end + local user,store = username,self.store; when = when or os.time(); with = with or ""; @@ -245,12 +275,18 @@ function archive_store:append(username, key, value, when, with) VALUES (?,?,?,?,?,?,?,?); ]]; if key then - engine:delete(delete_sql, host, user or "", store, key); + local result, err = engine:delete(delete_sql, host, user or "", store, key); + if result then + item_count = item_count - result:affected(); + archive_item_count_cache:set(username, item_count); + end else + item_count = item_count + 1; key = uuid.generate(); end local t, encoded_value = assert(serialize(value)); engine:insert(insert_sql, host, user or "", store, when, with, key, t, encoded_value); + archive_item_count_cache:set(username, item_count+1); return key; end); if not ok then return ok, ret; end @@ -422,6 +458,7 @@ function archive_store:delete(username, query) end return engine:delete(sql_query, unpack(args)); end); + archive_item_count_cache:set(username, nil); return ok and stmt:affected(), stmt; end -- cgit v1.2.3 From 0028ea46e2aed1e0522da59b3d31912afea2c54a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 18:01:24 +0100 Subject: mod_storage_internal,_sql: Expose archive capabilities feature set This was planned to be added long ago but was forgotten. --- plugins/mod_storage_internal.lua | 6 ++++++ plugins/mod_storage_sql.lua | 2 ++ 2 files changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index d812c0e9..c21fe0dc 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -47,6 +47,12 @@ end local archive = {}; driver.archive = { __index = archive }; +archive.caps = { + total = true; + quota = archive_item_limit; + truncate = true; +}; + function archive:append(username, key, value, when, with) when = when or now(); if not st.is_stanza(value) then diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 4fe2a262..82c5c3fe 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -232,6 +232,8 @@ end local archive_store = {} archive_store.caps = { total = true; + quota = archive_item_limit; + truncate = true; }; archive_store.__index = archive_store function archive_store:append(username, key, value, when, with) -- cgit v1.2.3 From 9eb4885f38891261621cd18aa206883851acbaab Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 18:02:27 +0100 Subject: mod_storage_internal,_sql: Key item count cache on both username and store --- plugins/mod_storage_internal.lua | 19 +++++++++++-------- plugins/mod_storage_sql.lua | 13 ++++++++----- 2 files changed, 19 insertions(+), 13 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index c21fe0dc..52ca4da8 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -5,6 +5,7 @@ local datetime = require "util.datetime"; local st = require "util.stanza"; local now = require "util.time".now; local id = require "util.id".medium; +local jid_join = require "util.jid".join; local host = module.host; @@ -64,7 +65,8 @@ function archive:append(username, key, value, when, with) value.attr.stamp = datetime.datetime(when); value.attr.stamp_legacy = datetime.legacy(when); - local item_count = archive_item_count_cache:get(username); + local cache_key = jid_join(username, host, self.store); + local item_count = archive_item_count_cache:get(cache_key); if key then local items, err = datamanager.list_load(username, host, self.store); @@ -72,7 +74,7 @@ function archive:append(username, key, value, when, with) -- Check the quota item_count = items and #items or 0; - archive_item_count_cache:set(username, item_count); + archive_item_count_cache:set(cache_key, item_count); if item_count >= archive_item_limit then module:log("debug", "%s reached or over quota, not adding to store", username); return nil, "quota-limit"; @@ -89,7 +91,7 @@ function archive:append(username, key, value, when, with) items:push(value); local ok, err = datamanager.list_store(username, host, self.store, items); if not ok then return ok, err; end - archive_item_count_cache:set(username, #items); + archive_item_count_cache:set(cache_key, #items); return key; end else @@ -98,7 +100,7 @@ function archive:append(username, key, value, when, with) local items, err = datamanager.list_load(username, host, self.store); if not items and err then return items, err; end item_count = items and #items or 0; - archive_item_count_cache:set(username, item_count); + archive_item_count_cache:set(cache_key, item_count); end if item_count >= archive_item_limit then module:log("debug", "%s reached or over quota, not adding to store", username); @@ -113,7 +115,7 @@ function archive:append(username, key, value, when, with) local ok, err = datamanager.list_append(username, host, self.store, value); if not ok then return ok, err; end - archive_item_count_cache:set(username, item_count+1); + archive_item_count_cache:set(cache_key, item_count+1); return key; end @@ -195,8 +197,9 @@ function archive:dates(username) end function archive:delete(username, query) + local cache_key = jid_join(username, host, self.store); if not query or next(query) == nil then - archive_item_count_cache:set(username, nil); + archive_item_count_cache:set(cache_key, nil); return datamanager.list_store(username, host, self.store, nil); end local items, err = datamanager.list_load(username, host, self.store); @@ -204,7 +207,7 @@ function archive:delete(username, query) if err then return items, err; end - archive_item_count_cache:set(username, 0); + archive_item_count_cache:set(cache_key, 0); -- Store is empty return 0; end @@ -254,7 +257,7 @@ function archive:delete(username, query) end local ok, err = datamanager.list_store(username, host, self.store, items); if not ok then return ok, err; end - archive_item_count_cache:set(username, #items); + archive_item_count_cache:set(cache_key, #items); return count; end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 82c5c3fe..3028bb72 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -7,6 +7,7 @@ local sql = require "util.sql"; local xml_parse = require "util.xml".parse; local uuid = require "util.uuid"; local resolve_relative_path = require "util.paths".resolve_relative_path; +local jid_join = require "util.jid".join; local is_stanza = require"util.stanza".is_stanza; local t_concat = table.concat; @@ -237,7 +238,8 @@ archive_store.caps = { }; archive_store.__index = archive_store function archive_store:append(username, key, value, when, with) - local item_count = archive_item_count_cache:get(username); + local cache_key = jid_join(username, host, self.store); + local item_count = archive_item_count_cache:get(cache_key); if not item_count then local ok, ret = engine:transaction(function() local count_sql = [[ @@ -255,7 +257,7 @@ function archive_store:append(username, key, value, when, with) module:log("error", "Failed while checking quota for %s: %s", username, ret); return nil, "Failure while checking quota"; end - archive_item_count_cache:set(username, item_count); + archive_item_count_cache:set(cache_key, item_count); end module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); @@ -280,7 +282,7 @@ function archive_store:append(username, key, value, when, with) local result, err = engine:delete(delete_sql, host, user or "", store, key); if result then item_count = item_count - result:affected(); - archive_item_count_cache:set(username, item_count); + archive_item_count_cache:set(cache_key, item_count); end else item_count = item_count + 1; @@ -288,7 +290,7 @@ function archive_store:append(username, key, value, when, with) end local t, encoded_value = assert(serialize(value)); engine:insert(insert_sql, host, user or "", store, when, with, key, t, encoded_value); - archive_item_count_cache:set(username, item_count+1); + archive_item_count_cache:set(cache_key, item_count+1); return key; end); if not ok then return ok, ret; end @@ -460,7 +462,8 @@ function archive_store:delete(username, query) end return engine:delete(sql_query, unpack(args)); end); - archive_item_count_cache:set(username, nil); + local cache_key = jid_join(username, host, self.store); + archive_item_count_cache:set(cache_key, nil); return ok and stmt:affected(), stmt; end -- cgit v1.2.3 From 9dce1de7674543e1daa3664c75a709845b1330fb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 7 Nov 2017 18:58:52 +0100 Subject: mod_mam: Trim archive when quota has been exceeded --- plugins/mod_mam/mod_mam.lua | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 88cbaa08..5be4bc24 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -40,6 +40,10 @@ local strip_tags = module:get_option_set("dont_archive_namespaces", { "http://ja local archive_store = module:get_option_string("archive_store", "archive"); local archive = module:open_store(archive_store, "archive"); +local cleanup_after = module:get_option_string("archive_expires_after", "1w"); +local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60); +local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000); + if not archive.find then error("mod_"..(archive._provided_by or archive.name and "storage_"..archive.name).." does not support archiving\n" .."See https://prosody.im/doc/storage and https://prosody.im/doc/archiving for more information"); @@ -295,7 +299,20 @@ local function message_handler(event, c2s) log("debug", "Archiving stanza: %s", stanza:top_tag()); -- And stash it - local ok = archive:append(store_user, nil, clone_for_storage, time_now(), with); + local time = time_now(); + local ok, err = archive:append(store_user, nil, clone_for_storage, time, with); + if not ok and err == "quota-limit" then + if archive.caps and archive.caps.truncate then + module:log("debug", "User '%s' over quota, trimming archive", store_user); + local truncated = archive:delete(store_user, { + truncate = archive_item_limit - 1; + ["end"] = type(cleanup_after) == "number" and (os.time() - cleanup_after) or nil; + }); + if truncated then + ok, err = archive:append(store_user, nil, clone_for_storage, time, with); + end + end + end if ok then local clone_for_other_handlers = st.clone(stanza); local id = ok; @@ -321,8 +338,6 @@ end module:hook("pre-message/bare", strip_stanza_id_after_other_events, -1); module:hook("pre-message/full", strip_stanza_id_after_other_events, -1); -local cleanup_after = module:get_option_string("archive_expires_after", "1w"); -local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60); if cleanup_after ~= "never" then local cleanup_storage = module:open_store("archive_cleanup"); local cleanup_map = module:open_store("archive_cleanup", "map"); -- cgit v1.2.3 From 0681ffe60631d573ad8529de7eaa187cb21a20b1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 20 Mar 2019 12:14:45 +0100 Subject: mod_storage_memory: Add support for archive item limits --- plugins/mod_storage_memory.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 745e394b..8e1cf879 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -8,6 +8,8 @@ local new_id = require "util.id".medium; local auto_purge_enabled = module:get_option_boolean("storage_memory_temporary", false); local auto_purge_stores = module:get_option_set("storage_memory_temporary_stores", {}); +local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000); + local memory = setmetatable({}, { __index = function(t, k) local store = module:shared(k) @@ -51,6 +53,12 @@ archive_store.__index = archive_store; archive_store.users = _users; +archive_store.caps = { + total = true; + quota = archive_item_limit; + truncate = true; +}; + function archive_store:append(username, key, value, when, with) if is_stanza(value) then value = st.preserialize(value); @@ -70,6 +78,8 @@ function archive_store:append(username, key, value, when, with) end if a[key] then table.remove(a, a[key]); + elseif #a >= archive_item_limit then + return nil, "quota-limit"; end local i = #a+1; a[i] = v; -- cgit v1.2.3 From c4b5bfdc5f2da4cdbe085a5a95c6418f802ec56e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:04:34 +0100 Subject: mod_storage_internal: Increase default quota to 10 000 Performance doesn't seem great but 10k should be far enough from limits inherited by the Lua parser. 1000 messages seemed pretty close to what an active user might produce in one week. --- plugins/mod_storage_internal.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 52ca4da8..cb88f10f 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -9,7 +9,7 @@ local jid_join = require "util.jid".join; local host = module.host; -local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000); +local archive_item_limit = module:get_option_number("storage_archive_item_limit", 10000); local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); local driver = {}; -- cgit v1.2.3 From 3e5243f2d2df3e4933a9bd7fdaf13c848265178e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:09:38 +0100 Subject: mod_storage_sql: Don't increment counter twice (fixes accounting error) --- plugins/mod_storage_sql.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 3028bb72..154daf06 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -285,7 +285,6 @@ function archive_store:append(username, key, value, when, with) archive_item_count_cache:set(cache_key, item_count); end else - item_count = item_count + 1; key = uuid.generate(); end local t, encoded_value = assert(serialize(value)); -- cgit v1.2.3 From 61edbdb90f50b71c6a13f24e7621b561fef9b3ac Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:10:46 +0100 Subject: mod_storage_sql: Fix to use currently queried store Was using the previously queried store due to this being cached in an upvalue. --- plugins/mod_storage_sql.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 154daf06..325fab94 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -238,7 +238,8 @@ archive_store.caps = { }; archive_store.__index = archive_store function archive_store:append(username, key, value, when, with) - local cache_key = jid_join(username, host, self.store); + local user,store = username,self.store; + local cache_key = jid_join(username, host, store); local item_count = archive_item_count_cache:get(cache_key); if not item_count then local ok, ret = engine:transaction(function() @@ -265,7 +266,6 @@ function archive_store:append(username, key, value, when, with) return nil, "quota-limit"; end - local user,store = username,self.store; when = when or os.time(); with = with or ""; local ok, ret = engine:transaction(function() -- cgit v1.2.3 From 56a9e395ade713122fd2251a64232abd270cadbe Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:12:02 +0100 Subject: mod_storage_sql: Skip cache write This would cause the cache to be wrong in case the the later INSERT fails and the transaction is aborted. --- plugins/mod_storage_sql.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 325fab94..35a16870 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -282,7 +282,6 @@ function archive_store:append(username, key, value, when, with) local result, err = engine:delete(delete_sql, host, user or "", store, key); if result then item_count = item_count - result:affected(); - archive_item_count_cache:set(cache_key, item_count); end else key = uuid.generate(); -- cgit v1.2.3 From 5029870d3eee5bbe50c012fe1e7f4ee62e62ee24 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:13:27 +0100 Subject: mod_storage_sql: Cache total count if it's calculated as part of the current query --- plugins/mod_storage_sql.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 35a16870..b3bd5171 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -384,6 +384,9 @@ function archive_store:find(username, query) total = row[1]; end end + if query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then + archive_item_count_cache:set(cache_key, total); + end if query.limit == 0 then -- Skip the real query return noop, total; end -- cgit v1.2.3 From 9393931a25367390465b480b8dbaa38e9f199b54 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:18:54 +0100 Subject: mod_storage_sql: Return cached count if only this is queried for --- plugins/mod_storage_sql.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index b3bd5171..8c03da01 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -362,7 +362,11 @@ end function archive_store:find(username, query) query = query or {}; local user,store = username,self.store; - local total; + local cache_key = jid_join(username, host, self.store); + local total = archive_item_count_cache:get(cache_key); + if total ~= nil and query.limit == 0 and query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then + return noop, total; + end local ok, result = engine:transaction(function() local sql_query = [[ SELECT "key", "type", "value", "when", "with" -- cgit v1.2.3 From 2fed4a88c282ca6aa62d9641f3360a021ec0cebe Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:22:21 +0100 Subject: mod_mam: On quota hit, separately delete by time and by item count This is to work around a possible SQL issue where offsets and time stamps don't interact correctly. --- plugins/mod_mam/mod_mam.lua | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 5be4bc24..632de9ea 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -302,11 +302,19 @@ local function message_handler(event, c2s) local time = time_now(); local ok, err = archive:append(store_user, nil, clone_for_storage, time, with); if not ok and err == "quota-limit" then - if archive.caps and archive.caps.truncate then - module:log("debug", "User '%s' over quota, trimming archive", store_user); + if type(cleanup_after) == "number" then + module:log("debug", "User '%s' over quota, cleaning archive", store_user); + local cleaned = archive:delete(store_user, { + ["end"] = (os.time() - cleanup_after); + }); + if cleaned then + ok, err = archive:append(store_user, nil, clone_for_storage, time, with); + end + end + if not ok and (archive.caps and archive.caps.truncate) then + module:log("debug", "User '%s' over quota, truncating archive", store_user); local truncated = archive:delete(store_user, { truncate = archive_item_limit - 1; - ["end"] = type(cleanup_after) == "number" and (os.time() - cleanup_after) or nil; }); if truncated then ok, err = archive:append(store_user, nil, clone_for_storage, time, with); -- cgit v1.2.3 From 5bb703f07f52906b1280daaac164a3886f09a373 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 02:24:48 +0100 Subject: mod_storage_internal: Include store name when reporting quota status --- plugins/mod_storage_internal.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index cb88f10f..c87d01be 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -109,7 +109,7 @@ function archive:append(username, key, value, when, with) key = id(); end - module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); + module:log("debug", "%s has %d items out of %d limit in store %s", username, item_count, archive_item_limit, self.store); value.key = key; -- cgit v1.2.3 From 8cc789c7968e0f578eba70be1be13b1645e52914 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 Mar 2019 16:30:53 +0100 Subject: mod_storage_sql: No archive item limit by default --- plugins/mod_storage_sql.lua | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 8c03da01..6b26759f 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -150,7 +150,7 @@ end --- Archive store API -local archive_item_limit = module:get_option_number("storage_archive_item_limit", 1000); +local archive_item_limit = module:get_option_number("storage_archive_item_limit"); local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); -- luacheck: ignore 512 431/user 431/store @@ -261,9 +261,11 @@ function archive_store:append(username, key, value, when, with) archive_item_count_cache:set(cache_key, item_count); end - module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); - if item_count >= archive_item_limit then - return nil, "quota-limit"; + if archive_item_limit then + module:log("debug", "%s has %d items out of %d limit", username, item_count, archive_item_limit); + if item_count >= archive_item_limit then + return nil, "quota-limit"; + end end when = when or os.time(); -- cgit v1.2.3 From 582fa3f46f105fe55447d607dceb43b5ac61d440 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Feb 2019 15:48:28 +0100 Subject: mod_storage_internal: Implement a summary API returning message counts per contact --- plugins/mod_storage_internal.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index c87d01be..aa5c3c8a 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -196,6 +196,16 @@ function archive:dates(username) return array(items):pluck("when"):map(datetime.date):unique(); end +function archive:summary(username, query) + local iter, err = self:find(username, query) + if not iter then return iter, err; end + local summary = {}; + for _, _, _, with in iter do + summary[with] = (summary[with] or 0) + 1; + end + return summary; +end + function archive:delete(username, query) local cache_key = jid_join(username, host, self.store); if not query or next(query) == nil then -- cgit v1.2.3 From a32b5ceb4576f8fefeea0f68aae1f81dd942125d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Feb 2019 15:51:55 +0100 Subject: mod_storage_sql: Implement archive summary API --- plugins/mod_storage_sql.lua | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 6b26759f..ffe48ab8 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -419,6 +419,41 @@ function archive_store:find(username, query) end, total; end +function archive_store:summary(username, query) + query = query or {}; + local user,store = username,self.store; + local ok, result = engine:transaction(function() + local sql_query = [[ + SELECT DISTINCT "with", COUNT(*) + FROM "prosodyarchive" + WHERE %s + GROUP BY "with" + ORDER BY "sort_id" %s%s; + ]]; + local args = { host, user or "", store, }; + local where = { "\"host\" = ?", "\"user\" = ?", "\"store\" = ?", }; + + archive_where(query, args, where); + + archive_where_id_range(query, args, where); + + if query.limit then + args[#args+1] = query.limit; + end + + sql_query = sql_query:format(t_concat(where, " AND "), query.reverse + and "DESC" or "ASC", query.limit and " LIMIT ?" or ""); + return engine:select(sql_query, unpack(args)); + end); + if not ok then return ok, result end + local summary = {}; + for row in result do + local with, count = row[1], row[2]; + summary[with] = count; + end + return summary; +end + function archive_store:delete(username, query) query = query or {}; local user,store = username,self.store; -- cgit v1.2.3 From 9b96017ca92a16719c614484e7c314bcd7b0ba80 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2019 22:05:08 +0100 Subject: mod_storage_memory: Implement archive summary API --- plugins/mod_storage_memory.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 8e1cf879..41180aba 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -147,6 +147,16 @@ function archive_store:find(username, query) end, count; end +function archive:summary(username, query) + local iter, err = self:find(username, query) + if not iter then return iter, err; end + local summary = {}; + for _, _, _, with in iter do + summary[with] = (summary[with] or 0) + 1; + end + return summary; +end + function archive_store:delete(username, query) if not query or next(query) == nil then -- cgit v1.2.3 From 170c49b52dec97673c1cb473038e0c538e239b2c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2019 22:05:42 +0100 Subject: mod_storage_memory: Fix copypaste mistake --- plugins/mod_storage_memory.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 41180aba..dde2d571 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -147,7 +147,7 @@ function archive_store:find(username, query) end, count; end -function archive:summary(username, query) +function archive_store:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end local summary = {}; -- cgit v1.2.3 From 8e68b0dd1adfcd7932f368a0b00dd2019c95db38 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 24 Nov 2018 02:25:44 +0100 Subject: mod_csi_simple: Use write locks in net.server if available --- plugins/mod_csi_simple.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index da2dd953..abe65fce 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -86,7 +86,9 @@ end, -1); module:hook("csi-client-inactive", function (event) local session = event.origin; - if session.pump then + if session.conn and session.conn and session.conn.pause_writes then + session.conn:pause_writes(); + elseif session.pump then session.pump:pause(); else local bare_jid = jid.join(session.username, session.host); @@ -115,6 +117,8 @@ module:hook("csi-client-active", function (event) local session = event.origin; if session.pump then session.pump:resume(); + elseif session.conn and session.conn and session.conn.resume_writes then + session.conn:resume_writes(); end end); -- cgit v1.2.3 From 9e7035be7282a7902989904cec6aeec879814f49 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 18:30:51 +0100 Subject: mod_c2s: Fire an event when outgoing buffers have been emptied --- plugins/mod_c2s.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 8d7b92fe..7c6d95f7 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -332,6 +332,13 @@ function listener.onreadtimeout(conn) end end +function listener.ondrain(conn) + local session = sessions[conn]; + if session then + return (hosts[session.host] or prosody).events.fire_event("c2s-ondrain", { session = session }); + end +end + local function keepalive(event) local session = event.session; if not session.notopen then -- cgit v1.2.3 From e5885c928a79604dea999d24cf57104150b55898 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 18:32:50 +0100 Subject: mod_csi_simple: Break out stanza timestamping into a function for future reuse --- plugins/mod_csi_simple.lua | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index abe65fce..6bd6c0bf 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -84,6 +84,14 @@ module:hook("csi-is-stanza-important", function (event) return true; end, -1); +local function with_timestamp(stanza, from) + if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then + stanza = st.clone(stanza); + stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = from, stamp = dt.datetime()})); + end + return stanza; +end + module:hook("csi-client-inactive", function (event) local session = event.origin; if session.conn and session.conn and session.conn.pause_writes then @@ -102,11 +110,7 @@ module:hook("csi-client-inactive", function (event) pump:flush(); send(stanza); else - if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then - stanza = st.clone(stanza); - stanza:add_direct_child(st.stanza("delay", {xmlns = "urn:xmpp:delay", from = bare_jid, stamp = dt.datetime()})); - end - pump:push(stanza); + pump:push(with_timestamp(stanza, bare_jid)); end return true; end -- cgit v1.2.3 From 643c317b1627da95e839bab0e397d89ab6f6a589 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 18:33:38 +0100 Subject: mod_csi_simple: Count buffered items and flush when it reaches configured limit In this mode, stanzas have been serialized to strings in the internal net.server buffer, so it is difficult to count them after the fact. --- plugins/mod_csi_simple.lua | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 6bd6c0bf..5c829179 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -10,6 +10,7 @@ local jid = require "util.jid"; local st = require "util.stanza"; local dt = require "util.datetime"; local new_queue = require "util.queue".new; +local filters = require "util.filters"; local function new_pump(output, ...) -- luacheck: ignore 212/self @@ -92,10 +93,22 @@ local function with_timestamp(stanza, from) return stanza; end +local function manage_buffer(stanza, session) + local ctr = session.csi_counter or 0; + if ctr >= queue_size or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then + session.conn:resume_writes(); + else + stanza = with_timestamp(stanza, jid.join(session.username, session.host)) + end + session.csi_counter = ctr + 1; + return stanza; +end + module:hook("csi-client-inactive", function (event) local session = event.origin; if session.conn and session.conn and session.conn.pause_writes then session.conn:pause_writes(); + filters.add_filter(session, "stanzas/out", manage_buffer); elseif session.pump then session.pump:pause(); else @@ -122,7 +135,16 @@ module:hook("csi-client-active", function (event) if session.pump then session.pump:resume(); elseif session.conn and session.conn and session.conn.resume_writes then + filters.remove_filter(session, "stanzas/out", manage_buffer); session.conn:resume_writes(); end end); + +module:hook("c2s-ondrain", function (event) + local session = event.session; + if session.state == "inactive" and session.conn and session.conn and session.conn.pause_writes then + session.csi_counter = 0; + session.conn:pause_writes(); + end +end); -- cgit v1.2.3 From 141c5d3fbe257cf63249eeec528dd36b3266b25e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 18:58:53 +0100 Subject: mod_csi_simple: Trigger buffer flush on seeing incoming data I.e. the client sent us something, which means its network / radio is active. --- plugins/mod_csi_simple.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 5c829179..07a8cfb3 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -104,11 +104,17 @@ local function manage_buffer(stanza, session) return stanza; end +local function flush_buffer(data, session) + session.conn:resume_writes(); + return data; +end + module:hook("csi-client-inactive", function (event) local session = event.origin; if session.conn and session.conn and session.conn.pause_writes then session.conn:pause_writes(); filters.add_filter(session, "stanzas/out", manage_buffer); + filters.add_filter(session, "bytes/in", flush_buffer); elseif session.pump then session.pump:pause(); else @@ -136,6 +142,7 @@ module:hook("csi-client-active", function (event) session.pump:resume(); elseif session.conn and session.conn and session.conn.resume_writes then filters.remove_filter(session, "stanzas/out", manage_buffer); + filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); end end); -- cgit v1.2.3 From 3a1498ebd335a15a987e3087f84089620b5507c5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 19:02:40 +0100 Subject: mod_csi_simple: Also flush buffer in "pump" mode --- plugins/mod_csi_simple.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 07a8cfb3..ee7e01c9 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -109,9 +109,15 @@ local function flush_buffer(data, session) return data; end +local function flush_pump(data, session) + session.pump:flush(); + return data; +end + module:hook("csi-client-inactive", function (event) local session = event.origin; if session.conn and session.conn and session.conn.pause_writes then + session.log("info", "Native net.server buffer management mode"); session.conn:pause_writes(); filters.add_filter(session, "stanzas/out", manage_buffer); filters.add_filter(session, "bytes/in", flush_buffer); @@ -124,6 +130,7 @@ module:hook("csi-client-inactive", function (event) local pump = new_pump(session.send, queue_size); pump:pause(); session.pump = pump; + filters.add_filter(session, "bytes/in", flush_pump); function session.send(stanza) if session.state == "active" or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then pump:flush(); -- cgit v1.2.3 From 6c89a86e0df62c51e0fb12596d3999324245c9fe Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 20:22:01 +0100 Subject: mod_csi_simple: Remove old "pump" queue/buffer method, handled in net.server now --- plugins/mod_csi_simple.lua | 63 ++-------------------------------------------- 1 file changed, 2 insertions(+), 61 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index ee7e01c9..0fa0d083 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -9,42 +9,8 @@ module:depends"csi" local jid = require "util.jid"; local st = require "util.stanza"; local dt = require "util.datetime"; -local new_queue = require "util.queue".new; local filters = require "util.filters"; -local function new_pump(output, ...) - -- luacheck: ignore 212/self - local q = new_queue(...); - local flush = true; - function q:pause() - flush = false; - end - function q:resume() - flush = true; - return q:flush(); - end - local push = q.push; - function q:push(item) - local ok = push(self, item); - if not ok then - q:flush(); - output(item, self); - elseif flush then - return q:flush(); - end - return true; - end - function q:flush() - local item = self:pop(); - while item do - output(item, self); - item = self:pop(); - end - return true; - end - return q; -end - local queue_size = module:get_option_number("csi_queue_size", 256); module:hook("csi-is-stanza-important", function (event) @@ -109,45 +75,20 @@ local function flush_buffer(data, session) return data; end -local function flush_pump(data, session) - session.pump:flush(); - return data; -end - module:hook("csi-client-inactive", function (event) local session = event.origin; if session.conn and session.conn and session.conn.pause_writes then - session.log("info", "Native net.server buffer management mode"); session.conn:pause_writes(); filters.add_filter(session, "stanzas/out", manage_buffer); filters.add_filter(session, "bytes/in", flush_buffer); - elseif session.pump then - session.pump:pause(); else - local bare_jid = jid.join(session.username, session.host); - local send = session.send; - session._orig_send = send; - local pump = new_pump(session.send, queue_size); - pump:pause(); - session.pump = pump; - filters.add_filter(session, "bytes/in", flush_pump); - function session.send(stanza) - if session.state == "active" or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then - pump:flush(); - send(stanza); - else - pump:push(with_timestamp(stanza, bare_jid)); - end - return true; - end + session.log("warn", "Session connection does not support write pausing"); end end); module:hook("csi-client-active", function (event) local session = event.origin; - if session.pump then - session.pump:resume(); - elseif session.conn and session.conn and session.conn.resume_writes then + if session.conn and session.conn and session.conn.resume_writes then filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); -- cgit v1.2.3 From 1e77bb6ed2ac00b1e5f64f39da41ec140fe425ce Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 20:41:25 +0100 Subject: mod_csi_simple: Separate out functions to enable/disable optimizations This allows reusing this logic outside the events. Letting the functions be module globals makes it easier to access from eg the telnet console. --- plugins/mod_csi_simple.lua | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 0fa0d083..14abbc68 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -75,8 +75,7 @@ local function flush_buffer(data, session) return data; end -module:hook("csi-client-inactive", function (event) - local session = event.origin; +function enable_optimizations(session) if session.conn and session.conn and session.conn.pause_writes then session.conn:pause_writes(); filters.add_filter(session, "stanzas/out", manage_buffer); @@ -84,15 +83,24 @@ module:hook("csi-client-inactive", function (event) else session.log("warn", "Session connection does not support write pausing"); end -end); +end -module:hook("csi-client-active", function (event) - local session = event.origin; +function disble_optimizations(session) if session.conn and session.conn and session.conn.resume_writes then filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); end +end + +module:hook("csi-client-inactive", function (event) + local session = event.origin; + enable_optimizations(session); +end); + +module:hook("csi-client-active", function (event) + local session = event.origin; + disble_optimizations(session); end); -- cgit v1.2.3 From e887ed5cad52d2853ba66dfe1a7ec0762f4624df Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 20:43:15 +0100 Subject: mod_csi_simple: Disable optimizations on unload and re-enable on load --- plugins/mod_csi_simple.lua | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 14abbc68..d0de222e 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -111,3 +111,24 @@ module:hook("c2s-ondrain", function (event) session.conn:pause_writes(); end end); + +function module.load() + for _, user_session in pairs(prosody.hosts[module.host].sessions) do + for _, session in pairs(user_session.sessions) do + if session.state == "inactive" then + enable_optimizations(session); + end + end + end +end + +function module.unload() + for _, user_session in pairs(prosody.hosts[module.host].sessions) do + for _, session in pairs(user_session.sessions) do + if session.state == "inactive" then + disble_optimizations(session); + end + end + end +end + -- cgit v1.2.3 From 684a26f5be5a29e4d8eb82af0f9b2d9a87f98267 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 20:53:49 +0100 Subject: mod_csi_simple: Add some debug logging --- plugins/mod_csi_simple.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index d0de222e..ff1fa86c 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -71,6 +71,7 @@ local function manage_buffer(stanza, session) end local function flush_buffer(data, session) + session.log("debug", "Client sent something, flushing buffer once"); session.conn:resume_writes(); return data; end @@ -109,6 +110,7 @@ module:hook("c2s-ondrain", function (event) if session.state == "inactive" and session.conn and session.conn and session.conn.pause_writes then session.csi_counter = 0; session.conn:pause_writes(); + session.log("debug", "Buffer flushed, resuming inactive mode"); end end); -- cgit v1.2.3 From ba9e50592452854fe03cc12b1c376c17b8091c80 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 24 Mar 2019 22:01:36 +0100 Subject: mod_csi_simple: Improve debug logs by mentioing why the buffer gets flushed --- plugins/mod_csi_simple.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index ff1fa86c..2dda1c42 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -61,7 +61,11 @@ end local function manage_buffer(stanza, session) local ctr = session.csi_counter or 0; - if ctr >= queue_size or module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then + if ctr >= queue_size then + session.log("debug", "Queue size limit hit, flushing buffer"); + session.conn:resume_writes(); + elseif module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then + session.log("debug", "Important stanza, flushing buffer"); session.conn:resume_writes(); else stanza = with_timestamp(stanza, jid.join(session.username, session.host)) -- cgit v1.2.3 From 5074566d79830e5a6ecba2b13fd9cdad2e1fb902 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 25 Mar 2019 10:32:39 +0000 Subject: mod_csi_simple: Fix type in function name --- plugins/mod_csi_simple.lua | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 2dda1c42..c79c56fc 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -90,7 +90,7 @@ function enable_optimizations(session) end end -function disble_optimizations(session) +function disable_optimizations(session) if session.conn and session.conn and session.conn.resume_writes then filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); @@ -105,7 +105,7 @@ end); module:hook("csi-client-active", function (event) local session = event.origin; - disble_optimizations(session); + disable_optimizations(session); end); @@ -132,9 +132,8 @@ function module.unload() for _, user_session in pairs(prosody.hosts[module.host].sessions) do for _, session in pairs(user_session.sessions) do if session.state == "inactive" then - disble_optimizations(session); + disable_optimizations(session); end end end end - -- cgit v1.2.3 From 096ebc3bcfde419b5c9c387f08d9c41c4d65b847 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Mar 2019 15:20:28 +0100 Subject: mod_csi_simple: Include queue size in debug messages --- plugins/mod_csi_simple.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index c79c56fc..a9148618 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -62,10 +62,10 @@ end local function manage_buffer(stanza, session) local ctr = session.csi_counter or 0; if ctr >= queue_size then - session.log("debug", "Queue size limit hit, flushing buffer"); + session.log("debug", "Queue size limit hit, flushing buffer (queue size is %d)", session.csi_counter); session.conn:resume_writes(); elseif module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then - session.log("debug", "Important stanza, flushing buffer"); + session.log("debug", "Important stanza, flushing buffer (queue size is %d)", session.csi_counter); session.conn:resume_writes(); else stanza = with_timestamp(stanza, jid.join(session.username, session.host)) @@ -75,7 +75,7 @@ local function manage_buffer(stanza, session) end local function flush_buffer(data, session) - session.log("debug", "Client sent something, flushing buffer once"); + session.log("debug", "Client sent something, flushing buffer once (queue size is %d)", session.csi_counter); session.conn:resume_writes(); return data; end @@ -112,9 +112,9 @@ end); module:hook("c2s-ondrain", function (event) local session = event.session; if session.state == "inactive" and session.conn and session.conn and session.conn.pause_writes then - session.csi_counter = 0; session.conn:pause_writes(); - session.log("debug", "Buffer flushed, resuming inactive mode"); + session.log("debug", "Buffer flushed, resuming inactive mode (queue size was %d)", session.csi_counter); + session.csi_counter = 0; end end); -- cgit v1.2.3 From 2ab785fd9fc6d669b6bd0c24333dc27af86153af Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 14:48:21 +0000 Subject: loggingmanager, mod_posix: Move syslog to core, fixes #541 (in a way) --- plugins/mod_posix.lua | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 23df4d23..8367ae9e 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -113,19 +113,6 @@ local function write_pidfile() end end -local syslog_opened; -function syslog_sink_maker(config) -- luacheck: ignore 212/config - if not syslog_opened then - pposix.syslog_open("prosody", module:get_option_string("syslog_facility")); - syslog_opened = true; - end - local syslog = pposix.syslog_log; - return function (name, level, message, ...) - syslog(level, name, format(message, ...)); - end; -end -require "core.loggingmanager".register_sink_type("syslog", syslog_sink_maker); - local daemonize = module:get_option("daemonize", prosody.installed); local function remove_log_sinks() -- cgit v1.2.3 From 28322869e86df2d2d094acfe83a09d6dc81732c4 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 26 Mar 2019 14:59:42 +0000 Subject: mod_posix: Remove unnecessary import of util.format (thanks luacheck and buildbot) --- plugins/mod_posix.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 8367ae9e..a2a60dd0 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -20,7 +20,6 @@ if not have_signal then module:log("warn", "Couldn't load signal library, won't respond to SIGTERM"); end -local format = require "util.format".format; local lfs = require "lfs"; local stat = lfs.attributes; -- cgit v1.2.3 From a6571e3ef33936cb4f2b99b582148accc60af846 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Apr 2019 21:17:28 +0200 Subject: mod_limits: Fix indentation Appears to have been messed up in 60e113f3682f --- plugins/mod_limits.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index 914d5c44..32bc75a9 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -51,18 +51,18 @@ end local default_filter_set = {}; function default_filter_set.bytes_in(bytes, session) - local sess_throttle = session.throttle; - if sess_throttle then - local ok, balance, outstanding = sess_throttle:poll(#bytes, true); + local sess_throttle = session.throttle; + if sess_throttle then + local ok, balance, outstanding = sess_throttle:poll(#bytes, true); if not ok then - session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding); + session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding); outstanding = ceil(outstanding); session.conn:pause(); -- Read no more data from the connection until there is no outstanding data local outstanding_data = bytes:sub(-outstanding); bytes = bytes:sub(1, #bytes-outstanding); timer.add_task(limits_resolution, function () if not session.conn then return; end - if sess_throttle:peek(#outstanding_data) then + if sess_throttle:peek(#outstanding_data) then session.log("debug", "Resuming paused session"); session.conn:resume(); end -- cgit v1.2.3 From 1b534392de5c8430ee88417c5f6fff8acce1da62 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Apr 2019 20:38:51 +0200 Subject: mod_limits: Allow configuring a list of unrestricted JIDs (fixes #1323) --- plugins/mod_limits.lua | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index 32bc75a9..56e3faaf 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -96,3 +96,20 @@ end function module.unload() filters.remove_filter_hook(filter_hook); end + +function module.add_host(module) + local unlimited_jids = module:get_option_inherited_set("unlimited_jids", {}); + + if not unlimited_jids:empy() then + module:hook("authentication-success", function (event) + local session = event.session; + local session_type = session.type:match("^[^_]+"); + local jid = session.username .. "@" .. session.host; + if unlimited_jids:contains(jid) then + local filter_set = type_filters[session_type]; + filters.remove_filter(session, "bytes/in", filter_set.bytes_in); + session.throttle = nil; + end + end); + end +end -- cgit v1.2.3 From e632119ffa88909b7f3be5b59e47373204e75aa8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Apr 2019 21:22:20 +0200 Subject: mod_limits: Fix typo --- plugins/mod_limits.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index 56e3faaf..7ae8bb34 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -100,7 +100,7 @@ end function module.add_host(module) local unlimited_jids = module:get_option_inherited_set("unlimited_jids", {}); - if not unlimited_jids:empy() then + if not unlimited_jids:empty() then module:hook("authentication-success", function (event) local session = event.session; local session_type = session.type:match("^[^_]+"); -- cgit v1.2.3 From cb2eedde50f919165117c8dba312ba820db77f73 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 5 Apr 2019 17:12:19 +0200 Subject: mod_http_files: Use net.http.files --- plugins/mod_http_files.lua | 169 +++++++++------------------------------------ 1 file changed, 33 insertions(+), 136 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index 1dae0d6d..acb99501 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -7,14 +7,9 @@ -- module:depends("http"); -local server = require"net.http.server"; -local lfs = require "lfs"; -local os_date = os.date; local open = io.open; -local stat = lfs.attributes; -local build_path = require"socket.url".build_path; -local path_sep = package.config:sub(1,1); +local fileserver = require"net.http.files"; local base_path = module:get_option_path("http_files_dir", module:get_option_path("http_path")); local cache_size = module:get_option_number("http_files_cache_size", 128); @@ -51,148 +46,50 @@ if not mime_map then end end -local forbidden_chars_pattern = "[/%z]"; -if prosody.platform == "windows" then - forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]" -end - -local urldecode = require "util.http".urldecode; -function sanitize_path(path) - if not path then return end - local out = {}; - - local c = 0; - for component in path:gmatch("([^/]+)") do - component = urldecode(component); - if component:find(forbidden_chars_pattern) then - return nil; - elseif component == ".." then - if c <= 0 then - return nil; - end - out[c] = nil; - c = c - 1; - elseif component ~= "." then - c = c + 1; - out[c] = component; - end - end - if path:sub(-1,-1) == "/" then - out[c+1] = ""; - end - return "/"..table.concat(out, "/"); -end - -local cache = require "util.cache".new(cache_size); - +-- COMPAT -- TODO deprecate function serve(opts) if type(opts) ~= "table" then -- assume path string opts = { path = opts }; end - -- luacheck: ignore 431 - local base_path = opts.path; - local dir_indices = opts.index_files or dir_indices; - local directory_index = opts.directory_index; - local function serve_file(event, path) - local request, response = event.request, event.response; - local sanitized_path = sanitize_path(path); - if path and not sanitized_path then - return 400; - end - path = sanitized_path; - local orig_path = sanitize_path(request.path); - local full_path = base_path .. (path or ""):gsub("/", path_sep); - local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows - if not attr then - return 404; - end - - local request_headers, response_headers = request.headers, response.headers; - - local last_modified = os_date('!%a, %d %b %Y %H:%M:%S GMT', attr.modification); - response_headers.last_modified = last_modified; - - local etag = ('"%02x-%x-%x-%x"'):format(attr.dev or 0, attr.ino or 0, attr.size or 0, attr.modification or 0); - response_headers.etag = etag; - - local if_none_match = request_headers.if_none_match - local if_modified_since = request_headers.if_modified_since; - if etag == if_none_match - or (not if_none_match and last_modified == if_modified_since) then - return 304; - end - - local data = cache:get(orig_path); - if data and data.etag == etag then - response_headers.content_type = data.content_type; - data = data.data; - elseif attr.mode == "directory" and path then - if full_path:sub(-1) ~= "/" then - local dir_path = { is_absolute = true, is_directory = true }; - for dir in orig_path:gmatch("[^/]+") do dir_path[#dir_path+1]=dir; end - response_headers.location = build_path(dir_path); - return 301; - end - for i=1,#dir_indices do - if stat(full_path..dir_indices[i], "mode") == "file" then - return serve_file(event, path..dir_indices[i]); - end - end - - if directory_index then - data = server._events.fire_event("directory-index", { path = request.path, full_path = full_path }); - end - if not data then - return 403; - end - cache:set(orig_path, { data = data, content_type = mime_map.html; etag = etag; }); - response_headers.content_type = mime_map.html; - - else - local f, err = open(full_path, "rb"); - if not f then - module:log("debug", "Could not open %s. Error was %s", full_path, err); - return 403; - end - local ext = full_path:match("%.([^./]+)$"); - local content_type = ext and mime_map[ext]; - response_headers.content_type = content_type; - if attr.size > cache_max_file_size then - response_headers.content_length = attr.size; - module:log("debug", "%d > cache_max_file_size", attr.size); - return response:send_file(f); - else - data = f:read("*a"); - f:close(); - end - cache:set(orig_path, { data = data; content_type = content_type; etag = etag }); - end - - return response:send(data); + if opts.directory_index == nil then + opts.directory_index = directory_index; end - - return serve_file; + if opts.mime_map == nil then + opts.mime_map = mime_map; + end + if opts.cache_size == nil then + opts.cache_size = cache_size; + end + if opts.cache_max_file_size == nil then + opts.cache_max_file_size = cache_max_file_size; + end + if opts.index_files == nil then + opts.index_files = dir_indices; + end + -- TODO Crank up to warning + module:log("debug", "Use of mod_http_files.serve() should be updated to use net.http.files"); + return fileserver.serve(opts); end function wrap_route(routes) + module:log("debug", "Use of mod_http_files.wrap_route() should be updated to use net.http.files"); for route,handler in pairs(routes) do if type(handler) ~= "function" then - routes[route] = serve(handler); + routes[route] = fileserver.serve(handler); end end return routes; end -if base_path then - module:provides("http", { - route = { - ["GET /*"] = serve { - path = base_path; - directory_index = directory_index; - } - }; - }); -else - module:log("debug", "http_files_dir not set, assuming use by some other module"); -end - +module:provides("http", { + route = { + ["GET /*"] = fileserver.serve({ + path = base_path; + directory_index = directory_index; + mime_map = mime_map; + cache_size = cache_size; + cache_max_file_size = cache_max_file_size; + index_files = dir_indices; + }); + }; +}); -- cgit v1.2.3 From 92bb509c8afff767492044972a29000e3e4cbfbd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 5 Apr 2019 18:18:23 +0200 Subject: mod_http_files: Try to determine which module using serve() needs updating --- plugins/mod_http_files.lua | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index acb99501..c357ddfc 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -46,6 +46,12 @@ if not mime_map then end end +local function get_calling_module() + local info = debug.getinfo(3, "S"); + if not info then return "An unknown module"; end + return info.source:match"mod_[^/\\.]+" or info.short_src; +end + -- COMPAT -- TODO deprecate function serve(opts) if type(opts) ~= "table" then -- assume path string @@ -67,12 +73,12 @@ function serve(opts) opts.index_files = dir_indices; end -- TODO Crank up to warning - module:log("debug", "Use of mod_http_files.serve() should be updated to use net.http.files"); + module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module()); return fileserver.serve(opts); end function wrap_route(routes) - module:log("debug", "Use of mod_http_files.wrap_route() should be updated to use net.http.files"); + module:log("debug", "%s should be updated to use 'net.http.files' insead of mod_http_files", get_calling_module()); for route,handler in pairs(routes) do if type(handler) ~= "function" then routes[route] = fileserver.serve(handler); -- cgit v1.2.3 From 196ac28ab5b002063f2b25dc60bd809c707b8ab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Wed, 17 Apr 2019 10:11:22 -0700 Subject: mod_admin_telnet: Adds c2s:closeall() (Fixes #1315) --- plugins/mod_admin_telnet.lua | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 34cc4dc6..c66630ca 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -250,6 +250,7 @@ function commands.help(session, data) print [[c2s:show_secure() - Show all encrypted client connections]] print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]] print [[c2s:close(jid) - Close all sessions for the specified JID]] + print [[c2s:closeall() - Close all active c2s connections ]] elseif section == "s2s" then print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]] @@ -661,6 +662,16 @@ function def_env.c2s:close(match_jid) return true, "Total: "..count.." sessions closed"; end +function def_env.c2s:closeall() + local count = 0; + --luacheck: ignore 212/jid + show_c2s(function (jid, session) + count = count + 1; + session:close(); + end); + return true, "Total: "..count.." sessions closed"; +end + def_env.s2s = {}; function def_env.s2s:show(match_jid, annotate) -- cgit v1.2.3 From e40cf146149c412e17d789d1b0a0132117494747 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 6 Aug 2012 15:35:27 +0200 Subject: mod_mimicking: Prevents registration of confusable usernames (by Florob) (fixes #1347) --- plugins/mod_mimicking.lua | 49 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 plugins/mod_mimicking.lua (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua new file mode 100644 index 00000000..9004957a --- /dev/null +++ b/plugins/mod_mimicking.lua @@ -0,0 +1,49 @@ +-- Prosody IM +-- Copyright (C) 2012 Florian Zeitz +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local skeleton = require "util.confusable".skeleton; +local datamanager = require "util.datamanager"; +local usage = require "util.prosodyctl".show_usage; +local warn = require "util.prosodyctl".show_warning; +local users = require "usermanager".users; + +module:hook("user-registered", function(user) + datamanager.store(skeleton(user.username), user.host, "skeletons", {username = user.username}); +end); + +module:hook("user-deregistered", function(user) + datamanager.store(skeleton(user.username), user.host, "skeletons", nil); +end); + +module:hook("registration-attempt", function(user) + if datamanager.load(skeleton(user.username), user.host, "skeletons") then + user.allowed = false; + end +end); + +function module.command(arg) + if (arg[1] ~= "bootstrap" or not arg[2]) then + usage("mod_mimicking bootstrap ", "Initialize skeleton database"); + return; + end + + local host = arg[2]; + + local host_session = prosody.hosts[host]; + if not host_session then + return "No such host"; + end + local provider = host_session.users; + if not(provider) or provider.name == "null" then + usermanager.initialize_host(host); + end + storagemanager.initialize_host(host); + + for user in users(host) do + datamanager.store(skeleton(user), host, "skeletons", {username = user}); + end +end -- cgit v1.2.3 From 5da92eb0973e60d13b3240dee2ec9f09335923d0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 02:40:39 +0200 Subject: mod_mimicking: Import skeleton() from current location --- plugins/mod_mimicking.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index 9004957a..da03967f 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -1,11 +1,15 @@ -- Prosody IM -- Copyright (C) 2012 Florian Zeitz +-- Copyright (C) 2019 Kim Alvefur -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- -local skeleton = require "util.confusable".skeleton; +local encodings = require "util.encodings"; +assert(encodings.confusable, "This module requires that Prosody be built with ICU"); +local skeleton = encodings.confusable.skeleton; + local datamanager = require "util.datamanager"; local usage = require "util.prosodyctl".show_usage; local warn = require "util.prosodyctl".show_warning; -- cgit v1.2.3 From 0ec982877caed14891aa11b308ae7fb3cb032acd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 02:37:35 +0200 Subject: mod_mimicking: Hook the correct event names --- plugins/mod_mimicking.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index da03967f..8b8d6ee3 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -19,11 +19,11 @@ module:hook("user-registered", function(user) datamanager.store(skeleton(user.username), user.host, "skeletons", {username = user.username}); end); -module:hook("user-deregistered", function(user) +module:hook("user-deleted", function(user) datamanager.store(skeleton(user.username), user.host, "skeletons", nil); end); -module:hook("registration-attempt", function(user) +module:hook("user-registering", function(user) if datamanager.load(skeleton(user.username), user.host, "skeletons") then user.allowed = false; end -- cgit v1.2.3 From fe0ba7ac7ce6f9696d4b94c07676a279920758f8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 02:38:55 +0200 Subject: mod_mimicking: Use new storage API --- plugins/mod_mimicking.lua | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index 8b8d6ee3..0da68059 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -10,21 +10,22 @@ local encodings = require "util.encodings"; assert(encodings.confusable, "This module requires that Prosody be built with ICU"); local skeleton = encodings.confusable.skeleton; -local datamanager = require "util.datamanager"; local usage = require "util.prosodyctl".show_usage; local warn = require "util.prosodyctl".show_warning; local users = require "usermanager".users; +local skeletons = module:open_store("skeletons"); + module:hook("user-registered", function(user) - datamanager.store(skeleton(user.username), user.host, "skeletons", {username = user.username}); + skeletons:set(skeleton(user.username), { username = user.username }); end); module:hook("user-deleted", function(user) - datamanager.store(skeleton(user.username), user.host, "skeletons", nil); + skeletons:set(skeleton(user.username), nil); end); module:hook("user-registering", function(user) - if datamanager.load(skeleton(user.username), user.host, "skeletons") then + if skeletons:get(skeleton(user.username)) then user.allowed = false; end end); -- cgit v1.2.3 From 7e8621d4b5918ef20d00ba87f79fb895d3dff448 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 02:40:14 +0200 Subject: mod_mimicking: Update command to work with current code --- plugins/mod_mimicking.lua | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index 0da68059..a8d6803e 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -11,10 +11,15 @@ assert(encodings.confusable, "This module requires that Prosody be built with IC local skeleton = encodings.confusable.skeleton; local usage = require "util.prosodyctl".show_usage; -local warn = require "util.prosodyctl".show_warning; -local users = require "usermanager".users; +local usermanager = require "core.usermanager"; +local storagemanager = require "core.storagemanager"; -local skeletons = module:open_store("skeletons"); +local skeletons +function module.load() + if module.host ~= "*" then + skeletons = module:open_store("skeletons"); + end +end module:hook("user-registered", function(user) skeletons:set(skeleton(user.username), { username = user.username }); @@ -42,13 +47,13 @@ function module.command(arg) if not host_session then return "No such host"; end - local provider = host_session.users; - if not(provider) or provider.name == "null" then - usermanager.initialize_host(host); - end + storagemanager.initialize_host(host); + usermanager.initialize_host(host); + + skeletons = storagemanager.open(host, "skeletons"); - for user in users(host) do - datamanager.store(skeleton(user), host, "skeletons", {username = user}); + for user in usermanager.users(host) do + skeletons:set(skeleton(user), { username = user }); end end -- cgit v1.2.3 From d9d997c8619b47534f0a18ce67cc9a90621e43b9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 17:26:56 +0200 Subject: mod_mimicking: Use more intuitive term "mimicry index" for skeletons Fits better with the module name too. --- plugins/mod_mimicking.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index a8d6803e..43d165d2 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -37,7 +37,7 @@ end); function module.command(arg) if (arg[1] ~= "bootstrap" or not arg[2]) then - usage("mod_mimicking bootstrap ", "Initialize skeleton database"); + usage("mod_mimicking bootstrap ", "Initialize username mimicry index"); return; end -- cgit v1.2.3 From cdea7586e4fc49b4a16b972f69adeeea1dd9136e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Apr 2019 17:27:08 +0200 Subject: mod_mimicking: Improve error handling --- plugins/mod_mimicking.lua | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mimicking.lua b/plugins/mod_mimicking.lua index 43d165d2..b586a70c 100644 --- a/plugins/mod_mimicking.lua +++ b/plugins/mod_mimicking.lua @@ -22,22 +22,34 @@ function module.load() end module:hook("user-registered", function(user) - skeletons:set(skeleton(user.username), { username = user.username }); + local skel = skeleton(user.username); + local ok, err = skeletons:set(skel, { username = user.username }); + if not ok then + module:log("error", "Unable to store mimicry data (%q => %q): %s", user.username, skel, err); + end end); module:hook("user-deleted", function(user) - skeletons:set(skeleton(user.username), nil); + local skel = skeleton(user.username); + local ok, err = skeletons:set(skel, nil); + if not ok and err then + module:log("error", "Unable to clear mimicry data (%q): %s", skel, err); + end end); module:hook("user-registering", function(user) - if skeletons:get(skeleton(user.username)) then + local existing, err = skeletons:get(skeleton(user.username)); + if existing then + module:log("debug", "Attempt to register username '%s' which could be confused with '%s'", user.username, existing.username); user.allowed = false; + elseif err then + module:log("error", "Unable to check if new username '%s' can be confused with any existing user: %s", err); end end); function module.command(arg) if (arg[1] ~= "bootstrap" or not arg[2]) then - usage("mod_mimicking bootstrap ", "Initialize username mimicry index"); + usage("mod_mimicking bootstrap ", "Initialize username mimicry database"); return; end @@ -53,7 +65,21 @@ function module.command(arg) skeletons = storagemanager.open(host, "skeletons"); + local count = 0; for user in usermanager.users(host) do - skeletons:set(skeleton(user), { username = user }); + local skel = skeleton(user); + local existing, err = skeletons:get(skel); + if existing and existing.username ~= user then + module:log("warn", "Existing usernames '%s' and '%s' are confusable", existing.username, user); + elseif err then + module:log("error", "Error checking for existing mimicry data (%q = %q): %s", user, skel, err); + end + local ok, err = skeletons:set(skel, { username = user }); + if ok then + count = count + 1; + elseif err then + module:log("error", "Unable to store mimicry data (%q => %q): %s", user, skel, err); + end end + module:log("info", "%d usernames indexed", count); end -- cgit v1.2.3 From bbc0bd0b8aa6cca380e0e4b81a9ebc6051224b20 Mon Sep 17 00:00:00 2001 From: Arc Riley Date: Thu, 2 May 2019 16:33:14 -0700 Subject: mod_admin_telnet: include BOSH connections in c2s session commands (#998) --- plugins/mod_admin_telnet.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index c66630ca..5ee25771 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -591,6 +591,7 @@ end local function show_c2s(callback) local c2s = array.collect(values(module:shared"/*/c2s/sessions")); + c2s:append(values(module:shared"/*/bosh/sessions")); c2s:sort(function(a, b) if a.host == b.host then if a.username == b.username then -- cgit v1.2.3 From ed8b36a84b47e6ab21347d6cf9c616a69e0b3f7d Mon Sep 17 00:00:00 2001 From: Arc Riley Date: Thu, 2 May 2019 17:28:49 -0700 Subject: mod_admin_telnet: added "(bosh)" and "(websocket)" connection flags (#998) --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5ee25771..248d6b07 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -554,6 +554,12 @@ local function session_flags(session, line) if session.is_bidi then line[#line+1] = "(bidi)"; end + if session.bosh_version then + line[#line+1] = "(bosh)"; + end + if session.websocket_request then + line[#line+1] = "(websocket)"; + end return table.concat(line, " "); end -- cgit v1.2.3 From a16b70c96df75d562734f84e5dbda7bae2d41eed Mon Sep 17 00:00:00 2001 From: Arc Riley Date: Thu, 2 May 2019 17:44:21 -0700 Subject: mod_admin_telnet: include BOSH connections in c2s:count (#998) --- plugins/mod_admin_telnet.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 248d6b07..0fbd3ff9 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -612,7 +612,9 @@ local function show_c2s(callback) end function def_env.c2s:count() - return true, "Total: ".. iterators.count(values(module:shared"/*/c2s/sessions")) .." clients"; + local c2s_count = iterators.count(values(module:shared"/*/c2s/sessions")) + local bosh_count = iterators.count(values(module:shared"/*/bosh/sessions")) + return true, "Total: ".. c2s_count + bosh_count .." clients"; end function def_env.c2s:show(match_jid, annotate) -- cgit v1.2.3 From 5b40b117152aaf7f5a55e2dab65a5cdf98910726 Mon Sep 17 00:00:00 2001 From: Arc Riley Date: Fri, 3 May 2019 04:10:31 -0700 Subject: mod_bosh: Added metrics for active/inactive sessions, new BOSH sessions, BOSH errors, and timeouts (finishes #998) --- plugins/mod_bosh.lua | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 082ed961..d4e980f2 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -55,6 +55,27 @@ local t_insert, t_remove, t_concat = table.insert, table.remove, table.concat; -- All sessions, and sessions that have no requests open local sessions = module:shared("sessions"); +local measure_active = module:measure("active_sessions", "amount"); +local measure_inactive = module:measure("inactive_sessions", "amount"); +local report_bad_host = module:measure("bad_host", "rate"); +local report_bad_sid = module:measure("bad_sid", "rate"); +local report_new_sid = module:measure("new_sid", "rate"); +local report_timeout = module:measure("timeout", "rate"); + +module:hook("stats-update", function () + local active = 0; + local inactive = 0; + for _, session in pairs(sessions) do + if #session.requests > 0 then + active = active + 1; + else + inactive = inactive + 1; + end + end + measure_active(active); + measure_inactive(inactive); +end); + -- Used to respond to idle sessions (those with waiting requests) function on_destroy_request(request) log("debug", "Request destroyed: %s", tostring(request)); @@ -74,7 +95,7 @@ function on_destroy_request(request) if session.inactive_timer then session.inactive_timer:stop(); end - session.inactive_timer = module:add_timer(max_inactive, check_inactive, session, request.context, + session.inactive_timer = module:add_timer(max_inactive, session_timeout, session, request.context, "BOSH client silent for over "..max_inactive.." seconds"); (session.log or log)("debug", "BOSH session marked as inactive (for %ds)", max_inactive); end @@ -85,8 +106,9 @@ function on_destroy_request(request) end end -function check_inactive(now, session, context, reason) -- luacheck: ignore 212/now +function session_timeout(now, session, context, reason) -- luacheck: ignore 212/now if not session.destroyed then + report_timeout(); sessions[context.sid] = nil; sm_destroy_session(session, reason); end @@ -186,6 +208,7 @@ function handle_POST(event) return; end module:log("warn", "Unable to associate request with a session (incomplete request?)"); + report_bad_sid(); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "item-not-found" }); return tostring(close_reply) .. "\n"; @@ -253,6 +276,7 @@ function stream_callbacks.streamopened(context, attr) local wait = tonumber(attr.wait); if not to_host then log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); + report_bad_host(); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); response:send(tostring(close_reply)); @@ -290,6 +314,7 @@ function stream_callbacks.streamopened(context, attr) session.log("debug", "BOSH session created for request from %s", session.ip); log("info", "New BOSH session, assigned it sid '%s'", sid); + report_new_sid(); module:fire_event("bosh-session", { session = session, request = request }); @@ -344,6 +369,7 @@ function stream_callbacks.streamopened(context, attr) if not session then -- Unknown sid log("info", "Client tried to use sid '%s' which we don't know about", sid); + report_bad_sid(); response:send(tostring(st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", condition = "item-not-found" }))); context.notopen = nil; return; -- cgit v1.2.3 From f65c017ee107f86b353d5931e85a70e8c6067f1f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 3 May 2019 20:54:24 +0200 Subject: Fix various spelling mistakes [codespell] --- plugins/mod_blocklist.lua | 2 +- plugins/mod_saslauth.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua index 8aca7332..2193a093 100644 --- a/plugins/mod_blocklist.lua +++ b/plugins/mod_blocklist.lua @@ -159,7 +159,7 @@ local function edit_blocklist(event) local blocklist = cache[username] or get_blocklist(username); local new_blocklist = { - -- We set the [false] key to someting as a signal not to migrate privacy lists + -- We set the [false] key to something as a signal not to migrate privacy lists [false] = blocklist[false] or { created = now; }; }; if type(blocklist[false]) == "table" then diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index ba30b9e6..3145cf9b 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -248,7 +248,7 @@ module:hook("stream-features", function(event) local sasl_handler = usermanager_get_sasl_handler(module.host, origin) origin.sasl_handler = sasl_handler; if origin.encrypted then - -- check wether LuaSec has the nifty binding to the function needed for tls-unique + -- check whether LuaSec has the nifty binding to the function needed for tls-unique -- FIXME: would be nice to have this check only once and not for every socket if sasl_handler.add_cb_handler then local socket = origin.conn:socket(); -- cgit v1.2.3 From 637b52a13e2c9e655a2595a4d8e274280e2fd612 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 08:12:16 +0200 Subject: mod_storage_internal,memory: Only return total count if requested --- plugins/mod_storage_internal.lua | 17 +++++++++++------ plugins/mod_storage_memory.lua | 17 ++++++++++++----- 2 files changed, 23 insertions(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index aa5c3c8a..f921747e 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -124,11 +124,14 @@ function archive:find(username, query) if not items then if err then return items, err; - else - return function () end, 0; + elseif query then + if query.total then + return function () end, 0; + end end + return function () end; end - local count = #items; + local count = nil; local i = 0; if query then items = array(items); @@ -152,11 +155,13 @@ function archive:find(username, query) return item.when <= query["end"]; end); end - count = #items; + if query.total then + count = #items; + end if query.reverse then items:reverse(); if query.before then - for j = 1, count do + for j = 1, #items do if (items[j].key or tostring(j)) == query.before then i = j; break; @@ -164,7 +169,7 @@ function archive:find(username, query) end end elseif query.after then - for j = 1, count do + for j = 1, #items do if (items[j].key or tostring(j)) == query.after then i = j; break; diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index dde2d571..4655cb3a 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -90,9 +90,14 @@ end function archive_store:find(username, query) local items = self.store[username or NULL]; if not items then - return function () end, 0; + if query then + if query.total then + return function () end, 0; + end + end + return function () end; end - local count = #items; + local count = nil; local i = 0; if query then items = array():append(items); @@ -116,11 +121,13 @@ function archive_store:find(username, query) return item.when <= query["end"]; end); end - count = #items; + if query.total then + count = #items; + end if query.reverse then items:reverse(); if query.before then - for j = 1, count do + for j = 1, #items do if (items[j].key or tostring(j)) == query.before then i = j; break; @@ -128,7 +135,7 @@ function archive_store:find(username, query) end end elseif query.after then - for j = 1, count do + for j = 1, #items do if (items[j].key or tostring(j)) == query.after then i = j; break; -- cgit v1.2.3 From e6706dee7ff715d50e8ec03762bbf6f8625cb8a8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 14:52:34 +0200 Subject: mod_muc_mam: Handle archive quotas Same as in mod_mam --- plugins/mod_muc_mam.lua | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 35eabd3b..fffe23e7 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -33,6 +33,9 @@ local m_min = math.min; local timestamp, timestamp_parse, datestamp = import( "util.datetime", "datetime", "parse", "date"); local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50); +local cleanup_after = module:get_option_string("muc_log_expires_after", "1w"); +local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60); + local default_history_length = 20; local max_history_length = module:get_option_number("max_history_messages", math.huge); @@ -50,6 +53,8 @@ local log_by_default = module:get_option_boolean("muc_log_by_default", true); local archive_store = "muc_log"; local archive = module:open_store(archive_store, "archive"); +local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000); + if archive.name == "null" or not archive.find then if not archive.find then module:log("error", "Attempt to open archive storage returned a driver without archive API support"); @@ -64,12 +69,15 @@ end local function archiving_enabled(room) if log_all_rooms then + module:log("debug", "Archiving all rooms"); return true; end local enabled = room._data.archiving; if enabled == nil then + module:log("debug", "Default is %s (for %s)", log_by_default, room.jid); return log_by_default; end + module:log("debug", "Logging in room %s is %s", room.jid, enabled); return enabled; end @@ -357,7 +365,29 @@ local function save_to_history(self, stanza) end -- And stash it - local id = archive:append(room_node, nil, stored_stanza, time_now(), with); + local time = time_now(); + local id, err = archive:append(room_node, nil, stored_stanza, time, with); + + if not id and err == "quota-limit" then + if type(cleanup_after) == "number" then + module:log("debug", "Room '%s' over quota, cleaning archive", room_node); + local cleaned = archive:delete(room_node, { + ["end"] = (os.time() - cleanup_after); + }); + if cleaned then + id, err = archive:append(room_node, nil, stored_stanza, time, with); + end + end + if not id and (archive.caps and archive.caps.truncate) then + module:log("debug", "User '%s' over quota, truncating archive", room_node); + local truncated = archive:delete(room_node, { + truncate = archive_item_limit - 1; + }); + if truncated then + id, err = archive:append(room_node, nil, stored_stanza, time, with); + end + end + end if id then schedule_cleanup(room_node); @@ -399,9 +429,6 @@ end); -- Cleanup -local cleanup_after = module:get_option_string("muc_log_expires_after", "1w"); -local cleanup_interval = module:get_option_number("muc_log_cleanup_interval", 4 * 60 * 60); - if cleanup_after ~= "never" then local cleanup_storage = module:open_store("muc_log_cleanup"); local cleanup_map = module:open_store("muc_log_cleanup", "map"); -- cgit v1.2.3 From ef95de88710184351f130090685c5bc7ae7fbcaf Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 16:07:16 +0200 Subject: mod_storage_internal: Add support for iterating over users in archive stores May help with writing a better migrator --- plugins/mod_storage_internal.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index f921747e..96780b33 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -211,6 +211,10 @@ function archive:summary(username, query) return summary; end +function archive:users() + return datamanager.users(host, self.store, "list"); +end + function archive:delete(username, query) local cache_key = jid_join(username, host, self.store); if not query or next(query) == nil then -- cgit v1.2.3 From 40040cdfbca7a934bb5e1256a9fdd403350eeaae Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 16:26:01 +0200 Subject: mod_storage_sql: Add support for iterating over users in archive stores --- plugins/mod_storage_sql.lua | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index ffe48ab8..596687ae 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -509,6 +509,19 @@ function archive_store:delete(username, query) return ok and stmt:affected(), stmt; end +function archive_store:users() + local ok, result = engine:transaction(function() + local select_sql = [[ + SELECT DISTINCT "user" + FROM "prosodyarchive" + WHERE "host"=? AND "store"=?; + ]]; + return engine:select(select_sql, host, self.store); + end); + if not ok then error(result); end + return iterator(result); +end + local stores = { keyval = keyval_store; map = map_store; -- cgit v1.2.3 From b772308c93a1c78995a073964ebf963f759ef81c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 5 Mar 2019 00:12:30 +0100 Subject: mod_storage_internal: Return error if 'before' or 'after' are not found (partial fix for #1325) --- plugins/mod_storage_internal.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 96780b33..fdce3c98 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -161,20 +161,30 @@ function archive:find(username, query) if query.reverse then items:reverse(); if query.before then + local found = false; for j = 1, #items do if (items[j].key or tostring(j)) == query.before then + found = true; i = j; break; end end + if not found then + return nil, "item-not-found"; + end end elseif query.after then + local found = false; for j = 1, #items do if (items[j].key or tostring(j)) == query.after then + found = true; i = j; break; end end + if not found then + return nil, "item-not-found"; + end end if query.limit and #items - i > query.limit then items[i+query.limit+1] = nil; -- cgit v1.2.3 From f456f0c03e519a3e53caaf233f7c9f1a54e2ade8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 5 Mar 2019 00:16:41 +0100 Subject: mod_storage_memory: Return error if 'before' or 'after' are not found (partial fix for #1325) --- plugins/mod_storage_memory.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 4655cb3a..2fae8828 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -127,20 +127,30 @@ function archive_store:find(username, query) if query.reverse then items:reverse(); if query.before then + local found = false; for j = 1, #items do if (items[j].key or tostring(j)) == query.before then + found = true; i = j; break; end end + if not found then + return nil, "item-not-found"; + end end elseif query.after then + local found = false; for j = 1, #items do if (items[j].key or tostring(j)) == query.after then + found = true; i = j; break; end end + if not found then + return nil, "item-not-found"; + end end if query.limit and #items - i > query.limit then items[i+query.limit+1] = nil; -- cgit v1.2.3 From a770a8430662ca624d81bdf4e23e8da5356c82ac Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Mar 2019 00:51:10 +0100 Subject: mod_storage_sql: Look up archive IDs in separate queries (fixes #1325) This is probably not good for performance. --- plugins/mod_storage_sql.lua | 58 ++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index f0a8fee0..5da5e448 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -327,38 +327,36 @@ local function archive_where(query, args, where) end end local function archive_where_id_range(query, args, where) - local args_len = #args -- Before or after specific item, exclusive + local id_lookup_sql = [[ + SELECT "sort_id" + FROM "prosodyarchive" + WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ? + LIMIT 1; + ]]; if query.after then -- keys better be unique! - where[#where+1] = [[ - "sort_id" > COALESCE( - ( - SELECT "sort_id" - FROM "prosodyarchive" - WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ? - LIMIT 1 - ), 0) - ]]; - args[args_len+1], args[args_len+2], args[args_len+3], args[args_len+4] = query.after, args[1], args[2], args[3]; - args_len = args_len + 4 + local after_id = nil; + for row in engine:select(id_lookup_sql, query.after, host, user or "", store) do + after_id = row[1]; + end + if not after_id then + return nil, "item-not-found"; + end + where[#where+1] = '"sort_id" > ?'; + args[#args+1] = after_id; end if query.before then - where[#where+1] = [[ - "sort_id" < COALESCE( - ( - SELECT "sort_id" - FROM "prosodyarchive" - WHERE "key" = ? AND "host" = ? AND "user" = ? AND "store" = ? - LIMIT 1 - ), - ( - SELECT MAX("sort_id")+1 - FROM "prosodyarchive" - ) - ) - ]] - args[args_len+1], args[args_len+2], args[args_len+3], args[args_len+4] = query.before, args[1], args[2], args[3]; + local before_id = nil; + for row in engine:select(id_lookup_sql, query.after, host, user or "", store) do + before_id = row[1]; + end + if not before_id then + return nil, "item-not-found"; + end + where[#where+1] = '"sort_id" < ?'; + args[#args+1] = before_id; end + return true; end function archive_store:find(username, query) @@ -398,7 +396,8 @@ function archive_store:find(username, query) end end - archive_where_id_range(query, args, where); + local ok, err = archive_where_id_range(query, args, where); + if not ok then return ok, err; end if query.limit then args[#args+1] = query.limit; @@ -466,7 +465,8 @@ function archive_store:delete(username, query) table.remove(where, 2); end archive_where(query, args, where); - archive_where_id_range(query, args, where); + local ok, err = archive_where_id_range(query, args, where); + if not ok then return ok, err; end if query.truncate == nil then sql_query = sql_query:format(t_concat(where, " AND ")); else -- cgit v1.2.3 From fcda870911ff3a9ae66a3051c0e1a281f7b99772 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 07:16:05 +0200 Subject: mod_mam: Propagate item-not-found to client (fixes #1325) --- plugins/mod_mam/mod_mam.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 632de9ea..317ddac1 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -142,7 +142,11 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) }); if not data then - origin.send(st.error_reply(stanza, "cancel", "internal-server-error", err)); + if err == "item-not-found" then + origin.send(st.error_reply(stanza, "modify", "item-not-found")); + else + origin.send(st.error_reply(stanza, "cancel", "internal-server-error")); + end return true; end local total = tonumber(err); -- cgit v1.2.3 From d88db76a0669d3613fc6ce1123943e9bd8927395 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 07:16:03 +0200 Subject: mod_muc_mam: Propagate item-not-found to client (fixes #1325) --- plugins/mod_muc_mam.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index fffe23e7..bba7f422 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -189,7 +189,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) }); if not data then - origin.send(st.error_reply(stanza, "cancel", "internal-server-error")); + if err == "item-not-found" then + origin.send(st.error_reply(stanza, "modify", "item-not-found")); + else + origin.send(st.error_reply(stanza, "cancel", "internal-server-error")); + end return true; end local total = tonumber(err); -- cgit v1.2.3 From 63333b90631e5b3d7c955ec3c0c2e9eae204faf7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 07:22:18 +0200 Subject: mod_storage_memory: Return correct error even if no archive data available --- plugins/mod_storage_memory.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 2fae8828..376ae277 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -91,6 +91,9 @@ function archive_store:find(username, query) local items = self.store[username or NULL]; if not items then if query then + if query.before or query.after then + return nil, "item-not-found"; + end if query.total then return function () end, 0; end -- cgit v1.2.3 From 99f6c695075dc4a93deb5aea4e8acaf635d48fdb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 5 May 2019 07:24:12 +0200 Subject: mod_storage_internal: Return appropriate error even with empty archive --- plugins/mod_storage_internal.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index fdce3c98..2556224d 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -125,6 +125,9 @@ function archive:find(username, query) if err then return items, err; elseif query then + if query.before or query.after then + return nil, "item-not-found"; + end if query.total then return function () end, 0; end -- cgit v1.2.3 From 6fcaa64f6139a5093a328b2458ea4ac74a153d51 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 May 2019 15:04:16 +0200 Subject: mod_csi_simple: Disable optimizations on disconnect (fixes #1358) The connection becomes invalid here, regardless of 3rd party modules that might keep the session alive. --- plugins/mod_csi_simple.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index a9148618..13002ea8 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -108,6 +108,10 @@ module:hook("csi-client-active", function (event) disable_optimizations(session); end); +module:hook("pre-resource-unbind", function (event) + local session = event.session; + disable_optimizations(session); +end); module:hook("c2s-ondrain", function (event) local session = event.session; -- cgit v1.2.3 From 5a2a81bfe97c366e6da39442534b4e58ba64ae71 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 28 May 2019 00:46:24 +0200 Subject: mod_storage_sql: Correctly return item-not-found error `return ok, err` comes out as `transaction_ok, ok, err` --- plugins/mod_storage_sql.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 5da5e448..cfc8450c 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -367,7 +367,7 @@ function archive_store:find(username, query) if total ~= nil and query.limit == 0 and query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then return noop, total; end - local ok, result = engine:transaction(function() + local ok, result, err = engine:transaction(function() local sql_query = [[ SELECT "key", "type", "value", "when", "with" FROM "prosodyarchive" @@ -407,7 +407,8 @@ function archive_store:find(username, query) and "DESC" or "ASC", query.limit and " LIMIT ?" or ""); return engine:select(sql_query, unpack(args)); end); - if not ok then return ok, result end + if not ok then return ok, result; end + if not result then return nil, err; end return function() local row = result(); if row ~= nil then -- cgit v1.2.3 From 7b63f8d95dcc99df5508a05c60fe472dfc2a4282 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 28 May 2019 00:47:50 +0200 Subject: mod_storage_sql: Fix to use correct arguments to archive id lookup --- plugins/mod_storage_sql.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index cfc8450c..ad2de840 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -336,7 +336,7 @@ local function archive_where_id_range(query, args, where) ]]; if query.after then -- keys better be unique! local after_id = nil; - for row in engine:select(id_lookup_sql, query.after, host, user or "", store) do + for row in engine:select(id_lookup_sql, query.after, args[1], args[2], args[3]) do after_id = row[1]; end if not after_id then @@ -347,7 +347,7 @@ local function archive_where_id_range(query, args, where) end if query.before then local before_id = nil; - for row in engine:select(id_lookup_sql, query.after, host, user or "", store) do + for row in engine:select(id_lookup_sql, query.after, args[1], args[2], args[3]) do before_id = row[1]; end if not before_id then -- cgit v1.2.3 From 2a65eae651302a17c925e0340e59e73976aa07fb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 28 May 2019 00:56:30 +0200 Subject: mod_storage_sql: Ignore shadowed error variable [luacheck] --- plugins/mod_storage_sql.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index ad2de840..518e2654 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -153,7 +153,7 @@ end local archive_item_limit = module:get_option_number("storage_archive_item_limit"); local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); --- luacheck: ignore 512 431/user 431/store +-- luacheck: ignore 512 431/user 431/store 431/err local map_store = {}; map_store.__index = map_store; map_store.remove = {}; -- cgit v1.2.3 From 2bb05d010d9b237a088bd9b4c997451407191d3f Mon Sep 17 00:00:00 2001 From: Michel Le Bihan Date: Mon, 3 Jun 2019 20:51:15 +0200 Subject: mod_admin_telnet: Collect array from Bosh connections when appending to connection list Fixes #1356 --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 0fbd3ff9..fa03840b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -597,7 +597,7 @@ end local function show_c2s(callback) local c2s = array.collect(values(module:shared"/*/c2s/sessions")); - c2s:append(values(module:shared"/*/bosh/sessions")); + c2s:append(array.collect(values(module:shared"/*/bosh/sessions"))); c2s:sort(function(a, b) if a.host == b.host then if a.username == b.username then -- cgit v1.2.3 From 9935e64396d1c225083a1d8585027183a1cf0151 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 16 Jun 2019 22:02:53 +0200 Subject: mod_pep: Log node name instead of payload Having the node logged is more useful and less problematic for privacy --- plugins/mod_pep.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index f06f1753..54f0451d 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -159,7 +159,7 @@ local function get_broadcaster(username) end for jid in pairs(jids) do - module:log("debug", "Sending notification to %s from %s: %s", jid, user_bare, tostring(item)); + module:log("debug", "Sending notification to %s from %s for node %s", jid, user_bare, node); message.attr.to = jid; module:send(message); end -- cgit v1.2.3 From 693a64eedfe149f36b2e3b6374dd41fbfd41cad0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Jun 2019 08:51:39 +0200 Subject: MUC: Reflow event tables to improve readability Also makes it easier to read diffs of added fields. --- plugins/muc/muc.lib.lua | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index c828d17d..34961558 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -391,7 +391,11 @@ function room_mt:handle_kickable(origin, stanza) -- luacheck: ignore 212 end self:publicise_occupant_status(new_occupant or occupant, x); if is_last_session then - module:fire_event("muc-occupant-left", {room = self; nick = occupant.nick; occupant = occupant;}); + module:fire_event("muc-occupant-left", { + room = self; + nick = occupant.nick; + occupant = occupant; + }); end return true; end @@ -868,7 +872,11 @@ function room_mt:clear(x) end for occupant in pairs(occupants_updated) do self:publicise_occupant_status(occupant, x); - module:fire_event("muc-occupant-left", { room = self; nick = occupant.nick; occupant = occupant;}); + module:fire_event("muc-occupant-left", { + room = self; + nick = occupant.nick; + occupant = occupant; + }); end end @@ -1316,7 +1324,11 @@ function room_mt:set_affiliation(actor, jid, affiliation, reason, data) for occupant, old_role in pairs(occupants_updated) do self:publicise_occupant_status(occupant, x, nil, actor, reason); if occupant.role == nil then - module:fire_event("muc-occupant-left", {room = self; nick = occupant.nick; occupant = occupant;}); + module:fire_event("muc-occupant-left", { + room = self; + nick = occupant.nick; + occupant = occupant; + }); elseif is_semi_anonymous and (old_role == "moderator" and occupant.role ~= "moderator") or (old_role ~= "moderator" and occupant.role == "moderator") then -- Has gained or lost moderator status @@ -1432,7 +1444,11 @@ function room_mt:set_role(actor, occupant_jid, role, reason) self:save_occupant(occupant); self:publicise_occupant_status(occupant, x, nil, actor, reason); if role == nil then - module:fire_event("muc-occupant-left", {room = self; nick = occupant.nick; occupant = occupant;}); + module:fire_event("muc-occupant-left", { + room = self; + nick = occupant.nick; + occupant = occupant; + }); end return true; end -- cgit v1.2.3 From 57f55730e7837846a0065088885fa101b1a67404 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 20 Jun 2019 21:44:43 +0200 Subject: mod_blocklist: Add comment to clarify some logic --- plugins/mod_blocklist.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua index 18d28be2..cf8aad80 100644 --- a/plugins/mod_blocklist.lua +++ b/plugins/mod_blocklist.lua @@ -189,6 +189,7 @@ local function edit_blocklist(event) if is_blocking then for jid in pairs(send_unavailable) do + -- Check that this JID isn't already blocked, i.e. this is not a change if not blocklist[jid] then for _, session in pairs(sessions[username].sessions) do if session.presence then -- cgit v1.2.3 From ad90995e3f3cee91596566be5d99c625cb3a62a4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 6 Jul 2019 17:47:06 +0200 Subject: mod_pubsub: Expose pubsub#access_model and pubsub#publish_model (fixes #1387) --- plugins/mod_pubsub/pubsub.lib.lua | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 50ef7ddf..83c81bb7 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -185,6 +185,14 @@ local node_metadata_form = dataform { type = "text-single"; name = "pubsub#type"; }; + { + type = "text-single"; + name = "pubsub#access_model"; + }; + { + type = "text-single"; + name = "pubsub#publish_model"; + }; }; local service_method_feature_map = { @@ -258,6 +266,8 @@ function _M.handle_disco_info_node(event, service) ["pubsub#title"] = node_obj.config.title; ["pubsub#description"] = node_obj.config.description; ["pubsub#type"] = node_obj.config.payload_type; + ["pubsub#access_model"] = node_obj.config.access_model; + ["pubsub#publish_model"] = node_obj.config.publish_model; }, "result")); end end -- cgit v1.2.3 From 236825ba8ce7cb811457a52ab9e18e31c2231a93 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 7 Jul 2019 19:15:35 +0200 Subject: MUC: Advertise language field as such via XEP-0122 This lets clients know that the field is a language field and should be in RFC 5646 format. Field validation code in util.dataforms left for future commit. --- plugins/muc/language.lib.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/muc/language.lib.lua b/plugins/muc/language.lib.lua index ee80806b..2ee2ba0f 100644 --- a/plugins/muc/language.lib.lua +++ b/plugins/muc/language.lib.lua @@ -32,6 +32,7 @@ local function add_form_option(event) label = "Language tag for room (e.g. 'en', 'de', 'fr' etc.)"; type = "text-single"; desc = "Indicate the primary language spoken in this room"; + datatype = "xs:language"; value = get_language(event.room) or ""; }); end -- cgit v1.2.3 From 37a74662f01498e2723be58d2a565ab36eff9fe9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 9 Jul 2019 15:12:32 +0200 Subject: mod_pep: Only log when creating new pubsub services Once upon a time get_pep_service() would get called with random bare JIDs and remote hostnames, which is why it was logged this way. This seems to have been fixed, so it's not as useful anymore. It's still useful to know when it creates a new service object. --- plugins/mod_pep.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pep.lua b/plugins/mod_pep.lua index 54f0451d..c0a85a9d 100644 --- a/plugins/mod_pep.lua +++ b/plugins/mod_pep.lua @@ -183,12 +183,12 @@ local function on_node_creation(event) end function get_pep_service(username) - module:log("debug", "get_pep_service(%q)", username); local user_bare = jid_join(username, host); local service = services[username]; if service then return service; end + module:log("debug", "Creating pubsub service for user %q", username); service = pubsub.new({ pep_username = username; node_defaults = { -- cgit v1.2.3 From f9f7ac859acc839ac4b7ff95de811717ab2afd7e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 10 May 2019 01:28:09 +0200 Subject: mod_admin_telnet: Check for simple commands before executing in sandbox This makes fixing yield over pcall boundry issue easier since it would have jumped to the thread error handler instead of proceeding to checking for simple commands. --- plugins/mod_admin_telnet.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index fa03840b..50753f04 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -114,6 +114,11 @@ function console:process_line(session, line) session.env._ = line; + if not useglobalenv and commands[line:lower()] then + commands[line:lower()](session, line); + return; + end + local chunkname = "=console"; local env = (useglobalenv and redirect_output(_G, session)) or session.env or nil local chunk, err = envload("return "..line, chunkname, env); @@ -130,11 +135,6 @@ function console:process_line(session, line) local ranok, taskok, message = pcall(chunk); - if not (ranok or message or useglobalenv) and commands[line:lower()] then - commands[line:lower()](session, line); - return; - end - if not ranok then session.print("Fatal error while running command, it did not complete"); session.print("Error: "..taskok); -- cgit v1.2.3 From a7e58a0c50dd7bf8d5321b50467707e93effc994 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 10 May 2019 01:29:26 +0200 Subject: mod_admin_telnet: Move error handling to thread callback (fixes #1391) Avoids yielding over pcall boundry, fixes xmpp:ping() command on Lua 5.1 --- plugins/mod_admin_telnet.lua | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 50753f04..55ed89b8 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -62,6 +62,9 @@ end function runner_callbacks:error(err) module:log("error", "Traceback[telnet]: %s", err); + + self.data.print("Fatal error while running command, it did not complete"); + self.data.print("Error: "..tostring(err)); end @@ -133,13 +136,7 @@ function console:process_line(session, line) end end - local ranok, taskok, message = pcall(chunk); - - if not ranok then - session.print("Fatal error while running command, it did not complete"); - session.print("Error: "..taskok); - return; - end + local taskok, message = chunk(); if not message then session.print("Result: "..tostring(taskok)); -- cgit v1.2.3 From 7860ab4b12a1cc13cdb5fc736cfa08f800f87890 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 10 Jul 2019 19:12:19 +0200 Subject: mod_pubsub: Move a comment to where it makes sense This code has moved but the comment did not follow it. --- plugins/mod_pubsub/mod_pubsub.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 05f80365..faf08cb2 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -82,7 +82,6 @@ function simple_broadcast(kind, node, jids, item, actor, node_obj) end local summary; - -- Compose a sensible textual representation of at least Atom payloads if item and item.tags[1] then local payload = item.tags[1]; summary = module:fire_event("pubsub-summary/"..payload.attr.xmlns, { @@ -116,6 +115,7 @@ function is_item_stanza(item) return st.is_stanza(item) and item.attr.xmlns == xmlns_pubsub and item.name == "item"; end +-- Compose a textual representation of Atom payloads module:hook("pubsub-summary/http://www.w3.org/2005/Atom", function (event) local payload = event.payload; local title = payload:get_child_text("title"); -- cgit v1.2.3 From 6ab914c24a5bc606f13f69cd5d358074e0e1f788 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:22:59 +0200 Subject: mod_mam: Make log message more compact --- plugins/mod_mam/mod_mam.lua | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 4e0cf531..0b3b0b82 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -118,10 +118,11 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) qstart, qend = vstart, vend; end - module:log("debug", "Archive query, id %s with %s from %s until %s", - tostring(qid), qwith or "anyone", - qstart and timestamp(qstart) or "the dawn of time", - qend and timestamp(qend) or "now"); + module:log("debug", "Archive query id=%s with=%s when=%s...%s", + qid or "-", + qwith or "*", + qstart and timestamp(qstart) or "", + qend and timestamp(qend) or ""); -- RSM stuff local qset = rsm.get(query); -- cgit v1.2.3 From 219d20f1ba270123c0f739fa2e5f10b3af6b61a3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:30:58 +0200 Subject: mod_mam: Include username that performed query Not always easy to find from surrounding logs --- plugins/mod_mam/mod_mam.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 0b3b0b82..0c50bd2a 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -118,7 +118,8 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) qstart, qend = vstart, vend; end - module:log("debug", "Archive query id=%s with=%s when=%s...%s", + module:log("debug", "Archive query by %s id=%s with=%s when=%s...%s", + origin.username, qid or "-", qwith or "*", qstart and timestamp(qstart) or "", -- cgit v1.2.3 From b396fc61d55211c7ebd43b90677a2b5c24302bd7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:26:02 +0200 Subject: mod_mam: Use stanza id in log message as fallback if no query id --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 0c50bd2a..cc06b617 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -120,7 +120,7 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) module:log("debug", "Archive query by %s id=%s with=%s when=%s...%s", origin.username, - qid or "-", + qid or stanza.attr.id, qwith or "*", qstart and timestamp(qstart) or "", qend and timestamp(qend) or ""); -- cgit v1.2.3 From c733e10ba2d06213e1eb45d2e31baf3f9919d592 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:31:13 +0200 Subject: mod_mam: Include query id in final log message Should make it easier to find related log messages --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index cc06b617..5c796f9e 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -197,7 +197,7 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) end -- That's all folks! - module:log("debug", "Archive query %s completed", tostring(qid)); + module:log("debug", "Archive query id=%s completed", qid or stanza.attr.id); origin.send(st.reply(stanza) :tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete }) -- cgit v1.2.3 From 460efc6b3e2713183e1f3e1fdd0018b90c08c83f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:31:51 +0200 Subject: mod_mam: Log more details in final log message Saves you from counting messages sent --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 5c796f9e..613d045a 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -197,7 +197,7 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) end -- That's all folks! - module:log("debug", "Archive query id=%s completed", qid or stanza.attr.id); + module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, #results); origin.send(st.reply(stanza) :tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete }) -- cgit v1.2.3 From 006983308dd9300755cf992b2699d73744033a42 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:27:01 +0200 Subject: mod_mam: Log query failure reason The storage engine will usually make a lot of noise for serious errors, but not always. --- plugins/mod_mam/mod_mam.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 613d045a..a3bf9c42 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -143,6 +143,7 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) }); if not data then + module:log("debug", "Archive query id=%s failed: %s", qid or stanza.attr.id, err); if err == "item-not-found" then origin.send(st.error_reply(stanza, "modify", "item-not-found")); else -- cgit v1.2.3 From c8528f9004a6053ad1a999e2ecc90d07267d5abd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:27:45 +0200 Subject: mod_mam: Log RSM parameters Helps when trying to figure out why some queries fail, ie when paging using an archive id that doesn't exist. --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index a3bf9c42..82bc6b5f 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -131,6 +131,9 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) local reverse = qset and qset.before or false; local before, after = qset and qset.before, qset and qset.after; if type(before) ~= "string" then before = nil; end + if qset then + module:log("debug", "Archive query id=%s rsm=%q", qid or stanza.attr.id, qset); + end -- Load all the data! local data, err = archive:find(origin.username, { -- cgit v1.2.3 From 3a4f54f014d4bb0714ef910c92500a8a4202c158 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 11 Jul 2019 23:29:59 +0200 Subject: mod_mam: Move final log message to end of query procedure --- plugins/mod_mam/mod_mam.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 82bc6b5f..2f6ab531 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -200,13 +200,13 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) first, last = last, first; end - -- That's all folks! - module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, #results); - origin.send(st.reply(stanza) :tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete }) :add_child(rsm.generate { first = first, last = last, count = total })); + + -- That's all folks! + module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, #results); return true; end); -- cgit v1.2.3 From 41c458eac5f9df61ab8af811c74c8d89e7f38e98 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 13 Jul 2019 19:57:43 +0200 Subject: mod_mam: Report correct count of results for forward queries #results is only correct for backwards queries, the table is unused for forward queries. --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 2f6ab531..855e1974 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -206,7 +206,7 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) first = first, last = last, count = total })); -- That's all folks! - module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, #results); + module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, complete and count or count - 1); return true; end); -- cgit v1.2.3 From 3effd36ff0bb97de406768b838cf51c9d7c0af41 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 26 Jul 2019 20:25:15 +0200 Subject: mod_admin_telnet: Include both c2s connections and sessions in c2s:show() This way both incomplete connections and hibernating c2s sessions are shown. --- plugins/mod_admin_telnet.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 55ed89b8..af0ac9e7 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -593,8 +593,10 @@ local function get_jid(session) end local function show_c2s(callback) - local c2s = array.collect(values(module:shared"/*/c2s/sessions")); + local c2s = array.collect(values(prosody.full_sessions)); + c2s:append(array.collect(values(module:shared"/*/c2s/sessions"))); c2s:append(array.collect(values(module:shared"/*/bosh/sessions"))); + c2s:unique(); c2s:sort(function(a, b) if a.host == b.host then if a.username == b.username then -- cgit v1.2.3 From 65b25e80b00cd99a78a3d8ee9b5a916795e53774 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 26 Jul 2019 21:05:13 +0200 Subject: mod_admin_telnet: Factor out function for collecting all c2s sessions for easier reuse --- plugins/mod_admin_telnet.lua | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index af0ac9e7..4e34455c 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -592,12 +592,16 @@ local function get_jid(session) return jid_join("["..ip.."]:"..clientport, session.host or "["..serverip.."]:"..serverport); end -local function show_c2s(callback) +local function get_c2s() local c2s = array.collect(values(prosody.full_sessions)); c2s:append(array.collect(values(module:shared"/*/c2s/sessions"))); c2s:append(array.collect(values(module:shared"/*/bosh/sessions"))); c2s:unique(); - c2s:sort(function(a, b) + return c2s; +end + +local function show_c2s(callback) + get_c2s():sort(function(a, b) if a.host == b.host then if a.username == b.username then return (a.resource or "") > (b.resource or ""); -- cgit v1.2.3 From 54e39ab881929efad96e45c115e7d857b42f456b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 26 Jul 2019 21:06:47 +0200 Subject: mod_admin_telnet: Make c2s:count() consistent with c2s:show() Both now operate on the same complete set of c2s sessions --- plugins/mod_admin_telnet.lua | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 4e34455c..a7ba41b8 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -615,9 +615,8 @@ local function show_c2s(callback) end function def_env.c2s:count() - local c2s_count = iterators.count(values(module:shared"/*/c2s/sessions")) - local bosh_count = iterators.count(values(module:shared"/*/bosh/sessions")) - return true, "Total: ".. c2s_count + bosh_count .." clients"; + local c2s = get_c2s(); + return true, "Total: ".. #c2s .." clients"; end function def_env.c2s:show(match_jid, annotate) -- cgit v1.2.3 From 1ede2571be5c8c7fa75c1be64b9951b5898915e8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 26 Jul 2019 21:10:42 +0200 Subject: mod_admin_telnet: Add c2s:count() to help --- plugins/mod_admin_telnet.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index a7ba41b8..40160765 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -246,6 +246,7 @@ function commands.help(session, data) print [[c2s:show_insecure() - Show all unencrypted client connections]] print [[c2s:show_secure() - Show all encrypted client connections]] print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]] + print [[c2s:count() - Count sessions without listing them]] print [[c2s:close(jid) - Close all sessions for the specified JID]] print [[c2s:closeall() - Close all active c2s connections ]] elseif section == "s2s" then -- cgit v1.2.3 From a8db3548e41edddef094c82ec1b8029834a5c47f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 26 Jul 2019 21:13:17 +0200 Subject: mod_admin_telnet: Add xmpp:ping to help --- plugins/mod_admin_telnet.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 40160765..7f324999 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -239,6 +239,7 @@ function commands.help(session, data) print [[server - Uptime, version, shutting down, etc.]] print [[port - Commands to manage ports the server is listening on]] print [[dns - Commands to manage and inspect the internal DNS resolver]] + print [[xmpp - Commands for sending XMPP stanzas]] print [[config - Reloading the configuration, etc.]] print [[console - Help regarding the console itself]] elseif section == "c2s" then @@ -282,6 +283,8 @@ function commands.help(session, data) print [[dns:setnameserver(nameserver) - Replace the list of name servers with the supplied one]] print [[dns:purge() - Clear the DNS cache]] print [[dns:cache() - Show cached records]] + elseif section == "xmpp" then + print [[xmpp:ping(localhost, remotehost) -- Sends a ping to a remote XMPP server and reports the response]] elseif section == "config" then print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] elseif section == "console" then -- cgit v1.2.3 From 3ecb639c7160f1b26eea1df1eca19aedd91257bf Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 25 Jul 2019 12:26:07 +0200 Subject: mod_pubsub: Eliminate dead code `data` is a stanza and always truthy --- plugins/mod_pubsub/pubsub.lib.lua | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 83c81bb7..d59e3d85 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -328,14 +328,9 @@ function handlers.get_items(origin, stanza, items, service) for _, id in ipairs(results) do data:add_child(results[id]); end - local reply; - if data then - reply = st.reply(stanza) - :tag("pubsub", { xmlns = xmlns_pubsub }) - :add_child(data); - else - reply = pubsub_error_reply(stanza, "item-not-found"); - end + local reply = st.reply(stanza) + :tag("pubsub", { xmlns = xmlns_pubsub }) + :add_child(data); origin.send(reply); return true; end -- cgit v1.2.3 From 49b3e1479cef50bc69f72b5e32ff115c7975c062 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 28 Jul 2019 01:39:47 +0200 Subject: mod_admin_telnet: Allow specifying a reason when closing sessions (#1400) --- plugins/mod_admin_telnet.lua | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 7f324999..df702b91 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -666,23 +666,32 @@ function def_env.c2s:show_tls(match_jid) return self:show(match_jid, tls_info); end -function def_env.c2s:close(match_jid) +local function build_reason(text, condition) + if text or condition then + return { + text = text, + condition = condition or "undefined-condition", + }; + end +end + +function def_env.c2s:close(match_jid, text, condition) local count = 0; show_c2s(function (jid, session) if jid == match_jid or jid_bare(jid) == match_jid then count = count + 1; - session:close(); + session:close(build_reason(text, condition)); end end); return true, "Total: "..count.." sessions closed"; end -function def_env.c2s:closeall() +function def_env.c2s:closeall(text, condition) local count = 0; --luacheck: ignore 212/jid show_c2s(function (jid, session) count = count + 1; - session:close(); + session:close(build_reason(text, condition)); end); return true, "Total: "..count.." sessions closed"; end @@ -887,7 +896,7 @@ function def_env.s2s:showcert(domain) .." presented by "..domain.."."); end -function def_env.s2s:close(from, to) +function def_env.s2s:close(from, to, text, condition) local print, count = self.session.print, 0; local s2s_sessions = module:shared"/*/s2s/sessions"; @@ -905,19 +914,19 @@ function def_env.s2s:close(from, to) if (match_id and match_id == id) or (session.from_host == from and session.to_host == to) then print(("Closing connection from %s to %s [%s]"):format(session.from_host, session.to_host, id)); - (session.close or s2smanager.destroy_session)(session); + (session.close or s2smanager.destroy_session)(session, build_reason(text, condition)); count = count + 1 ; end end return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); end -function def_env.s2s:closeall(host) +function def_env.s2s:closeall(host, text, condition) local count = 0; local s2s_sessions = module:shared"/*/s2s/sessions"; for _,session in pairs(s2s_sessions) do if not host or session.from_host == host or session.to_host == host then - session:close(); + session:close(build_reason(text, condition)); count = count + 1; end end -- cgit v1.2.3 From 9e57e0279736a1ec952d4915b02735b14ddb6d19 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 28 Jul 2019 01:43:10 +0200 Subject: mod_admin_telnet: Use already generated session id Don't need to construct it from components again --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index df702b91..b6cdfe82 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -910,7 +910,7 @@ function def_env.s2s:close(from, to, text, condition) end for _, session in pairs(s2s_sessions) do - local id = session.type..tostring(session):match("[a-f0-9]+$"); + local id = session.id or (session.type..tostring(session):match("[a-f0-9]+$")); if (match_id and match_id == id) or (session.from_host == from and session.to_host == to) then print(("Closing connection from %s to %s [%s]"):format(session.from_host, session.to_host, id)); -- cgit v1.2.3 From 9df663276b0cd3821e18a2c626cec15677ddc62d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Mar 2019 00:58:22 +0100 Subject: mod_limits: Use rate limiting in net.server if provided This should be simpler and more efficient, as well avoid problems caused by using filters. --- plugins/mod_limits.lua | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index 7ae8bb34..3c7f4d40 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -84,8 +84,13 @@ local function filter_hook(session) local session_type = session.type:match("^[^_]+"); local filter_set, opts = type_filters[session_type], limits[session_type]; if opts then - session.throttle = throttle.create(opts.bytes_per_second * opts.burst_seconds, opts.burst_seconds); - filters.add_filter(session, "bytes/in", filter_set.bytes_in, 1000); + if session.conn and session.conn.setlimit then + session.conn:setlimit(opts.bytes_per_second); + -- Currently no burst support + else + session.throttle = throttle.create(opts.bytes_per_second * opts.burst_seconds, opts.burst_seconds); + filters.add_filter(session, "bytes/in", filter_set.bytes_in, 1000); + end end end @@ -106,9 +111,14 @@ function module.add_host(module) local session_type = session.type:match("^[^_]+"); local jid = session.username .. "@" .. session.host; if unlimited_jids:contains(jid) then - local filter_set = type_filters[session_type]; - filters.remove_filter(session, "bytes/in", filter_set.bytes_in); - session.throttle = nil; + if session.conn and session.conn.setlimit then + session.conn:setlimit(0); + -- Currently no burst support + else + local filter_set = type_filters[session_type]; + filters.remove_filter(session, "bytes/in", filter_set.bytes_in); + session.throttle = nil; + end end end); end -- cgit v1.2.3 From 40b1e3e0ed1223517f29bcf136fc08a6f33b17f2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jul 2019 02:29:36 +0200 Subject: plugins: Remove tostring call from logging Taken care of by loggingmanager now Mass-rewrite using lua pattern like `tostring%b()` --- plugins/mod_blocklist.lua | 2 +- plugins/mod_bosh.lua | 16 ++++++++-------- plugins/mod_c2s.lua | 4 ++-- plugins/mod_component.lua | 14 +++++++------- plugins/mod_groups.lua | 6 +++--- plugins/mod_limits.lua | 2 +- plugins/mod_mam/mod_mam.lua | 4 ++-- plugins/mod_muc_mam.lua | 6 +++--- plugins/mod_pep_simple.lua | 4 ++-- plugins/mod_proxy65.lua | 2 +- plugins/mod_s2s/mod_s2s.lua | 6 +++--- plugins/mod_saslauth.lua | 3 +-- plugins/mod_stanza_debug.lua | 5 ++--- plugins/mod_websocket.lua | 2 +- 14 files changed, 37 insertions(+), 39 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_blocklist.lua b/plugins/mod_blocklist.lua index cf8aad80..dad06b62 100644 --- a/plugins/mod_blocklist.lua +++ b/plugins/mod_blocklist.lua @@ -67,7 +67,7 @@ local function migrate_privacy_list(username) if item.type == "jid" and item.action == "deny" then local jid = jid_prep(item.value); if not jid then - module:log("warn", "Invalid JID in privacy store for user '%s' not migrated: %s", username, tostring(item.value)); + module:log("warn", "Invalid JID in privacy store for user '%s' not migrated: %s", username, item.value); else migrated_data[jid] = true; end diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index d4e980f2..f4d7eba2 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -78,7 +78,7 @@ end); -- Used to respond to idle sessions (those with waiting requests) function on_destroy_request(request) - log("debug", "Request destroyed: %s", tostring(request)); + log("debug", "Request destroyed: %s", request); local session = sessions[request.context.sid]; if session then local requests = session.requests; @@ -115,7 +115,7 @@ function session_timeout(now, session, context, reason) -- luacheck: ignore 212/ end function handle_POST(event) - log("debug", "Handling new request %s: %s\n----------", tostring(event.request), tostring(event.request.body)); + log("debug", "Handling new request %s: %s\n----------", event.request, event.request.body); local request, response = event.request, event.response; response.on_destroy = on_destroy_request; @@ -224,7 +224,7 @@ local function bosh_reset_stream(session) session.notopen = true; end local stream_xmlns_attr = { xmlns = "urn:ietf:params:xml:ns:xmpp-streams" }; local function bosh_close_stream(session, reason) - (session.log or log)("info", "BOSH client disconnected: %s", tostring((reason and reason.condition or reason) or "session close")); + (session.log or log)("info", "BOSH client disconnected: %s", (reason and reason.condition or reason) or "session close"); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams }); @@ -249,7 +249,7 @@ local function bosh_close_stream(session, reason) close_reply = reason; end end - log("info", "Disconnecting client, is: %s", tostring(close_reply)); + log("info", "Disconnecting client, is: %s", close_reply); end local response_body = tostring(close_reply); @@ -275,7 +275,7 @@ function stream_callbacks.streamopened(context, attr) local to_host = nameprep(attr.to); local wait = tonumber(attr.wait); if not to_host then - log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); + log("debug", "BOSH client tried to connect to invalid host: %s", attr.to); report_bad_host(); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); @@ -283,7 +283,7 @@ function stream_callbacks.streamopened(context, attr) return; end if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then - log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); + log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", attr.rid, attr.wait); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); response:send(tostring(close_reply)); @@ -329,7 +329,7 @@ function stream_callbacks.streamopened(context, attr) s.attr.xmlns = "jabber:client"; end s = filter("stanzas/out", s); - --log("debug", "Sending BOSH data: %s", tostring(s)); + --log("debug", "Sending BOSH data: %s", s); if not s then return true end t_insert(session.send_buffer, tostring(s)); @@ -432,7 +432,7 @@ function stream_callbacks.streamopened(context, attr) end end -local function handleerr(err) log("error", "Traceback[bosh]: %s", traceback(tostring(err), 2)); end +local function handleerr(err) log("error", "Traceback[bosh]: %s", traceback(err, 2)); end function runner_callbacks:error(err) -- luacheck: ignore 212/self return handleerr(err); diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index bfec1055..53af34f0 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -127,7 +127,7 @@ function stream_callbacks.error(session, error, data) session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); session:close("invalid-namespace"); elseif error == "parse-error" then - (session.log or log)("debug", "Client XML parse error: %s", tostring(data)); + (session.log or log)("debug", "Client XML parse error: %s", data); session:close("not-well-formed"); elseif error == "stream-error" then local condition, text = "undefined-condition"; @@ -289,7 +289,7 @@ function listener.onconnect(conn) if data then local ok, err = stream:feed(data); if not ok then - log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); + log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); session:close("not-well-formed"); end end diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index b1ffc81d..afcfc68c 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -167,11 +167,11 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; function stream_callbacks.error(session, error, data) if session.destroyed then return; end - module:log("warn", "Error processing component stream: %s", tostring(error)); + module:log("warn", "Error processing component stream: %s", error); if error == "no-stream" then session:close("invalid-namespace"); elseif error == "parse-error" then - session.log("warn", "External component %s XML parse error: %s", tostring(session.host), tostring(data)); + session.log("warn", "External component %s XML parse error: %s", session.host, data); session:close("not-well-formed"); elseif error == "stream-error" then local condition, text = "undefined-condition"; @@ -208,7 +208,7 @@ function stream_callbacks.streamclosed(session) session:close(); end -local function handleerr(err) log("error", "Traceback[component]: %s", traceback(tostring(err), 2)); end +local function handleerr(err) log("error", "Traceback[component]: %s", traceback(err, 2)); end function stream_callbacks.handlestanza(session, stanza) -- Namespaces are icky. if not stanza.attr.xmlns and stanza.name == "handshake" then @@ -268,10 +268,10 @@ local function session_close(session, reason) if reason.extra then stanza:add_child(reason.extra); end - module:log("info", "Disconnecting component, is: %s", tostring(stanza)); + module:log("info", "Disconnecting component, is: %s", stanza); session.send(stanza); elseif reason.name then -- a stanza - module:log("info", "Disconnecting component, is: %s", tostring(reason)); + module:log("info", "Disconnecting component, is: %s", reason); session.send(reason); end end @@ -312,7 +312,7 @@ function listener.onconnect(conn) function session.data(_, data) local ok, err = stream:feed(data); if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); + log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); session:close("not-well-formed"); end @@ -327,7 +327,7 @@ end function listener.ondisconnect(conn, err) local session = sessions[conn]; if session then - (session.log or log)("info", "component disconnected: %s (%s)", tostring(session.host), tostring(err)); + (session.log or log)("info", "component disconnected: %s (%s)", session.host, err); if session.host then module:context(session.host):fire_event("component-disconnected", { session = session, reason = err }); end diff --git a/plugins/mod_groups.lua b/plugins/mod_groups.lua index 646b7408..0c44f481 100644 --- a/plugins/mod_groups.lua +++ b/plugins/mod_groups.lua @@ -25,7 +25,7 @@ function inject_roster_contacts(event) local function import_jids_to_roster(group_name) for jid in pairs(groups[group_name]) do -- Add them to roster - --module:log("debug", "processing jid %s in group %s", tostring(jid), tostring(group_name)); + --module:log("debug", "processing jid %s in group %s", jid, group_name); if jid ~= bare_jid then if not roster[jid] then roster[jid] = {}; end roster[jid].subscription = "both"; @@ -99,7 +99,7 @@ function module.load() end members[false][#members[false]+1] = curr_group; -- Is a public group end - module:log("debug", "New group: %s", tostring(curr_group)); + module:log("debug", "New group: %s", curr_group); groups[curr_group] = groups[curr_group] or {}; else -- Add JID @@ -108,7 +108,7 @@ function module.load() local jid; jid = jid_prep(entryjid:match("%S+")); if jid then - module:log("debug", "New member of %s: %s", tostring(curr_group), tostring(jid)); + module:log("debug", "New member of %s: %s", curr_group, jid); groups[curr_group][jid] = name or false; members[jid] = members[jid] or {}; members[jid][#members[jid]+1] = curr_group; diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index 3c7f4d40..a1a3b2c0 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -32,7 +32,7 @@ local function parse_burst(burst, sess_type) end local n_burst = tonumber(burst); if not n_burst then - module:log("error", "Unable to parse burst for %s: %q, using default burst interval (%ds)", sess_type, tostring(burst), default_burst); + module:log("error", "Unable to parse burst for %s: %q, using default burst interval (%ds)", sess_type, burst, default_burst); end return n_burst or default_burst; end diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 855e1974..cfa92ff5 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -224,13 +224,13 @@ local function shall_store(user, who) end local prefs = get_prefs(user); local rule = prefs[who]; - module:log("debug", "%s's rule for %s is %s", user, who, tostring(rule)); + module:log("debug", "%s's rule for %s is %s", user, who, rule); if rule ~= nil then return rule; end -- Below could be done by a metatable local default = prefs[false]; - module:log("debug", "%s's default rule is %s", user, tostring(default)); + module:log("debug", "%s's default rule is %s", user, default); if default == "roster" then return has_in_roster(user, who); end diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index eb93a386..387f6a5d 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -251,7 +251,7 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) end -- That's all folks! - module:log("debug", "Archive query %s completed", tostring(qid)); + module:log("debug", "Archive query %s completed", qid); origin.send(st.reply(stanza) :tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete }) @@ -291,7 +291,7 @@ module:hook("muc-get-history", function (event) local data, err = archive:find(jid_split(room_jid), query); if not data then - module:log("error", "Could not fetch history: %s", tostring(err)); + module:log("error", "Could not fetch history: %s", err); return end @@ -317,7 +317,7 @@ module:hook("muc-get-history", function (event) maxchars = maxchars - chars; end history[i], i = item, i+1; - -- module:log("debug", tostring(item)); + -- module:log("debug", item); end function event.next_stanza() i = i - 1; diff --git a/plugins/mod_pep_simple.lua b/plugins/mod_pep_simple.lua index f91e5448..11268ab7 100644 --- a/plugins/mod_pep_simple.lua +++ b/plugins/mod_pep_simple.lua @@ -230,13 +230,13 @@ module:hook("iq/bare/http://jabber.org/protocol/pubsub:pubsub", function(event) return true; else --invalid request session.send(st.error_reply(stanza, 'modify', 'bad-request')); - module:log("debug", "Invalid request: %s", tostring(payload)); + module:log("debug", "Invalid request: %s", payload); return true; end else --no presence subscription session.send(st.error_reply(stanza, 'auth', 'not-authorized') :tag('presence-subscription-required', {xmlns='http://jabber.org/protocol/pubsub#errors'})); - module:log("debug", "Unauthorized request: %s", tostring(payload)); + module:log("debug", "Unauthorized request: %s", payload); return true; end end diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua index 00833772..29c821e2 100644 --- a/plugins/mod_proxy65.lua +++ b/plugins/mod_proxy65.lua @@ -117,7 +117,7 @@ function module.add_host(module) if jid_compare(jid, acl) then allow = true; break; end end if allow then break; end - module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from)); + module:log("warn", "Denying use of proxy for %s", stanza.attr.from); origin.send(st.error_reply(stanza, "auth", "forbidden")); return true; end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index f0fdc5fb..dd19f350 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -127,7 +127,7 @@ function route_to_existing_session(event) elseif host.type == "local" or host.type == "component" then log("error", "Trying to send a stanza to ourselves??") log("error", "Traceback: %s", traceback()); - log("error", "Stanza: %s", tostring(stanza)); + log("error", "Stanza: %s", stanza); return false; else -- FIXME @@ -151,7 +151,7 @@ function route_to_new_session(event) -- Store in buffer host_session.bounce_sendq = bounce_sendq; host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; - log("debug", "stanza [%s] queued until connection complete", tostring(stanza.name)); + log("debug", "stanza [%s] queued until connection complete", stanza.name); s2sout.initiate_connection(host_session); if (not host_session.connecting) and (not host_session.conn) then log("warn", "Connection to %s failed already, destroying session...", to_host); @@ -595,7 +595,7 @@ local function initialize_session(session) if data then local ok, err = stream:feed(data); if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %q", tostring(err), #data, data:sub(1, 300)); + log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); session:close("not-well-formed"); end end diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 3145cf9b..89313de1 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -14,7 +14,6 @@ local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; -local tostring = tostring; local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false)); local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false) @@ -77,7 +76,7 @@ local function sasl_process_cdata(session, stanza) local status, ret, err_msg = session.sasl_handler:process(text); status, ret, err_msg = handle_status(session, status, ret, err_msg); local s = build_reply(status, ret, err_msg); - log("debug", "sasl reply: %s", tostring(s)); + log("debug", "sasl reply: %s", s); session.send(s); return true; end diff --git a/plugins/mod_stanza_debug.lua b/plugins/mod_stanza_debug.lua index 6dedb6f7..af98670c 100644 --- a/plugins/mod_stanza_debug.lua +++ b/plugins/mod_stanza_debug.lua @@ -1,18 +1,17 @@ module:set_global(); -local tostring = tostring; local filters = require "util.filters"; local function log_send(t, session) if t and t ~= "" and t ~= " " then - session.log("debug", "SEND: %s", tostring(t)); + session.log("debug", "SEND: %s", t); end return t; end local function log_recv(t, session) if t and t ~= "" and t ~= " " then - session.log("debug", "RECV: %s", tostring(t)); + session.log("debug", "RECV: %s", t); end return t; end diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 4ef9a07f..c94ea84a 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -80,7 +80,7 @@ local function session_close(session, reason) stream_error = reason; end end - log("debug", "Disconnecting client, is: %s", tostring(stream_error)); + log("debug", "Disconnecting client, is: %s", stream_error); session.send(stream_error); end -- cgit v1.2.3 From 45a8e8ea7f8f4342a2ca2f8c0ea7d2bbb6591f8d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 1 Aug 2019 05:25:34 +0200 Subject: mod_s2s: Distinguish between high and low level errors in bounces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `remote-server-not-found` is reported for problems occurring without a reply `` having been opened, e.g. DNS records were not found or no TCP stream could be established to a functioning XMPP entity. `remote-server-timeout` is reported for problems that occurring after a stream has been opened, such as configuration problems, inability to perform TLS or unsuccessful certificate validation. Related: #770 --- plugins/mod_s2s/mod_s2s.lua | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index dd19f350..012c5341 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -77,12 +77,19 @@ local function bounce_sendq(session, reason) (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback()); end; }; + -- FIXME Allow for more specific error conditions + -- TODO use util.error ? + local error_type = "cancel"; + local condition = "remote-server-not-found"; + if session.had_stream then -- set when a stream is opened by the remote + error_type, condition = "wait", "remote-server-timeout"; + end for i, data in ipairs(sendq) do local reply = data[2]; if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then reply.attr.type = "error"; - reply:tag("error", {type = "cancel", by = session.from_host}) - :tag("remote-server-not-found", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); + reply:tag("error", {type = error_type, by = session.from_host}) + :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); if reason then reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}) :text("Server-to-server connection failed: "..reason):up(); @@ -301,6 +308,7 @@ end function stream_callbacks._streamopened(session, attr) session.version = tonumber(attr.version) or 0; + session.had_stream = true; -- Had a stream opened at least once -- TODO: Rename session.secure to session.encrypted if session.secure == false then -- cgit v1.2.3 From 03acf1ffe1b8abc3b457075bd46be5ac1b491f2c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 19 Jan 2019 22:01:54 +0100 Subject: mod_vcard_legacy: Add support for JABBERID - impp/uri conversion --- plugins/mod_vcard_legacy.lua | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index ab2c4490..45988fa8 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -105,6 +105,11 @@ module:hook("iq-get/bare/vcard-temp:vCard", function (event) vcard_temp:tag("WORK"):up(); end vcard_temp:up(); + elseif tag.name == "impp" then + local uri = tag:get_child_text("uri"); + if uri and uri:sub(1, 5) == "xmpp:" then + vcard_temp:text_tag("JABBERID", uri:sub(6)) + end end end end @@ -216,6 +221,10 @@ function vcard_to_pep(vcard_temp) vcard4:text_tag("text", "work"); end vcard4:up():up():up(); + elseif tag.name == "JABBERID" then + vcard4:tag("impp") + :text_tag("uri", "xmpp:" .. tag:get_text()) + :up(); elseif tag.name == "PHOTO" then local avatar_type = tag:get_child_text("TYPE"); local avatar_payload = tag:get_child_text("BINVAL"); -- cgit v1.2.3 From fabd896892e40eda501c12704025df7cb7c16654 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 2 Aug 2019 21:57:57 +0200 Subject: mod_vcard_legacy: Complete roundtrip support for ORG/ORGNAME vcard-temp -> vcard4 worked previously but not the other way around --- plugins/mod_vcard_legacy.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index 45988fa8..89ef1a4f 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -110,6 +110,10 @@ module:hook("iq-get/bare/vcard-temp:vCard", function (event) if uri and uri:sub(1, 5) == "xmpp:" then vcard_temp:text_tag("JABBERID", uri:sub(6)) end + elseif tag.name == "org" then + vcard_temp:tag("ORG") + :text_tag("ORGNAME", tag:get_child_text("text")) + :up(); end end end -- cgit v1.2.3 From 5976d3fc664719dfddb539c660465caa961588a6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 10 Aug 2019 16:01:42 +0200 Subject: mod_muc_mam: Conditionally advertise MAM feature on rooms (fixes #1407) --- plugins/mod_muc_mam.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 387f6a5d..7fc9fabf 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -428,7 +428,9 @@ end module:add_feature(xmlns_mam); module:hook("muc-disco#info", function(event) - event.reply:tag("feature", {var=xmlns_mam}):up(); + if archiving_enabled(event.room) then + event.reply:tag("feature", {var=xmlns_mam}):up(); + end end); -- Cleanup -- cgit v1.2.3 From c788104e048f868c0448df797d2020fba1fa0934 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 10 Nov 2018 13:37:32 +0100 Subject: mod_s2s: Use net.connect instead of s2sout.lib for outgoing s2s connections --- plugins/mod_s2s/mod_s2s.lua | 38 +++-- plugins/mod_s2s/s2sout.lib.lua | 349 ----------------------------------------- 2 files changed, 23 insertions(+), 364 deletions(-) delete mode 100644 plugins/mod_s2s/s2sout.lib.lua (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 012c5341..ea19f7ad 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -27,8 +27,8 @@ local s2s_destroy_session = require "core.s2smanager".destroy_session; local uuid_gen = require "util.uuid".generate; local fire_global_event = prosody.events.fire_event; local runner = require "util.async".runner; - -local s2sout = module:require("s2sout"); +local connect = require "net.connect".connect; +local service = require "net.resolvers.service"; local connect_timeout = module:get_option_number("s2s_timeout", 90); local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); @@ -45,6 +45,8 @@ local sessions = module:shared("sessions"); local runner_callbacks = {}; +local listener = {}; + local log = module._log; module:hook("stats-update", function () @@ -154,17 +156,13 @@ function route_to_new_session(event) local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; log("debug", "opening a new outgoing connection for this stanza"); local host_session = s2s_new_outgoing(from_host, to_host); + host_session.version = 1; -- Store in buffer host_session.bounce_sendq = bounce_sendq; host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; log("debug", "stanza [%s] queued until connection complete", stanza.name); - s2sout.initiate_connection(host_session); - if (not host_session.connecting) and (not host_session.conn) then - log("warn", "Connection to %s failed already, destroying session...", to_host); - s2s_destroy_session(host_session, "Connection failed"); - return false; - end + connect(service.new(to_host, "xmpp-server", "tcp", { default_port = 5269 }), listener, nil, { session = host_session }); return true; end @@ -479,8 +477,6 @@ function stream_callbacks.error(session, error, data) end end -local listener = {}; - --- Session methods local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; local function session_close(session, reason, remote_reason) @@ -679,11 +675,16 @@ function listener.ondisconnect(conn, err) local session = sessions[conn]; if session then sessions[conn] = nil; + (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); + s2s_destroy_session(session, err); + end +end + +function listener.onfail(data, err) + local session = data and data.session; + if session then if err and session.direction == "outgoing" and session.notopen then (session.log or log)("debug", "s2s connection attempt failed: %s", err); - if s2sout.attempt_connection(session, err) then - return; -- Session lives for now - end end (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); s2s_destroy_session(session, err); @@ -707,6 +708,15 @@ function listener.ondetach(conn) sessions[conn] = nil; end +function listener.onattach(conn, data) + local session = data and data.session; + if session then + session.conn = conn; + sessions[conn] = session; + initialize_session(session); + end +end + function check_auth_policy(event) local host, session = event.host, event.session; local must_secure = secure_auth; @@ -730,8 +740,6 @@ end module:hook("s2s-check-certificate", check_auth_policy, -1); -s2sout.set_listener(listener); - module:hook("server-stopping", function(event) local reason = event.reason; for _, session in pairs(sessions) do diff --git a/plugins/mod_s2s/s2sout.lib.lua b/plugins/mod_s2s/s2sout.lib.lua deleted file mode 100644 index 34e322d2..00000000 --- a/plugins/mod_s2s/s2sout.lib.lua +++ /dev/null @@ -1,349 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - ---- Module containing all the logic for connecting to a remote server - --- luacheck: ignore 432/err - -local portmanager = require "core.portmanager"; -local wrapclient = require "net.server".wrapclient; -local initialize_filters = require "util.filters".initialize; -local idna_to_ascii = require "util.encodings".idna.to_ascii; -local new_ip = require "util.ip".new_ip; -local rfc6724_dest = require "util.rfc6724".destination; -local socket = require "socket"; -local adns = require "net.adns"; -local t_insert, t_sort, ipairs = table.insert, table.sort, ipairs; -local local_addresses = require "util.net".local_addresses; - -local s2s_destroy_session = require "core.s2smanager".destroy_session; - -local default_mode = module:get_option("network_default_read_size", 4096); - -local log = module._log; - -local sources = {}; -local has_ipv4, has_ipv6; - -local dns_timeout = module:get_option_number("dns_timeout", 15); -local resolvers = module:get_option_set("s2s_dns_resolvers") - -local s2sout = {}; - -local s2s_listener; - - -function s2sout.set_listener(listener) - s2s_listener = listener; -end - -local function compare_srv_priorities(a,b) - return a.priority < b.priority or (a.priority == b.priority and a.weight > b.weight); -end - -function s2sout.initiate_connection(host_session) - local log = host_session.log or log; - - initialize_filters(host_session); - host_session.version = 1; - - host_session.resolver = adns.resolver(); - host_session.resolver._resolver:settimeout(dns_timeout); - if resolvers then - for resolver in resolvers do - host_session.resolver._resolver:addnameserver(resolver); - end - end - - -- Kick the connection attempting machine into life - if not s2sout.attempt_connection(host_session) then - -- Intentionally not returning here, the - -- session is needed, connected or not - s2s_destroy_session(host_session); - end - - if not host_session.sends2s then - -- A sends2s which buffers data (until the stream is opened) - -- note that data in this buffer will be sent before the stream is authed - -- and will not be ack'd in any way, successful or otherwise - local buffer; - function host_session.sends2s(data) - if not buffer then - buffer = {}; - host_session.send_buffer = buffer; - end - log("debug", "Buffering data on unconnected s2sout to %s", host_session.to_host); - buffer[#buffer+1] = data; - log("debug", "Buffered item %d: %s", #buffer, data); - end - end -end - -function s2sout.attempt_connection(host_session, err) - local to_host = host_session.to_host; - local connect_host, connect_port = to_host and idna_to_ascii(to_host), 5269; - local log = host_session.log or log; - - if not connect_host then - return false; - end - - if not err then -- This is our first attempt - log("debug", "First attempt to connect to %s, starting with SRV lookup...", to_host); - host_session.connecting = true; - host_session.resolver:lookup(function (answer) - local srv_hosts = { answer = answer }; - host_session.srv_hosts = srv_hosts; - host_session.srv_choice = 0; - host_session.connecting = nil; - if answer and #answer > 0 then - log("debug", "%s has SRV records, handling...", to_host); - for _, record in ipairs(answer) do - t_insert(srv_hosts, record.srv); - end - if #srv_hosts == 1 and srv_hosts[1].target == "." then - log("debug", "%s does not provide a XMPP service", to_host); - s2s_destroy_session(host_session, err); -- Nothing to see here - return; - end - t_sort(srv_hosts, compare_srv_priorities); - - local srv_choice = srv_hosts[1]; - host_session.srv_choice = 1; - if srv_choice then - connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port; - log("debug", "Best record found, will connect to %s:%d", connect_host, connect_port); - end - else - log("debug", "%s has no SRV records, falling back to A/AAAA", to_host); - end - -- Try with SRV, or just the plain hostname if no SRV - local ok, err = s2sout.try_connect(host_session, connect_host, connect_port); - if not ok then - if not s2sout.attempt_connection(host_session, err) then - -- No more attempts will be made - s2s_destroy_session(host_session, err); - end - end - end, "_xmpp-server._tcp."..connect_host..".", "SRV"); - - return true; -- Attempt in progress - elseif host_session.ip_hosts then - return s2sout.try_connect(host_session, connect_host, connect_port, err); - elseif host_session.srv_hosts and #host_session.srv_hosts > host_session.srv_choice then -- Not our first attempt, and we also have SRV - host_session.srv_choice = host_session.srv_choice + 1; - local srv_choice = host_session.srv_hosts[host_session.srv_choice]; - connect_host, connect_port = srv_choice.target or to_host, srv_choice.port or connect_port; - host_session.log("info", "Connection failed (%s). Attempt #%d: This time to %s:%d", err, host_session.srv_choice, connect_host, connect_port); - else - host_session.log("info", "Failed in all attempts to connect to %s", host_session.to_host); - -- We're out of options - return false; - end - - if not (connect_host and connect_port) then - -- Likely we couldn't resolve DNS - log("warn", "Hmm, we're without a host (%s) and port (%s) to connect to for %s, giving up :(", connect_host, connect_port, to_host); - return false; - end - - return s2sout.try_connect(host_session, connect_host, connect_port); -end - -function s2sout.try_next_ip(host_session) - host_session.connecting = nil; - host_session.ip_choice = host_session.ip_choice + 1; - local ip = host_session.ip_hosts[host_session.ip_choice]; - local ok, err= s2sout.make_connect(host_session, ip.ip, ip.port); - if not ok then - if not s2sout.attempt_connection(host_session, err or "closed") then - err = err and (": "..err) or ""; - s2s_destroy_session(host_session, "Connection failed"..err); - end - end -end - -function s2sout.try_connect(host_session, connect_host, connect_port, err) - host_session.connecting = true; - local log = host_session.log or log; - - if not err then - local IPs = {}; - host_session.ip_hosts = IPs; - -- luacheck: ignore 231/handle4 231/handle6 - local handle4, handle6; - local have_other_result = not(has_ipv4) or not(has_ipv6) or false; - - if has_ipv4 then - handle4 = host_session.resolver:lookup(function (reply, err) - handle4 = nil; - - if reply and reply[#reply] and reply[#reply].a then - for _, ip in ipairs(reply) do - log("debug", "DNS reply for %s gives us %s", connect_host, ip.a); - IPs[#IPs+1] = new_ip(ip.a, "IPv4"); - end - elseif err then - log("debug", "Error in DNS lookup: %s", err); - end - - if have_other_result then - if #IPs > 0 then - rfc6724_dest(host_session.ip_hosts, sources); - for i = 1, #IPs do - IPs[i] = {ip = IPs[i], port = connect_port}; - end - host_session.ip_choice = 0; - s2sout.try_next_ip(host_session); - else - log("debug", "DNS lookup failed to get a response for %s", connect_host); - host_session.ip_hosts = nil; - if not s2sout.attempt_connection(host_session, "name resolution failed") then -- Retry if we can - log("debug", "No other records to try for %s - destroying", host_session.to_host); - err = err and (": "..err) or ""; - s2s_destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't - end - end - else - have_other_result = true; - end - end, connect_host, "A", "IN"); - else - have_other_result = true; - end - - if has_ipv6 then - handle6 = host_session.resolver:lookup(function (reply, err) - handle6 = nil; - - if reply and reply[#reply] and reply[#reply].aaaa then - for _, ip in ipairs(reply) do - log("debug", "DNS reply for %s gives us %s", connect_host, ip.aaaa); - IPs[#IPs+1] = new_ip(ip.aaaa, "IPv6"); - end - elseif err then - log("debug", "Error in DNS lookup: %s", err); - end - - if have_other_result then - if #IPs > 0 then - rfc6724_dest(host_session.ip_hosts, sources); - for i = 1, #IPs do - IPs[i] = {ip = IPs[i], port = connect_port}; - end - host_session.ip_choice = 0; - s2sout.try_next_ip(host_session); - else - log("debug", "DNS lookup failed to get a response for %s", connect_host); - host_session.ip_hosts = nil; - if not s2sout.attempt_connection(host_session, "name resolution failed") then -- Retry if we can - log("debug", "No other records to try for %s - destroying", host_session.to_host); - err = err and (": "..err) or ""; - s2s_destroy_session(host_session, "DNS resolution failed"..err); -- End of the line, we can't - end - end - else - have_other_result = true; - end - end, connect_host, "AAAA", "IN"); - else - have_other_result = true; - end - return true; - elseif host_session.ip_hosts and #host_session.ip_hosts > host_session.ip_choice then -- Not our first attempt, and we also have IPs left to try - s2sout.try_next_ip(host_session); - else - log("debug", "Out of IP addresses, trying next SRV record (if any)"); - host_session.ip_hosts = nil; - if not s2sout.attempt_connection(host_session, "out of IP addresses") then -- Retry if we can - log("debug", "No other records to try for %s - destroying", host_session.to_host); - err = err and (": "..err) or ""; - s2s_destroy_session(host_session, "Connecting failed"..err); -- End of the line, we can't - return false; - end - end - - return true; -end - -function s2sout.make_connect(host_session, connect_host, connect_port) - local log = host_session.log or log; - log("debug", "Beginning new connection attempt to %s ([%s]:%d)", host_session.to_host, connect_host.addr, connect_port); - - -- Reset secure flag in case this is another - -- connection attempt after a failed STARTTLS - host_session.secure = nil; - host_session.encrypted = nil; - - local conn, handler; - local proto = connect_host.proto; - if proto == "IPv4" then - conn, handler = socket.tcp(); - elseif proto == "IPv6" and socket.tcp6 then - conn, handler = socket.tcp6(); - else - handler = "Unsupported protocol: "..tostring(proto); - end - - if not conn then - log("warn", "Failed to create outgoing connection, system error: %s", handler); - return false, handler; - end - - conn:settimeout(0); - local success, err = conn:connect(connect_host.addr, connect_port); - if not success and err ~= "timeout" then - log("warn", "s2s connect() to %s (%s:%d) failed: %s", host_session.to_host, connect_host.addr, connect_port, err); - return false, err; - end - - conn = wrapclient(conn, connect_host.addr, connect_port, s2s_listener, default_mode); - host_session.conn = conn; - - -- Register this outgoing connection so that xmppserver_listener knows about it - -- otherwise it will assume it is a new incoming connection - s2s_listener.register_outgoing(conn, host_session); - - log("debug", "Connection attempt in progress..."); - return true; -end - -module:hook_global("service-added", function (event) - if event.name ~= "s2s" then return end - - local s2s_sources = portmanager.get_active_services():get("s2s"); - if not s2s_sources then - module:log_status("warn", "s2s not listening on any ports, outgoing connections may fail"); - return; - end - for source, _ in pairs(s2s_sources) do - if source == "*" or source == "0.0.0.0" then - for _, addr in ipairs(local_addresses("ipv4", true)) do - sources[#sources + 1] = new_ip(addr, "IPv4"); - end - elseif source == "::" then - for _, addr in ipairs(local_addresses("ipv6", true)) do - sources[#sources + 1] = new_ip(addr, "IPv6"); - end - else - sources[#sources + 1] = new_ip(source, (source:find(":") and "IPv6") or "IPv4"); - end - end - for i = 1,#sources do - if sources[i].proto == "IPv6" then - has_ipv6 = true; - elseif sources[i].proto == "IPv4" then - has_ipv4 = true; - end - end - if not (has_ipv4 or has_ipv6) then - module:log("warn", "No local IPv4 or IPv6 addresses detected, outgoing connections may fail"); - end -end); - -return s2sout; -- cgit v1.2.3 From 761731222d7836a8567bb6cc1fe1788aa15748a0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 22 Aug 2019 22:23:04 +0200 Subject: mod_vcard_legacy: Use PEP nickname if vcard4 data is unavailable Last remaining nice feature from mod_profile. Allows setting eg nickname and avatar as completely public while restricting private details in vcard4 to only contacts. --- plugins/mod_vcard_legacy.lua | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index 89ef1a4f..91497493 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -116,6 +116,14 @@ module:hook("iq-get/bare/vcard-temp:vCard", function (event) :up(); end end + else + local ok, _, nick_item = pep_service:get_last_item("http://jabber.org/protocol/nick", stanza.attr.from); + if ok and nick_item then + local nickname = nick_item:get_child_text("nick", "http://jabber.org/protocol/nick"); + if nickname then + vcard_temp:text_tag("NICKNAME", nickname); + end + end end local meta_ok, avatar_meta = pep_service:get_items("urn:xmpp:avatar:metadata", stanza.attr.from); -- cgit v1.2.3 From a746aba7a27bcff70944f07268e7aef519a0223b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 13 Jan 2019 14:02:56 +0100 Subject: mod_auth_internal_hashed: Add support for optionally using SCRAM-SHA-256 instead of SHA-1 This will currently require a hard reset of all passwords back to plain. This will be least painful on new deployments. --- plugins/mod_auth_internal_hashed.lua | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 35764afb..174e848a 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -9,7 +9,7 @@ local max = math.max; -local getAuthenticationDatabaseSHA1 = require "util.sasl.scram".getAuthenticationDatabaseSHA1; +local scram_hashers = require "util.sasl.scram".hashers; local usermanager = require "core.usermanager"; local generate_uuid = require "util.uuid".generate; local new_sasl = require "util.sasl".new; @@ -21,7 +21,8 @@ local host = module.host; local accounts = module:open_store("accounts"); - +local hash_name = module:get_option_string("password_hash", "SHA-1"); +local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); -- Default; can be set per-user local default_iteration_count = 4096; @@ -49,7 +50,7 @@ function provider.test_password(username, password) return nil, "Auth failed. Stored salt and iteration count information is not complete."; end - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, credentials.salt, credentials.iteration_count); + local valid, stored_key, server_key = get_auth_db(password, credentials.salt, credentials.iteration_count); local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); @@ -67,7 +68,7 @@ function provider.set_password(username, password) if account then account.salt = generate_uuid(); account.iteration_count = max(account.iteration_count or 0, default_iteration_count); - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); + local valid, stored_key, server_key = get_auth_db(password, account.salt, account.iteration_count); local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); @@ -98,7 +99,7 @@ function provider.create_user(username, password) return accounts:set(username, {}); end local salt = generate_uuid(); - local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count); + local valid, stored_key, server_key = get_auth_db(password, salt, default_iteration_count); local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); return accounts:set(username, { @@ -116,7 +117,7 @@ function provider.get_sasl_handler() plain_test = function(_, username, password, realm) return usermanager.test_password(username, realm, password), true; end, - scram_sha_1 = function(_, username) + ["scram_"..hash_name:gsub("%-","_"):lower()] = function(_, username) local credentials = accounts:get(username); if not credentials then return; end if credentials.password then -- cgit v1.2.3 From b8ad8ccc88415e201eea3530120ce4fda4fdaf04 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 22 Aug 2019 01:00:31 +0200 Subject: mod_auth_internal_hashed: Precompute SCRAM authentication profile name (thanks MattJ) --- plugins/mod_auth_internal_hashed.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 174e848a..be22a8d8 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -23,6 +23,7 @@ local accounts = module:open_store("accounts"); local hash_name = module:get_option_string("password_hash", "SHA-1"); local get_auth_db = assert(scram_hashers[hash_name], "SCRAM-"..hash_name.." not supported by SASL library"); +local scram_name = "scram_"..hash_name:gsub("%-","_"):lower(); -- Default; can be set per-user local default_iteration_count = 4096; @@ -117,7 +118,7 @@ function provider.get_sasl_handler() plain_test = function(_, username, password, realm) return usermanager.test_password(username, realm, password), true; end, - ["scram_"..hash_name:gsub("%-","_"):lower()] = function(_, username) + [scram_name] = function(_, username) local credentials = accounts:get(username); if not credentials then return; end if credentials.password then -- cgit v1.2.3 From 39cb87a158a017441e129ed8514f83bfbfdae64f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 23 Aug 2019 01:04:00 +0200 Subject: mod_storage_*: Tweak :summary API to allow future expansion with more fields Eg might want to include last message, timestamp, chat state or other info. --- plugins/mod_storage_internal.lua | 8 +++++--- plugins/mod_storage_memory.lua | 8 +++++--- plugins/mod_storage_sql.lua | 8 +++++--- 3 files changed, 15 insertions(+), 9 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 2556224d..28caa071 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -217,11 +217,13 @@ end function archive:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end - local summary = {}; + local counts = {}; for _, _, _, with in iter do - summary[with] = (summary[with] or 0) + 1; + counts[with] = (counts[with] or 0) + 1; end - return summary; + return { + counts = counts; + }; end function archive:users() diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 376ae277..cac9bc40 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -170,11 +170,13 @@ end function archive_store:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end - local summary = {}; + local counts = {}; for _, _, _, with in iter do - summary[with] = (summary[with] or 0) + 1; + counts[with] = (counts[with] or 0) + 1; end - return summary; + return { + counts = counts; + }; end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 518e2654..d6779946 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -446,12 +446,14 @@ function archive_store:summary(username, query) return engine:select(sql_query, unpack(args)); end); if not ok then return ok, result end - local summary = {}; + local counts = {}; for row in result do local with, count = row[1], row[2]; - summary[with] = count; + counts[with] = count; end - return summary; + return { + counts = counts; + }; end function archive_store:delete(username, query) -- cgit v1.2.3 From d3c559bcc89ef91ebecde3cc3b4520873a98ea4d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 23 Aug 2019 01:10:27 +0200 Subject: mod_storage_*: Include timestamp of latest message in :summary API Clients may want to show a list of conversations ordered by how timestamp of most recent message. The counts allow a badge with unread message counter. --- plugins/mod_storage_internal.lua | 5 ++++- plugins/mod_storage_memory.lua | 5 ++++- plugins/mod_storage_sql.lua | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 28caa071..1ee860d6 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -218,11 +218,14 @@ function archive:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end local counts = {}; - for _, _, _, with in iter do + local latest = {}; + for _, _, when, with in iter do counts[with] = (counts[with] or 0) + 1; + latest[with] = when; end return { counts = counts; + latest = latest; }; end diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index cac9bc40..6a04e003 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -171,11 +171,14 @@ function archive_store:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end local counts = {}; - for _, _, _, with in iter do + local latest = {}; + for _, _, when, with in iter do counts[with] = (counts[with] or 0) + 1; + latest[with] = when; end return { counts = counts; + latest = latest; }; end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index d6779946..dc960cad 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -424,7 +424,7 @@ function archive_store:summary(username, query) local user,store = username,self.store; local ok, result = engine:transaction(function() local sql_query = [[ - SELECT DISTINCT "with", COUNT(*) + SELECT DISTINCT "with", COUNT(*), MAX("when") FROM "prosodyarchive" WHERE %s GROUP BY "with" @@ -447,12 +447,15 @@ function archive_store:summary(username, query) end); if not ok then return ok, result end local counts = {}; + local latest = {}; for row in result do local with, count = row[1], row[2]; counts[with] = count; + latest[with] = row[3]; end return { counts = counts; + latest = latest; }; end -- cgit v1.2.3 From 9d5e31fd481a38bc7e346697cdacb8ef5cbd1ae5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 23 Aug 2019 01:15:44 +0200 Subject: mod_storage_*: Also include timestmap of first message in :summary API For completeness along with most recent timestamp. Might be nice to be able to order by oldest unread message. --- plugins/mod_storage_internal.lua | 5 +++++ plugins/mod_storage_memory.lua | 5 +++++ plugins/mod_storage_sql.lua | 8 +++++--- 3 files changed, 15 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 1ee860d6..b3702fe1 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -218,13 +218,18 @@ function archive:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end local counts = {}; + local earliest = {}; local latest = {}; for _, _, when, with in iter do counts[with] = (counts[with] or 0) + 1; + if earliest[with] == nil then + earliest[with] = when; + end latest[with] = when; end return { counts = counts; + earliest = earliest; latest = latest; }; end diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 6a04e003..8beb8c01 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -171,13 +171,18 @@ function archive_store:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end local counts = {}; + local earliest = {}; local latest = {}; for _, _, when, with in iter do counts[with] = (counts[with] or 0) + 1; + if earliest[with] == nil then + earliest[with] = when; + end latest[with] = when; end return { counts = counts; + earliest = earliest; latest = latest; }; end diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index dc960cad..666cee41 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -424,7 +424,7 @@ function archive_store:summary(username, query) local user,store = username,self.store; local ok, result = engine:transaction(function() local sql_query = [[ - SELECT DISTINCT "with", COUNT(*), MAX("when") + SELECT DISTINCT "with", COUNT(*), MIN("when"), MAX("when") FROM "prosodyarchive" WHERE %s GROUP BY "with" @@ -447,14 +447,16 @@ function archive_store:summary(username, query) end); if not ok then return ok, result end local counts = {}; - local latest = {}; + local earliest, latest = {}, {}; for row in result do local with, count = row[1], row[2]; counts[with] = count; - latest[with] = row[3]; + earliest[with] = row[3]; + latest[with] = row[4]; end return { counts = counts; + earliest = earliest; latest = latest; }; end -- cgit v1.2.3 From d45b4c026faac9849324a8db0747e2729f19362c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 23 Aug 2019 01:28:53 +0200 Subject: mod_storage_internal: Include last text message A protocol built on this API now allows showing a list of unread conversations with a counter, ordered by either oldest or newest message, along with the text body itself. --- plugins/mod_storage_internal.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index b3702fe1..c8b902cf 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -220,17 +220,20 @@ function archive:summary(username, query) local counts = {}; local earliest = {}; local latest = {}; - for _, _, when, with in iter do + local body = {}; + for _, stanza, when, with in iter do counts[with] = (counts[with] or 0) + 1; if earliest[with] == nil then earliest[with] = when; end latest[with] = when; + body[with] = stanza:get_child_text("body") or body[with]; end return { counts = counts; earliest = earliest; latest = latest; + body = body; }; end -- cgit v1.2.3 From 1295efd944da3e95e66243eab2ac4fe0b4de556e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Aug 2019 21:31:04 +0200 Subject: MUC: Simplify nickname refresh loop Affiliation data is passed as a loop variable so no need to retrieve it --- plugins/muc/register.lib.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index 21cb3f2f..da106f8c 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -15,8 +15,7 @@ local function get_reserved_nicks(room) end module:log("debug", "Refreshing reserved nicks..."); local reserved_nicks = {}; - for jid in room:each_affiliation() do - local data = room._affiliation_data[jid]; + for jid, _, data in room:each_affiliation() do local nick = data and data.reserved_nickname; module:log("debug", "Refreshed for %s: %s", jid, nick); if nick then -- cgit v1.2.3 From b16782257d441196d7fbab2823ba8fa878c4c056 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Aug 2019 23:12:55 +0200 Subject: Remove COMPAT with temporary luasec fork The changes in the temporary fork were merged into mainline luasec ca 2013 and included in the 0.5 release in 2014. --- plugins/mod_c2s.lua | 3 --- plugins/mod_s2s/mod_s2s.lua | 1 - plugins/mod_s2s_auth_certs.lua | 3 --- 3 files changed, 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 53af34f0..02a0c5eb 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -97,7 +97,6 @@ function stream_callbacks.streamopened(session, attr) session.compressed = info.compression; else (session.log or log)("info", "Stream encrypted"); - session.compressed = sock.compression and sock:compression(); --COMPAT mw/luasec-hg end end @@ -257,8 +256,6 @@ function listener.onconnect(conn) local sock = conn:socket(); if sock.info then session.compressed = sock:info"compression"; - elseif sock.compression then - session.compressed = sock:compression(); --COMPAT mw/luasec-hg end end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ea19f7ad..5a0d2a49 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -320,7 +320,6 @@ function stream_callbacks._streamopened(session, attr) session.compressed = info.compression; else (session.log or log)("info", "Stream encrypted"); - session.compressed = sock.compression and sock:compression(); --COMPAT mw/luasec-hg end end diff --git a/plugins/mod_s2s_auth_certs.lua b/plugins/mod_s2s_auth_certs.lua index dd0eb3cb..76e134a7 100644 --- a/plugins/mod_s2s_auth_certs.lua +++ b/plugins/mod_s2s_auth_certs.lua @@ -17,9 +17,6 @@ module:hook("s2s-check-certificate", function(event) local chain_valid, errors; if conn.getpeerverification then chain_valid, errors = conn:getpeerverification(); - elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg - chain_valid, errors = conn:getpeerchainvalid(); - errors = (not chain_valid) and { { errors } } or nil; else chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; end -- cgit v1.2.3 From 60fddf5c7c7a2272f0235cc5d702f7a89c0e9568 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 15:53:05 +0200 Subject: mod_admin_telnet: Identify bidi-capable s2sout sessions (fixes #1403) --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index b6cdfe82..c184924c 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -552,7 +552,7 @@ local function session_flags(session, line) if session.remote then line[#line+1] = "(remote)"; end - if session.is_bidi then + if session.is_bidi or session.bidi_session then line[#line+1] = "(bidi)"; end if session.bosh_version then -- cgit v1.2.3 From 42861396cd1eeb5a880691e9ee00a75836b2fddb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 19:00:37 +0200 Subject: mod_s2s: Remove obsolete cleanup code These were added by s2sout.lib --- plugins/mod_s2s/mod_s2s.lua | 7 ------- 1 file changed, 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 5a0d2a49..6c4d92ae 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -228,13 +228,6 @@ function mark_connected(session) end session.sendq = nil; end - - if session.resolver then - session.resolver._resolver:closeall() - end - session.resolver = nil; - session.ip_hosts = nil; - session.srv_hosts = nil; end end -- cgit v1.2.3 From cf236f25f8322327921009ab92e33788e4c48de9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 8 Sep 2019 16:48:53 +0200 Subject: mod_offline: Add some debug logging to reduce confusion Where did these messages come from??? --- plugins/mod_offline.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_offline.lua b/plugins/mod_offline.lua index 487098d1..04c679cf 100644 --- a/plugins/mod_offline.lua +++ b/plugins/mod_offline.lua @@ -29,6 +29,7 @@ end, -1); module:hook("message/offline/broadcast", function(event) local origin = event.origin; + origin.log("debug", "Broadcasting offline messages"); local node, host = origin.username, origin.host; @@ -38,6 +39,9 @@ module:hook("message/offline/broadcast", function(event) stanza:tag("delay", {xmlns = "urn:xmpp:delay", from = host, stamp = datetime.datetime(when)}):up(); -- XEP-0203 origin.send(stanza); end - offline_messages:delete(node); + local ok = offline_messages:delete(node); + if type(ok) == "number" and ok > 0 then + origin.log("debug", "%d offline messages consumed"); + end return true; end, -1); -- cgit v1.2.3 From 5c27fe4b793490d6ec80cdbdcc5063ae3b660766 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 17:44:57 +0200 Subject: mod_s2s: Handle authentication of s2sin and s2sout the same way --- plugins/mod_s2s/mod_s2s.lua | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6c4d92ae..d8e631b9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -249,15 +249,13 @@ function make_authenticated(event) session.type = "s2sout"; elseif session.type == "s2sin_unauthed" then session.type = "s2sin"; - if host then - if not session.hosts[host] then session.hosts[host] = {}; end - session.hosts[host].authed = true; - end - elseif session.type == "s2sin" and host then + elseif session.type ~= "s2sin" and session.type ~= "s2sout" then + return false; + end + + if session.incoming and host then if not session.hosts[host] then session.hosts[host] = {}; end session.hosts[host].authed = true; - else - return false; end session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); -- cgit v1.2.3 From f6ba50139a104e69aad9378756b927ccc7b2e661 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 18:32:29 +0200 Subject: mod_s2s: Add function to send replies on s2sout connections that support incoming traffic --- plugins/mod_s2s/mod_s2s.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index d8e631b9..5114b1ce 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -208,6 +208,13 @@ function mark_connected(session) if session.type == "s2sout" then fire_global_event("s2sout-established", event_data); hosts[from].events.fire_event("s2sout-established", event_data); + + if session.incoming then + session.send = function(stanza) + return hosts[from].events.fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza }); + end; + end + else local host_session = hosts[to]; session.send = function(stanza) -- cgit v1.2.3 From 4eda545430dc80353a1b168828990e22c73e7a41 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 18:33:16 +0200 Subject: mod_s2s: Insert s2sin into outgoing routing table when bidirectional --- plugins/mod_s2s/mod_s2s.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 5114b1ce..673c93a2 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -216,6 +216,10 @@ function mark_connected(session) end else + if session.outgoing and not hosts[to].s2sout[from] then + session.log("debug", "Setting up to handle route from %s to %s", to, from); + hosts[to].s2sout[from] = session; -- luacheck: ignore 122 + end local host_session = hosts[to]; session.send = function(stanza) return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); -- cgit v1.2.3 From 55efbf445b422313e209e02bae07db8b35826a62 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Sep 2019 18:54:59 +0200 Subject: mod_s2s: Remove warning about hostname mismatch It triggers on bidi-related routing where this to/from is flipped. Removing since I don't think we have ever seen this potential bug. --- plugins/mod_s2s/mod_s2s.lua | 5 ----- 1 file changed, 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 673c93a2..41b1875b 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -139,11 +139,6 @@ function route_to_existing_session(event) log("error", "Stanza: %s", stanza); return false; else - -- FIXME - if host.from_host ~= from_host then - log("error", "WARNING! This might, possibly, be a bug, but it might not..."); - log("error", "We are going to send from %s instead of %s", host.from_host, from_host); - end if host.sends2s(stanza) then return true; end -- cgit v1.2.3 From ef38f2d0622260df46a86ca4a6d000c57e197823 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 8 Sep 2019 19:45:39 +0200 Subject: mod_s2s_bidi: Enables bi-directional streams via XEP-0288 --- plugins/mod_s2s_bidi.lua | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 plugins/mod_s2s_bidi.lua (limited to 'plugins') diff --git a/plugins/mod_s2s_bidi.lua b/plugins/mod_s2s_bidi.lua new file mode 100644 index 00000000..67a48d8d --- /dev/null +++ b/plugins/mod_s2s_bidi.lua @@ -0,0 +1,38 @@ +-- Prosody IM +-- Copyright (C) 2019 Kim Alvefur +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local st = require "util.stanza"; + +local xmlns_bidi_feature = "urn:xmpp:features:bidi" +local xmlns_bidi = "urn:xmpp:bidi"; + +module:hook("s2s-stream-features", function(event) + local origin, features = event.origin, event.features; + if origin.type == "s2sin_unauthed" then + features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); + end +end); + +module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza) + if session.type == "s2sout_unauthed" then + local bidi = stanza:get_child("bidi", xmlns_bidi_feature); + if bidi then + session.incoming = true; + session.log("debug", "Requesting bidirectional stream"); + session.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi })); + end + end +end, 200); + +module:hook_tag("urn:xmpp:bidi", "bidi", function(session) + if session.type == "s2sin_unauthed" then + session.log("debug", "Requested bidirectional stream"); + session.outgoing = true; + return true; + end +end); + -- cgit v1.2.3 From 2a9da5b8f04ce7b13d9db194fa01a36ec4b6ac91 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 8 Sep 2019 18:51:15 +0200 Subject: mod_admin_telnet: Identify native bidi sessions --- plugins/mod_admin_telnet.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index c184924c..5c08b8d1 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -552,7 +552,9 @@ local function session_flags(session, line) if session.remote then line[#line+1] = "(remote)"; end - if session.is_bidi or session.bidi_session then + if session.incoming and session.outgoing then + line[#line+1] = "(bidi)"; + elseif session.is_bidi or session.bidi_session then line[#line+1] = "(bidi)"; end if session.bosh_version then -- cgit v1.2.3 From d24e6c7582a6c09be435908083ed19f13fee9bde Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Sep 2019 15:10:31 +0100 Subject: mod_http: Add support for configuring CORS Access-Control-Allow-Credentials --- plugins/mod_http.lua | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 17ea27e1..654ec6c7 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -26,6 +26,7 @@ server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer -- CORS settigs local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); +local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); local function get_http_event(host, app_path, key) @@ -89,11 +90,14 @@ function moduleapi.http_url(module, app_name, default_path) return "http://disabled.invalid/"; end -local function apply_cors_headers(response, methods, headers, max_age, origin) +local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, origin) response.headers.access_control_allow_methods = tostring(methods); response.headers.access_control_allow_headers = tostring(headers); response.headers.access_control_max_age = tostring(max_age) response.headers.access_control_allow_origin = origin or "*"; + if allow_credentials then + response.headers.access_control_allow_credentials = "true"; + end end function module.add_host(module) @@ -119,7 +123,7 @@ function module.add_host(module) local function cors_handler(event_data) local request, response = event_data.request, event_data.response; - apply_cors_headers(response, app_methods, opt_headers, opt_max_age, request.headers.origin); + apply_cors_headers(response, app_methods, opt_headers, opt_max_age, opt_credentials, request.headers.origin); end local function options_handler(event_data) -- cgit v1.2.3 From 01e73988778bf20b8ff5ded517459c7ead977009 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Sat, 28 Sep 2019 20:00:39 +0200 Subject: mod_pubsub: Remove the unwanted check for @notify on . MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This most likely was copied from the handling of , where it actually is required by the spec (XEP-0060 §7.2.2.1), but this attribute doesn’t exist for purge. --- plugins/mod_pubsub/pubsub.lib.lua | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index d59e3d85..a002fbe7 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -638,14 +638,13 @@ function handlers.set_retract(origin, stanza, retract, service) end function handlers.owner_set_purge(origin, stanza, purge, service) - local node, notify = purge.attr.node, purge.attr.notify; - notify = (notify == "1") or (notify == "true"); + local node = purge.attr.node; local reply; if not node then origin.send(pubsub_error_reply(stanza, "nodeid-required")); return true; end - local ok, ret = service:purge(node, stanza.attr.from, notify); + local ok, ret = service:purge(node, stanza.attr.from, true); if ok then reply = st.reply(stanza); else -- cgit v1.2.3 From fad52c768601de198e5c277d547528bfac1f6166 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 28 Sep 2019 22:59:29 +0200 Subject: mod_csi_simple: Remove duplicated check for connection --- plugins/mod_csi_simple.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 13002ea8..4e2b95e1 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -81,7 +81,7 @@ local function flush_buffer(data, session) end function enable_optimizations(session) - if session.conn and session.conn and session.conn.pause_writes then + if session.conn and session.conn.pause_writes then session.conn:pause_writes(); filters.add_filter(session, "stanzas/out", manage_buffer); filters.add_filter(session, "bytes/in", flush_buffer); @@ -91,7 +91,7 @@ function enable_optimizations(session) end function disable_optimizations(session) - if session.conn and session.conn and session.conn.resume_writes then + if session.conn and session.conn.resume_writes then filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); @@ -115,7 +115,7 @@ end); module:hook("c2s-ondrain", function (event) local session = event.session; - if session.state == "inactive" and session.conn and session.conn and session.conn.pause_writes then + if session.state == "inactive" and session.conn and session.conn.pause_writes then session.conn:pause_writes(); session.log("debug", "Buffer flushed, resuming inactive mode (queue size was %d)", session.csi_counter); session.csi_counter = 0; -- cgit v1.2.3 From 2c3bd063b9f6b729b2b1592f964444aecc10de5b Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Sun, 29 Sep 2019 15:05:17 +0200 Subject: mod_register_ibr: Add FORM_TYPE as required by XEP-0077. --- plugins/mod_register_ibr.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index bbe7581d..e04e6ecd 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -25,6 +25,7 @@ end); local account_details = module:open_store("account_details"); local field_map = { + FORM_TYPE = { name = "FORM_TYPE", type = "hidden", value = "jabber:iq:register" }; username = { name = "username", type = "text-single", label = "Username", required = true }; password = { name = "password", type = "text-private", label = "Password", required = true }; nick = { name = "nick", type = "text-single", label = "Nickname" }; @@ -50,6 +51,7 @@ local registration_form = dataform_new{ title = title; instructions = instructions; + field_map.FORM_TYPE; field_map.username; field_map.password; }; -- cgit v1.2.3 From 1fa149d6c4c0e709d62999f044f28cbb0eff4040 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Sun, 29 Sep 2019 15:26:18 +0200 Subject: mod_register_ibr, mod_register_limits: Add support for custom error type and defined-condition. --- plugins/mod_register_ibr.lua | 2 +- plugins/mod_register_limits.lua | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index e04e6ecd..fe5ede2b 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -168,7 +168,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) module:fire_event("user-registering", user); if not user.allowed then log("debug", "Registration disallowed by module: %s", user.reason or "no reason given"); - session.send(st.error_reply(stanza, "modify", "not-acceptable", user.reason)); + session.send(st.error_reply(stanza, user.error_type or "modify", user.error_condition or "not-acceptable", user.reason)); return true; end diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua index 736282a5..55811d74 100644 --- a/plugins/mod_register_limits.lua +++ b/plugins/mod_register_limits.lua @@ -64,15 +64,21 @@ module:hook("user-registering", function (event) log("debug", "Registration disallowed by blacklist"); event.allowed = false; event.reason = "Your IP address is blacklisted"; + event.error_type = "auth"; + event.error_condition = "forbidden"; elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then log("debug", "Registration disallowed by whitelist"); event.allowed = false; event.reason = "Your IP address is not whitelisted"; + event.error_type = "auth"; + event.error_condition = "forbidden"; elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then if not check_throttle(ip) then log("debug", "Registrations over limit for ip %s", ip or "?"); event.allowed = false; event.reason = "Too many registrations from this IP address recently"; + event.error_type = "wait"; + event.error_condition = "policy-violation"; end end end); -- cgit v1.2.3 From 213edf5203123371b0a9fe0efe3606ec6f9575c2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Sep 2019 16:22:05 +0200 Subject: mod_register_ibr: Reminder to maybe use util.error in the future --- plugins/mod_register_ibr.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index fe5ede2b..3f6da004 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -168,6 +168,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) module:fire_event("user-registering", user); if not user.allowed then log("debug", "Registration disallowed by module: %s", user.reason or "no reason given"); + -- TODO This could use util.error session.send(st.error_reply(stanza, user.error_type or "modify", user.error_condition or "not-acceptable", user.reason)); return true; end -- cgit v1.2.3 From fc0e6e197d28d5a37b89a12bf9ae3119d0ae69d6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Sep 2019 17:34:47 +0200 Subject: mod_register_ibr: Distinguish between failure to create account or save extra data --- plugins/mod_register_ibr.lua | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index 3f6da004..2f220658 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -179,14 +179,13 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) return true; end - -- TODO unable to write file, file may be locked, etc, what's the correct error? - local error_reply = st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk."); - if usermanager_create_user(username, password, host) then + local created, err = usermanager_create_user(username, password, host); + if created then data.registered = os.time(); if not account_details:set(username, data) then log("debug", "Could not store extra details"); usermanager_delete_user(username, host); - session.send(error_reply); + session.send(st.error_reply(stanza, "wait", "internal-server-error", "Failed to write data to disk.")); return true; end session.send(st.reply(stanza)); -- user created! @@ -195,8 +194,8 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) username = username, host = host, source = "mod_register", session = session }); else - log("debug", "Could not create user"); - session.send(error_reply); + log("debug", "Could not create user", err); + session.send(st.error_reply(stanza, "cancel", "feature-not-implemented", err)); end return true; end); -- cgit v1.2.3 From f304a306dd05b8f99ba5ef26d301ea33731d2007 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Sep 2019 18:44:58 +0200 Subject: mod_admin_telnet: Use new compact function for waiting on promises --- plugins/mod_admin_telnet.lua | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5c08b8d1..24230257 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1148,13 +1148,7 @@ function def_env.xmpp:ping(localhost, remotehost, timeout) end local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} :tag("ping", {xmlns="urn:xmpp:ping"}); - local ret, err; - local wait, done = async.waiter(); - module:context(localhost):send_iq(iq, nil, timeout) - :next(function (ret_) ret = ret_; end, - function (err_) err = err_; end) - :finally(done); - wait(); + local ret, err = async.wait(module:context(localhost):send_iq(iq, nil, timeout)); if ret then return true, "pong from " .. ret.stanza.attr.from; else -- cgit v1.2.3 From 082761bde34c1a1cca02d574c13d4f8f78637db6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Sep 2019 23:50:34 +0200 Subject: mod_offline: Log a debug message when message is stored --- plugins/mod_offline.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_offline.lua b/plugins/mod_offline.lua index 04c679cf..dffe8357 100644 --- a/plugins/mod_offline.lua +++ b/plugins/mod_offline.lua @@ -24,7 +24,11 @@ module:hook("message/offline/handle", function(event) node = origin.username; end - return offline_messages:append(node, nil, stanza, os.time(), ""); + local ok = offline_messages:append(node, nil, stanza, os.time(), ""); + if ok then + module:log("debug", "Saved to offline storage: %s", stanza:top_tag()); + end + return ok; end, -1); module:hook("message/offline/broadcast", function(event) -- cgit v1.2.3 From 1356b90c3a135009a5b6ba5c56b2f4a407f7fc3a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 5 Oct 2019 16:50:41 +0200 Subject: mod_csi_simple: Try not to flush buffer while already flushing it Reduces log noice --- plugins/mod_csi_simple.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 4e2b95e1..b99aaab3 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -75,6 +75,10 @@ local function manage_buffer(stanza, session) end local function flush_buffer(data, session) + if session.csi_flushing then + return data; + end + session.csi_flushing = true; session.log("debug", "Client sent something, flushing buffer once (queue size is %d)", session.csi_counter); session.conn:resume_writes(); return data; @@ -92,6 +96,7 @@ end function disable_optimizations(session) if session.conn and session.conn.resume_writes then + session.csi_flushing = nil; filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); -- cgit v1.2.3 From 2e1a43906f35d4feaa7398eb1f4848fcdda3bd5c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 5 Oct 2019 16:55:58 +0200 Subject: mod_csi_simple: Always remove session filters when disabling CSI Only guard the actual pausing of outgoing data on the method existing. This prevents the filters from lingering in case something happened to the connection. Removing already removed filters should be a safe noop. --- plugins/mod_csi_simple.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index b99aaab3..24a2f1ce 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -95,10 +95,10 @@ function enable_optimizations(session) end function disable_optimizations(session) + session.csi_flushing = nil; + filters.remove_filter(session, "stanzas/out", manage_buffer); + filters.remove_filter(session, "bytes/in", flush_buffer); if session.conn and session.conn.resume_writes then - session.csi_flushing = nil; - filters.remove_filter(session, "stanzas/out", manage_buffer); - filters.remove_filter(session, "bytes/in", flush_buffer); session.conn:resume_writes(); end end -- cgit v1.2.3 From 7b43531fa9779ba0ec001e87cbe5004cc8e303f1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Oct 2019 19:35:35 +0200 Subject: mod_admin_telnet: xmpp:ping: Log ping time --- plugins/mod_admin_telnet.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 24230257..afb4fb4b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -33,6 +33,7 @@ local envloadfile = require "util.envload".envloadfile; local has_pposix, pposix = pcall(require, "util.pposix"); local async = require "util.async"; local serialize = require "util.serialization".new({ fatal = false, unquoted = true}); +local time = require "util.time"; local commands = module:shared("commands") local def_env = module:shared("env"); @@ -1148,9 +1149,10 @@ function def_env.xmpp:ping(localhost, remotehost, timeout) end local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} :tag("ping", {xmlns="urn:xmpp:ping"}); + local time_start = time.now(); local ret, err = async.wait(module:context(localhost):send_iq(iq, nil, timeout)); if ret then - return true, "pong from " .. ret.stanza.attr.from; + return true, ("pong from %s in %gs"):format(ret.stanza.attr.from, time.now() - time_start); else return false, tostring(err); end -- cgit v1.2.3 From 5460dfed75e36009063b3f0af2b3f9fd0f920837 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 6 Oct 2019 21:14:53 +0200 Subject: mod_s2s: Close with a stream error in case neither SASL or Dialback are available This both tells the remote server and users who sent any queued stanzas why it failed. --- plugins/mod_s2s/mod_s2s.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 41b1875b..b9c13ef2 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -184,7 +184,10 @@ function module.add_host(module) return true; elseif not session.dialback_verifying then session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); - session:close(); + session:close({ + condition = "unsupported-feature", + text = "No viable authentication method offered", + }); return false; end end, -1); -- cgit v1.2.3 From 8340ca2b183123ba1c1b2d78a155c727f70a9b10 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 10 Oct 2019 20:46:27 +0200 Subject: mod_http: Unhook CORS related event handlers Prevents CORS related handlers from being left over on reload. BC: `mod_http.apps[app_name][event_name]` is now a table instead of the main handler function. --- plugins/mod_http.lua | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 654ec6c7..8ef06dc2 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -154,7 +154,11 @@ function module.add_host(module) module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1); end if not app_handlers[event_name] then - app_handlers[event_name] = handler; + app_handlers[event_name] = { + main = handler; + cors = cors_handler; + options = options_handler; + }; module:hook_object_event(server, event_name, handler); module:hook_object_event(server, event_name, cors_handler, 1); module:hook_object_event(server, options_event_name, options_handler, -1); @@ -176,8 +180,11 @@ function module.add_host(module) local function http_app_removed(event) local app_handlers = apps[event.item.name]; apps[event.item.name] = nil; - for event_name, handler in pairs(app_handlers) do - module:unhook_object_event(server, event_name, handler); + for event_name, handlers in pairs(app_handlers) do + module:unhook_object_event(server, event_name, handlers.main); + module:unhook_object_event(server, event_name, handlers.cors); + local options_event_name = event_name:gsub("^%S+", "OPTIONS"); + module:unhook_object_event(server, options_event_name, handlers.options); end end -- cgit v1.2.3 From bf5f096225ec159e50e38b6631114553a03adce9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 12 Oct 2019 19:16:43 +0200 Subject: mod_websocket: Guard against upgrading to websocket from a HEAD request --- plugins/mod_websocket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index c94ea84a..386a4d60 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -136,7 +136,7 @@ function handle_request(event) conn.starttls = false; -- Prevent mod_tls from believing starttls can be done - if not request.headers.sec_websocket_key then + if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; return [[Websocket

It works! Now point your WebSocket client to this URL to connect to Prosody.

-- cgit v1.2.3 From bf566284b130f8be7b5d25bfe883de882f1ff7bb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 13 Oct 2019 00:32:58 +0200 Subject: mod_saslauth: Remove commented-out debug log line --- plugins/mod_saslauth.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 89313de1..52de1434 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -66,7 +66,6 @@ local function sasl_process_cdata(session, stanza) local text = stanza[1]; if text then text = base64.decode(text); - --log("debug", "AUTH: %s", text:gsub("[%z\001-\008\011\012\014-\031]", " ")); if not text then session.sasl_handler = nil; session.send(build_reply("failure", "incorrect-encoding")); -- cgit v1.2.3 From 8eb15f32e17e630b8965813e09d7dc73a9539985 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 13 Oct 2019 00:33:35 +0200 Subject: mod_saslauth: Remove useless debug log line Fairly useless to only log half of SASL messages. Use mod_stanza_debug instead to get the full exchange. --- plugins/mod_saslauth.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 52de1434..251c0c4e 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -75,7 +75,6 @@ local function sasl_process_cdata(session, stanza) local status, ret, err_msg = session.sasl_handler:process(text); status, ret, err_msg = handle_status(session, status, ret, err_msg); local s = build_reply(status, ret, err_msg); - log("debug", "sasl reply: %s", s); session.send(s); return true; end -- cgit v1.2.3 From a375a343326a80bab8d98d86118772d1e0791be1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Oct 2019 21:37:19 +0200 Subject: mod_saslauth: Log (debug) messages about channel binding --- plugins/mod_saslauth.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 251c0c4e..cfaa1f9c 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -250,11 +250,16 @@ module:hook("stream-features", function(event) if sasl_handler.add_cb_handler then local socket = origin.conn:socket(); if socket.getpeerfinished then + log("debug", "Channel binding 'tls-unique' supported"); sasl_handler:add_cb_handler("tls-unique", tls_unique); + else + log("debug", "Channel binding 'tls-unique' not supported (by LuaSec?)"); end sasl_handler["userdata"] = { ["tls-unique"] = socket; }; + else + log("debug", "Channel binding not supported by SASL handler"); end end local mechanisms = st.stanza("mechanisms", mechanisms_attr); -- cgit v1.2.3 From 668089d57cc81ec71f421eb76eb6ea71af7a2d15 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Oct 2019 21:58:10 +0200 Subject: mod_saslauth: Use the power of Set Theory to mange sets of SASL mechanisms This makes sets of excluded mechanisms easily available for use later. --- plugins/mod_saslauth.lua | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index cfaa1f9c..3d3620cf 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -12,6 +12,7 @@ local st = require "util.stanza"; local sm_bind_resource = require "core.sessionmanager".bind_resource; local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; +local set = require "util.set"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; @@ -264,15 +265,32 @@ module:hook("stream-features", function(event) end local mechanisms = st.stanza("mechanisms", mechanisms_attr); local sasl_mechanisms = sasl_handler:mechanisms() + local available_mechanisms = set.new(); for mechanism in pairs(sasl_mechanisms) do - if disabled_mechanisms:contains(mechanism) then - log("debug", "Not offering disabled mechanism %s", mechanism); - elseif not origin.secure and insecure_mechanisms:contains(mechanism) then - log("debug", "Not offering mechanism %s on insecure connection", mechanism); - else - log("debug", "Offering mechanism %s", mechanism); + available_mechanisms:add(mechanism); + end + log("debug", "SASL mechanisms supported by handler: %s", available_mechanisms); + + local usable_mechanisms = available_mechanisms - disabled_mechanisms; + + local available_disabled = set.intersection(available_mechanisms, disabled_mechanisms); + if not available_disabled:empty() then + log("debug", "Not offering disabled mechanisms: %s", available_disabled); + end + + local available_insecure = set.intersection(available_mechanisms, insecure_mechanisms); + if not origin.secure and not available_insecure:empty() then + log("debug", "Session is not secure, not offering insecure mechanisms: %s", available_insecure); + usable_mechanisms = usable_mechanisms - insecure_mechanisms; + end + + if not usable_mechanisms:empty() then + log("debug", "Offering usable mechanisms: %s", usable_mechanisms); + for mechanism in available_mechanisms do mechanisms:tag("mechanism"):text(mechanism):up(); end + features:add_child(mechanisms); + return; end if mechanisms[1] then features:add_child(mechanisms); -- cgit v1.2.3 From 57a86c0b0c206495acf6a36fc22f2506ea438f3f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Oct 2019 22:05:51 +0200 Subject: mod_saslauth: Improve logging of why no SASL mechanisms were offered --- plugins/mod_saslauth.lua | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 3d3620cf..be57e8d8 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -292,14 +292,26 @@ module:hook("stream-features", function(event) features:add_child(mechanisms); return; end - if mechanisms[1] then - features:add_child(mechanisms); - elseif not next(sasl_mechanisms) then - local authmod = module:get_option_string("authentication", "internal_plain"); + + local authmod = module:get_option_string("authentication", "internal_plain"); + if available_mechanisms:empty() then log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); - else - log("warn", "All available authentication mechanisms are either disabled or not suitable for an insecure connection"); + return; + end + + if not origin.secure and not available_insecure:empty() then + if not available_disabled:empty() then + log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)", + authmod, available_insecure, available_disabled); + else + log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)", + authmod, available_insecure); + end + elseif not available_disabled:empty() then + log("error", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)", + authmod, available_disabled); end + else features:tag("bind", bind_attr):tag("required"):up():up(); features:tag("session", xmpp_session_attr):tag("optional"):up():up(); -- cgit v1.2.3 From 4d28443876e2122d89bf41a2e57b34a6d1d4e813 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 15 Oct 2019 23:38:29 +0200 Subject: mod_saslauth: Demote "no SASL mechanisms" error back to warning This gets printed before TLS if c2s_require_encryption = false, in which case it is just annoying. --- plugins/mod_saslauth.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index be57e8d8..9e9091d3 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -295,20 +295,20 @@ module:hook("stream-features", function(event) local authmod = module:get_option_string("authentication", "internal_plain"); if available_mechanisms:empty() then - log("error", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); + log("warn", "No available SASL mechanisms, verify that the configured authentication module '%s' is loaded and configured correctly", authmod); return; end if not origin.secure and not available_insecure:empty() then if not available_disabled:empty() then - log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)", + log("warn", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s) or disabled (%s)", authmod, available_insecure, available_disabled); else - log("error", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)", + log("warn", "All SASL mechanisms provided by authentication module '%s' are forbidden on insecure connections (%s)", authmod, available_insecure); end elseif not available_disabled:empty() then - log("error", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)", + log("warn", "All SASL mechanisms provided by authentication module '%s' are disabled (%s)", authmod, available_disabled); end -- cgit v1.2.3 From 21b0efc6ad3d7b757bebc45330ca9e40dcc158b2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 20 Oct 2019 14:54:57 +0200 Subject: MUC: Validate registration dataform more carefully --- plugins/muc/register.lib.lua | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index da106f8c..cfbdfb59 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -136,7 +136,19 @@ local function handle_register_iq(room, origin, stanza) return true; end local form_tag = query:get_child("x", "jabber:x:data"); - local reg_data = form_tag and registration_form:data(form_tag); + if not form_tag then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing dataform")); + return true; + end + local form_type, err = dataforms.get_type(form_tag); + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error with form: "..err)); + return true; + elseif form_type ~= "http://jabber.org/protocol/muc#register" then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); + return true; + end + local reg_data = registration_form:data(form_tag); if not reg_data then origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); return true; -- cgit v1.2.3 From 190c1e7772fe11c353ce0c0e001490e29734a63a Mon Sep 17 00:00:00 2001 From: Lance Stout Date: Sun, 20 Oct 2019 21:58:16 +0200 Subject: MUC: Add controls for whose presence is broadcast (closes #1335) Committed by Zash --- plugins/muc/mod_muc.lua | 7 +++ plugins/muc/muc.lib.lua | 23 +++++++-- plugins/muc/presence_broadcast.lib.lua | 87 ++++++++++++++++++++++++++++++++++ 3 files changed, 112 insertions(+), 5 deletions(-) create mode 100644 plugins/muc/presence_broadcast.lib.lua (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 89e67744..e55bd6a2 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -86,6 +86,12 @@ room_mt.get_registered_nick = register.get_registered_nick; room_mt.get_registered_jid = register.get_registered_jid; room_mt.handle_register_iq = register.handle_register_iq; +local presence_broadcast = module:require "muc/presence_broadcast"; +room_mt.get_presence_broadcast = presence_broadcast.get; +room_mt.set_presence_broadcast = presence_broadcast.set; +room_mt.get_valid_broadcast_roles = presence_broadcast.get_valid_broadcast_roles; + + local jid_split = require "util.jid".split; local jid_bare = require "util.jid".bare; local st = require "util.stanza"; @@ -263,6 +269,7 @@ local function set_room_defaults(room, lang) room:set_changesubject(module:get_option_boolean("muc_room_default_change_subject", room:get_changesubject())); room:set_historylength(module:get_option_number("muc_room_default_history_length", room:get_historylength())); room:set_language(lang or module:get_option_string("muc_room_default_language")); + room:set_presence_broadcast(module:get_option("muc_room_default_presence_broadcast", room:get_presence_broadcast())); end function create_room(room_jid, config) diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index d84f4ac1..200f69f9 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -218,13 +218,13 @@ end -- Broadcasts an occupant's presence to the whole room -- Takes the x element that goes into the stanzas -function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason) +function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason, prev_role, force_unavailable) local base_x = x.base or x; -- Build real jid and (optionally) occupant jid template presences local base_presence do -- Try to use main jid's presence local pr = occupant:get_presence(); - if pr and (occupant.role ~= nil or pr.attr.type == "unavailable") then + if pr and (occupant.role ~= nil or pr.attr.type == "unavailable") and not force_unavailable then base_presence = st.clone(pr); else -- user is leaving but didn't send a leave presence. make one for them base_presence = st.presence {from = occupant.nick; type = "unavailable";}; @@ -280,6 +280,8 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason) self_p = st.clone(base_presence):add_child(self_x); end + local broadcast_roles = self:get_presence_broadcast(); + -- General populace for occupant_nick, n_occupant in self:each_occupant() do if occupant_nick ~= occupant.nick then @@ -291,7 +293,13 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason) else pr = get_anon_p(); end - self:route_to_occupant(n_occupant, pr); + if broadcast_roles[occupant.role or "none"] or force_unavailable then + self:route_to_occupant(n_occupant, pr); + elseif prev_role and broadcast_roles[prev_role] then + pr.attr.type = 'unavailable'; + self:route_to_occupant(n_occupant, pr); + end + end end @@ -315,6 +323,7 @@ function room_mt:send_occupant_list(to, filter) local to_bare = jid_bare(to); local is_anonymous = false; local whois = self:get_whois(); + local broadcast_roles = self:get_presence_broadcast(); if whois ~= "anyone" then local affiliation = self:get_affiliation(to); if affiliation ~= "admin" and affiliation ~= "owner" then @@ -331,7 +340,9 @@ function room_mt:send_occupant_list(to, filter) local pres = st.clone(occupant:get_presence()); pres.attr.to = to; pres:add_child(x); - self:route_stanza(pres); + if to_bare == occupant.bare_jid or broadcast_roles[occupant.role or "none"] then + self:route_stanza(pres); + end end end end @@ -1442,9 +1453,11 @@ function room_mt:set_role(actor, occupant_jid, role, reason) if not role then x:tag("status", {code = "307"}):up(); end + + local prev_role = occupant.role; occupant.role = role; self:save_occupant(occupant); - self:publicise_occupant_status(occupant, x, nil, actor, reason); + self:publicise_occupant_status(occupant, x, nil, actor, reason, prev_role); if role == nil then module:fire_event("muc-occupant-left", { room = self; diff --git a/plugins/muc/presence_broadcast.lib.lua b/plugins/muc/presence_broadcast.lib.lua new file mode 100644 index 00000000..ace614b3 --- /dev/null +++ b/plugins/muc/presence_broadcast.lib.lua @@ -0,0 +1,87 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- Copyright (C) 2014 Daurnimator +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +local st = require "util.stanza"; + +local valid_roles = { "visitor", "participant", "moderator" }; +local default_broadcast = { + none = true; + visitor = true; + participant = true; + moderator = true; +}; + +local function get_presence_broadcast(room) + return room._data.presence_broadcast or default_broadcast; +end + +local function set_presence_broadcast(room, broadcast_roles) + broadcast_roles = broadcast_roles or default_broadcast; + + -- Ensure that unavailable presence is always sent when role changes to none + broadcast_roles.none = true; + + local changed = false; + local old_broadcast_roles = get_presence_broadcast(room); + for _, role in ipairs(valid_roles) do + if old_broadcast_roles[role] ~= broadcast_roles[role] then + changed = true; + end + end + + if not changed then return false; end + + room._data.presence_broadcast = broadcast_roles; + + for _, occupant in room:each_occupant() do + local x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user";}); + local role = occupant.role or "none"; + if broadcast_roles[role] and not old_broadcast_roles[role] then + -- Presence broadcast is now enabled, so announce existing user + room:publicise_occupant_status(occupant, x); + elseif old_broadcast_roles[role] and not broadcast_roles[role] then + -- Presence broadcast is now disabled, so mark existing user as unavailable + room:publicise_occupant_status(occupant, x, nil, nil, nil, nil, true); + end + end + + return true; +end + +module:hook("muc-config-form", function(event) + local values = {}; + for role, value in pairs(get_presence_broadcast(event.room)) do + if value then + values[#values + 1] = role; + end + end + + table.insert(event.form, { + name = "muc#roomconfig_presencebroadcast"; + type = "list-multi"; + label = "Roles for which Presence is Broadcasted"; + value = values; + options = valid_roles; + }); +end, 70-7); + +module:hook("muc-config-submitted/muc#roomconfig_presencebroadcast", function(event) + local broadcast_roles = {}; + for _, role in ipairs(event.value) do + broadcast_roles[role] = true; + end + if set_presence_broadcast(event.room, broadcast_roles) then + event.status_codes["104"] = true; + end +end); + +return { + get = get_presence_broadcast; + set = set_presence_broadcast; +}; -- cgit v1.2.3 From 7207a107fd582334d32af3d847ef8e939d136e97 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 20 Oct 2019 23:47:48 +0200 Subject: MUC: Advertise history related fields as integers via XEP-0122 This takes advantage of data type validation and conversion done in util.dataforms. --- plugins/muc/history.lib.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/history.lib.lua b/plugins/muc/history.lib.lua index 0d69c97d..f9ddabbf 100644 --- a/plugins/muc/history.lib.lua +++ b/plugins/muc/history.lib.lua @@ -48,16 +48,18 @@ module:hook("muc-config-form", function(event) table.insert(event.form, { name = "muc#roomconfig_historylength"; type = "text-single"; + datatype = "xs:integer"; label = "Maximum number of history messages returned by room"; desc = "Specify the maximum number of previous messages that should be sent to users when they join the room"; - value = tostring(get_historylength(event.room)); + value = get_historylength(event.room); }); table.insert(event.form, { name = 'muc#roomconfig_defaulthistorymessages', type = 'text-single', + datatype = "xs:integer"; label = 'Default number of history messages returned by room', desc = "Specify the number of previous messages sent to new users when they join the room"; - value = tostring(get_defaulthistorymessages(event.room)) + value = get_defaulthistorymessages(event.room); }); end, 70-5); -- cgit v1.2.3 From b5b9b70c88a1287f034bceccdd953fe805bc78c6 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 27 Oct 2019 14:45:57 +0000 Subject: util.pubsub, pubsub.lib and tests: Add text to precondition-not-met error (fixes #1455) --- plugins/mod_pubsub/pubsub.lib.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index a002fbe7..23695211 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -7,6 +7,7 @@ local st = require "util.stanza"; local it = require "util.iterators"; local uuid_generate = require "util.uuid".generate; local dataform = require"util.dataforms".new; +local errors = require "util.error"; local xmlns_pubsub = "http://jabber.org/protocol/pubsub"; local xmlns_pubsub_errors = "http://jabber.org/protocol/pubsub#errors"; @@ -34,6 +35,9 @@ local pubsub_errors = { }; local function pubsub_error_reply(stanza, error) local e = pubsub_errors[error]; + if not e and errors.is_err(error) then + e = { error.type, error.condition, error.text, error.pubsub_condition }; + end local reply = st.error_reply(stanza, t_unpack(e, 1, 3)); if e[4] then reply:tag(e[4], { xmlns = xmlns_pubsub_errors }):up(); -- cgit v1.2.3 From 2834c8aaff68fc71a6ccba394c1c3ccbe06846a1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Sep 2019 19:13:14 +0200 Subject: MUC: Enforce strict resourceprep on nicknames (bye bye robot face) --- plugins/muc/muc.lib.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 200f69f9..3a228aae 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -444,6 +444,22 @@ module:hook("muc-occupant-pre-change", function(event) end end, 1); +module:hook("muc-occupant-pre-join", function(event) + local nick = jid_resource(event.occupant.nick); + if not resourceprep(nick, true) then -- strict + event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation")); + return true; + end +end, 2); + +module:hook("muc-occupant-pre-change", function(event) + local nick = jid_resource(event.dest_occupant.nick); + if not resourceprep(nick, true) then -- strict + event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation")); + return true; + end +end, 2); + function room_mt:handle_first_presence(origin, stanza) local real_jid = stanza.attr.from; local dest_jid = stanza.attr.to; -- cgit v1.2.3 From 1d400b6d80c689a3d6fcfcde0d588e18941f00d2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 1 Nov 2019 18:09:13 +0100 Subject: mod_register_ibr: Allow registartion rejection reason as util.error object --- plugins/mod_register_ibr.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index 2f220658..32e6f710 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -168,8 +168,15 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) module:fire_event("user-registering", user); if not user.allowed then log("debug", "Registration disallowed by module: %s", user.reason or "no reason given"); - -- TODO This could use util.error - session.send(st.error_reply(stanza, user.error_type or "modify", user.error_condition or "not-acceptable", user.reason)); + local error_type, error_condition, reason; + local err = user.error; + if err then + error_type, error_condition, reason = err.type, err.condition, err.text; + else + -- COMPAT pre-util.error + error_type, error_condition, reason = user.error_type, user.error_condition, user.reason; + end + session.send(st.error_reply(stanza, error_type or "modify", error_condition or "not-acceptable", reason)); return true; end -- cgit v1.2.3 From 9f13e20ffef42d61a3f72a3b11a68125557667c3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 1 Nov 2019 18:11:58 +0100 Subject: mod_register_limits: Use util.error for managing rejection reasons --- plugins/mod_register_limits.lua | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua index 55811d74..fc9bf27a 100644 --- a/plugins/mod_register_limits.lua +++ b/plugins/mod_register_limits.lua @@ -13,6 +13,7 @@ local ip_util = require "util.ip"; local new_ip = ip_util.new_ip; local match_ip = ip_util.match; local parse_cidr = ip_util.parse_cidr; +local errors = require "util.error"; local min_seconds_between_registrations = module:get_option_number("min_seconds_between_registrations"); local whitelist_only = module:get_option_boolean("whitelist_registration_only"); @@ -54,6 +55,24 @@ local function ip_in_set(set, ip) return false; end +local err_registry = { + blacklisted = { + text = "Your IP address is blacklisted"; + type = "auth"; + condition = "forbidden"; + }; + not_whitelisted = { + text = "Your IP address is not whitelisted"; + type = "auth"; + condition = "forbidden"; + }; + throttled = { + reason = "Too many registrations from this IP address recently"; + type = "wait"; + condition = "policy-violation"; + }; +} + module:hook("user-registering", function (event) local session = event.session; local ip = event.ip or session and session.ip; @@ -63,22 +82,22 @@ module:hook("user-registering", function (event) elseif ip_in_set(blacklisted_ips, ip) then log("debug", "Registration disallowed by blacklist"); event.allowed = false; - event.reason = "Your IP address is blacklisted"; - event.error_type = "auth"; - event.error_condition = "forbidden"; + event.error = errors.new("blacklisted", err_registry, event); elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then log("debug", "Registration disallowed by whitelist"); event.allowed = false; - event.reason = "Your IP address is not whitelisted"; - event.error_type = "auth"; - event.error_condition = "forbidden"; + event.error = errors.new("not_whitelisted", err_registry, event); elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then if not check_throttle(ip) then log("debug", "Registrations over limit for ip %s", ip or "?"); event.allowed = false; - event.reason = "Too many registrations from this IP address recently"; - event.error_type = "wait"; - event.error_condition = "policy-violation"; + event.error = errors.new("throttle", err_registry, event); end end + if event.error then + -- COMPAT pre-util.error + event.reason = event.error.text; + event.error_type = event.error.type; + event.error_condition = event.error.condition; + end end); -- cgit v1.2.3 From 8de5e91be6f1c6e5fb1009d4a90dfea73b17cb48 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 1 Nov 2019 22:08:38 +0100 Subject: MUC: Strictly validate room JID on creation This should prevent any MUCs with invalid JID (according to current normalization routine) --- plugins/muc/mod_muc.lua | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index e55bd6a2..166249cc 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -93,6 +93,7 @@ room_mt.get_valid_broadcast_roles = presence_broadcast.get_valid_broadcast_roles local jid_split = require "util.jid".split; +local jid_prep = require "util.jid".prep; local jid_bare = require "util.jid".bare; local st = require "util.stanza"; local cache = require "util.cache"; @@ -273,6 +274,9 @@ local function set_room_defaults(room, lang) end function create_room(room_jid, config) + if jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true) then + return nil, "invalid-jid"; + end local exists = get_room_from_jid(room_jid); if exists then return nil, "room-exists"; @@ -460,6 +464,10 @@ for event_name, method in pairs { if room == nil then -- Watch presence to create rooms + if not jid_prep(room_jid, true) then + origin.send(st.error_reply(stanza, "modify", "jid-malformed")); + return true; + end if stanza.attr.type == nil and stanza.name == "presence" and stanza:get_child("x", "http://jabber.org/protocol/muc") then room = muclib.new_room(room_jid); return room:handle_first_presence(origin, stanza); -- cgit v1.2.3 From 64a2f6c1920e46288b323efcf9ce445fde61226a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 1 Nov 2019 23:11:43 +0100 Subject: mod_register_ibr: Enforce strict JID validation --- plugins/mod_register_ibr.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index 32e6f710..6de9bc33 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -155,7 +155,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) return true; end - local username, password = nodeprep(data.username), data.password; + local username, password = nodeprep(data.username, true), data.password; data.username, data.password = nil, nil; local host = module.host; if not username or username == "" then -- cgit v1.2.3 From fb0fee842496d9cf89464479406352161f2888bd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 14:22:06 +0100 Subject: MUC: Make nickname field in registration form required Prevents traceback from resourceprep(nil) muc#register_roomnick is also required in XEP-0045 --- plugins/muc/register.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index 4ae393c7..bf8cd877 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -53,7 +53,7 @@ end); local registration_form = dataforms.new { { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/muc#register" }, - { name = "muc#register_roomnick", type = "text-single", label = "Nickname"}, + { name = "muc#register_roomnick", type = "text-single", required = true, label = "Nickname"}, }; local function enforce_nick_policy(event) -- cgit v1.2.3 From c66adb1b89d584c2ca07579c81e54043a3193a18 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:27:53 +0100 Subject: mod_dialback: Abort early if request is missing addressing attributes Prevents traceback from passing nil to nameprep() --- plugins/mod_dialback.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index eddc3209..dc843498 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -93,6 +93,11 @@ module:hook("stanza/jabber:server:dialback:result", function(event) -- he wants to be identified through dialback -- We need to check the key with the Authoritative server local attr = stanza.attr; + if not attr.to or not attr.from then + origin.log("debug", "Missing Dialback addressing (from=%q, to=%q)", attr.from, attr.to); + origin:close("improper-addressing"); + return true; + end local to, from = nameprep(attr.to), nameprep(attr.from); if not hosts[to] then -- cgit v1.2.3 From 6164878eb1f3b5b72b0cc3803e6e6b5d7b3a9309 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:29:13 +0100 Subject: mod_bosh: Abort early if request is missing hostname Prevents traceback from passing nil to nameprep() --- plugins/mod_bosh.lua | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index f4d7eba2..b45a9dc2 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -272,6 +272,15 @@ function stream_callbacks.streamopened(context, attr) -- New session request context.notopen = nil; -- Signals that we accept this opening tag + if not attr.to then + log("debug", "BOSH client tried to connect without specifying a host"); + report_bad_host(); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); + response:send(tostring(close_reply)); + return; + end + local to_host = nameprep(attr.to); local wait = tonumber(attr.wait); if not to_host then -- cgit v1.2.3 From e131bbd3a4cc84f05d44be877ed2201031e2f810 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:39:40 +0100 Subject: mod_c2s: Validate that a 'to' attribute exists at all Prevents traceback from nameprep(nil) --- plugins/mod_c2s.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 02a0c5eb..aec0370d 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -56,6 +56,11 @@ local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; function stream_callbacks.streamopened(session, attr) local send = session.send; + if not attr.to then + session:close{ condition = "improper-addressing", + text = "A 'to' attribute is required on stream headers" }; + return; + end local host = nameprep(attr.to); if not host then session:close{ condition = "improper-addressing", -- cgit v1.2.3 From fd7ac7b72e6337637c7d02ab5858067357be542d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:40:20 +0100 Subject: mod_dialback: Fix potential traceback in case of missing addressing Not tested. Assuming nothing good comes from continuing the program flow after this. The connection should get closed and the event gets aborted by a traceback anyways. --- plugins/mod_dialback.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index dc843498..f580d948 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -107,6 +107,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event) return true; elseif not from then origin:close("improper-addressing"); + return true; end if dwd and origin.secure then -- cgit v1.2.3 From b24814cbe469216a4321635a48e3f9077d313f49 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:43:17 +0100 Subject: mod_s2s: Only nameprep stream to/from addresses if they are present Prevents traceback from nameprep(nil) --- plugins/mod_s2s/mod_s2s.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index b9c13ef2..42998c30 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -327,7 +327,9 @@ function stream_callbacks._streamopened(session, attr) -- Send a reply stream header -- Validate to/from - local to, from = nameprep(attr.to), nameprep(attr.from); + local to, from = attr.to, attr.from; + if to then to = nameprep(attr.to); end + if from then from = nameprep(attr.from); end if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) session:close({ condition = "improper-addressing", text = "Invalid 'to' address" }); return; -- cgit v1.2.3 From 1783288951625b5eee9f28d81bc31145530cf774 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:43:56 +0100 Subject: mod_user_account_management: Apply username normalization later Prevents traceback from nodeprep(nil) --- plugins/mod_user_account_management.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_user_account_management.lua b/plugins/mod_user_account_management.lua index 615c1ed6..130ed089 100644 --- a/plugins/mod_user_account_management.lua +++ b/plugins/mod_user_account_management.lua @@ -53,9 +53,10 @@ local function handle_registration_stanza(event) log("info", "User removed their account: %s@%s", username, host); module:fire_event("user-deregistered", { username = username, host = host, source = "mod_register", session = session }); else - local username = nodeprep(query:get_child_text("username")); + local username = query:get_child_text("username"); local password = query:get_child_text("password"); if username and password then + username = nodeprep(username); if username == session.username then if usermanager_set_password(username, password, session.host, session.resource) then session.send(st.reply(stanza)); -- cgit v1.2.3 From 1a78e0a7ac93b3d0b4251a865eb994bcd3e5eaba Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 16:02:37 +0100 Subject: mod_admin_telnet: Show s2s authentication method (probably) used --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index afb4fb4b..2bbd367b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -538,6 +538,12 @@ local function session_flags(session, line) if session.cert_identity_status == "valid" then line[#line+1] = "(authenticated)"; end + if session.dialback_key then + line[#line+1] = "(dialback)"; + end + if session.external_auth then + line[#line+1] = "(SASL)"; + end if session.secure then line[#line+1] = "(encrypted)"; end -- cgit v1.2.3 From 5164f0f45c0a4e68aea9887ee13e2900b19cdf57 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 7 Nov 2019 17:07:02 +0100 Subject: mod_admin_adhoc: Add some flags to s2s listing command These are present in mod_admin_telnet and relevant to s2s --- plugins/mod_admin_adhoc.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua index 37e77ab0..4fea5a73 100644 --- a/plugins/mod_admin_adhoc.lua +++ b/plugins/mod_admin_adhoc.lua @@ -392,6 +392,12 @@ local function session_flags(session, line) if session.cert_identity_status == "valid" then flags[#flags+1] = "authenticated"; end + if session.dialback_key then + flags[#flags+1] = "dialback"; + end + if session.external_auth then + flags[#flags+1] = "SASL"; + end if session.secure then flags[#flags+1] = "encrypted"; end @@ -404,6 +410,12 @@ local function session_flags(session, line) if session.ip and session.ip:match(":") then flags[#flags+1] = "IPv6"; end + if session.incoming and session.outgoing then + flags[#flags+1] = "bidi"; + elseif session.is_bidi or session.bidi_session then + flags[#flags+1] = "bidi"; + end + line[#line+1] = "("..t_concat(flags, ", ")..")"; return t_concat(line, " "); -- cgit v1.2.3 From c63beda273f7180dcf4cff13db3921840818d2c6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 7 Nov 2019 19:23:42 +0100 Subject: mod_ping: Remove ad-hoc command 17:27:40 Zash: the Ping thing is absolutely worthless 17:27:55 The command provided by mod_ping? 17:27:59 To own server? 17:28:14 the Ping command in mod_admin_web, whatever it maps to 17:28:29 > Pong > 2019-11-07T16:28:16Z What am I supposed to do with that result? 17:28:29 Yeah, mod_ping provides that 17:28:41 Is it a ping to my own server? Where's the RTT? 17:28:48 Dunno if it's useful for more than verifying that the adhoc command system works 17:29:02 (it lags, but there is no indication of how much) 17:29:14 It can't really test that itself 17:29:52 Anyone opposed to deleting it? 17:30:42 Half the module 17:42:47 Zash, I'm fine with removing it --- plugins/mod_ping.lua | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_ping.lua b/plugins/mod_ping.lua index 5fff58d1..df24c495 100644 --- a/plugins/mod_ping.lua +++ b/plugins/mod_ping.lua @@ -16,18 +16,3 @@ end module:hook("iq-get/bare/urn:xmpp:ping:ping", ping_handler); module:hook("iq-get/host/urn:xmpp:ping:ping", ping_handler); - --- Ad-hoc command - -local datetime = require "util.datetime".datetime; - -function ping_command_handler (self, data, state) -- luacheck: ignore 212 - local now = datetime(); - return { info = "Pong\n"..now, status = "completed" }; -end - -module:depends "adhoc"; -local adhoc_new = module:require "adhoc".new; -local descriptor = adhoc_new("Ping", "ping", ping_command_handler); -module:provides("adhoc", descriptor); - -- cgit v1.2.3 From 6666a4c8147fd5ba7e58fdc0fef64e8c0ff83be3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 8 Nov 2019 23:03:47 +0100 Subject: mod_s2s: Allow passing bounce reason as an util.error object (see #770) This argument is currently unused in s2smanager. --- plugins/mod_s2s/mod_s2s.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 42998c30..9db13cb7 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -29,6 +29,7 @@ local fire_global_event = prosody.events.fire_event; local runner = require "util.async".runner; local connect = require "net.connect".connect; local service = require "net.resolvers.service"; +local errors = require "util.error"; local connect_timeout = module:get_option_number("s2s_timeout", 90); local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); @@ -83,18 +84,24 @@ local function bounce_sendq(session, reason) -- TODO use util.error ? local error_type = "cancel"; local condition = "remote-server-not-found"; + local reason_text; if session.had_stream then -- set when a stream is opened by the remote error_type, condition = "wait", "remote-server-timeout"; end + if errors.is_err(reason) then + error_type, condition, reason_text = reason.type, reason.condition, reason.text; + elseif type(reason) == "string" then + reason_text = reason; + end for i, data in ipairs(sendq) do local reply = data[2]; if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then reply.attr.type = "error"; reply:tag("error", {type = error_type, by = session.from_host}) :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); - if reason then + if reason_text then reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}) - :text("Server-to-server connection failed: "..reason):up(); + :text("Server-to-server connection failed: "..reason_text):up(); end core_process_stanza(dummy, reply); end -- cgit v1.2.3 From fd9ccf20d5b652dbad1f37cecd540661f4642ee6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 16 Nov 2019 16:39:45 +0100 Subject: mod_http: Soften dependency on mod_http_errors This allows disabling mod_http_errors by adding it to moduless_disabled and ensures mod_http loads even if the error pages aren't as pretty. --- plugins/mod_http.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 8ef06dc2..081aa7e9 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -7,7 +7,9 @@ -- module:set_global(); -module:depends("http_errors"); +pcall(function () + module:depends("http_errors"); +end); local portmanager = require "core.portmanager"; local moduleapi = require "core.moduleapi"; -- cgit v1.2.3 From 2a7715e94b907989fcd58e4b86980c5ae4cbf7b1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 17 Nov 2019 17:59:56 +0100 Subject: mod_csi_simple: Make sure to disable optimizations before mod_smacks (thanks pep.) --- plugins/mod_csi_simple.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 24a2f1ce..4a87f06c 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -116,7 +116,7 @@ end); module:hook("pre-resource-unbind", function (event) local session = event.session; disable_optimizations(session); -end); +end, 1); module:hook("c2s-ondrain", function (event) local session = event.session; -- cgit v1.2.3 From 0455a31dbc1cdc4a918753292157cf3a254b322d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 17 Nov 2019 23:08:45 +0100 Subject: mod_muc_mam: Copy debug log improvements from mod_mam --- plugins/mod_muc_mam.lua | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 7fc9fabf..1df93a18 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -166,10 +166,11 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) qstart, qend = vstart, vend; end - module:log("debug", "Archive query id %s from %s until %s)", - tostring(qid), - qstart and timestamp(qstart) or "the dawn of time", - qend and timestamp(qend) or "now"); + module:log("debug", "Archive query by %s id=%s when=%s...%s", + origin.username, + qid or stanza.attr.id, + qstart and timestamp(qstart) or "", + qend and timestamp(qend) or ""); -- RSM stuff local qset = rsm.get(query); @@ -178,6 +179,9 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) local before, after = qset and qset.before, qset and qset.after; if type(before) ~= "string" then before = nil; end + if qset then + module:log("debug", "Archive query id=%s rsm=%q", qid or stanza.attr.id, qset); + end -- Load all the data! local data, err = archive:find(room_node, { @@ -189,6 +193,7 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) }); if not data then + module:log("debug", "Archive query id=%s failed: %s", qid or stanza.attr.id, err); if err == "item-not-found" then origin.send(st.error_reply(stanza, "modify", "item-not-found")); else @@ -250,13 +255,14 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) first, last = last, first; end - -- That's all folks! - module:log("debug", "Archive query %s completed", qid); origin.send(st.reply(stanza) :tag("fin", { xmlns = xmlns_mam, queryid = qid, complete = complete }) :add_child(rsm.generate { first = first, last = last, count = total })); + + -- That's all folks! + module:log("debug", "Archive query id=%s completed, %d items returned", qid or stanza.attr.id, complete and count or count - 1); return true; end); -- cgit v1.2.3 From 4216970602aaf459c0f3b0f408eae7d6239f6861 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 18 Nov 2019 20:37:40 +0100 Subject: mod_s2s: Wait for remote to close any connection allowing incoming stanzas Ie both s2sin and bidi-enabled s2sout. --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 9db13cb7..7ee88f3e 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -533,7 +533,7 @@ local function session_close(session, reason, remote_reason) -- Authenticated incoming stream may still be sending us stanzas, so wait for from remote local conn = session.conn; - if reason == nil and not session.notopen and session.type == "s2sin" then + if reason == nil and not session.notopen and session.incoming then add_task(stream_close_timeout, function () if not session.destroyed then session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); -- cgit v1.2.3 From e130b377970996b9eb3d36c74db121835ed0a57e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 20 Nov 2019 21:31:46 +0100 Subject: mod_admin_telnet: Show SNI name in show_tls() if available --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 2bbd367b..cef79d25 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -584,6 +584,12 @@ local function tls_info(session, line) else line[#line+1] = "(cipher info unavailable)"; end + if sock.getsniname then + local name = sock:getsniname(); + if name then + line[#line+1] = ("(SNI:%q)"):format(name); + end + end else line[#line+1] = "(insecure)"; end -- cgit v1.2.3 From 3aee8e24a6873fce6b7ab30f5b87d17089e0d5a6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Nov 2019 01:29:03 +0100 Subject: s2s: Allow passing a custom error for bouncing queued stanzas (#770) Since stream errors and stanza errors are different --- plugins/mod_s2s/mod_s2s.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 7ee88f3e..6bb444f5 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -487,7 +487,7 @@ end --- Session methods local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local function session_close(session, reason, remote_reason) +local function session_close(session, reason, remote_reason, bounce_reason) local log = session.log or log; if session.conn then if session.notopen then @@ -537,12 +537,12 @@ local function session_close(session, reason, remote_reason) add_task(stream_close_timeout, function () if not session.destroyed then session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); - s2s_destroy_session(session, reason); + s2s_destroy_session(session, reason, bounce_reason); conn:close(); end end); else - s2s_destroy_session(session, reason); + s2s_destroy_session(session, reason, bounce_reason); conn:close(); -- Close immediately, as this is an outgoing connection or is not authed end end -- cgit v1.2.3 From 55c130d1e410cdab6e35312f848d4f4a33682699 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Nov 2019 01:32:53 +0100 Subject: mod_s2s: Add error text for error replies on some s2s failures (#770) --- plugins/mod_s2s/mod_s2s.lua | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6bb444f5..e7ed8797 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -194,7 +194,7 @@ function module.add_host(module) session:close({ condition = "unsupported-feature", text = "No viable authentication method offered", - }); + }, nil, "No viable authentication method offered by remote server"); return false; end end, -1); @@ -255,7 +255,7 @@ function make_authenticated(event) condition = "policy-violation", text = "Encrypted server-to-server communication is required but was not " ..((session.direction == "outgoing" and "offered") or "used") - }); + }, nil, "Could not establish encrypted connection to remote server"); end end if hosts[host] then @@ -608,7 +608,7 @@ local function initialize_session(session) local ok, err = stream:feed(data); if ok then return; end log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); - session:close("not-well-formed"); + session:close("not-well-formed", nil, "Received invalid XML from remote server"); end end @@ -738,9 +738,10 @@ function check_auth_policy(event) if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); if session.direction == "incoming" then - session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); + session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }, + nil, "Remote server's certificate is invalid, expired, or not trusted"); else -- Close outgoing connections without warning - session:close(false); + session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted"); end return false; end -- cgit v1.2.3 From aa5d88fe4437d08b509164568150bafc16222ce5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 17 Nov 2019 23:53:51 +0100 Subject: mod_csi: Only advertise CSI to clients if something is handling CSI events --- plugins/mod_csi.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi.lua b/plugins/mod_csi.lua index 84476cac..870df418 100644 --- a/plugins/mod_csi.lua +++ b/plugins/mod_csi.lua @@ -3,7 +3,7 @@ local xmlns_csi = "urn:xmpp:csi:0"; local csi_feature = st.stanza("csi", { xmlns = xmlns_csi }); module:hook("stream-features", function (event) - if event.origin.username then + if event.origin.username and prosody.hosts[module.host].events._handlers["csi-client-active"] then event.features:add_child(csi_feature); end end); -- cgit v1.2.3 From 7c3ba237b9d0f3eb829b90e9e9344e5790481de3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Nov 2019 17:09:48 +0100 Subject: mod_csi: Set module status based on whether a CSI handler module appears to be loaded --- plugins/mod_csi.lua | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi.lua b/plugins/mod_csi.lua index 870df418..e84ee032 100644 --- a/plugins/mod_csi.lua +++ b/plugins/mod_csi.lua @@ -21,3 +21,12 @@ end module:hook("stanza/"..xmlns_csi..":active", refire_event("csi-client-active")); module:hook("stanza/"..xmlns_csi..":inactive", refire_event("csi-client-inactive")); +function module.load() + if prosody.hosts[module.host].events._handlers["csi-client-active"] then + module:set_status("core", "CSI handler module loaded"); + else + module:set_status("warn", "No CSI handler module loaded"); + end +end +module:hook("module-loaded", module.load); +module:hook("module-unloaded", module.load); -- cgit v1.2.3 From 8703eaa89a6cf42d6fe4d8e1083bbb029afcf7e9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 23 Nov 2019 17:15:34 +0100 Subject: mod_csi: Cache CSI module availability to improve readabilty --- plugins/mod_csi.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi.lua b/plugins/mod_csi.lua index e84ee032..458ff491 100644 --- a/plugins/mod_csi.lua +++ b/plugins/mod_csi.lua @@ -2,8 +2,9 @@ local st = require "util.stanza"; local xmlns_csi = "urn:xmpp:csi:0"; local csi_feature = st.stanza("csi", { xmlns = xmlns_csi }); +local csi_handler_available = nil; module:hook("stream-features", function (event) - if event.origin.username and prosody.hosts[module.host].events._handlers["csi-client-active"] then + if event.origin.username and csi_handler_available then event.features:add_child(csi_feature); end end); @@ -23,8 +24,10 @@ module:hook("stanza/"..xmlns_csi..":inactive", refire_event("csi-client-inactive function module.load() if prosody.hosts[module.host].events._handlers["csi-client-active"] then + csi_handler_available = true; module:set_status("core", "CSI handler module loaded"); else + csi_handler_available = false; module:set_status("warn", "No CSI handler module loaded"); end end -- cgit v1.2.3 From dfa2bdffc083faa597509d7f35125c41f6ffbc9d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 17 Nov 2019 16:16:53 +0100 Subject: mod_http_errors: Show a friendly page instead of 404 on top level --- plugins/mod_http_errors.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index 2bb13298..2158b403 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -75,3 +75,15 @@ module:hook_object_event(server, "http-error", function (event) end return get_page(event.code, (show_private and event.private_message) or event.message); end); + +module:hook_object_event(server, "http-error", function (event) + local request, response = event.request, event.response; + if request and response and request.path == "/" and response.status_code == 404 then + response.headers.content_type = "text/html; charset=utf-8"; + return render(html, { + title = "Prosody is running!"; + message = "Welcome to the XMPP world!"; + }); + end +end, 1); + -- cgit v1.2.3 From 057fbeaf06876cfbfbba24bbc317de313fa9e84b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Nov 2019 23:47:49 +0100 Subject: MUC: Indicate origin of password related errors --- plugins/muc/password.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/password.lib.lua b/plugins/muc/password.lib.lua index 1f4b2add..6695c0cf 100644 --- a/plugins/muc/password.lib.lua +++ b/plugins/muc/password.lib.lua @@ -50,7 +50,7 @@ module:hook("muc-occupant-pre-join", function(event) if get_password(room) ~= password then local from, to = stanza.attr.from, stanza.attr.to; module:log("debug", "%s couldn't join due to invalid password: %s", from, to); - local reply = st.error_reply(stanza, "auth", "not-authorized"):up(); + local reply = st.error_reply(stanza, "auth", "not-authorized", nil, room.jid):up(); reply.tags[1].attr.code = "401"; event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; -- cgit v1.2.3 From c26f8beac4075c8d031ed9a620fac77653d1bb07 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Nov 2019 23:51:41 +0100 Subject: MUC: Indicate origin of registration related errors --- plugins/muc/register.lib.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index bf8cd877..f0a15dd4 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -66,7 +66,7 @@ local function enforce_nick_policy(event) local reserved_by = get_registered_jid(room, requested_nick); if reserved_by and reserved_by ~= jid_bare(stanza.attr.from) then module:log("debug", "%s attempted to use nick %s reserved by %s", stanza.attr.from, requested_nick, reserved_by); - local reply = st.error_reply(stanza, "cancel", "conflict"):up(); + local reply = st.error_reply(stanza, "cancel", "conflict", nil, room.jid):up(); origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; end @@ -79,7 +79,7 @@ local function enforce_nick_policy(event) event.occupant.nick = jid_bare(event.occupant.nick) .. "/" .. nick; elseif event.dest_occupant.nick ~= jid_bare(event.dest_occupant.nick) .. "/" .. nick then module:log("debug", "Attempt by %s to join as %s, but their reserved nick is %s", stanza.attr.from, requested_nick, nick); - local reply = st.error_reply(stanza, "cancel", "not-acceptable"):up(); + local reply = st.error_reply(stanza, "cancel", "not-acceptable", nil, room.jid):up(); origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; end @@ -103,7 +103,7 @@ local function handle_register_iq(room, origin, stanza) local user_jid = jid_bare(stanza.attr.from) local affiliation = room:get_affiliation(user_jid); if affiliation == "outcast" then - origin.send(st.error_reply(stanza, "auth", "forbidden")); + origin.send(st.error_reply(stanza, "auth", "forbidden", room.jid)); return true; elseif not (affiliation or allow_unaffiliated) then origin.send(st.error_reply(stanza, "auth", "registration-required")); -- cgit v1.2.3 From 093ef6bb23e47af21bcb5428386ace5013604424 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 25 Nov 2019 23:52:45 +0100 Subject: MUC: Indicate that the room is the origin of various errors where 'from' is an occupant JID --- plugins/muc/members_only.lib.lua | 4 ++-- plugins/muc/mod_muc.lua | 2 +- plugins/muc/muc.lib.lua | 29 ++++++++++++++++------------- 3 files changed, 19 insertions(+), 16 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/members_only.lib.lua b/plugins/muc/members_only.lib.lua index 4194c5c7..79077153 100644 --- a/plugins/muc/members_only.lib.lua +++ b/plugins/muc/members_only.lib.lua @@ -113,7 +113,7 @@ module:hook("muc-occupant-pre-join", function(event) local stanza = event.stanza; local affiliation = room:get_affiliation(stanza.attr.from); if valid_affiliations[affiliation or "none"] <= valid_affiliations.none then - local reply = st.error_reply(stanza, "auth", "registration-required"):up(); + local reply = st.error_reply(stanza, "auth", "registration-required", nil, room.jid):up(); reply.tags[1].attr.code = "407"; event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; @@ -131,7 +131,7 @@ module:hook("muc-pre-invite", function(event) local inviter_affiliation = room:get_affiliation(stanza.attr.from) or "none"; local required_affiliation = room._data.allow_member_invites and "member" or "admin"; if valid_affiliations[inviter_affiliation] < valid_affiliations[required_affiliation] then - event.origin.send(st.error_reply(stanza, "auth", "forbidden")); + event.origin.send(st.error_reply(stanza, "auth", "forbidden", nil, room.jid)); return true; end end diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 166249cc..9481c977 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -191,7 +191,7 @@ end local function handle_broken_room(room, origin, stanza) module:log("debug", "Returning error from broken room %s", room.jid); - origin.send(st.error_reply(stanza, "wait", "internal-server-error")); + origin.send(st.error_reply(stanza, "wait", "internal-server-error", nil, room.jid)); return true; end diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 4b462631..ed6011e1 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -422,7 +422,7 @@ module:hook("muc-occupant-pre-join", function(event) local room, stanza = event.room, event.stanza; local affiliation = room:get_affiliation(stanza.attr.from); if affiliation == "outcast" then - local reply = st.error_reply(stanza, "auth", "forbidden"):up(); + local reply = st.error_reply(stanza, "auth", "forbidden", nil, room.jid):up(); reply.tags[1].attr.code = "403"; event.origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; @@ -430,24 +430,27 @@ module:hook("muc-occupant-pre-join", function(event) end, -10); module:hook("muc-occupant-pre-join", function(event) + local room = event.room; local nick = jid_resource(event.occupant.nick); if not nick:find("%S") then - event.origin.send(st.error_reply(event.stanza, "modify", "not-allowed", "Invisible Nicknames are forbidden")); + event.origin.send(st.error_reply(event.stanza, "modify", "not-allowed", "Invisible Nicknames are forbidden", room.jid)); return true; end end, 1); module:hook("muc-occupant-pre-change", function(event) + local room = event.room; if not jid_resource(event.dest_occupant.nick):find("%S") then - event.origin.send(st.error_reply(event.stanza, "modify", "not-allowed", "Invisible Nicknames are forbidden")); + event.origin.send(st.error_reply(event.stanza, "modify", "not-allowed", "Invisible Nicknames are forbidden", room.jid)); return true; end end, 1); module:hook("muc-occupant-pre-join", function(event) + local room = event.room; local nick = jid_resource(event.occupant.nick); if not resourceprep(nick, true) then -- strict - event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation")); + event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation", room.jid)); return true; end end, 2); @@ -455,7 +458,7 @@ end, 2); module:hook("muc-occupant-pre-change", function(event) local nick = jid_resource(event.dest_occupant.nick); if not resourceprep(nick, true) then -- strict - event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation")); + event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation", room.jid)); return true; end end, 2); @@ -530,7 +533,7 @@ function room_mt:handle_normal_presence(origin, stanza) if orig_occupant == nil and not muc_x and stanza.attr.type == nil then module:log("debug", "Attempted join without , possibly desynced"); origin.send(st.error_reply(stanza, "cancel", "item-not-found", - "You are not currently connected to this chat")); + "You are not currently connected to this chat", self.jid)); return true; end @@ -592,7 +595,7 @@ function room_mt:handle_normal_presence(origin, stanza) and bare_jid ~= jid_bare(dest_occupant.bare_jid) then -- new nick or has different bare real jid log("debug", "%s couldn't join due to nick conflict: %s", real_jid, dest_occupant.nick); - local reply = st.error_reply(stanza, "cancel", "conflict"):up(); + local reply = st.error_reply(stanza, "cancel", "conflict", nil, self.jid):up(); reply.tags[1].attr.code = "409"; origin.send(reply:tag("x", {xmlns = "http://jabber.org/protocol/muc"})); return true; @@ -721,7 +724,7 @@ function room_mt:handle_presence_to_occupant(origin, stanza) return self:handle_normal_presence(origin, stanza); elseif type ~= 'result' then -- bad type if type ~= 'visible' and type ~= 'invisible' then -- COMPAT ejabberd can broadcast or forward XEP-0018 presences - origin.send(st.error_reply(stanza, "modify", "bad-request")); -- FIXME correct error? + origin.send(st.error_reply(stanza, "modify", "bad-request", nil, self.jid)); -- FIXME correct error? end end return true; @@ -756,11 +759,11 @@ function room_mt:handle_iq_to_occupant(origin, stanza) else -- Type is "get" or "set" local current_nick = self:get_occupant_jid(from); if not current_nick then - origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat")); + origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat", self.jid)); return true; end if not occupant then -- recipient not in room - origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room")); + origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room", self.jid)); return true; end -- XEP-0410 MUC Self-Ping #1220 @@ -789,12 +792,12 @@ function room_mt:handle_message_to_occupant(origin, stanza) local type = stanza.attr.type; if not current_nick then -- not in room if type ~= "error" then - origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat")); + origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "You are not currently connected to this chat", self.jid)); end return true; end if type == "groupchat" then -- groupchat messages not allowed in PM - origin.send(st.error_reply(stanza, "modify", "bad-request")); + origin.send(st.error_reply(stanza, "modify", "bad-request", nil, self.jid)); return true; elseif type == "error" and is_kickable_error(stanza) then log("debug", "%s kicked from %s for sending an error message", current_nick, self.jid); @@ -803,7 +806,7 @@ function room_mt:handle_message_to_occupant(origin, stanza) local o_data = self:get_occupant_by_nick(to); if not o_data then - origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room")); + origin.send(st.error_reply(stanza, "cancel", "item-not-found", "Recipient not in room", self.jid)); return true; end log("debug", "%s sent private message stanza to %s (%s)", from, to, o_data.jid); -- cgit v1.2.3 From b2e9ee4b6bf0950e73252277c9d15c629b2308e0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Nov 2019 00:02:13 +0100 Subject: MUC: Indicate the component as origin of various errors where there's no room A room that doesn't exist can't return an error, can it? --- plugins/muc/lock.lib.lua | 2 +- plugins/muc/mod_muc.lua | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/lock.lib.lua b/plugins/muc/lock.lib.lua index 062ab615..32f2647b 100644 --- a/plugins/muc/lock.lib.lua +++ b/plugins/muc/lock.lib.lua @@ -43,7 +43,7 @@ end module:hook("muc-occupant-pre-join", function(event) if not event.is_new_room and is_locked(event.room) then -- Deny entry module:log("debug", "Room is locked, denying entry"); - event.origin.send(st.error_reply(event.stanza, "cancel", "item-not-found")); + event.origin.send(st.error_reply(event.stanza, "cancel", "item-not-found", nil, module.host)); return true; end end, -30); diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 9481c977..fc39d89f 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -355,7 +355,7 @@ end, 1); module:hook("muc-room-pre-create", function(event) local origin, stanza = event.origin, event.stanza; if not track_room(event.room) then - origin.send(st.error_reply(stanza, "wait", "resource-constraint")); + origin.send(st.error_reply(stanza, "wait", "resource-constraint", nil, module.host)); return true; end end, -1000); @@ -406,7 +406,7 @@ do restrict_room_creation == "local" and select(2, jid_split(user_jid)) == host_suffix ) then - origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted")); + origin.send(st.error_reply(stanza, "cancel", "not-allowed", "Room creation is restricted", module.host)); return true; end end); @@ -451,7 +451,7 @@ for event_name, method in pairs { room = nil; else if stanza.attr.type ~= "error" then - local reply = st.error_reply(stanza, "cancel", "gone", room._data.reason) + local reply = st.error_reply(stanza, "cancel", "gone", room._data.reason, module.host) if room._data.newjid then local uri = "xmpp:"..room._data.newjid.."?join"; reply:get_child("error"):child_with_name("gone"):text(uri); @@ -465,20 +465,20 @@ for event_name, method in pairs { if room == nil then -- Watch presence to create rooms if not jid_prep(room_jid, true) then - origin.send(st.error_reply(stanza, "modify", "jid-malformed")); + origin.send(st.error_reply(stanza, "modify", "jid-malformed", nil, module.host)); return true; end if stanza.attr.type == nil and stanza.name == "presence" and stanza:get_child("x", "http://jabber.org/protocol/muc") then room = muclib.new_room(room_jid); return room:handle_first_presence(origin, stanza); elseif stanza.attr.type ~= "error" then - origin.send(st.error_reply(stanza, "cancel", "item-not-found")); + origin.send(st.error_reply(stanza, "cancel", "item-not-found", nil, module.host)); return true; else return; end elseif room == false then -- Error loading room - origin.send(st.error_reply(stanza, "wait", "resource-constraint")); + origin.send(st.error_reply(stanza, "wait", "resource-constraint", nil, module.host)); return true; end return room[method](room, origin, stanza); -- cgit v1.2.3 From 47fd3433fc4ac4d203d2ae9c045e2c5e4356a4f2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 26 Nov 2019 00:09:51 +0100 Subject: MUC: Add missing reference to room (thanks buildbot) [luacheck] --- plugins/muc/muc.lib.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index ed6011e1..6b5f6068 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -456,6 +456,7 @@ module:hook("muc-occupant-pre-join", function(event) end, 2); module:hook("muc-occupant-pre-change", function(event) + local room = event.room; local nick = jid_resource(event.dest_occupant.nick); if not resourceprep(nick, true) then -- strict event.origin.send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation", room.jid)); -- cgit v1.2.3 From f864eaf14f4725aea640dd8020ec4809b4cae73b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Nov 2019 23:23:25 +0100 Subject: mod_s2s_auth_certs: Save chain validation errors for later use --- plugins/mod_s2s_auth_certs.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_s2s_auth_certs.lua b/plugins/mod_s2s_auth_certs.lua index 76e134a7..37519aa1 100644 --- a/plugins/mod_s2s_auth_certs.lua +++ b/plugins/mod_s2s_auth_certs.lua @@ -27,6 +27,7 @@ module:hook("s2s-check-certificate", function(event) log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; + session.cert_chain_errors = errors; else log("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; -- cgit v1.2.3 From 2934eccd99592b9f1b500e9dea0eeea49b0ffbde Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 Nov 2019 23:26:59 +0100 Subject: mod_s2s: Improve error in bounces due to cert validation problems --- plugins/mod_s2s/mod_s2s.lua | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index e7ed8797..4d79a825 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -30,6 +30,7 @@ local runner = require "util.async".runner; local connect = require "net.connect".connect; local service = require "net.resolvers.service"; local errors = require "util.error"; +local set = require "util.set"; local connect_timeout = module:get_option_number("s2s_timeout", 90); local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); @@ -725,6 +726,25 @@ function listener.onattach(conn, data) end end +-- Complete the sentence "Your certificate " with what's wrong +local function friendly_cert_error(session) --> string + if session.cert_chain_status == "invalid" then + if session.cert_chain_errors then + local cert_errors = set.new(session.cert_chain_errors[1]); + if cert_errors:contains("certificate has expired") then + return "has expired"; + elseif cert_errors:contains("self signed certificate") then + return "is self-signed"; + end + end + return "is not trusted"; -- for some other reason + elseif session.cert_identity_status == "invalid" then + return "is not valid for this name"; + end + -- this should normally be unreachable except if no s2s auth module was loaded + return "could not be validated"; +end + function check_auth_policy(event) local host, session = event.host, event.session; local must_secure = secure_auth; @@ -737,11 +757,12 @@ function check_auth_policy(event) if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); + local reason = friendly_cert_error(session); if session.direction == "incoming" then - session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }, - nil, "Remote server's certificate is invalid, expired, or not trusted"); + session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, + nil, "Remote server's certificate "..reason); else -- Close outgoing connections without warning - session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted"); + session:close(false, nil, "Remote server's certificate "..reason); end return false; end -- cgit v1.2.3 From 976a86ee4645baf3e4ef8e0f8e6066fc62e8f379 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Nov 2019 17:32:15 +0100 Subject: mod_s2s: Send stream errors for cert problems on outgoing connections Rationale in comment. --- plugins/mod_s2s/mod_s2s.lua | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 4d79a825..6419ea67 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -758,12 +758,13 @@ function check_auth_policy(event) if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); local reason = friendly_cert_error(session); - if session.direction == "incoming" then - session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, - nil, "Remote server's certificate "..reason); - else -- Close outgoing connections without warning - session:close(false, nil, "Remote server's certificate "..reason); - end + -- XEP-0178 recommends closing outgoing connections without warning + -- but does not give a rationale for this. + -- In practice most cases are configuration mistakes or forgotten + -- certificate renewals. We think it's better to let the other party + -- know about the problem so that they can fix it. + session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, + nil, "Remote server's certificate "..reason); return false; end end -- cgit v1.2.3 From 61228e919ce13247321c04b6b32020d2652d58ba Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Nov 2019 18:30:30 +0100 Subject: mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied This ensures the closure reason is accurate and not reported as an authentication or other problem --- plugins/mod_s2s/mod_s2s.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6419ea67..0fd022cd 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -190,6 +190,13 @@ function module.add_host(module) -- so the stream is ready for stanzas. RFC 6120 Section 4.3 mark_connected(session); return true; + elseif require_encryption and not session.secure then + session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host); + session:close({ + condition = "policy-violation", + text = "Encrypted server-to-server communication is required but was not offered", + }, nil, "Could not establish encrypted connection to remote server"); + return false; elseif not session.dialback_verifying then session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); session:close({ -- cgit v1.2.3 From 53cde4a8a80379f244e09332114ea51964e172e1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 28 Nov 2019 18:57:17 +0100 Subject: mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set Prevents some weirdness in cases where no authentication is done --- plugins/mod_s2s_bidi.lua | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s_bidi.lua b/plugins/mod_s2s_bidi.lua index 67a48d8d..28e047de 100644 --- a/plugins/mod_s2s_bidi.lua +++ b/plugins/mod_s2s_bidi.lua @@ -10,15 +10,17 @@ local st = require "util.stanza"; local xmlns_bidi_feature = "urn:xmpp:features:bidi" local xmlns_bidi = "urn:xmpp:bidi"; +local require_encryption = module:get_option_boolean("s2s_require_encryption", false); + module:hook("s2s-stream-features", function(event) local origin, features = event.origin, event.features; - if origin.type == "s2sin_unauthed" then + if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); end end); module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza) - if session.type == "s2sout_unauthed" then + if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then local bidi = stanza:get_child("bidi", xmlns_bidi_feature); if bidi then session.incoming = true; @@ -29,7 +31,7 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio end, 200); module:hook_tag("urn:xmpp:bidi", "bidi", function(session) - if session.type == "s2sin_unauthed" then + if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then session.log("debug", "Requested bidirectional stream"); session.outgoing = true; return true; -- cgit v1.2.3 From 35d07425e3e09a6d6ec4ca997271bf39f59f15f6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 18:15:23 +0100 Subject: mod_s2s: Prevent unhandled stanza handler from complaining about stream features on aborted connections I have no idea why I wrote return false in e5945fb5b71f --- plugins/mod_s2s/mod_s2s.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 0fd022cd..7cd90a84 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -196,14 +196,14 @@ function module.add_host(module) condition = "policy-violation", text = "Encrypted server-to-server communication is required but was not offered", }, nil, "Could not establish encrypted connection to remote server"); - return false; + return true; elseif not session.dialback_verifying then session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); session:close({ condition = "unsupported-feature", text = "No viable authentication method offered", }, nil, "No viable authentication method offered by remote server"); - return false; + return true; end end, -1); end -- cgit v1.2.3 From 6fd9868ed5e4ea8fd8521db50d863131d8d95a88 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 21:30:08 +0100 Subject: mod_http: Log served URLs at 'info' level These are similar to the "activated service" messages from portmanager and similarily useful for the service admin to know even if they're not debugging anything. --- plugins/mod_http.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 081aa7e9..e6ef89f5 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -173,7 +173,7 @@ function module.add_host(module) end local services = portmanager.get_active_services(); if services:get("https") or services:get("http") then - module:log("debug", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); + module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); else module:log("warn", "Not listening on any ports, '%s' will be unreachable", app_name); end -- cgit v1.2.3 From 593c04436f5052d8ed201dc6a2f29e52ff5ab622 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 21 Nov 2019 00:16:20 +0100 Subject: mod_admin_telnet: Display ALPN in show_tls() if supported and available --- plugins/mod_admin_telnet.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index cef79d25..f3ab9597 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -590,6 +590,12 @@ local function tls_info(session, line) line[#line+1] = ("(SNI:%q)"):format(name); end end + if sock.getalpn then + local proto = sock:getalpn(); + if proto then + line[#line+1] = ("(ALPN:%q)"):format(proto); + end + end else line[#line+1] = "(insecure)"; end -- cgit v1.2.3 From 0fdb85997abd2be59252595b1fec9e46389da586 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 23:27:51 +0100 Subject: mod_net_multiplex: Add support for using ALPN Potentially a bit more efficient since it can jump to the selected protocol on connect instead of waiting for some data to look at. Adds a 'protocol' field to net providers for this purpose. --- plugins/mod_c2s.lua | 1 + plugins/mod_http.lua | 1 + plugins/mod_net_multiplex.lua | 40 +++++++++++++++++++++++++++++++++++++--- plugins/mod_s2s/mod_s2s.lua | 1 + 4 files changed, 40 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index aec0370d..aecf2210 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -374,6 +374,7 @@ module:provides("net", { default_port = 5222; encryption = "starttls"; multiplex = { + protocol = "xmpp-client"; pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:client%1.*>"; }; }); diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index e6ef89f5..c3e19bb3 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -242,6 +242,7 @@ module:provides("net", { default_port = 5281; encryption = "ssl"; multiplex = { + protocol = "http/1.1"; pattern = "^[A-Z]"; }; }); diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index 8ef77883..2bf1f88d 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -1,22 +1,38 @@ module:set_global(); +local array = require "util.array"; local max_buffer_len = module:get_option_number("multiplex_buffer_size", 1024); local portmanager = require "core.portmanager"; local available_services = {}; +local service_by_protocol = {}; +local available_protocols = array(); local function add_service(service) local multiplex_pattern = service.multiplex and service.multiplex.pattern; + local protocol_name = service.multiplex and service.multiplex.protocol; + if protocol_name then + module:log("debug", "Adding multiplex service %q with protocol %q", service.name, protocol_name); + service_by_protocol[protocol_name] = service; + available_protocols:push(protocol_name); + end if multiplex_pattern then module:log("debug", "Adding multiplex service %q with pattern %q", service.name, multiplex_pattern); available_services[service] = multiplex_pattern; - else + elseif not protocol_name then module:log("debug", "Service %q is not multiplex-capable", service.name); end + module:log("info", "available_protocols = %q", available_protocols); end module:hook("service-added", function (event) add_service(event.service); end); -module:hook("service-removed", function (event) available_services[event.service] = nil; end); +module:hook("service-removed", function (event) + available_services[event.service] = nil; + if event.service.multiplex and event.service.multiplex.protocol then + available_protocols:filter(function (p) return p ~= event.service.multiplex.protocol end); + service_by_protocol[event.service.multiplex.protocol] = nil; + end +end); for _, services in pairs(portmanager.get_registered_services()) do for _, service in ipairs(services) do @@ -28,7 +44,20 @@ local buffers = {}; local listener = { default_mode = "*a" }; -function listener.onconnect() +function listener.onconnect(conn) + local sock = conn:socket(); + if sock.getalpn then + local selected_proto = sock:getalpn(); + module:log("debug", "ALPN selected is %s", selected_proto); + local service = service_by_protocol[selected_proto]; + if service then + module:log("debug", "Routing incoming connection to %s", service.name); + local next_listener = service.listener; + conn:setlistener(next_listener); + local onconnect = next_listener.onconnect; + if onconnect then return onconnect(conn) end + end + end end function listener.onincoming(conn, data) @@ -68,5 +97,10 @@ module:provides("net", { name = "multiplex_ssl"; config_prefix = "ssl"; encryption = "ssl"; + ssl_config = { + alpn = function () + return available_protocols; + end; + }; listener = listener; }); diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 7cd90a84..7f6546e9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -796,6 +796,7 @@ module:provides("net", { verify = { "peer", "client_once", }; }; multiplex = { + protocol = "xmpp-server"; pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; }; }); -- cgit v1.2.3 From a95af210d143f3c16c6512a53c154a80baa4f98d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 29 Nov 2019 23:41:41 +0100 Subject: mod_net_multiplex: Tweak debug logging for ALPN case --- plugins/mod_net_multiplex.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index 2bf1f88d..3de81ddc 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -48,10 +48,9 @@ function listener.onconnect(conn) local sock = conn:socket(); if sock.getalpn then local selected_proto = sock:getalpn(); - module:log("debug", "ALPN selected is %s", selected_proto); local service = service_by_protocol[selected_proto]; if service then - module:log("debug", "Routing incoming connection to %s", service.name); + module:log("debug", "Routing incoming connection to %s based on ALPN %q", service.name, selected_proto); local next_listener = service.listener; conn:setlistener(next_listener); local onconnect = next_listener.onconnect; -- cgit v1.2.3 From c02ddf92ec53dd2c0473ef98427ceb4020d1f001 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Nov 2019 19:34:40 +0100 Subject: mod_carbons: Improve performance by delaying creation of carbon payload If there are no other sessions which also enabled carbons then the carbons wrapper is not used and the potentially expensive clone operation was a waste of cycles. --- plugins/mod_carbons.lua | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index 1dcd4a07..0f8c7c60 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -74,17 +74,7 @@ local function message_handler(event, c2s) return end - -- Create the carbon copy and wrap it as per the Stanza Forwarding XEP - local copy = st.clone(stanza); - if c2s and not orig_to then - stanza.attr.to = bare_from; - end - copy.attr.xmlns = "jabber:client"; - local carbon = st.message{ from = bare_jid, type = orig_type, } - :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons }) - :tag("forwarded", { xmlns = xmlns_forward }) - :add_child(copy):reset(); - + local carbon; user_sessions = user_sessions and user_sessions.sessions; for _, session in pairs(user_sessions) do -- Carbons are sent to resources that have enabled it @@ -93,6 +83,20 @@ local function message_handler(event, c2s) and session ~= target_session -- and isn't among the top resources that would receive the message per standard routing rules and (c2s or session.priority ~= top_priority) then + if not carbon then + -- Create the carbon copy and wrap it as per the Stanza Forwarding XEP + local copy = st.clone(stanza); + if c2s and not orig_to then + stanza.attr.to = bare_from; + end + copy.attr.xmlns = "jabber:client"; + carbon = st.message{ from = bare_jid, type = orig_type, } + :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons }) + :tag("forwarded", { xmlns = xmlns_forward }) + :add_child(copy):reset(); + + end + carbon.attr.to = session.full_jid; module:log("debug", "Sending carbon to %s", session.full_jid); session.send(carbon); -- cgit v1.2.3 From 3d63c139e666e1a89f5caa0eb96afc20ac43fc2a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Nov 2019 21:56:21 +0100 Subject: mod_admin_telnet: Sort hosts Groups by domain in DNS hierarchy order or something. Why not split on '.' you ask? Well becasue that's not what I typed here. Also "[^.]" is longer than "%P". --- plugins/mod_admin_telnet.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index f3ab9597..8427f811 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -964,11 +964,15 @@ function def_env.host:deactivate(hostname, reason) return hostmanager.deactivate(hostname, reason); end +local function compare_hosts(a, b) + return a:gsub("%P", string.reverse):reverse() < b:gsub("%P", string.reverse):reverse(); +end + function def_env.host:list() local print = self.session.print; local i = 0; local type; - for host, host_session in iterators.sorted_pairs(prosody.hosts) do + for host, host_session in iterators.sorted_pairs(prosody.hosts, compare_hosts) do i = i + 1; type = host_session.type; if type == "local" then -- cgit v1.2.3 From 39cc0ec4510c0e3d80324c7085fa1a938c1f30f8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Nov 2019 23:29:15 +0100 Subject: mod_s2s: Improve log message about forbidding insecure connections This new wording generator is nice. --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 7f6546e9..7700db85 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -763,8 +763,8 @@ function check_auth_policy(event) end if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then - module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); local reason = friendly_cert_error(session); + module:log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); -- XEP-0178 recommends closing outgoing connections without warning -- but does not give a rationale for this. -- In practice most cases are configuration mistakes or forgotten -- cgit v1.2.3 From 56500e6e054e18fef1ec47f53e7b58bcc0841e95 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 30 Nov 2019 23:33:39 +0100 Subject: mod_s2s: Log from session logger Helps locating all messages related to a specific session --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 7700db85..d0176cea 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -764,7 +764,7 @@ function check_auth_policy(event) if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then local reason = friendly_cert_error(session); - module:log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); + session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); -- XEP-0178 recommends closing outgoing connections without warning -- but does not give a rationale for this. -- In practice most cases are configuration mistakes or forgotten -- cgit v1.2.3 From 33ba4c2dbad8a92dcd7d9a94cc32bbb82b688b93 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 1 Dec 2019 01:20:34 +0100 Subject: mod_s2s: Improve TLS handshake error messages This should make it clearer that it's about the TLS handshake. Otherwise it's something like "unsupported protocol" or "no shared ciphers" that might not be that obvious. --- plugins/mod_s2s/mod_s2s.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index d0176cea..82f6a95d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -692,6 +692,10 @@ function listener.ondisconnect(conn, err) if session then sessions[conn] = nil; (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); + if session.secure == false and err then + -- TODO util.error-ify this + err = "Error during negotiation of encrypted connection: "..err; + end s2s_destroy_session(session, err); end end -- cgit v1.2.3 From 62b9a7f53fcbce310f19f224edc45418885ee5c0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 1 Dec 2019 02:04:24 +0100 Subject: mod_net_multiplex: Remove debug message This was something I added during development and set to info level for visibility. --- plugins/mod_net_multiplex.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index 3de81ddc..849b22ee 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -23,7 +23,6 @@ local function add_service(service) elseif not protocol_name then module:log("debug", "Service %q is not multiplex-capable", service.name); end - module:log("info", "available_protocols = %q", available_protocols); end module:hook("service-added", function (event) add_service(event.service); end); module:hook("service-removed", function (event) -- cgit v1.2.3 From a62ff5dc64f7034477ca073900e917ca6398c2a2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 1 Dec 2019 12:19:36 +0100 Subject: mod_s2s: Use stanza type check instead of duck typing --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 82f6a95d..64ca7709 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -521,7 +521,7 @@ local function session_close(session, reason, remote_reason, bounce_reason) log("debug", "Disconnecting %s[%s], is: %s", session.host or session.ip or "(unknown host)", session.type, stanza); session.sends2s(stanza); - elseif reason.name then -- a stanza + elseif st.is_stanza(reason) then log("debug", "Disconnecting %s->%s[%s], is: %s", session.from_host or "(unknown host)", session.to_host or "(unknown host)", session.type, reason); -- cgit v1.2.3 From 91415f5a71021cc24053de17fca1c5337ebd7249 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 1 Dec 2019 12:21:26 +0100 Subject: mod_s2s: Refactor stream error handling on close Deduplicates the 3 log calls that log the same thing but subtly differently. The first one would say "Disconnecting localhost" and the last one didn't log the IP. --- plugins/mod_s2s/mod_s2s.lua | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 64ca7709..a3eec9f9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -507,26 +507,21 @@ local function session_close(session, reason, remote_reason, bounce_reason) end if reason then -- nil == no err, initiated by us, false == initiated by remote if type(reason) == "string" then -- assume stream error - log("debug", "Disconnecting %s[%s], is: %s", session.host or session.ip or "(unknown host)", session.type, reason); - session.sends2s(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' })); - elseif type(reason) == "table" then - if reason.condition then - local stanza = st.stanza("stream:error"):tag(reason.condition, stream_xmlns_attr):up(); - if reason.text then - stanza:tag("text", stream_xmlns_attr):text(reason.text):up(); - end - if reason.extra then - stanza:add_child(reason.extra); - end - log("debug", "Disconnecting %s[%s], is: %s", - session.host or session.ip or "(unknown host)", session.type, stanza); - session.sends2s(stanza); - elseif st.is_stanza(reason) then - log("debug", "Disconnecting %s->%s[%s], is: %s", - session.from_host or "(unknown host)", session.to_host or "(unknown host)", - session.type, reason); - session.sends2s(reason); + reason = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); + elseif type(reason) == "table" and not st.is_stanza(reason) then + local stanza = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); + if reason.text then + stanza:tag("text", stream_xmlns_attr):text(reason.text):up(); end + if reason.extra then + stanza:add_child(reason.extra); + end + end + if st.is_stanza(reason) then + -- to and from are never unknown on outgoing connections + log("debug", "Disconnecting %s->%s[%s], is: %s", + session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); + session.sends2s(reason); end end -- cgit v1.2.3 From 4053cdb8483f896e9d36d360e4df9735b9ea00ad Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 2 Dec 2019 16:00:16 +0100 Subject: mod_saslauth: Advertise correct set of mechanisms Mistakenly iterates over the set of all supported mechanisms instead of the one without insecure mechanisms if the connection is insecure. Not a problem if c2s_require_encryption is true Introduced in 56a0f68b7797 --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 9e9091d3..30d74b9e 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -286,7 +286,7 @@ module:hook("stream-features", function(event) if not usable_mechanisms:empty() then log("debug", "Offering usable mechanisms: %s", usable_mechanisms); - for mechanism in available_mechanisms do + for mechanism in usable_mechanisms do mechanisms:tag("mechanism"):text(mechanism):up(); end features:add_child(mechanisms); -- cgit v1.2.3 From 9f46aa4d48b2d43b1529f980dda2439e865cd908 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 3 Dec 2019 17:29:43 +0100 Subject: mod_s2s: Fix mistake in 28755107c2f4 --- plugins/mod_s2s/mod_s2s.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index a3eec9f9..8663702f 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -516,6 +516,7 @@ local function session_close(session, reason, remote_reason, bounce_reason) if reason.extra then stanza:add_child(reason.extra); end + reason = stanza; end if st.is_stanza(reason) then -- to and from are never unknown on outgoing connections -- cgit v1.2.3 From 2d5eaff749da055df6a29f20a169759f0bc96479 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 4 Dec 2019 22:37:20 +0100 Subject: mod_s2s: Invert condition to return early and reduce indentation --- plugins/mod_s2s/mod_s2s.lua | 52 ++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 8663702f..e5bfbe7c 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -123,33 +123,33 @@ function route_to_existing_session(event) return false; end local host = hosts[from_host].s2sout[to_host]; - if host then - -- We have a connection to this host already - if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then - (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); - - -- Queue stanza until we are able to send it - local queued_item = { - tostring(stanza), - stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza); - }; - if host.sendq then - t_insert(host.sendq, queued_item); - else - -- luacheck: ignore 122 - host.sendq = { queued_item }; - end - host.log("debug", "stanza [%s] queued ", stanza.name); - return true; - elseif host.type == "local" or host.type == "component" then - log("error", "Trying to send a stanza to ourselves??") - log("error", "Traceback: %s", traceback()); - log("error", "Stanza: %s", stanza); - return false; + if not host then return end + + -- We have a connection to this host already + if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then + (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); + + -- Queue stanza until we are able to send it + local queued_item = { + tostring(stanza), + stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza); + }; + if host.sendq then + t_insert(host.sendq, queued_item); else - if host.sends2s(stanza) then - return true; - end + -- luacheck: ignore 122 + host.sendq = { queued_item }; + end + host.log("debug", "stanza [%s] queued ", stanza.name); + return true; + elseif host.type == "local" or host.type == "component" then + log("error", "Trying to send a stanza to ourselves??") + log("error", "Traceback: %s", traceback()); + log("error", "Stanza: %s", stanza); + return false; + else + if host.sends2s(stanza) then + return true; end end end -- cgit v1.2.3 From 0de6ce740e87fd4f8a8c797cdbbefbd626b3f4e5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Dec 2019 22:51:43 +0100 Subject: mod_saslauth: Collect SASL EXTERNAL failures into an util.error object Will be easier than that concatenated string to extract info out of for use elsewhere. --- plugins/mod_saslauth.lua | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index 30d74b9e..b5604883 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -13,6 +13,7 @@ local sm_bind_resource = require "core.sessionmanager".bind_resource; local sm_make_authenticated = require "core.sessionmanager".make_authenticated; local base64 = require "util.encodings".base64; local set = require "util.set"; +local errors = require "util.error"; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler; @@ -102,13 +103,19 @@ module:hook_tag(xmlns_sasl, "failure", function (session, stanza) break; end end - if text and condition then - condition = condition .. ": " .. text; - end - module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, condition); + local err = errors.new({ + -- TODO type = what? + text = text, + condition = condition, + }, { + session = session, + stanza = stanza, + }); + + module:log("info", "SASL EXTERNAL with %s failed: %s", session.to_host, err); session.external_auth = "failed" - session.external_auth_failure_reason = condition; + session.external_auth_failure_reason = err; end, 500) module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza -- cgit v1.2.3 From 9589da30b6968a355552a1e8be4b7baeaa905c4a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 7 Dec 2019 22:55:51 +0100 Subject: mod_saslauth: Set a nicer bounce error explaining SASL EXTERNAL failures Better than the previous string concatenation of SASL failure condition and optional text sent by the remote server. Would be nice to have a text per condition, other than the probably most common 'not-authorized'. --- plugins/mod_saslauth.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index b5604883..ecce8361 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -120,7 +120,10 @@ end, 500) module:hook_tag(xmlns_sasl, "failure", function (session, stanza) -- luacheck: ignore 212/stanza session.log("debug", "No fallback from SASL EXTERNAL failure, giving up"); - session:close(nil, session.external_auth_failure_reason); + session:close(nil, session.external_auth_failure_reason, errors.new({ + type = "wait", condition = "remote-server-timeout", + text = "Could not authenticate to remote server", + }, { session = session, sasl_failure = session.external_auth_failure_reason, })); return true; end, 90) -- cgit v1.2.3 From 655294f93e53175928cf6523b82952134e268495 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 8 Dec 2019 13:38:48 +0100 Subject: mod_admin_telnet: Avoid using LuaSocket for timestamps Using util.time will make it easier to move away from LuaSocket if we ever wanted to do that. --- plugins/mod_admin_telnet.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 8427f811..60f92cda 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1265,7 +1265,6 @@ function def_env.debug:events(host, event) end function def_env.debug:timers() - local socket = require "socket"; local print = self.session.print; local add_task = require"util.timer".add_task; local h, params = add_task.h, add_task.params; @@ -1293,7 +1292,7 @@ function def_env.debug:timers() if h then local next_time = h:peek(); if next_time then - return true, os.date("Next event at %F %T (in %%.6fs)", next_time):format(next_time - socket.gettime()); + return true, os.date("Next event at %F %T (in %%.6fs)", next_time):format(next_time - time.now()); end end return true; -- cgit v1.2.3 From ffcb8303ccdc3dc6c0cceae7c7a9ba8d2de5aa65 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 10 Dec 2019 17:43:26 +0100 Subject: mod_s2s: Fix name conflict introduced in c7864f970969 --- plugins/mod_s2s/mod_s2s.lua | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index e5bfbe7c..6912c9a4 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -506,23 +506,23 @@ local function session_close(session, reason, remote_reason, bounce_reason) end end if reason then -- nil == no err, initiated by us, false == initiated by remote + local stream_error; if type(reason) == "string" then -- assume stream error - reason = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); + stream_error = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); elseif type(reason) == "table" and not st.is_stanza(reason) then - local stanza = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); + stream_error = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); if reason.text then - stanza:tag("text", stream_xmlns_attr):text(reason.text):up(); + stream_error:tag("text", stream_xmlns_attr):text(reason.text):up(); end if reason.extra then - stanza:add_child(reason.extra); + stream_error:add_child(reason.extra); end - reason = stanza; end - if st.is_stanza(reason) then + if st.is_stanza(stream_error) then -- to and from are never unknown on outgoing connections log("debug", "Disconnecting %s->%s[%s], is: %s", session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); - session.sends2s(reason); + session.sends2s(stream_error); end end -- cgit v1.2.3 From d7570eee7e9f2ff351a58ee541395522d5cf7385 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 20:43:02 +0100 Subject: mod_admin_telnet: Fix host sorting Reversing each %P is a noop --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 60f92cda..940c3533 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -965,7 +965,7 @@ function def_env.host:deactivate(hostname, reason) end local function compare_hosts(a, b) - return a:gsub("%P", string.reverse):reverse() < b:gsub("%P", string.reverse):reverse(); + return a:gsub("%P+", string.reverse):reverse() < b:gsub("%P+", string.reverse):reverse(); end function def_env.host:list() -- cgit v1.2.3 From d0cd5469d272364bede91196edbb783e3fe1f769 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 20:44:10 +0100 Subject: mod_admin_telnet: Sort by complete labels Might as well. --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 940c3533..6dc7c5c3 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -965,7 +965,7 @@ function def_env.host:deactivate(hostname, reason) end local function compare_hosts(a, b) - return a:gsub("%P+", string.reverse):reverse() < b:gsub("%P+", string.reverse):reverse(); + return a:gsub("[^.]+", string.reverse):reverse() < b:gsub("[^.]+", string.reverse):reverse(); end function def_env.host:list() -- cgit v1.2.3 From d146d6b8acb261c4a2e1f6d721fdd44243805fd3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 21:42:42 +0100 Subject: mod_admin_telnet: Merge hostname comparison functions Missed that there existed one already when writing the one for host:list --- plugins/mod_admin_telnet.lua | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 6dc7c5c3..6ed36258 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -433,7 +433,7 @@ end local function _sort_hosts(a, b) if a == "*" then return true elseif b == "*" then return false - else return a < b; end + else return a:gsub("[^.]+", string.reverse):reverse() < b:gsub("[^.]+", string.reverse):reverse(); end end function def_env.module:reload(name, hosts) @@ -964,15 +964,11 @@ function def_env.host:deactivate(hostname, reason) return hostmanager.deactivate(hostname, reason); end -local function compare_hosts(a, b) - return a:gsub("[^.]+", string.reverse):reverse() < b:gsub("[^.]+", string.reverse):reverse(); -end - function def_env.host:list() local print = self.session.print; local i = 0; local type; - for host, host_session in iterators.sorted_pairs(prosody.hosts, compare_hosts) do + for host, host_session in iterators.sorted_pairs(prosody.hosts, _sort_hosts) do i = i + 1; type = host_session.type; if type == "local" then -- cgit v1.2.3 From 7b64b46af18c1ff2816547f6f6f0f046fdabf88f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 22:07:24 +0100 Subject: mod_admin_telnet: Refactor internal function for listing hosts Splits out a function that doesn't deal with modules for reuse elsewhere --- plugins/mod_admin_telnet.lua | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 6ed36258..fffab4cf 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -364,7 +364,7 @@ end def_env.module = {}; -local function get_hosts_set(hosts, module) +local function get_hosts_set(hosts) if type(hosts) == "table" then if hosts[1] then return set.new(hosts); @@ -374,17 +374,23 @@ local function get_hosts_set(hosts, module) elseif type(hosts) == "string" then return set.new { hosts }; elseif hosts == nil then - local hosts_set = set.new(array.collect(keys(prosody.hosts))) - / function (host) return (prosody.hosts[host].type == "local" or module and modulemanager.is_loaded(host, module)) and host or nil; end; - if module and modulemanager.get_module("*", module) then - hosts_set:add("*"); - end - return hosts_set; + return set.new(array.collect(keys(prosody.hosts))); + end +end + +-- Hosts with a module or all virtualhosts if no module given +-- matching modules_enabled in the global section +local function get_hosts_with_module(hosts, module) + local hosts_set = get_hosts_set(hosts) + / function (host) return (prosody.hosts[host].type == "local" or module and modulemanager.is_loaded(host, module)) and host or nil; end; + if module and modulemanager.get_module("*", module) then + hosts_set:add("*"); end + return hosts_set; end function def_env.module:load(name, hosts, config) - hosts = get_hosts_set(hosts); + hosts = get_hosts_with_module(hosts); -- Load the module for each host local ok, err, count, mod = true, nil, 0; @@ -411,7 +417,7 @@ function def_env.module:load(name, hosts, config) end function def_env.module:unload(name, hosts) - hosts = get_hosts_set(hosts, name); + hosts = get_hosts_with_module(hosts, name); -- Unload the module for each host local ok, err, count = true, nil, 0; @@ -437,7 +443,7 @@ local function _sort_hosts(a, b) end function def_env.module:reload(name, hosts) - hosts = array.collect(get_hosts_set(hosts, name)):sort(_sort_hosts) + hosts = array.collect(get_hosts_with_module(hosts, name)):sort(_sort_hosts) -- Reload the module for each host local ok, err, count = true, nil, 0; -- cgit v1.2.3 From 567e4183b5e2ba4fe92ef0ef86b34327f036e9f1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 22:08:20 +0100 Subject: mod_admin_telnet: Sort hosts in module:list --- plugins/mod_admin_telnet.lua | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index fffab4cf..fbaa80d0 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -466,16 +466,7 @@ function def_env.module:reload(name, hosts) end function def_env.module:list(hosts) - if hosts == nil then - hosts = array.collect(keys(prosody.hosts)); - table.insert(hosts, 1, "*"); - end - if type(hosts) == "string" then - hosts = { hosts }; - end - if type(hosts) ~= "table" then - return false, "Please supply a host or a list of hosts you would like to see"; - end + hosts = array.collect(set.new({ not hosts and "*" or nil }) + get_hosts_set(hosts)):sort(_sort_hosts); local print = self.session.print; for _, host in ipairs(hosts) do -- cgit v1.2.3 From 13622b141e299ba3df60b82153084f34bdcb8e6f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 21:44:58 +0100 Subject: mod_admin_telnet: Use existing host comparison when comparing JIDs --- plugins/mod_admin_telnet.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index fbaa80d0..a454f568 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -630,7 +630,7 @@ local function show_c2s(callback) end return (a.username or "") > (b.username or ""); end - return (a.host or "") > (b.host or ""); + return _sort_hosts(a.host or "", b.host or ""); end):map(function (session) callback(get_jid(session), session) end); -- cgit v1.2.3 From fac877feaa6c394469614b4604f1723b6bb3b681 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 15 Dec 2019 22:15:52 +0100 Subject: mod_admin_telnet: Use common sort function in s2s:show --- plugins/mod_admin_telnet.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index a454f568..9468be62 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -781,8 +781,8 @@ function def_env.s2s:show(match_jid, annotate) -- Sort by local host, then remote host table.sort(s2s_list, function(a,b) - if a.l == b.l then return a.r < b.r; end - return a.l < b.l; + if a.l == b.l then return _sort_hosts(a.r, b.r); end + return _sort_hosts(a.l, b.l); end); local lasthost; for _, sess_lines in ipairs(s2s_list) do -- cgit v1.2.3 From ad26a3b047ab0ae2efa0d61553e32f77da2ccac4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 17 Dec 2019 00:34:39 +0100 Subject: mod_s2s: Remove obsolete pre-connect buffer Originally added in c500d4cb7855 Dead code since the net.connect switch in 756b8821007a --- plugins/mod_s2s/mod_s2s.lua | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6912c9a4..00d8f5d9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -438,20 +438,6 @@ function stream_callbacks._streamopened(session, attr) end end - -- Send unauthed buffer - -- (stanzas which are fine to send before dialback) - -- Note that this is *not* the stanza queue (which - -- we can only send if auth succeeds) :) - local send_buffer = session.send_buffer; - if send_buffer and #send_buffer > 0 then - log("debug", "Sending s2s send_buffer now..."); - for i, data in ipairs(send_buffer) do - session.sends2s(tostring(data)); - send_buffer[i] = nil; - end - end - session.send_buffer = nil; - -- If server is pre-1.0, don't wait for features, just do dialback if session.version < 1.0 then if not session.dialback_verifying then -- cgit v1.2.3 From 173990157fad6d4507e8ce2dc214e7bf35a17822 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 19 Dec 2019 10:03:16 +0000 Subject: rostermanager, mod_presence: Support for subscription preapproval (fixes #686) --- plugins/mod_presence.lua | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index f7f458ca..b874277c 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -181,8 +181,10 @@ function handle_outbound_presence_subscriptions_and_probes(origin, stanza, from_ if rostermanager.subscribed(node, host, to_bare) then rostermanager.roster_push(node, host, to_bare); end - core_post_stanza(origin, stanza); - send_presence_of_available_resources(node, host, to_bare, origin); + if rostermanager.is_contact_subscribed(node, host, to_bare) then + core_post_stanza(origin, stanza); + send_presence_of_available_resources(node, host, to_bare, origin); + end if rostermanager.is_user_subscribed(node, host, to_bare) then core_post_stanza(origin, st.presence({ type = "probe", from = from_bare, to = to_bare })); end @@ -229,6 +231,12 @@ function handle_inbound_presence_subscriptions_and_probes(origin, stanza, from_b if 0 == send_presence_of_available_resources(node, host, from_bare, origin) then core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- TODO send last activity end + elseif rostermanager.is_contact_preapproved(node, host, from_bare) then + if not rostermanager.is_contact_pending_in(node, host, from_bare) then + if rostermanager.set_contact_pending_in(node, host, from_bare, stanza) then + core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="subscribed"}), true); + end -- TODO else return error, unable to save + end else core_post_stanza(hosts[host], st.presence({from=to_bare, to=from_bare, type="unavailable"}), true); -- acknowledging receipt if not rostermanager.is_contact_pending_in(node, host, from_bare) then -- cgit v1.2.3 From 2a75869d2721f9235ea882484cb1a8ea83f792b7 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 22 Dec 2019 08:42:12 +0000 Subject: MUC: Improve presence broadcast form field label --- plugins/muc/presence_broadcast.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/presence_broadcast.lib.lua b/plugins/muc/presence_broadcast.lib.lua index ace614b3..613e6403 100644 --- a/plugins/muc/presence_broadcast.lib.lua +++ b/plugins/muc/presence_broadcast.lib.lua @@ -65,7 +65,7 @@ module:hook("muc-config-form", function(event) table.insert(event.form, { name = "muc#roomconfig_presencebroadcast"; type = "list-multi"; - label = "Roles for which Presence is Broadcasted"; + label = "Only show participants with roles:"; value = values; options = valid_roles; }); -- cgit v1.2.3 From 6183e7a303d4fed16b368b55dcd0fddc34b20739 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 22 Dec 2019 20:10:20 +0100 Subject: mod_admin_telnet: Include config:get() in help text --- plugins/mod_admin_telnet.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 9468be62..f298ad2f 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -288,6 +288,7 @@ function commands.help(session, data) print [[xmpp:ping(localhost, remotehost) -- Sends a ping to a remote XMPP server and reports the response]] elseif section == "config" then print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] + print [[config:get([host,] option) - Show the value of a config option.]] elseif section == "console" then print [[Hey! Welcome to Prosody's admin console.]] print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] -- cgit v1.2.3 From b843b92fe0a352f75529dd11ac83bd40be545d3b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:34:34 +0100 Subject: mod_adhoc: Remove unused variable [luacheck] --- plugins/adhoc/mod_adhoc.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/adhoc/mod_adhoc.lua b/plugins/adhoc/mod_adhoc.lua index bf1775b4..f6553773 100644 --- a/plugins/adhoc/mod_adhoc.lua +++ b/plugins/adhoc/mod_adhoc.lua @@ -8,7 +8,7 @@ local it = require "util.iterators"; local st = require "util.stanza"; local is_admin = require "core.usermanager".is_admin; -local jid_split = require "util.jid".split; +local jid_host = require "util.jid".host; local adhoc_handle_cmd = module:require "adhoc".handle_cmd; local xmlns_cmd = "http://jabber.org/protocol/commands"; local commands = {}; @@ -21,7 +21,7 @@ module:hook("host-disco-info-node", function (event) local from = stanza.attr.from; local privileged = is_admin(from, stanza.attr.to); local global_admin = is_admin(from); - local username, hostname = jid_split(from); + local hostname = jid_host(from); local command = commands[node]; if (command.permission == "admin" and privileged) or (command.permission == "global_admin" and global_admin) @@ -52,7 +52,7 @@ module:hook("host-disco-items-node", function (event) local from = stanza.attr.from; local admin = is_admin(from, stanza.attr.to); local global_admin = is_admin(from); - local username, hostname = jid_split(from); + local hostname = jid_host(from); for node, command in it.sorted_pairs(commands) do if (command.permission == "admin" and admin) or (command.permission == "global_admin" and global_admin) @@ -74,7 +74,7 @@ module:hook("iq-set/host/"..xmlns_cmd..":command", function (event) local from = stanza.attr.from; local admin = is_admin(from, stanza.attr.to); local global_admin = is_admin(from); - local username, hostname = jid_split(from); + local hostname = jid_host(from); if (command.permission == "admin" and not admin) or (command.permission == "global_admin" and not global_admin) or (command.permission == "local_user" and hostname ~= module.host) then -- cgit v1.2.3 From 4340a5d1d4073972f85898d7ff0eece205fe5f9b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:37:16 +0100 Subject: mod_admin_adhoc: Remove unused JID resource variables [luacheck] --- plugins/mod_admin_adhoc.lua | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_adhoc.lua b/plugins/mod_admin_adhoc.lua index 4fea5a73..674b3339 100644 --- a/plugins/mod_admin_adhoc.lua +++ b/plugins/mod_admin_adhoc.lua @@ -59,7 +59,7 @@ local add_user_command_handler = adhoc_simple(add_user_layout, function(fields, if err then return generate_error_message(err); end - local username, host, resource = jid.split(fields.accountjid); + local username, host = jid.split(fields.accountjid); if module_host ~= host then return { status = "completed", error = { message = "Trying to add a user on " .. host .. " but command was sent to " .. module_host}}; end @@ -94,7 +94,7 @@ local change_user_password_command_handler = adhoc_simple(change_user_password_l if err then return generate_error_message(err); end - local username, host, resource = jid.split(fields.accountjid); + local username, host = jid.split(fields.accountjid); if module_host ~= host then return { status = "completed", @@ -136,7 +136,7 @@ local delete_user_command_handler = adhoc_simple(delete_user_layout, function(fi local failed = {}; local succeeded = {}; for _, aJID in ipairs(fields.accountjids) do - local username, host, resource = jid.split(aJID); + local username, host = jid.split(aJID); if (host == module_host) and usermanager_user_exists(username, host) and usermanager_delete_user(username, host) then module:log("debug", "User %s has been deleted", aJID); succeeded[#succeeded+1] = aJID; @@ -180,7 +180,7 @@ local end_user_session_handler = adhoc_simple(end_user_session_layout, function( local failed = {}; local succeeded = {}; for _, aJID in ipairs(fields.accountjids) do - local username, host, resource = jid.split(aJID); + local username, host = jid.split(aJID); if (host == module_host) and usermanager_user_exists(username, host) and disconnect_user(aJID) then succeeded[#succeeded+1] = aJID; else @@ -212,7 +212,7 @@ local get_user_password_handler = adhoc_simple(get_user_password_layout, functio if err then return generate_error_message(err); end - local user, host, resource = jid.split(fields.accountjid); + local user, host = jid.split(fields.accountjid); local accountjid; local password; if host ~= module_host then @@ -243,7 +243,7 @@ local get_user_roster_handler = adhoc_simple(get_user_roster_layout, function(fi return generate_error_message(err); end - local user, host, resource = jid.split(fields.accountjid); + local user, host = jid.split(fields.accountjid); if host ~= module_host then return { status = "completed", error = { message = "Tried to get roster for a user on " .. host .. " but command was sent to " .. module_host } }; elseif not usermanager_user_exists(user, host) then -- cgit v1.2.3 From d7df11baf30a0308a8ed1c40b365051a19c74f92 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:38:19 +0100 Subject: mod_admin_telnet: Silence luacheck warnings --- plugins/mod_admin_telnet.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index f298ad2f..7df63da9 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -125,6 +125,7 @@ function console:process_line(session, line) local chunkname = "=console"; local env = (useglobalenv and redirect_output(_G, session)) or session.env or nil + -- luacheck: ignore 311/err local chunk, err = envload("return "..line, chunkname, env); if not chunk then chunk, err = envload(line, chunkname, env); @@ -1427,7 +1428,7 @@ end function stats_methods:cfgraph() for _, stat_info in ipairs(self) do - local name, type, value, data = unpack(stat_info, 1, 4); + local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 local function print(s) table.insert(stat_info.output, s); end @@ -1493,7 +1494,7 @@ end function stats_methods:histogram() for _, stat_info in ipairs(self) do - local name, type, value, data = unpack(stat_info, 1, 4); + local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 local function print(s) table.insert(stat_info.output, s); end @@ -1593,6 +1594,7 @@ local function new_stats_context(self) end function def_env.stats:show(filter) + -- luacheck: ignore 211/changed local stats, changed, extra = require "core.statsmanager".get_stats(); local available, displayed = 0, 0; local displayed_stats = new_stats_context(self); -- cgit v1.2.3 From a2cfaf8c28ec3f90ec0f548b240091053d5571c6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:43:34 +0100 Subject: mod_announce: Silence luacheck warning about unused variable --- plugins/mod_announce.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_announce.lua b/plugins/mod_announce.lua index 970a273a..c742ebb8 100644 --- a/plugins/mod_announce.lua +++ b/plugins/mod_announce.lua @@ -38,6 +38,7 @@ end -- Old -based jabberd-style announcement sending function handle_announcement(event) local stanza = event.stanza; + -- luacheck: ignore 211/node local node, host, resource = jid.split(stanza.attr.to); if resource ~= "announce/online" then -- cgit v1.2.3 From dd7a972108d1632d28e08fd92a5aa8f728eb5943 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:52:50 +0100 Subject: mod_http_files: Log something if unable to load MIME database Not that much to worry about, the most common file types are included in the code above. --- plugins/mod_http_files.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_files.lua b/plugins/mod_http_files.lua index c357ddfc..4d0b14cd 100644 --- a/plugins/mod_http_files.lua +++ b/plugins/mod_http_files.lua @@ -33,7 +33,9 @@ if not mime_map then module:shared("/*/http_files/mime").types = mime_map; local mime_types, err = open(module:get_option_path("mime_types_file", "/etc/mime.types", "config"), "r"); - if mime_types then + if not mime_types then + module:log("debug", "Could not open MIME database: %s", err); + else local mime_data = mime_types:read("*a"); mime_types:close(); setmetatable(mime_map, { -- cgit v1.2.3 From e660a65d2856bbc5c20c41c8b0d4a722b187880c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 21:55:41 +0100 Subject: mod_vcard_legacy: Ignore an unused variable [luacheck] --- plugins/mod_vcard_legacy.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index 6bae3ee5..a6ff47d0 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -38,7 +38,7 @@ local simple_map = { module:hook("iq-get/bare/vcard-temp:vCard", function (event) local origin, stanza = event.origin, event.stanza; local pep_service = mod_pep.get_pep_service(jid_split(stanza.attr.to) or origin.username); - local ok, id, vcard4_item = pep_service:get_last_item("urn:xmpp:vcard4", stanza.attr.from); + local ok, _, vcard4_item = pep_service:get_last_item("urn:xmpp:vcard4", stanza.attr.from); local vcard_temp = st.stanza("vCard", { xmlns = "vcard-temp" }); if ok and vcard4_item then -- cgit v1.2.3 From 72a8c497ec2920ec0ab01ce2f5d01b514da58b8a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:23:29 +0100 Subject: MUC: Remove some unused variables [luacheck] --- plugins/muc/muc.lib.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 6b5f6068..7226a7bf 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -385,7 +385,7 @@ function room_mt:handle_kickable(origin, stanza) -- luacheck: ignore 212 local real_jid = stanza.attr.from; local occupant = self:get_occupant_by_real_jid(real_jid); if occupant == nil then return nil; end - local type, condition, text = stanza:get_error(); + local _, condition, text = stanza:get_error(); local error_message = "Kicked: "..(condition and condition:gsub("%-", " ") or "presence error"); if text and self:get_whois() == "anyone" then error_message = error_message..": "..text; @@ -1254,7 +1254,7 @@ function room_mt:route_stanza(stanza) -- luacheck: ignore 212 end function room_mt:get_affiliation(jid) - local node, host, resource = jid_split(jid); + local node, host = jid_split(jid); -- Affiliations are granted, revoked, and maintained based on the user's bare JID. local bare = node and node.."@"..host or host; local result = self._affiliations[bare]; @@ -1277,7 +1277,7 @@ end function room_mt:set_affiliation(actor, jid, affiliation, reason, data) if not actor then return nil, "modify", "not-acceptable"; end; - local node, host, resource = jid_split(jid); + local node, host = jid_split(jid); if not host then return nil, "modify", "not-acceptable"; end jid = jid_join(node, host); -- Bare local is_host_only = node == nil; @@ -1571,7 +1571,7 @@ function _M.restore_room(frozen, state) else -- New storage format for jid, data in pairs(frozen) do - local node, host, resource = jid_split(jid); + local _, host, resource = jid_split(jid); if host:sub(1,1) ~= "_" and not resource and type(data) == "string" then -- bare jid: affiliation room._affiliations[jid] = data; -- cgit v1.2.3 From 7c8ad7bede58bd7a37da11eec8fef6ed83dc37f0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:24:31 +0100 Subject: mod_limits: Remove an unused variable Hope this isn't meant to be used. 'outstanding' seems to be the more useful value anyways? --- plugins/mod_limits.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_limits.lua b/plugins/mod_limits.lua index a1a3b2c0..024ab686 100644 --- a/plugins/mod_limits.lua +++ b/plugins/mod_limits.lua @@ -53,7 +53,7 @@ local default_filter_set = {}; function default_filter_set.bytes_in(bytes, session) local sess_throttle = session.throttle; if sess_throttle then - local ok, balance, outstanding = sess_throttle:poll(#bytes, true); + local ok, _, outstanding = sess_throttle:poll(#bytes, true); if not ok then session.log("debug", "Session over rate limit (%d) with %d (by %d), pausing", sess_throttle.max, #bytes, outstanding); outstanding = ceil(outstanding); -- cgit v1.2.3 From 2d7c3d090b88245b323b9b1f474b587a030d6e3e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:27:25 +0100 Subject: mod_vcard: Remove unused variable [luacheck] --- plugins/mod_vcard.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_vcard.lua b/plugins/mod_vcard.lua index b1a4c6e8..c3d6fb8b 100644 --- a/plugins/mod_vcard.lua +++ b/plugins/mod_vcard.lua @@ -19,7 +19,7 @@ local function handle_vcard(event) if stanza.attr.type == "get" then local vCard; if to then - local node, host = jid_split(to); + local node = jid_split(to); vCard = st.deserialize(vcards:get(node)); -- load vCard for user or server else vCard = st.deserialize(vcards:get(session.username));-- load user's own vCard -- cgit v1.2.3 From a95900e81c072dc7956addc70b1664695a18261e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:28:04 +0100 Subject: MUC: Make note to handle configuration form errors [luacheck] --- plugins/muc/muc.lib.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 7226a7bf..399b090e 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -844,10 +844,12 @@ function room_mt:process_form(origin, stanza) if form.attr.type == "cancel" then origin.send(st.reply(stanza)); elseif form.attr.type == "submit" then + -- luacheck: ignore 231/errors local fields, errors, present; if form.tags[1] == nil then -- Instant room fields, present = {}, {}; else + -- FIXME handle form errors fields, errors, present = self:get_form_layout(stanza.attr.from):data(form); if fields.FORM_TYPE ~= "http://jabber.org/protocol/muc#roomconfig" then origin.send(st.error_reply(stanza, "cancel", "bad-request", "Form is not of type room configuration")); -- cgit v1.2.3 From 9861fc79f11197e65bd9837a3cda5c2a6c321d8a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:28:42 +0100 Subject: mod_pubsub: Ignore an unused variable [luacheck] --- plugins/mod_pubsub/pubsub.lib.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 23695211..0938dbbc 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -810,6 +810,7 @@ local function archive_itemstore(archive, config, user, node) end module:log("debug", "Listed items %s", data); return it.reverse(function() + -- luacheck: ignore 211/when local id, payload, when, publisher = data(); if id == nil then return; -- cgit v1.2.3 From 1bd2db0a6c060dc2faf3421811c3eaffee498233 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:29:13 +0100 Subject: mod_pep_simple: Ignore unused variable [luacheck] --- plugins/mod_pep_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_pep_simple.lua b/plugins/mod_pep_simple.lua index 11268ab7..e686b99b 100644 --- a/plugins/mod_pep_simple.lua +++ b/plugins/mod_pep_simple.lua @@ -85,6 +85,7 @@ local function publish_all(user, recipient, session) if d and notify then for node in pairs(notify) do if d[node] then + -- luacheck: ignore id local id, item = unpack(d[node]); session.send(st.message({from=user, to=recipient, type='headline'}) :tag('event', {xmlns='http://jabber.org/protocol/pubsub#event'}) -- cgit v1.2.3 From 77daebcbc2b412173ac9a41dd5327ff269902f90 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:30:21 +0100 Subject: mod_presence: Ignore an unused variable [luacheck] Not sure if it should be unused, hence the TODO --- plugins/mod_presence.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index b874277c..e69c31a5 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -192,6 +192,8 @@ function handle_outbound_presence_subscriptions_and_probes(origin, stanza, from_ -- 1. send unavailable -- 2. route stanza -- 3. roster push (subscription = from or both) + -- luacheck: ignore 211/pending_in + -- Is pending_in meant to be used? local success, pending_in, subscribed = rostermanager.unsubscribed(node, host, to_bare); if success then if subscribed then -- cgit v1.2.3 From 4b548a129b90bbd17606bfcfe79bda47731ebe5d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 23:11:28 +0100 Subject: mod_legacyauth: Report failure from sessionmanager (mostly invalid username) --- plugins/mod_legacyauth.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index 0f41d3e7..941806d3 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -78,8 +78,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event) session:close(); -- FIXME undo resource bind and auth instead of closing the session? return true; end + session.send(st.reply(stanza)); + else + session.send(st.error_reply(stanza, "auth", "not-authorized", err)); end - session.send(st.reply(stanza)); else session.send(st.error_reply(stanza, "auth", "not-authorized")); end -- cgit v1.2.3 From 5b06f8946f51c90fe3dd4ed9cfba91e5ad83f1b7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 23:28:44 +0100 Subject: mod_muc_mam: Handle form identification error (e.g. not a form at all) --- plugins/mod_muc_mam.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 1df93a18..fd98e205 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -145,7 +145,10 @@ module:hook("iq-set/bare/"..xmlns_mam..":query", function(event) local form = query:get_child("x", "jabber:x:data"); if form then local form_type, err = get_form_type(form); - if form_type ~= xmlns_mam then + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err)); + return true; + elseif form_type ~= xmlns_mam then origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'")); return true; end -- cgit v1.2.3 From 1c3988b1719e164b38c75eff73aa3df52c531ae7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 23:30:45 +0100 Subject: mod_mam: More careful validation of MAM query form Adapted from mod_muc_mam --- plugins/mod_mam/mod_mam.lua | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index e9528d52..018aef77 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -25,6 +25,7 @@ local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; local jid_prepped_split = require "util.jid".prepped_split; local dataform = require "util.dataforms".new; +local get_form_type = require "util.dataforms".get_type; local host = module.host; local rm_load_roster = require "core.rostermanager".load_roster; @@ -101,7 +102,14 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) local qwith, qstart, qend; local form = query:get_child("x", "jabber:x:data"); if form then - local err; + local form_type, err = get_form_type(form); + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err)); + return true; + elseif form_type ~= xmlns_mam then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'")); + return true; + end form, err = query_form:data(form); if err then origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err)))); -- cgit v1.2.3 From 8537138d41a6bca5e855040c8928ef2aae59802f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 23:31:09 +0100 Subject: mod_muc_mam: Remove unused variable [luacheck] --- plugins/mod_muc_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index fd98e205..2e26893a 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -354,7 +354,7 @@ end, 0); -- Handle messages local function save_to_history(self, stanza) - local room_node, room_host = jid_split(self.jid); + local room_node = jid_split(self.jid); local stored_stanza = stanza; -- cgit v1.2.3 From 96c1406bcdea0d0e98b70fb968d5d315790cc391 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 24 Dec 2019 00:49:43 +0100 Subject: mod_storage_sql: Remove unused and not actually returned return value [luacheck] The :delete throws an error, it does not return one like this. --- plugins/mod_storage_sql.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 666cee41..8172b853 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -281,7 +281,7 @@ function archive_store:append(username, key, value, when, with) VALUES (?,?,?,?,?,?,?,?); ]]; if key then - local result, err = engine:delete(delete_sql, host, user or "", store, key); + local result = engine:delete(delete_sql, host, user or "", store, key); if result then item_count = item_count - result:affected(); end -- cgit v1.2.3 From e10171d44d362918cc0d4886e37018cd14843d0d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 20 Dec 2019 22:47:34 +0100 Subject: mod_adhoc: Improve permission setting (fix #1482) BC Rename 'user' permission mode to 'any' for clarity, too easily mistaken for what the 'local_user' setting does. It is also removed as a default and made a required argument. --- plugins/adhoc/adhoc.lib.lua | 8 +++++++- plugins/adhoc/mod_adhoc.lua | 4 ++-- plugins/mod_uptime.lua | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/adhoc/adhoc.lib.lua b/plugins/adhoc/adhoc.lib.lua index 0b910299..0c61a636 100644 --- a/plugins/adhoc/adhoc.lib.lua +++ b/plugins/adhoc/adhoc.lib.lua @@ -21,7 +21,13 @@ local function _cmdtag(desc, status, sessionid, action) end function _M.new(name, node, handler, permission) - return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = (permission or "user") }; + if not permission then + error "adhoc.new() expects a permission argument, none given" + end + if permission == "user" then + error "the permission mode 'user' has been renamed 'any', please update your code" + end + return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = permission }; end function _M.handle_cmd(command, origin, stanza) diff --git a/plugins/adhoc/mod_adhoc.lua b/plugins/adhoc/mod_adhoc.lua index f6553773..188d05e8 100644 --- a/plugins/adhoc/mod_adhoc.lua +++ b/plugins/adhoc/mod_adhoc.lua @@ -26,7 +26,7 @@ module:hook("host-disco-info-node", function (event) if (command.permission == "admin" and privileged) or (command.permission == "global_admin" and global_admin) or (command.permission == "local_user" and hostname == module.host) - or (command.permission == "user") then + or (command.permission == "any") then reply:tag("identity", { name = command.name, category = "automation", type = "command-node" }):up(); reply:tag("feature", { var = xmlns_cmd }):up(); @@ -57,7 +57,7 @@ module:hook("host-disco-items-node", function (event) if (command.permission == "admin" and admin) or (command.permission == "global_admin" and global_admin) or (command.permission == "local_user" and hostname == module.host) - or (command.permission == "user") then + or (command.permission == "any") then reply:tag("item", { name = command.name, node = node, jid = module:get_host() }); reply:up(); diff --git a/plugins/mod_uptime.lua b/plugins/mod_uptime.lua index ccd8e511..035f7e9b 100644 --- a/plugins/mod_uptime.lua +++ b/plugins/mod_uptime.lua @@ -42,6 +42,6 @@ function uptime_command_handler () return { info = uptime_text(), status = "completed" }; end -local descriptor = adhoc_new("Get uptime", "uptime", uptime_command_handler); +local descriptor = adhoc_new("Get uptime", "uptime", uptime_command_handler, "any"); module:provides("adhoc", descriptor); -- cgit v1.2.3 From 30f7e379d4b316c197c837dce2c47b73b8b77d1f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Dec 2019 22:20:51 +0100 Subject: mod_http_errors: Use text from util.errror object if included This makes util.error objects useful for more than just an error code container. --- plugins/mod_http_errors.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index 2158b403..e151a68e 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -73,7 +73,7 @@ module:hook_object_event(server, "http-error", function (event) if event.response then event.response.headers.content_type = "text/html; charset=utf-8"; end - return get_page(event.code, (show_private and event.private_message) or event.message); + return get_page(event.code, (show_private and event.private_message) or event.message or (event.error and event.error.text)); end); module:hook_object_event(server, "http-error", function (event) -- cgit v1.2.3 From 71138a9fd9d1b1e5767409be50d1547359e0d186 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 4 Jan 2020 14:05:10 +0100 Subject: mod_muc_mam: Measure how long a cleanup run takes (like mod_mam) --- plugins/mod_muc_mam.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index fee75e33..e7506bbb 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -481,7 +481,10 @@ if cleanup_after ~= "never" then end end + local cleanup_time = module:measure("cleanup", "times"); + cleanup_runner = require "util.async".runner(function () + local cleanup_done = cleanup_time(); local rooms = {}; local cut_off = datestamp(os.time() - cleanup_after); for date in cleanup_storage:users() do @@ -512,6 +515,7 @@ if cleanup_after ~= "never" then end end module:log("info", "Deleted %d expired messages for %d rooms", sum, num_rooms); + cleanup_done(); end); cleanup_task = module:add_timer(1, function () -- cgit v1.2.3 From 9782727301205d85ca58a88f9ab356600bda4013 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 24 Jan 2020 13:49:33 +0000 Subject: mod_s2s: Pass use_ipv4/ipv6 from config to connector config --- plugins/mod_s2s/mod_s2s.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 00d8f5d9..2d45c750 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -27,7 +27,7 @@ local s2s_destroy_session = require "core.s2smanager".destroy_session; local uuid_gen = require "util.uuid".generate; local fire_global_event = prosody.events.fire_event; local runner = require "util.async".runner; -local connect = require "net.connect".connect; +local new_connector = require "net.connect".new_connector; local service = require "net.resolvers.service"; local errors = require "util.error"; local set = require "util.set"; @@ -51,6 +51,11 @@ local listener = {}; local log = module._log; +local connect = new_connector({ + use_ipv4 = module:get_option_boolean("use_ipv4", true); + use_ipv6 = module:get_option_boolean("use_ipv6", true); +}); + module:hook("stats-update", function () local count = 0; local ipv6 = 0; -- cgit v1.2.3 From 634408ca294da12888871740d296fb0a955f13ae Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 24 Jan 2020 16:21:30 +0000 Subject: mod_websocket: Fire event on session creation (thanks Aaron van Meerten) --- plugins/mod_websocket.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 101039e1..4d3e79bb 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -292,6 +292,8 @@ function handle_request(event) response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); response.headers.sec_webSocket_protocol = "xmpp"; + module:fire_event("websocket-session", { session = session, request = request }); + session.log("debug", "Sending WebSocket handshake"); return ""; -- cgit v1.2.3 From b37a36b1be0a8a91e851bcffe1f3e84c9f0f6151 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 24 Jan 2020 23:29:14 +0100 Subject: mod_admin_telnet: Use promise based DNS resolving Mostly done for testing this new API --- plugins/mod_admin_telnet.lua | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5ffd40e0..fba10faf 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1189,14 +1189,12 @@ end function def_env.dns:lookup(name, typ, class) local resolver = get_resolver(self.session); - local ret = "Query sent"; - local print = self.session.print; - local function handler(...) - ret = "Got response"; - print(...); + local ret, err = async.wait(resolver:lookup_promise(name, typ, class)); + if ret then + return true, ret; + elseif err then + return false, err; end - resolver:lookup(handler, name, typ, class); - return true, ret; end function def_env.dns:addnameserver(...) -- cgit v1.2.3 From 6e108728a10ae420bd4c9734af21d12fdaf335bc Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 25 Jan 2020 14:25:21 +0000 Subject: Backed out changeset 74d66b1be989 (not optimal API) --- plugins/mod_s2s/mod_s2s.lua | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 2d45c750..00d8f5d9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -27,7 +27,7 @@ local s2s_destroy_session = require "core.s2smanager".destroy_session; local uuid_gen = require "util.uuid".generate; local fire_global_event = prosody.events.fire_event; local runner = require "util.async".runner; -local new_connector = require "net.connect".new_connector; +local connect = require "net.connect".connect; local service = require "net.resolvers.service"; local errors = require "util.error"; local set = require "util.set"; @@ -51,11 +51,6 @@ local listener = {}; local log = module._log; -local connect = new_connector({ - use_ipv4 = module:get_option_boolean("use_ipv4", true); - use_ipv6 = module:get_option_boolean("use_ipv6", true); -}); - module:hook("stats-update", function () local count = 0; local ipv6 = 0; -- cgit v1.2.3 From 165901fe8023f03c5e4b8083a6f588c306775d78 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 25 Jan 2020 14:38:42 +0000 Subject: mod_s2s: Pass use_ipv4/use_ipv6 from config to service resolver --- plugins/mod_s2s/mod_s2s.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 00d8f5d9..4c509ba9 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -51,6 +51,12 @@ local listener = {}; local log = module._log; +local s2s_service_options = { + default_port = 5269; + use_ipv4 = module:get_option_boolean("use_ipv4", true); + use_ipv6 = module:get_option_boolean("use_ipv6", true); +}; + module:hook("stats-update", function () local count = 0; local ipv6 = 0; @@ -165,7 +171,7 @@ function route_to_new_session(event) host_session.bounce_sendq = bounce_sendq; host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; log("debug", "stanza [%s] queued until connection complete", stanza.name); - connect(service.new(to_host, "xmpp-server", "tcp", { default_port = 5269 }), listener, nil, { session = host_session }); + connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session }); return true; end -- cgit v1.2.3 From a0dffb53e17d10eea3625dd49751e6cc3ed6d234 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Jan 2020 16:42:56 +0100 Subject: mod_posix: Add deprecation warning for the 'daemonize' option --- plugins/mod_posix.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index bcef2c1d..5177aaa5 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -116,7 +116,11 @@ local daemonize = prosody.opts.daemonize; if daemonize == nil then -- Fall back to config file if not specified on command-line - daemonize = module:get_option("daemonize", prosody.installed); + daemonize = module:get_option_boolean("daemonize", nil); + if daemonize ~= nil then + module:log("warn", "The 'daemonize' option has been deprecated, specify -D or -F on the command line instead."); + -- TODO: Write some docs and include a link in the warning. + end end local function remove_log_sinks() -- cgit v1.2.3 From ebb79437a842551b2cc8e403aaeccdc642260fa0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Jan 2020 19:52:48 +0100 Subject: mod_s2s: Comment on the various 'reason' arguments passed to :close --- plugins/mod_s2s/mod_s2s.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 4c509ba9..39b23ee5 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -487,6 +487,9 @@ end --- Session methods local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; +-- reason: stream error to send to the remote server +-- remote_reason: stream error received from the remote server +-- bounce_reason: stanza error to pass to bounce_sendq beacuse stream- and stanza errors are different local function session_close(session, reason, remote_reason, bounce_reason) local log = session.log or log; if session.conn then -- cgit v1.2.3 From 1f437623ad987328bcd6ca34b551f14415985b32 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 21:54:59 +0000 Subject: usermanager, mod_authz_internal: Move admin-checking functionality into a module. Fixes #517 (ish). Note: Removes the ability for mod_auth_* providers to determine user admin status. Such modules will need to have their is_admin methods ported to be a mod_authz_* provider. --- plugins/mod_authz_internal.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 plugins/mod_authz_internal.lua (limited to 'plugins') diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua new file mode 100644 index 00000000..41b8d9f0 --- /dev/null +++ b/plugins/mod_authz_internal.lua @@ -0,0 +1,16 @@ +local normalize = require "util.jid".prep; +local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; +local host = module.host; + +local admin_role = { ["prosody:admin"] = true }; + +function get_user_roles(user) + return get_jid_roles(user.."@"..host); +end + +function get_jid_roles(jid) + if admin_jids:contains(jid) then + return admin_role; + end + return nil; +end -- cgit v1.2.3 From 34abcc8bd5da00be68279f31b747a341f23d1c11 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 27 Jan 2020 22:28:52 +0000 Subject: mod_authz_internal, usermanager: Rename to mod_authz_config --- plugins/mod_authz_config.lua | 16 ++++++++++++++++ plugins/mod_authz_internal.lua | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 plugins/mod_authz_config.lua delete mode 100644 plugins/mod_authz_internal.lua (limited to 'plugins') diff --git a/plugins/mod_authz_config.lua b/plugins/mod_authz_config.lua new file mode 100644 index 00000000..41b8d9f0 --- /dev/null +++ b/plugins/mod_authz_config.lua @@ -0,0 +1,16 @@ +local normalize = require "util.jid".prep; +local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; +local host = module.host; + +local admin_role = { ["prosody:admin"] = true }; + +function get_user_roles(user) + return get_jid_roles(user.."@"..host); +end + +function get_jid_roles(jid) + if admin_jids:contains(jid) then + return admin_role; + end + return nil; +end diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua deleted file mode 100644 index 41b8d9f0..00000000 --- a/plugins/mod_authz_internal.lua +++ /dev/null @@ -1,16 +0,0 @@ -local normalize = require "util.jid".prep; -local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; -local host = module.host; - -local admin_role = { ["prosody:admin"] = true }; - -function get_user_roles(user) - return get_jid_roles(user.."@"..host); -end - -function get_jid_roles(jid) - if admin_jids:contains(jid) then - return admin_role; - end - return nil; -end -- cgit v1.2.3 From cfa4181982f768ca5d376db8db45951815429665 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 5 Feb 2020 17:56:44 +0000 Subject: mod_saslauth: Pass through any auth scope from the SASL handler to sessionmanager.make_authenticated() --- plugins/mod_saslauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua index ecce8361..2a5edcb2 100644 --- a/plugins/mod_saslauth.lua +++ b/plugins/mod_saslauth.lua @@ -49,7 +49,7 @@ local function handle_status(session, status, ret, err_msg) module:fire_event("authentication-failure", { session = session, condition = ret, text = err_msg }); session.sasl_handler = session.sasl_handler:clean_clone(); elseif status == "success" then - local ok, err = sm_make_authenticated(session, session.sasl_handler.username); + local ok, err = sm_make_authenticated(session, session.sasl_handler.username, session.sasl_handler.scope); if ok then module:fire_event("authentication-success", { session = session }); session.sasl_handler = nil; -- cgit v1.2.3 From 3827fd9716252e9b74bef848fd39879dd2699950 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 5 Feb 2020 23:29:39 +0100 Subject: mod_admin_telnet: Avoid indexing missing socket (thanks tmolitor) if `sock` was nil it would still proceed with SNI and ALPN checks --- plugins/mod_admin_telnet.lua | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index fba10faf..2485e698 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -580,20 +580,20 @@ local function tls_info(session, line) if sock and sock.info then local info = sock:info(); line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher); - else - line[#line+1] = "(cipher info unavailable)"; - end - if sock.getsniname then - local name = sock:getsniname(); - if name then - line[#line+1] = ("(SNI:%q)"):format(name); + if sock.getsniname then + local name = sock:getsniname(); + if name then + line[#line+1] = ("(SNI:%q)"):format(name); + end end - end - if sock.getalpn then - local proto = sock:getalpn(); - if proto then - line[#line+1] = ("(ALPN:%q)"):format(proto); + if sock.getalpn then + local proto = sock:getalpn(); + if proto then + line[#line+1] = ("(ALPN:%q)"):format(proto); + end end + else + line[#line+1] = "(cipher info unavailable)"; end else line[#line+1] = "(insecure)"; -- cgit v1.2.3 From 798995ef1a78548aae4c76290064da064494acf4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 13 Feb 2020 23:03:03 +0100 Subject: mod_s2s: Fix typo in comment [codespell] --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 39b23ee5..8feb6403 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -489,7 +489,7 @@ end local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -- reason: stream error to send to the remote server -- remote_reason: stream error received from the remote server --- bounce_reason: stanza error to pass to bounce_sendq beacuse stream- and stanza errors are different +-- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different local function session_close(session, reason, remote_reason, bounce_reason) local log = session.log or log; if session.conn then -- cgit v1.2.3 From 0b3056c44881ef8692cdb09e520a9368b29dc601 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 21 Feb 2020 23:30:47 +0100 Subject: mod_ping: Fix double response to internal ping When responding to a ping from elsewhere in the same Prosody the send function will be host_send from core.hostmanager, which does not return anything. Tailcalling it therefore lets the iq event fall trough to handle_unhandled_stanza in core.stanza_router, which responds with an error. This error also goes into handle_unhandled_stanza which discards it. Noticed because I have a module that points out when a stanza error reply is created without a text argument. --- plugins/mod_ping.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_ping.lua b/plugins/mod_ping.lua index df24c495..b6ccc928 100644 --- a/plugins/mod_ping.lua +++ b/plugins/mod_ping.lua @@ -11,7 +11,8 @@ local st = require "util.stanza"; module:add_feature("urn:xmpp:ping"); local function ping_handler(event) - return event.origin.send(st.reply(event.stanza)); + event.origin.send(st.reply(event.stanza)); + return true; end module:hook("iq-get/bare/urn:xmpp:ping:ping", ping_handler); -- cgit v1.2.3 From 23cd82ba5fd0a00d85fb7d6a708723419fdc0cb4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 22 Feb 2020 18:23:38 +0100 Subject: mod_admin_telnet: Reflow hosts filter for readability --- plugins/mod_admin_telnet.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 2485e698..730053fe 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -384,7 +384,12 @@ end -- matching modules_enabled in the global section local function get_hosts_with_module(hosts, module) local hosts_set = get_hosts_set(hosts) - / function (host) return (prosody.hosts[host].type == "local" or module and modulemanager.is_loaded(host, module)) and host or nil; end; + / function (host) + if prosody.hosts[host].type == "local" or module and modulemanager.is_loaded(host, module) then + return host; + end; + return nil; + end; if module and modulemanager.get_module("*", module) then hosts_set:add("*"); end -- cgit v1.2.3 From 3947003b7e86a084cc725b5c68d7b4e8724e3312 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 22 Feb 2020 18:32:50 +0100 Subject: mod_admin_telnet: Fix host selection filter, fixes loading on components get_hosts_with_module(a component, mod) would still filter out components since they don't have type="component" instead of "local" Introduced in 4d3549e64489 --- plugins/mod_admin_telnet.lua | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 730053fe..2688209b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -385,10 +385,24 @@ end local function get_hosts_with_module(hosts, module) local hosts_set = get_hosts_set(hosts) / function (host) - if prosody.hosts[host].type == "local" or module and modulemanager.is_loaded(host, module) then - return host; + if module then + -- Module given, filter in hosts with this module loaded + if modulemanager.is_loaded(host, module) then + return host; + else + return nil; + end + end + if not hosts then + -- No hosts given, filter in VirtualHosts + if prosody.hosts[host].type == "local" then + return host; + else + return nil + end end; - return nil; + -- No module given, but hosts are, don't filter at all + return host; end; if module and modulemanager.get_module("*", module) then hosts_set:add("*"); -- cgit v1.2.3 From 8d04879adfbe5d4039a14c5bd10e95ee4b051566 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sun, 23 Feb 2020 12:38:43 +0000 Subject: usermanager, mod_authz_*: Merge mod_authz_config and mod_authz_internal into the latter --- plugins/mod_authz_config.lua | 16 ---------------- plugins/mod_authz_internal.lua | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 16 deletions(-) delete mode 100644 plugins/mod_authz_config.lua create mode 100644 plugins/mod_authz_internal.lua (limited to 'plugins') diff --git a/plugins/mod_authz_config.lua b/plugins/mod_authz_config.lua deleted file mode 100644 index 41b8d9f0..00000000 --- a/plugins/mod_authz_config.lua +++ /dev/null @@ -1,16 +0,0 @@ -local normalize = require "util.jid".prep; -local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; -local host = module.host; - -local admin_role = { ["prosody:admin"] = true }; - -function get_user_roles(user) - return get_jid_roles(user.."@"..host); -end - -function get_jid_roles(jid) - if admin_jids:contains(jid) then - return admin_role; - end - return nil; -end diff --git a/plugins/mod_authz_internal.lua b/plugins/mod_authz_internal.lua new file mode 100644 index 00000000..0f6e4873 --- /dev/null +++ b/plugins/mod_authz_internal.lua @@ -0,0 +1,22 @@ +local normalize = require "util.jid".prep; +local admin_jids = module:get_option_inherited_set("admins", {}) / normalize; +local host = module.host; +local role_store = module:open_store("roles"); + +local admin_role = { ["prosody:admin"] = true }; + +function get_user_roles(user) + if admin_jids:contains(user.."@"..host) then + return admin_role; + end + return role_store:get(user); +end + +function get_jid_roles(jid) + if admin_jids:contains(jid) then + return admin_role; + end + return nil; +end + + -- cgit v1.2.3 From 4a2e73392898afb5f8b380bdef86e438761b3d77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Mon, 24 Feb 2020 14:16:45 +0100 Subject: mod_muc: add muc-private-message event This seems to be the one place handling MUC-PMs. This event is added so that plugins (such as muc_occupant_id) can edit them without having to redo the work. --- plugins/muc/muc.lib.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 399b090e..8adb0046 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -814,7 +814,9 @@ function room_mt:handle_message_to_occupant(origin, stanza) stanza = muc_util.filter_muc_x(st.clone(stanza)); stanza:tag("x", { xmlns = "http://jabber.org/protocol/muc#user" }):up(); stanza.attr.from = current_nick; - self:route_to_occupant(o_data, stanza) + if module:fire_event("muc-private-message", { room = self, origin = origin, stanza = stanza }) ~= false then + self:route_to_occupant(o_data, stanza) + end -- TODO: Remove x tag? stanza.attr.from = from; return true; -- cgit v1.2.3 From 1969b96da192e7d8e3233883bdea256942c73a7b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 24 Feb 2020 18:38:09 +0100 Subject: mod_admin_telnet: Allow passing list of hosts to http:list() Lets you select what hosts to list http services on. In particular, this enables listing global http services, which was not possible before. --- plugins/mod_admin_telnet.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 2688209b..4dc32e47 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -1241,10 +1241,10 @@ end def_env.http = {}; -function def_env.http:list() +function def_env.http:list(hosts) local print = self.session.print; - for host in pairs(prosody.hosts) do + for host in get_hosts_set(hosts) do local http_apps = modulemanager.get_items("http-provider", host); if #http_apps > 0 then local http_host = module:context(host):get_option_string("http_host"); -- cgit v1.2.3 From bd69308bf1e9cc6a84620d74a51b7621d55db685 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 26 Feb 2020 17:56:23 +0000 Subject: mod_authtokens: New module for managing auth tokens --- plugins/mod_authtokens.lua | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 plugins/mod_authtokens.lua (limited to 'plugins') diff --git a/plugins/mod_authtokens.lua b/plugins/mod_authtokens.lua new file mode 100644 index 00000000..8e516924 --- /dev/null +++ b/plugins/mod_authtokens.lua @@ -0,0 +1,81 @@ +local id = require "util.id"; +local jid = require "util.jid"; +local base64 = require "util.encodings".base64; + +local token_store = module:open_store("auth_tokens", "map"); + +function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) + token_jid = jid.prep(token_jid); + if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then + return nil, "not-authorized"; + end + + local token_username, token_host, token_resource = jid.split(token_jid); + + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info = { + owner = actor_jid; + expires = token_ttl and (os.time() + token_ttl) or nil; + jid = token_jid; + session = { + username = token_username; + host = token_host; + resource = token_resource; + + auth_scope = token_scope; + }; + }; + + local token_id = id.long(); + local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + token_store:set(token_username, token_id, token_info); + + return token, token_info; +end + +local function parse_token(encoded_token) + local token = base64.decode(encoded_token); + if not token then return nil; end + local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); + if not token_jid then return nil; end + local token_user, token_host = jid.split(token_jid); + return token_id, token_user, token_host; +end + +function get_token_info(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info, err = token_store:get(token_user, token_id); + if not token_info then + if err then + return nil, "internal-error"; + end + return nil, "not-authorized"; + end + + if token_info.expires and token_info.expires < os.time() then + return nil, "not-authorized"; + end + + return token_info +end + +function revoke_token(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + return token_store:set(token_user, token_id, nil); +end -- cgit v1.2.3 From f6a365c970146c2bef638f29eb5cc1b8587a6f98 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 26 Feb 2020 22:46:15 +0000 Subject: mod_authtokens: Rename to mod_tokenauth for consistency with mod_saslauth --- plugins/mod_authtokens.lua | 81 ---------------------------------------------- plugins/mod_tokenauth.lua | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 81 deletions(-) delete mode 100644 plugins/mod_authtokens.lua create mode 100644 plugins/mod_tokenauth.lua (limited to 'plugins') diff --git a/plugins/mod_authtokens.lua b/plugins/mod_authtokens.lua deleted file mode 100644 index 8e516924..00000000 --- a/plugins/mod_authtokens.lua +++ /dev/null @@ -1,81 +0,0 @@ -local id = require "util.id"; -local jid = require "util.jid"; -local base64 = require "util.encodings".base64; - -local token_store = module:open_store("auth_tokens", "map"); - -function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) - token_jid = jid.prep(token_jid); - if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then - return nil, "not-authorized"; - end - - local token_username, token_host, token_resource = jid.split(token_jid); - - if token_host ~= module.host then - return nil, "invalid-host"; - end - - local token_info = { - owner = actor_jid; - expires = token_ttl and (os.time() + token_ttl) or nil; - jid = token_jid; - session = { - username = token_username; - host = token_host; - resource = token_resource; - - auth_scope = token_scope; - }; - }; - - local token_id = id.long(); - local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); - token_store:set(token_username, token_id, token_info); - - return token, token_info; -end - -local function parse_token(encoded_token) - local token = base64.decode(encoded_token); - if not token then return nil; end - local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); - if not token_jid then return nil; end - local token_user, token_host = jid.split(token_jid); - return token_id, token_user, token_host; -end - -function get_token_info(token) - local token_id, token_user, token_host = parse_token(token); - if not token_id then - return nil, "invalid-token-format"; - end - if token_host ~= module.host then - return nil, "invalid-host"; - end - - local token_info, err = token_store:get(token_user, token_id); - if not token_info then - if err then - return nil, "internal-error"; - end - return nil, "not-authorized"; - end - - if token_info.expires and token_info.expires < os.time() then - return nil, "not-authorized"; - end - - return token_info -end - -function revoke_token(token) - local token_id, token_user, token_host = parse_token(token); - if not token_id then - return nil, "invalid-token-format"; - end - if token_host ~= module.host then - return nil, "invalid-host"; - end - return token_store:set(token_user, token_id, nil); -end diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua new file mode 100644 index 00000000..8e516924 --- /dev/null +++ b/plugins/mod_tokenauth.lua @@ -0,0 +1,81 @@ +local id = require "util.id"; +local jid = require "util.jid"; +local base64 = require "util.encodings".base64; + +local token_store = module:open_store("auth_tokens", "map"); + +function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) + token_jid = jid.prep(token_jid); + if not actor_jid or token_jid ~= actor_jid and not jid.compare(token_jid, actor_jid) then + return nil, "not-authorized"; + end + + local token_username, token_host, token_resource = jid.split(token_jid); + + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info = { + owner = actor_jid; + expires = token_ttl and (os.time() + token_ttl) or nil; + jid = token_jid; + session = { + username = token_username; + host = token_host; + resource = token_resource; + + auth_scope = token_scope; + }; + }; + + local token_id = id.long(); + local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + token_store:set(token_username, token_id, token_info); + + return token, token_info; +end + +local function parse_token(encoded_token) + local token = base64.decode(encoded_token); + if not token then return nil; end + local token_jid, token_id = token:match("^1;([^;]+);(.+)$"); + if not token_jid then return nil; end + local token_user, token_host = jid.split(token_jid); + return token_id, token_user, token_host; +end + +function get_token_info(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + + local token_info, err = token_store:get(token_user, token_id); + if not token_info then + if err then + return nil, "internal-error"; + end + return nil, "not-authorized"; + end + + if token_info.expires and token_info.expires < os.time() then + return nil, "not-authorized"; + end + + return token_info +end + +function revoke_token(token) + local token_id, token_user, token_host = parse_token(token); + if not token_id then + return nil, "invalid-token-format"; + end + if token_host ~= module.host then + return nil, "invalid-host"; + end + return token_store:set(token_user, token_id, nil); +end -- cgit v1.2.3 From 92c65ed9af11d0e314db670b37af1119a6eb67e6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 28 Feb 2020 14:13:04 +0100 Subject: mod_tokenauth: Handle tokens issued to bare hosts (eg components) --- plugins/mod_tokenauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 8e516924..b023d9f8 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -30,7 +30,7 @@ function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) }; local token_id = id.long(); - local token = base64.encode("1;"..token_username.."@"..token_host..";"..token_id); + local token = base64.encode("1;"..jid.join(token_username, token_host)..";"..token_id); token_store:set(token_username, token_id, token_info); return token, token_info; -- cgit v1.2.3 From 40bb67c03bba8f3a7d1c0fed751c5411fb5f270d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 28 Feb 2020 21:55:40 +0000 Subject: mod_tokenauth: Track creation time of tokens --- plugins/mod_tokenauth.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index b023d9f8..c04a1aa4 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -18,6 +18,7 @@ function create_jid_token(actor_jid, token_jid, token_scope, token_ttl) local token_info = { owner = actor_jid; + created = os.time(); expires = token_ttl and (os.time() + token_ttl) or nil; jid = token_jid; session = { -- cgit v1.2.3 From 33b9b2b91ec31f328dcd080832c3caf7a24cb93a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Mar 2020 15:57:53 +0000 Subject: mod_storage_sql: Add map_store:find_key() and map_store:delete_key() (+ tests) --- plugins/mod_storage_sql.lua | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 4a2f0d90..a75b832d 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -230,6 +230,50 @@ function map_store:set_keys(username, keydatas) return result; end +function map_store:find_key(key) + if type(key) ~= "string" or key == "" then + return nil, "find_key only supports non-empty string keys"; + end + local ok, result = engine:transaction(function() + local query = [[ + SELECT "user", "type", "value" + FROM "prosody" + WHERE "host"=? AND "store"=? AND "key"=? + ]]; + + local data; + for row in engine:select(query, host, self.store, key) do + local key_data, err = deserialize(row[2], row[3]); + assert(key_data ~= nil, err); + if data == nil then + data = {}; + end + data[row[1]] = key_data; + end + + return data; + + end); + if not ok then return nil, result; end + return result; +end + +function map_store:delete_key(key) + if type(key) ~= "string" or key == "" then + return nil, "delete_key only supports non-empty string keys"; + end + local ok, result = engine:transaction(function() + local delete_sql = [[ + DELETE FROM "prosody" + WHERE "host"=? AND "store"=? AND "key"=?; + ]]; + engine:delete(delete_sql, host, self.store, key); + return true; + end); + if not ok then return nil, result; end + return result; +end + local archive_store = {} archive_store.caps = { total = true; -- cgit v1.2.3 From cb6148d155ea02a68e40b8afb5861451750499ad Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Mar 2020 16:32:41 +0000 Subject: storagemanager, mod_storage_sql: Rename methods to :get_all() and :delete_all() --- plugins/mod_storage_sql.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index a75b832d..accfa2df 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -230,9 +230,9 @@ function map_store:set_keys(username, keydatas) return result; end -function map_store:find_key(key) +function map_store:get_all(key) if type(key) ~= "string" or key == "" then - return nil, "find_key only supports non-empty string keys"; + return nil, "get_all only supports non-empty string keys"; end local ok, result = engine:transaction(function() local query = [[ @@ -258,9 +258,9 @@ function map_store:find_key(key) return result; end -function map_store:delete_key(key) +function map_store:delete_all(key) if type(key) ~= "string" or key == "" then - return nil, "delete_key only supports non-empty string keys"; + return nil, "delete_all only supports non-empty string keys"; end local ok, result = engine:transaction(function() local delete_sql = [[ -- cgit v1.2.3 From e30cbeae993803583e1f2ed2085c9be5b5fb6f63 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 14:10:12 +0000 Subject: MUC: Pass previous role to :publicise_occupant_status() whenever possible Currently there is what amounts to a hack in presence_broadcast.lib.lua to make it always broadcast presence with roles of "none". This is to ensure that if you previously saw available presence for someone, you will also see the unavailable presence (which always has role="none"). The correct approach is to take into account what the previous role was ( i.e. answer the question: "Was the available presence for this occupant a role for which presence broadcast is enabled?). The logic is already in place to do this correctly, but most call sites do not provide the previous role (prev_role argument) of the occupant, which causes it to not be used. In its place the hack to always broadcast presence of role="none" has allowed things to continue to work. The intention is that a subsequent commit will remove the unconditional broadcast of role="none". --- plugins/muc/muc.lib.lua | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 8adb0046..2a7952cf 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -392,6 +392,7 @@ function room_mt:handle_kickable(origin, stanza) -- luacheck: ignore 212 end occupant:set_session(real_jid, st.presence({type="unavailable"}) :tag('status'):text(error_message)); + local orig_role = occupant.role; local is_last_session = occupant.jid == real_jid; if is_last_session then occupant.role = nil; @@ -401,7 +402,7 @@ function room_mt:handle_kickable(origin, stanza) -- luacheck: ignore 212 if is_last_session then x:tag("status", {code = "333"}); end - self:publicise_occupant_status(new_occupant or occupant, x); + self:publicise_occupant_status(new_occupant or occupant, x, nil, nil, nil, orig_role); if is_last_session then module:fire_event("muc-occupant-left", { room = self; @@ -605,6 +606,7 @@ function room_mt:handle_normal_presence(origin, stanza) -- Send presence stanza about original occupant if orig_occupant ~= nil and orig_occupant ~= dest_occupant then local orig_x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user";}); + local orig_role = orig_occupant.role; local dest_nick; if dest_occupant == nil then -- Session is leaving log("debug", "session %s is leaving occupant %s", real_jid, orig_occupant.nick); @@ -647,7 +649,7 @@ function room_mt:handle_normal_presence(origin, stanza) end self:save_occupant(orig_occupant); - self:publicise_occupant_status(orig_occupant, orig_x, dest_nick); + self:publicise_occupant_status(orig_occupant, orig_x, dest_nick, nil, nil, orig_role); if is_last_orig_session then module:fire_event("muc-occupant-left", { @@ -679,7 +681,7 @@ function room_mt:handle_normal_presence(origin, stanza) if nick_changed then self_x:tag("status", {code="210"}):up(); end - self:publicise_occupant_status(dest_occupant, {base=dest_x,self=self_x}); + self:publicise_occupant_status(dest_occupant, {base=dest_x,self=self_x}, nil, nil, nil, orig_occupant and orig_occupant.role or nil); if orig_occupant ~= nil and orig_occupant ~= dest_occupant and not is_last_orig_session then -- If user is swapping and wasn't last original session @@ -1362,7 +1364,7 @@ function room_mt:set_affiliation(actor, jid, affiliation, reason, data) if next(occupants_updated) ~= nil then for occupant, old_role in pairs(occupants_updated) do - self:publicise_occupant_status(occupant, x, nil, actor, reason); + self:publicise_occupant_status(occupant, x, nil, actor, reason, old_role); if occupant.role == nil then module:fire_event("muc-occupant-left", { room = self; -- cgit v1.2.3 From 0cb40c7b0516d2371428113ae99961cb6368291f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 14:13:22 +0000 Subject: MUC: Don't unconditionally broadcast presence with role="none" Detailed explanation in de607875d4bd. A presence with role="none" (which is always type="unavailable") should only be broadcast if available presence was previously broadcast for that occupant. --- plugins/muc/presence_broadcast.lib.lua | 4 ---- 1 file changed, 4 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/presence_broadcast.lib.lua b/plugins/muc/presence_broadcast.lib.lua index 613e6403..72e0d76b 100644 --- a/plugins/muc/presence_broadcast.lib.lua +++ b/plugins/muc/presence_broadcast.lib.lua @@ -11,7 +11,6 @@ local st = require "util.stanza"; local valid_roles = { "visitor", "participant", "moderator" }; local default_broadcast = { - none = true; visitor = true; participant = true; moderator = true; @@ -24,9 +23,6 @@ end local function set_presence_broadcast(room, broadcast_roles) broadcast_roles = broadcast_roles or default_broadcast; - -- Ensure that unavailable presence is always sent when role changes to none - broadcast_roles.none = true; - local changed = false; local old_broadcast_roles = get_presence_broadcast(room); for _, role in ipairs(valid_roles) do -- cgit v1.2.3 From 572526d384fa79688a189c2e5d37614036b7ffd3 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 14:35:34 +0000 Subject: MUC: Pass previous role to :publicise_occupant_status() when destroying a MUC --- plugins/muc/muc.lib.lua | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 2a7952cf..42f41831 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -908,12 +908,13 @@ function room_mt:clear(x) x = x or st.stanza("x", {xmlns='http://jabber.org/protocol/muc#user'}); local occupants_updated = {}; for nick, occupant in self:each_occupant() do -- luacheck: ignore 213 + local prev_role = occupant.role; occupant.role = nil; self:save_occupant(occupant); - occupants_updated[occupant] = true; + occupants_updated[occupant] = prev_role; end - for occupant in pairs(occupants_updated) do - self:publicise_occupant_status(occupant, x); + for occupant, prev_role in pairs(occupants_updated) do + self:publicise_occupant_status(occupant, x, nil, nil, nil, prev_role); module:fire_event("muc-occupant-left", { room = self; nick = occupant.nick; -- cgit v1.2.3 From 64bb781dfec9b44618da58991aab292b1e360be1 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 16:01:31 +0000 Subject: MUC: Support for broadcasting unavailable presence for affiliated offline users Activated when muc#roomconfig_presencebroadcast includes the "none" role. --- plugins/muc/muc.lib.lua | 25 +++++++++++++++++++++++-- plugins/muc/presence_broadcast.lib.lua | 2 +- 2 files changed, 24 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 42f41831..5f45498a 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -333,7 +333,9 @@ function room_mt:send_occupant_list(to, filter) end end end + local broadcast_bare_jids = {}; -- Track which bare JIDs we have sent presence for for occupant_jid, occupant in self:each_occupant() do + broadcast_bare_jids[occupant.bare_jid] = true; if filter == nil or filter(occupant_jid, occupant) then local x = st.stanza("x", {xmlns='http://jabber.org/protocol/muc#user'}); self:build_item_list(occupant, x, is_anonymous and to_bare ~= occupant.bare_jid); -- can always see your own jids @@ -345,6 +347,25 @@ function room_mt:send_occupant_list(to, filter) end end end + if broadcast_roles.none then + -- Broadcast stanzas for affiliated users not currently in the MUC + for affiliated_jid, affiliation, affiliation_data in self:each_affiliation() do + local nick = affiliation_data and affiliation_data.reserved_nickname; + if (nick or not is_anonymous) and not broadcast_bare_jids[affiliated_jid] + and (filter == nil or filter(affiliated_jid, nil)) then + local from = nick and (self.jid.."/"..nick) or self.jid; + local pres = st.presence({ to = to, from = from, type = "unavailable" }) + :tag("x", { xmlns = 'http://jabber.org/protocol/muc#user' }) + :tag("item", { + affiliation = affiliation; + role = "none"; + nick = nick; + jid = not is_anonymous and affiliated_jid or nil }):up() + :up(); + self:route_stanza(pres); + end + end + end end function room_mt:get_disco_info(stanza) @@ -670,7 +691,7 @@ function room_mt:handle_normal_presence(origin, stanza) -- Send occupant list to newly joined or desynced user self:send_occupant_list(real_jid, function(nick, occupant) -- luacheck: ignore 212 -- Don't include self - return occupant:get_presence(real_jid) == nil; + return (not occupant) or occupant:get_presence(real_jid) == nil; end) end local dest_x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user";}); @@ -1378,7 +1399,7 @@ function room_mt:set_affiliation(actor, jid, affiliation, reason, data) -- Send everyone else's presences (as jid visibility has changed) for real_jid in occupant:each_session() do self:send_occupant_list(real_jid, function(occupant_jid, occupant) --luacheck: ignore 212 433 - return occupant.bare_jid ~= jid; + return (not occupant) or occupant.bare_jid ~= jid; end); end end diff --git a/plugins/muc/presence_broadcast.lib.lua b/plugins/muc/presence_broadcast.lib.lua index 72e0d76b..82a89fee 100644 --- a/plugins/muc/presence_broadcast.lib.lua +++ b/plugins/muc/presence_broadcast.lib.lua @@ -9,7 +9,7 @@ local st = require "util.stanza"; -local valid_roles = { "visitor", "participant", "moderator" }; +local valid_roles = { "none", "visitor", "participant", "moderator" }; local default_broadcast = { visitor = true; participant = true; -- cgit v1.2.3 From 818722afb83b3c61c49e75fae338a4140414f84f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 16:10:44 +0000 Subject: MUC: Switch to new storage format by default Changing the default setting of `new_muc_storage_format` from false to true. The code supports reading both formats since 0.11, but servers with MUCs stored using the new format will not be able to downgrade to 0.10 or earlier. The new format is clearer (less nesting for the most commonly-accessed data), and combined with the new map-store methods, allows for some operations to become more efficient (such as finding out which MUCs on a service a given user is affiliated with). --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 5f45498a..2c9139d1 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1536,7 +1536,7 @@ function _M.new_room(jid, config) }, room_mt); end -local new_format = module:get_option_boolean("new_muc_storage_format", false); +local new_format = module:get_option_boolean("new_muc_storage_format", true); function room_mt:freeze(live) local frozen, state; -- cgit v1.2.3 From 33ee094ac8dca4c4edea0b32d1b984c8b46e63a9 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 12 Mar 2020 20:32:07 +0000 Subject: MUC: Persist affiliation_data in new MUC format! --- plugins/muc/muc.lib.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 2c9139d1..4f265cf8 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1544,6 +1544,7 @@ function room_mt:freeze(live) frozen = { _jid = self.jid; _data = self._data; + _affiliation_data = self._affiliation_data; }; for user, affiliation in pairs(self._affiliations) do frozen[user] = affiliation; -- cgit v1.2.3 From b816830a99f237f89de8160eb2dc8f6808a05d6f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 18 Mar 2020 17:42:56 +0000 Subject: MUC: Add initial hats support (broadcast only) Based on the currently-deferred XEP-0317. The protocol differs a little (because XEP-0317 is incomplete), therefore currently we use a custom namespace. The plan is to update and finish XEP-0317. --- plugins/muc/hats.lib.lua | 23 +++++++++++++++++++++++ plugins/muc/mod_muc.lua | 1 + 2 files changed, 24 insertions(+) create mode 100644 plugins/muc/hats.lib.lua (limited to 'plugins') diff --git a/plugins/muc/hats.lib.lua b/plugins/muc/hats.lib.lua new file mode 100644 index 00000000..5b0429b5 --- /dev/null +++ b/plugins/muc/hats.lib.lua @@ -0,0 +1,23 @@ +local st = require "util.stanza"; + +local xmlns_hats = "xmpp:prosody.im/protocol/hats:1"; + +module:hook("muc-broadcast-presence", function (event) + -- Strip any hats claimed by the client (to prevent spoofing) + event.stanza:remove_children("hats", xmlns_hats); + + local aff_data = event.room:get_affiliation_data(event.occupant.bare_jid); + local hats = aff_data and aff_data.hats; + if not hats then return; end + local hats_el; + for hat_id, hat_data in pairs(hats) do + if hat_data.active then + if not hats_el then + hats_el = st.stanza("hats", { xmlns = xmlns_hats }); + end + hats_el:tag("hat", { uri = hat_id, title = hat_data.title }):up(); + end + end + if not hats_el then return; end + event.stanza:add_direct_child(hats_el); +end); diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 697b0081..93b06f72 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -105,6 +105,7 @@ module:depends("disco"); module:add_identity("conference", "text", module:get_option_string("name", "Prosody Chatrooms")); module:add_feature("http://jabber.org/protocol/muc"); module:depends "muc_unique" +module:require "muc/hats"; module:require "muc/lock"; local function is_admin(jid) -- cgit v1.2.3 From c0b0c818027d7070e7d1539a31e5d9fce2cb9f73 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 19 Mar 2020 00:10:15 +0100 Subject: mod_presence: Advertise support for Subscription Pre-Approval MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RFC 6121 §3.4 says: > If a server supports subscription pre-approvals, then it MUST > advertise the following stream feature during stream negotiation. The feature itself (#686) was added in f0e9e5bda415 --- plugins/mod_presence.lua | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index e69c31a5..d6e2b2b7 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -30,6 +30,14 @@ local recalc_resource_map = require "util.presence".recalc_resource_map; local ignore_presence_priority = module:get_option_boolean("ignore_presence_priority", false); +local pre_approval_stream_feature = st.stanza("sub", {xmlns="urn:xmpp:features:pre-approval"}); +module:hook("stream-features", function(event) + local origin, features = event.origin, event.features; + if origin.username then + features:add_child(pre_approval_stream_feature); + end +end); + function handle_normal_presence(origin, stanza) if ignore_presence_priority then local priority = stanza:get_child("priority"); -- cgit v1.2.3 From de1efbb3dfb4a103abbae1040261751ef7e4366a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 21 Mar 2020 00:00:50 +0100 Subject: MUC: Add ad-hoc command setting affiliation in a room (fixes #1174) This gives service admins a way to set an arbitrary affiliation in any room. Enables various administrative use cases such as room ownership reassignment or recovery. Reduces the need for the admins-as-owners feature, as this can be used by admins to make themselves owner in any room when needed, instead of being owners all the time. --- plugins/muc/mod_muc.lua | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index 93b06f72..d911de08 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -499,6 +499,7 @@ do -- Ad-hoc commands local t_concat = table.concat; local adhoc_new = module:require "adhoc".new; local adhoc_initial = require "util.adhoc".new_initial_data_form; + local adhoc_simple = require "util.adhoc".new_simple_form; local array = require "util.array"; local dataforms_new = require "util.dataforms".new; @@ -529,4 +530,46 @@ do -- Ad-hoc commands "http://prosody.im/protocol/muc#destroy", destroy_rooms_handler, "admin"); module:provides("adhoc", destroy_rooms_desc); + + + local set_affiliation_layout = dataforms_new { + -- FIXME wordsmith title, instructions, labels etc + title = "Set affiliation"; + + { name = "FORM_TYPE", type = "hidden", value = "http://prosody.im/protocol/muc#set-affiliation" }; + { name = "room", type = "jid-single", required = true, label = "Room"}; + { name = "jid", type = "jid-single", required = true, label = "JID"}; + { name = "affiliation", type = "list-single", required = true, label = "Affiliation", + options = { "owner"; "admin"; "member"; "none"; "outcast"; }, + }; + { name = "reason", type = "text-single", "Reason", } + }; + + local set_affiliation_handler = adhoc_simple(set_affiliation_layout, function (fields, errors) + if errors then + local errmsg = {}; + for field, err in pairs(errors) do + errmsg[#errmsg + 1] = field .. ": " .. err; + end + return { status = "completed", error = { message = t_concat(errmsg, "\n") } }; + end + + local room = get_room_from_jid(fields.room); + if not room then + return { status = "canceled", error = { message = "No such room"; }; }; + end + local ok, err, condition = room:set_affiliation(true, fields.jid, fields.affiliation, fields.reason); + + if not ok then + return { status = "canceled", error = { message = "Affiliation change failed: "..err..":"..condition; }; }; + end + + return { status = "completed", info = "Affiliation updated", + }; + end); + + local set_affiliation_desc = adhoc_new("Set affiliation in room", + "http://prosody.im/protocol/muc#set-affiliation", set_affiliation_handler, "admin"); + + module:provides("adhoc", set_affiliation_desc); end -- cgit v1.2.3 From 007c8b7e64a93a79684b62d8ec888fe2fe1100e4 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 11 Apr 2020 16:41:52 +0100 Subject: MUC: Add new event 'muc-build-occupant-presence' for plugins to extend occupant presence --- plugins/muc/muc.lib.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 4f265cf8..3b126522 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -237,6 +237,7 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason, pre occupant = occupant; nick = nick; actor = actor; reason = reason; } + module:fire_event("muc-build-occupant-presence", event); module:fire_event("muc-broadcast-presence", event); -- Allow muc-broadcast-presence listeners to change things @@ -342,6 +343,7 @@ function room_mt:send_occupant_list(to, filter) local pres = st.clone(occupant:get_presence()); pres.attr.to = to; pres:add_child(x); + module:fire_event("muc-build-occupant-presence", { room = self, occupant = occupant, stanza = pres }); if to_bare == occupant.bare_jid or broadcast_roles[occupant.role or "none"] then self:route_stanza(pres); end -- cgit v1.2.3 From c439358e74c1c970efba55a317a7e6b65d0c38af Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 11 Apr 2020 16:43:57 +0100 Subject: MUC: Add API for adding 'filtered namespaces' to be stripped from inbound presence --- plugins/muc/util.lib.lua | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/util.lib.lua b/plugins/muc/util.lib.lua index 53a83fae..0877150f 100644 --- a/plugins/muc/util.lib.lua +++ b/plugins/muc/util.lib.lua @@ -41,18 +41,22 @@ function _M.is_kickable_error(stanza) return kickable_error_conditions[cond]; end -local muc_x_filters = { - ["http://jabber.org/protocol/muc"] = true; - ["http://jabber.org/protocol/muc#user"] = true; -} -local function muc_x_filter(tag) - if muc_x_filters[tag.attr.xmlns] then +local filtered_namespaces = module:shared("filtered-namespaces"); +filtered_namespaces["http://jabber.org/protocol/muc"] = true; +filtered_namespaces["http://jabber.org/protocol/muc#user"] = true; + +local function muc_ns_filter(tag) + if filtered_namespaces[tag.attr.xmlns] then return nil; end return tag; end function _M.filter_muc_x(stanza) - return stanza:maptags(muc_x_filter); + return stanza:maptags(muc_ns_filter); +end + +function _M.add_filtered_namespace(xmlns) + filtered_namespaces[xmlns] = true; end function _M.only_with_min_role(role) -- cgit v1.2.3 From 9a93e48a90837674d400f915722a9335751e7d07 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 11 Apr 2020 16:45:27 +0100 Subject: MUC: Switch hats to new presence APIs --- plugins/muc/hats.lib.lua | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/hats.lib.lua b/plugins/muc/hats.lib.lua index 5b0429b5..77051af2 100644 --- a/plugins/muc/hats.lib.lua +++ b/plugins/muc/hats.lib.lua @@ -1,11 +1,12 @@ local st = require "util.stanza"; +local muc_util = module:require "muc/util"; local xmlns_hats = "xmpp:prosody.im/protocol/hats:1"; -module:hook("muc-broadcast-presence", function (event) - -- Strip any hats claimed by the client (to prevent spoofing) - event.stanza:remove_children("hats", xmlns_hats); +-- Strip any hats claimed by the client (to prevent spoofing) +muc_util.add_filtered_namespace(xmlns_hats); +module:hook("muc-build-occupant-presence", function (event) local aff_data = event.room:get_affiliation_data(event.occupant.bare_jid); local hats = aff_data and aff_data.hats; if not hats then return; end -- cgit v1.2.3 From 608d6dd75669b3b8bcc526b91dad865ae89af79a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 11 Apr 2020 19:31:15 +0200 Subject: mod_component: Specify an error source for Component unavailable errors It is somewhat ambiguous where an error really comes from in the case of an external component. Setting by to the bare host at least distinguishes it from JIDs with a node- or resourcepart. --- plugins/mod_component.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index afcfc68c..9ffc496e 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -132,7 +132,7 @@ function module.add_host(module) end module:log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag()); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then - event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable")); + event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable", module.host)); end end return true; -- cgit v1.2.3 From 6c597cc8d9ba1f6f98cd7f6e4dff697c73cd652c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 12 Apr 2020 17:30:16 +0200 Subject: mod_scansion_record: Indent stanzas in recordings Improves readability, easier to see structure. --- plugins/mod_scansion_record.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_scansion_record.lua b/plugins/mod_scansion_record.lua index 8d772b4e..0e109a0d 100644 --- a/plugins/mod_scansion_record.lua +++ b/plugins/mod_scansion_record.lua @@ -37,8 +37,7 @@ local function record_event(session, event) end local function record_stanza(stanza, session, verb) - local flattened = tostring(stanza):gsub("><", ">\n\t<"); - -- TODO Proper prettyprinting with indentation + local flattened = tostring(stanza:indent(2, "\t")); record(session.scansion_id.." "..verb..":\n\t"..flattened.."\n\n"); end -- cgit v1.2.3 From 4b33a7aac8b77777c3a59e94b2f82d365e421877 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 18 Apr 2020 16:18:41 +0200 Subject: mod_csi_simple: Allow configuring extra tags indicating importance --- plugins/mod_csi_simple.lua | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 4a87f06c..e439bf38 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -1,4 +1,4 @@ --- Copyright (C) 2016-2018 Kim Alvefur +-- Copyright (C) 2016-2020 Kim Alvefur -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. @@ -13,6 +13,8 @@ local filters = require "util.filters"; local queue_size = module:get_option_number("csi_queue_size", 256); +local important_payloads = module:get_option_set("csi_important_payloads", { }); + module:hook("csi-is-stanza-important", function (event) local stanza = event.stanza; if not st.is_stanza(stanza) then @@ -46,6 +48,11 @@ module:hook("csi-is-stanza-important", function (event) if stanza:get_child("encryption", "urn:xmpp:eme:0") then return true; end + for important in important_payloads do + if stanza:find(important) then + return true; + end + end return false; end return true; -- cgit v1.2.3 From 8f77033238b4cf72377ae0b45d5951c32324892d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 18 Apr 2020 19:36:26 +0200 Subject: mod_csi_simple: Consider MUC invites important Both mediated invites defined by XEP-0045: Multi-User Chat and direct invites defined by XEP-0249: Direct MUC Invitations --- plugins/mod_csi_simple.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index e439bf38..cc15f033 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -48,6 +48,9 @@ module:hook("csi-is-stanza-important", function (event) if stanza:get_child("encryption", "urn:xmpp:eme:0") then return true; end + if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then + return true; + end for important in important_payloads do if stanza:find(important) then return true; -- cgit v1.2.3 From a63e5be1b71a74d78c5d95288c759d70d971f729 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 19 Apr 2020 13:04:12 +0200 Subject: mod_c2s: Swap comments --- plugins/mod_c2s.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index aecf2210..536b945e 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -111,10 +111,10 @@ function stream_callbacks.streamopened(session, attr) send(features); else if session.secure then - -- Normally STARTTLS would be offered + -- Here SASL should be offered (session.log or log)("warn", "No stream features to offer on secure session. Check authentication settings."); else - -- Here SASL should be offered + -- Normally STARTTLS would be offered (session.log or log)("warn", "No stream features to offer on insecure session. Check encryption and security settings."); end session:close{ condition = "undefined-condition", text = "No stream features to proceed with" }; -- cgit v1.2.3 From ff9bdefc7e961f217580194146ee6bda8c6b9827 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 20 Apr 2020 11:30:59 +0100 Subject: mod_bosh, mod_websocket: Add config options to override GET responses --- plugins/mod_bosh.lua | 10 ++++++---- plugins/mod_websocket.lua | 10 +++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index b45a9dc2..d4c1ac6a 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -511,14 +511,16 @@ function stream_callbacks.error(context, error) end end +local GET_response_body = [[ +

It works! Now point your BOSH client to this URL to connect to Prosody.

+

For more information see Prosody: Setting up BOSH.

+ ]]; + local GET_response = { headers = { content_type = "text/html"; }; - body = [[ -

It works! Now point your BOSH client to this URL to connect to Prosody.

-

For more information see Prosody: Setting up BOSH.

- ]]; + body = module:get_option_string("bosh_get_response_body", GET_response_body); }; module:depends("http"); diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua index 4d3e79bb..1a0c0046 100644 --- a/plugins/mod_websocket.lua +++ b/plugins/mod_websocket.lua @@ -130,6 +130,12 @@ local function filter_open_close(data) return data; end + +local default_get_response_body = [[Websocket +

It works! Now point your WebSocket client to this URL to connect to Prosody.

+]] +local websocket_get_response_body = module:get_option_string("websocket_get_response_body", default_get_response_body) + function handle_request(event) local request, response = event.request, event.response; local conn = response.conn; @@ -138,9 +144,7 @@ function handle_request(event) if not request.headers.sec_websocket_key or request.method ~= "GET" then response.headers.content_type = "text/html"; - return [[Websocket -

It works! Now point your WebSocket client to this URL to connect to Prosody.

- ]]; + return websocket_get_response_body; end local wants_xmpp = contains_token(request.headers.sec_websocket_protocol or "", "xmpp"); -- cgit v1.2.3 From 5817e5f02d048aa6c17d5430d55f11c4a7a40a96 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 00:53:21 +0200 Subject: mod_mam: Factor out "should we store this" into a function Meant to improve readability and ease further improvements to this algorithm. --- plugins/mod_mam/mod_mam.lua | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 8229eb4e..27b4796d 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -263,11 +263,28 @@ local function strip_stanza_id(stanza, user) return stanza; end +local function should_store(stanza) --> boolean, reason: string + local orig_type = stanza.attr.type or "normal"; + -- We store chat messages or normal messages that have a body + if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body")) ) then + return false, "type"; + end + + -- or if hints suggest we shouldn't + if not stanza:get_child("store", "urn:xmpp:hints") then -- No hint telling us we should store + if stanza:get_child("no-permanent-store", "urn:xmpp:hints") + or stanza:get_child("no-store", "urn:xmpp:hints") then -- Hint telling us we should NOT store + return false, "hint"; + end + end + + return true, "default"; +end + -- Handle messages local function message_handler(event, c2s) local origin, stanza = event.origin, event.stanza; local log = c2s and origin.log or module._log; - local orig_type = stanza.attr.type or "normal"; local orig_from = stanza.attr.from; local orig_to = stanza.attr.to or orig_from; -- Stanza without 'to' are treated as if it was to their own bare jid @@ -280,21 +297,12 @@ local function message_handler(event, c2s) -- Filter out that claim to be from us event.stanza = strip_stanza_id(stanza, store_user); - -- We store chat messages or normal messages that have a body - if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body")) ) then - log("debug", "Not archiving stanza: %s (type)", stanza:top_tag()); + local should, why = should_store(stanza); + if not should then + log("debug", "Not archiving stanza: %s (%s)", stanza:top_tag(), why); return; end - -- or if hints suggest we shouldn't - if not stanza:get_child("store", "urn:xmpp:hints") then -- No hint telling us we should store - if stanza:get_child("no-permanent-store", "urn:xmpp:hints") - or stanza:get_child("no-store", "urn:xmpp:hints") then -- Hint telling us we should NOT store - log("debug", "Not archiving stanza: %s (hint)", stanza:top_tag()); - return; - end - end - local clone_for_storage; if not strip_tags:empty() then clone_for_storage = st.clone(stanza); -- cgit v1.2.3 From 962d36d401a1a55346a92fe3b30c6b215583fada Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 00:53:23 +0200 Subject: mod_mam: Log 'why' a stanza is archived Logging of 'why not' is already done. Why not both? Will make more sense when the rules evolve a bit. --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 27b4796d..9c00cc99 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -323,7 +323,7 @@ local function message_handler(event, c2s) -- Check with the users preferences if shall_store(store_user, with) then - log("debug", "Archiving stanza: %s", stanza:top_tag()); + log("debug", "Archiving stanza: %s (%s)", stanza:top_tag(), why); -- And stash it local time = time_now(); -- cgit v1.2.3 From e5d6376c58d026003fbcee2dff60a7b244debbdb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 00:56:56 +0200 Subject: mod_mam: Invert check for type This is based on code in mod_csi_simple and aiming towards being more flexible and maintainable than a couple of tests for when not to store. --- plugins/mod_mam/mod_mam.lua | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 9c00cc99..028c3b8f 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -264,11 +264,8 @@ local function strip_stanza_id(stanza, user) end local function should_store(stanza) --> boolean, reason: string - local orig_type = stanza.attr.type or "normal"; - -- We store chat messages or normal messages that have a body - if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body")) ) then - return false, "type"; - end + local st_type = stanza.attr.type or "normal"; + local st_to_full = (stanza.attr.to or ""):find("/"); -- or if hints suggest we shouldn't if not stanza:get_child("store", "urn:xmpp:hints") then -- No hint telling us we should store @@ -277,6 +274,17 @@ local function should_store(stanza) --> boolean, reason: string return false, "hint"; end end + if st_type == "headline" then + -- Headline messages are ephemeral by definition + return false, "headline"; + end + if st_type == "groupchat" and st_to_full then + -- MUC messages always go to the full JID, usually archived by the MUC + return false, "groupchat"; + end + if stanza:get_child("body") then + return true, "body"; + end return true, "default"; end -- cgit v1.2.3 From 0613c5b47f429e34ca3cbe4eec671e2f281321a8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 01:01:25 +0200 Subject: mod_mam: Rework hints handling Improved readability and early returns definite yes/no answer. --- plugins/mod_mam/mod_mam.lua | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 028c3b8f..57f399ae 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -267,13 +267,6 @@ local function should_store(stanza) --> boolean, reason: string local st_type = stanza.attr.type or "normal"; local st_to_full = (stanza.attr.to or ""):find("/"); - -- or if hints suggest we shouldn't - if not stanza:get_child("store", "urn:xmpp:hints") then -- No hint telling us we should store - if stanza:get_child("no-permanent-store", "urn:xmpp:hints") - or stanza:get_child("no-store", "urn:xmpp:hints") then -- Hint telling us we should NOT store - return false, "hint"; - end - end if st_type == "headline" then -- Headline messages are ephemeral by definition return false, "headline"; @@ -282,6 +275,12 @@ local function should_store(stanza) --> boolean, reason: string -- MUC messages always go to the full JID, usually archived by the MUC return false, "groupchat"; end + if stanza:get_child("no-permanent-store", "urn:xmpp:hints") then + return false, "hint"; + end + if stanza:get_child("store", "urn:xmpp:hints") then + return true, "hint"; + end if stanza:get_child("body") then return true, "body"; end -- cgit v1.2.3 From e84179de9814eded7c4543848d871fd163ac31d2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 01:17:55 +0200 Subject: mod_mam: Add more positive hints for storage Mostly just lifted from mod_csi_simple --- plugins/mod_mam/mod_mam.lua | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 57f399ae..385a0ad2 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -284,6 +284,18 @@ local function should_store(stanza) --> boolean, reason: string if stanza:get_child("body") then return true, "body"; end + if stanza:get_child("subject") then + -- XXX Who would send a message with a subject but with a body? + return true, "subject"; + end + if stanza:get_child("encryption", "urn:xmpp:eme:0") then + -- Since we can't know what an encrypted message contains, we assume it's important + return true, "encrypted"; + end + if stanza:get_child("x", "jabber:x:conference") + or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then + return true, "invite"; + end return true, "default"; end -- cgit v1.2.3 From c8db26be662085caef941923286bdcce9f600950 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 01:18:54 +0200 Subject: mod_mam: Store XEP-0184 receipts and requests Happy now Ge0rG? --- plugins/mod_mam/mod_mam.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 385a0ad2..6e522d73 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -292,6 +292,11 @@ local function should_store(stanza) --> boolean, reason: string -- Since we can't know what an encrypted message contains, we assume it's important return true, "encrypted"; end + if stanza:get_child(nil, "urn:xmpp:receipts") then + -- If it's important enough to ask for a receipt then it's important enough to archive + -- and the same applies to the receipt + return true, "receipt"; + end if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then return true, "invite"; -- cgit v1.2.3 From 78668f1be3eb2e0c8301995a65fd7aa87e67aefa Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 01:29:58 +0200 Subject: mod_mam: Check sender of error instead of receiver The intent is to capture errors to stanzas sent by the local user, so that they can see why a message failed to be delivered even if the error came after they went offline. --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 6e522d73..db0e7f8d 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -266,6 +266,9 @@ end local function should_store(stanza) --> boolean, reason: string local st_type = stanza.attr.type or "normal"; local st_to_full = (stanza.attr.to or ""):find("/"); + if st_type == "error" then + st_to_full = (stanza.attr.from or ""):find("/"); + end if st_type == "headline" then -- Headline messages are ephemeral by definition -- cgit v1.2.3 From 617ac066385fea7bc1841252c87ea786bc84eafc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 19:41:43 +0200 Subject: mod_mam: Prefer not archiving if no interesting payloads are found --- plugins/mod_mam/mod_mam.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index db0e7f8d..69282857 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -305,7 +305,9 @@ local function should_store(stanza) --> boolean, reason: string return true, "invite"; end - return true, "default"; + -- The IM-NG thing to do here would be to return `not st_to_full` + -- One day ... + return false, "default"; end -- Handle messages -- cgit v1.2.3 From b0dbacb69cac71c39088328f740b7e4b59831b81 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 21 Apr 2020 23:06:55 +0200 Subject: mod_mam: Fix typo in comment If it is with a body then it execution does not get this far --- plugins/mod_mam/mod_mam.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 69282857..6d493131 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -288,7 +288,7 @@ local function should_store(stanza) --> boolean, reason: string return true, "body"; end if stanza:get_child("subject") then - -- XXX Who would send a message with a subject but with a body? + -- XXX Who would send a message with a subject but without a body? return true, "subject"; end if stanza:get_child("encryption", "urn:xmpp:eme:0") then -- cgit v1.2.3 From 8c1161cf773fa9eb5371e2bffdb054b97a71dad1 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 18:47:06 +0200 Subject: mod_mam: Respect no-store hint (thanks Ge0rG) no-store is used in an example in XEP-0313, so obviously this is the preferred hint --- plugins/mod_mam/mod_mam.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 6d493131..7ac2a512 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -278,7 +278,8 @@ local function should_store(stanza) --> boolean, reason: string -- MUC messages always go to the full JID, usually archived by the MUC return false, "groupchat"; end - if stanza:get_child("no-permanent-store", "urn:xmpp:hints") then + if stanza:get_child("no-store", "urn:xmpp:hints") + or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then return false, "hint"; end if stanza:get_child("store", "urn:xmpp:hints") then -- cgit v1.2.3 From 9bb75c85c478a5da62e697aa6006c570db15eae2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 18:48:27 +0200 Subject: mod_mam: Keep chat markers (thanks Ge0rG) --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 7ac2a512..06a20f4d 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -301,6 +301,9 @@ local function should_store(stanza) --> boolean, reason: string -- and the same applies to the receipt return true, "receipt"; end + if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then + return true, "marker"; + end if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then return true, "invite"; -- cgit v1.2.3 From 92150bd359689a2b3401ae9dcdc8ba51fbaf8e1f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 18:50:30 +0200 Subject: mod_mam: Save delivery failures (thanks Ge0rG) Makes it possible to learn of delivery failure even if it came bouncing back while you were offline. --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 06a20f4d..b74a92ea 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -274,6 +274,9 @@ local function should_store(stanza) --> boolean, reason: string -- Headline messages are ephemeral by definition return false, "headline"; end + if st_type == "error" then + return true, "bounce"; + end if st_type == "groupchat" and st_to_full then -- MUC messages always go to the full JID, usually archived by the MUC return false, "groupchat"; -- cgit v1.2.3 From 966c3c56043bb8903acbbd5c8f9ee36bc23d5388 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 18:53:50 +0200 Subject: mod_mam: Make note of Experimental (or Deferred) XEPs Since these XEPs are subject to change we may need come back and double check these in the future. --- plugins/mod_mam/mod_mam.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index b74a92ea..a9d389f5 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -283,6 +283,7 @@ local function should_store(stanza) --> boolean, reason: string end if stanza:get_child("no-store", "urn:xmpp:hints") or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then + -- XXX Experimental XEP return false, "hint"; end if stanza:get_child("store", "urn:xmpp:hints") then @@ -297,6 +298,7 @@ local function should_store(stanza) --> boolean, reason: string end if stanza:get_child("encryption", "urn:xmpp:eme:0") then -- Since we can't know what an encrypted message contains, we assume it's important + -- XXX Experimental XEP return true, "encrypted"; end if stanza:get_child(nil, "urn:xmpp:receipts") then @@ -305,6 +307,7 @@ local function should_store(stanza) --> boolean, reason: string return true, "receipt"; end if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then + -- XXX Experimental XEP return true, "marker"; end if stanza:get_child("x", "jabber:x:conference") -- cgit v1.2.3 From bc0e389d47b0a40e1ea871fe4ff583746af928be Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 21:46:56 +0200 Subject: mod_uptime: Encode uptime as decimal, fix #1536 (thanks Martin) --- plugins/mod_uptime.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_uptime.lua b/plugins/mod_uptime.lua index 035f7e9b..8a01fb17 100644 --- a/plugins/mod_uptime.lua +++ b/plugins/mod_uptime.lua @@ -16,7 +16,7 @@ module:add_feature("jabber:iq:last"); module:hook("iq-get/host/jabber:iq:last:query", function(event) local origin, stanza = event.origin, event.stanza; - origin.send(st.reply(stanza):tag("query", {xmlns = "jabber:iq:last", seconds = tostring(os.difftime(os.time(), start_time))})); + origin.send(st.reply(stanza):tag("query", {xmlns = "jabber:iq:last", seconds = tostring(("%d"):format(os.difftime(os.time(), start_time)))})); return true; end); -- cgit v1.2.3 From d649e78d6d7e2977e6e60e26262eac1161631857 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 22 Apr 2020 23:36:25 +0200 Subject: mod_lastactivity: Encode seconds as decimal, not float In Lua 5.3 difftime() takes integers as argument but returns a float, and then tostring() serializes it with a decimal point. This violates XEP-0012. Like #1536 --- plugins/mod_lastactivity.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_lastactivity.lua b/plugins/mod_lastactivity.lua index 575e66be..91d11bd2 100644 --- a/plugins/mod_lastactivity.lua +++ b/plugins/mod_lastactivity.lua @@ -30,7 +30,7 @@ module:hook("iq-get/bare/jabber:iq:last:query", function(event) if not stanza.attr.to or is_contact_subscribed(username, module.host, jid_bare(stanza.attr.from)) then local seconds, text = "0", ""; if map[username] then - seconds = tostring(os.difftime(os.time(), map[username].t)); + seconds = string.format("%d", os.difftime(os.time(), map[username].t)); text = map[username].s; end origin.send(st.reply(stanza):tag('query', {xmlns='jabber:iq:last', seconds=seconds}):text(text)); -- cgit v1.2.3 From ba452d69231d6cbf4c2efb4f5e99df40d9a11ede Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 00:55:34 +0200 Subject: mod_mam: Don't store any groupchat messages The intent was to not store MUC groupchat messages, which are sent from the MUC to local full JIDs, while allowing for potential future account based group chat. However, since this function handles messages in both directions and outgoing MUC messages are sent to the bare room JID, those were stored. --- plugins/mod_mam/mod_mam.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index a9d389f5..65859afd 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -269,6 +269,8 @@ local function should_store(stanza) --> boolean, reason: string if st_type == "error" then st_to_full = (stanza.attr.from or ""):find("/"); end + -- FIXME pass direction of stanza and use that along with bare/full JID addressing + -- for more accurate MUC / type=groupchat check if st_type == "headline" then -- Headline messages are ephemeral by definition @@ -277,7 +279,7 @@ local function should_store(stanza) --> boolean, reason: string if st_type == "error" then return true, "bounce"; end - if st_type == "groupchat" and st_to_full then + if st_type == "groupchat" then -- MUC messages always go to the full JID, usually archived by the MUC return false, "groupchat"; end -- cgit v1.2.3 From 80aaa484c38af613e61ad2f1af0ca186933ab3b8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 01:05:34 +0200 Subject: mod_mam: Remove unused variables [luacheck] Logic using full vs bare JID addressing may return in the future. --- plugins/mod_mam/mod_mam.lua | 4 ---- 1 file changed, 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 65859afd..d61d4883 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -265,10 +265,6 @@ end local function should_store(stanza) --> boolean, reason: string local st_type = stanza.attr.type or "normal"; - local st_to_full = (stanza.attr.to or ""):find("/"); - if st_type == "error" then - st_to_full = (stanza.attr.from or ""):find("/"); - end -- FIXME pass direction of stanza and use that along with bare/full JID addressing -- for more accurate MUC / type=groupchat check -- cgit v1.2.3 From 4923e7f87fd5d1a8ad077ffa1c28c664280af9b2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 19:00:40 +0200 Subject: mod_register_limits: Fix order of arguments to util.error (fix #1539 p1) (thanks Ge0rG) --- plugins/mod_register_limits.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua index fc9bf27a..7a504b32 100644 --- a/plugins/mod_register_limits.lua +++ b/plugins/mod_register_limits.lua @@ -82,16 +82,16 @@ module:hook("user-registering", function (event) elseif ip_in_set(blacklisted_ips, ip) then log("debug", "Registration disallowed by blacklist"); event.allowed = false; - event.error = errors.new("blacklisted", err_registry, event); + event.error = errors.new("blacklisted", event, err_registry); elseif (whitelist_only and not ip_in_set(whitelisted_ips, ip)) then log("debug", "Registration disallowed by whitelist"); event.allowed = false; - event.error = errors.new("not_whitelisted", err_registry, event); + event.error = errors.new("not_whitelisted", event, err_registry); elseif throttle_max and not ip_in_set(whitelisted_ips, ip) then if not check_throttle(ip) then log("debug", "Registrations over limit for ip %s", ip or "?"); event.allowed = false; - event.error = errors.new("throttle", err_registry, event); + event.error = errors.new("throttle", event, err_registry); end end if event.error then -- cgit v1.2.3 From 3820952675423068a69572b9c6fffde4c094acef Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 19:00:48 +0200 Subject: mod_register_limits: Fix typo error name (fix #1539 p2) (thanks Ge0rG) Probably because autocomplete. --- plugins/mod_register_limits.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua index 7a504b32..0fe6a98a 100644 --- a/plugins/mod_register_limits.lua +++ b/plugins/mod_register_limits.lua @@ -91,7 +91,7 @@ module:hook("user-registering", function (event) if not check_throttle(ip) then log("debug", "Registrations over limit for ip %s", ip or "?"); event.allowed = false; - event.error = errors.new("throttle", event, err_registry); + event.error = errors.new("throttled", event, err_registry); end end if event.error then -- cgit v1.2.3 From d2aa477111130cd0bd677dc61513c30463a642a5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 19:02:44 +0200 Subject: mod_register_ibr: Fix reporting of registration rejection reason When the reason is reported as an util.error object the `reason` field is empty and the reason text should be extacted from the error object. --- plugins/mod_register_ibr.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index 6de9bc33..e79fc763 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -167,7 +167,6 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) local user = { username = username, password = password, host = host, additional = data, ip = session.ip, session = session, allowed = true } module:fire_event("user-registering", user); if not user.allowed then - log("debug", "Registration disallowed by module: %s", user.reason or "no reason given"); local error_type, error_condition, reason; local err = user.error; if err then @@ -176,6 +175,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) -- COMPAT pre-util.error error_type, error_condition, reason = user.error_type, user.error_condition, user.reason; end + log("debug", "Registration disallowed by module: %s", reason or "no reason given"); session.send(st.error_reply(stanza, error_type or "modify", error_condition or "not-acceptable", reason)); return true; end -- cgit v1.2.3 From 14083d021e63d308c445bb4713a706eb53273e90 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 23 Apr 2020 19:24:27 +0200 Subject: mod_register_limits: Fix text reason field name for 'throttled' Copy-paste mistake presumably --- plugins/mod_register_limits.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_register_limits.lua b/plugins/mod_register_limits.lua index 0fe6a98a..7c80f18b 100644 --- a/plugins/mod_register_limits.lua +++ b/plugins/mod_register_limits.lua @@ -67,7 +67,7 @@ local err_registry = { condition = "forbidden"; }; throttled = { - reason = "Too many registrations from this IP address recently"; + text = "Too many registrations from this IP address recently"; type = "wait"; condition = "policy-violation"; }; -- cgit v1.2.3 From fc3bee71fdc30f8bc253d226124656582189ffa8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 10:58:22 +0200 Subject: mod_csi_simple: Explicitly consider errors important This was already the case for presence and iq stanzas but not messages. --- plugins/mod_csi_simple.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index cc15f033..df7ce045 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -23,6 +23,9 @@ module:hook("csi-is-stanza-important", function (event) local st_name = stanza.name; if not st_name then return false; end local st_type = stanza.attr.type; + if st_type == "error" then + return true; + end if st_name == "presence" then if st_type == nil or st_type == "unavailable" then return false; -- cgit v1.2.3 From ea91b4cc7bdc77c297fdd7c0d4b0eb9c8bbfd276 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 11:13:01 +0200 Subject: mod_csi_simple: Consider nonzas important This case was previously handled by fall-trough at the end of the function. --- plugins/mod_csi_simple.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index df7ce045..e509bef8 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -20,6 +20,10 @@ module:hook("csi-is-stanza-important", function (event) if not st.is_stanza(stanza) then return true; end + if stanza.attr.xmlns ~= nil then + -- stream errors, stream management etc + return true; + end local st_name = stanza.name; if not st_name then return false; end local st_type = stanza.attr.type; -- cgit v1.2.3 From 37a42fa6052f1b55cae4728a71f1bfbdf7743630 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 11:13:25 +0200 Subject: mod_csi_simple: Clarify what might not be stanzas here --- plugins/mod_csi_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index e509bef8..bfbcd029 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -18,6 +18,7 @@ local important_payloads = module:get_option_set("csi_important_payloads", { }); module:hook("csi-is-stanza-important", function (event) local stanza = event.stanza; if not st.is_stanza(stanza) then + -- whitespace pings etc return true; end if stanza.attr.xmlns ~= nil then -- cgit v1.2.3 From 0085d410b206f1899a2841064a798eac2161d764 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 11:40:48 +0200 Subject: mod_csi_simple: Explicitly mention iq stanzas Should be more obvious that all iq stanzas are considered important. Changes behavior for invalid things in the default namespace. --- plugins/mod_csi_simple.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index bfbcd029..d3bf3a9f 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -65,8 +65,9 @@ module:hook("csi-is-stanza-important", function (event) end end return false; + elseif st_name == "iq" then + return true; end - return true; end, -1); local function with_timestamp(stanza, from) -- cgit v1.2.3 From e5327bcc31cb602df89d19f9c9c73aa90d4bec37 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 14:28:00 +0200 Subject: mod_mam: Store only incoming errors Unclear if clients normally ever send error messages, but there may be locally generated bounces sent on behalf of local sessions. --- plugins/mod_mam/mod_mam.lua | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index d61d4883..72b7639a 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -263,7 +263,7 @@ local function strip_stanza_id(stanza, user) return stanza; end -local function should_store(stanza) --> boolean, reason: string +local function should_store(stanza, c2s) --> boolean, reason: string local st_type = stanza.attr.type or "normal"; -- FIXME pass direction of stanza and use that along with bare/full JID addressing -- for more accurate MUC / type=groupchat check @@ -272,7 +272,8 @@ local function should_store(stanza) --> boolean, reason: string -- Headline messages are ephemeral by definition return false, "headline"; end - if st_type == "error" then + if st_type == "error" and not c2s then + -- Store delivery failure notifications so you know if your own messages were not delivered return true, "bounce"; end if st_type == "groupchat" then @@ -334,7 +335,7 @@ local function message_handler(event, c2s) -- Filter out that claim to be from us event.stanza = strip_stanza_id(stanza, store_user); - local should, why = should_store(stanza); + local should, why = should_store(stanza, c2s); if not should then log("debug", "Not archiving stanza: %s (%s)", stanza:top_tag(), why); return; -- cgit v1.2.3 From ce1056565dde6666a85a70733bdc5998bf4c9896 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 19:38:38 +0200 Subject: MUC: Adapt rules for what should be stored from mod_mam This is the subset of mod_mam rules I believe makes sense in MUC. Note that mod_muc_mam does not have its own rules, but uses these. --- plugins/muc/history.lib.lua | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/history.lib.lua b/plugins/muc/history.lib.lua index f9ddabbf..1b7167af 100644 --- a/plugins/muc/history.lib.lua +++ b/plugins/muc/history.lib.lua @@ -200,7 +200,27 @@ module:hook("muc-broadcast-message", function(event) end); module:hook("muc-message-is-historic", function (event) - return event.stanza:get_child("body"); + local stanza = event.stanza; + if stanza:get_child("no-store", "urn:xmpp:hints") + or stanza:get_child("no-permanent-store", "urn:xmpp:hints") then + -- XXX Experimental XEP + return false, "hint"; + end + if stanza:get_child("store", "urn:xmpp:hints") then + return true, "hint"; + end + if stanza:get_child("body") then + return true; + end + if stanza:get_child("encryption", "urn:xmpp:eme:0") then + -- Since we can't know what an encrypted message contains, we assume it's important + -- XXX Experimental XEP + return true, "encrypted"; + end + if stanza:get_child(nil, "urn:xmpp:chat-markers:0") then + -- XXX Experimental XEP + return true, "marker"; + end end, -1); return { -- cgit v1.2.3 From fe36680fba1a9010a3a9004066a33c7b0612b124 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 20:17:43 +0200 Subject: mod_carbons: Refactor in new style (mod_mam/csi) --- plugins/mod_carbons.lua | 46 +++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 15 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index 5c17616c..dfd2b3a4 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -20,6 +20,32 @@ end module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons); module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons); +local function should_copy(stanza, c2s, user_bare) + local st_type = stanza.attr.type or "normal"; + if stanza:get_child("private", xmlns_carbons) then + return false, "private"; + end + + if stanza:get_child("no-copy", "urn:xmpp:hints") then + return false, "hint"; + end + + if not c2s and and stanza.attr.to ~= user_bare and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then + -- MUC PMs are normally sent to full JIDs + return false, "muc-pm"; + end + + if st_type == "chat" then + return true, "type"; + end + + if st_type == "normal" and stanza:get_child("body") then + return true, "type"; + end + + return false, "default"; +end + local function message_handler(event, c2s) local origin, stanza = event.origin, event.stanza; local orig_type = stanza.attr.type or "normal"; @@ -28,10 +54,6 @@ local function message_handler(event, c2s) local orig_to = stanza.attr.to; local bare_to = jid_bare(orig_to); - if not(orig_type == "chat" or (orig_type == "normal" and stanza:get_child("body"))) then - return -- Only chat type messages - end - -- Stanza sent by a local client local bare_jid = bare_from; -- JID of the local user local target_session = origin; @@ -56,22 +78,16 @@ local function message_handler(event, c2s) return -- No use in sending carbons to an offline user end - if stanza:get_child("private", xmlns_carbons) then - if not c2s then + local should, why = should_copy(stanza, c2s, bare_jid); + + if not should then + module:log("debug", "Not copying stanza: %s (%s)", stanza:top_tag(), why); + elseif why == "private" and not c2s then stanza:maptags(function(tag) if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then return tag; end end); - end - module:log("debug", "Message tagged private, ignoring"); - return - elseif stanza:get_child("no-copy", "urn:xmpp:hints") then - module:log("debug", "Message has no-copy hint, ignoring"); - return - elseif not c2s and bare_jid ~= orig_to and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then - module:log("debug", "MUC PM, ignoring"); - return end local carbon; -- cgit v1.2.3 From bec170ac73c3b7763cb66909c0301d11d316ff47 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 21:11:00 +0200 Subject: mod_carbons: Fix syntax error [luacheck] --- plugins/mod_carbons.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index dfd2b3a4..09518bf7 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -30,7 +30,7 @@ local function should_copy(stanza, c2s, user_bare) return false, "hint"; end - if not c2s and and stanza.attr.to ~= user_bare and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then + if not c2s and stanza.attr.to ~= user_bare and stanza:get_child("x", "http://jabber.org/protocol/muc#user") then -- MUC PMs are normally sent to full JIDs return false, "muc-pm"; end -- cgit v1.2.3 From 9e3ef1c01bc14f51a41e5eb413cb05118489bd7f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 20:23:50 +0200 Subject: mod_carbons: Carbon incoming message delivery failure reports Ensures that all your clients know about sent messages that failed. --- plugins/mod_carbons.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index 09518bf7..9befc9cb 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -43,6 +43,10 @@ local function should_copy(stanza, c2s, user_bare) return true, "type"; end + if st_type == "error" and not c2s and not (stanza.attr.from or ""):find("/") then + return true, "bounce"; + end + return false, "default"; end -- cgit v1.2.3 From 608f1d1c58ceac633a29036eb1a6b70103d2e0e0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 26 Apr 2020 20:24:51 +0200 Subject: mod_carbons: Carbon anything that has been archived by the current user This ensures rules in mod_mam apply to some extent. Messages worth archiving are probably worth sending to other clients. --- plugins/mod_carbons.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index 9befc9cb..c5efce39 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -47,6 +47,12 @@ local function should_copy(stanza, c2s, user_bare) return true, "bounce"; end + for archived in stanza:childtags("stanza-id", "urn:xmpp:sid:0") do + if archived and archived.attr.by == user_bare then + return true, "archived"; + end + end + return false, "default"; end -- cgit v1.2.3 From 70410438020cc0646be1ec469dd88909da607b66 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 27 Apr 2020 14:43:54 +0200 Subject: mod_carbons: Don't copy messages that should not be copied The return statements were lost in d95e083931d1 --- plugins/mod_carbons.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index c5efce39..67f345f1 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -92,6 +92,7 @@ local function message_handler(event, c2s) if not should then module:log("debug", "Not copying stanza: %s (%s)", stanza:top_tag(), why); + return; elseif why == "private" and not c2s then stanza:maptags(function(tag) if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then -- cgit v1.2.3 From b966c976903eecced5a16826ef2da07cb011809f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 27 Apr 2020 14:46:15 +0200 Subject: mod_carbons: Check for and strip 'private' tag before stopping This was explicit previously --- plugins/mod_carbons.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index 67f345f1..fad47a7c 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -92,13 +92,14 @@ local function message_handler(event, c2s) if not should then module:log("debug", "Not copying stanza: %s (%s)", stanza:top_tag(), why); - return; - elseif why == "private" and not c2s then + if why == "private" and not c2s then stanza:maptags(function(tag) if not ( tag.attr.xmlns == xmlns_carbons and tag.name == "private" ) then return tag; end end); + end + return; end local carbon; -- cgit v1.2.3 From edce14b4a40664a6f10239d7f2ef50421f6a93af Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 22:23:05 +0200 Subject: mod_admin_telnet: Pretty-print values returned from commands This makes it much nicer to inspect Prosody internals. Existing textual status messages from commands are not serialized to preserve existing behavior. Explicit serialization of configuration is kept in order to make it clear that returned strings are serialized strings that would look like what's actually in the config file. The default maxdepth of 2 seems ought to be an okay default, balanced between showing enough structure to continue exploring and DoS-ing your terminal. Thanks to Ge0rG for the motivation to finally do this. --- plugins/mod_admin_telnet.lua | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 2efd424c..5407b737 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -32,7 +32,8 @@ local envload = require "util.envload".envload; local envloadfile = require "util.envload".envloadfile; local has_pposix, pposix = pcall(require, "util.pposix"); local async = require "util.async"; -local serialize = require "util.serialization".new({ fatal = false, unquoted = true}); +local serialization = require "util.serialization"; +local serialize_config = serialization.new ({ fatal = false, unquoted = true}); local time = require "util.time"; local commands = module:shared("commands") @@ -80,6 +81,7 @@ function console:new_session(conn) end w("| "..table.concat(t, "\t").."\n"); end; + serialize = serialization.new({ fatal = false, unquoted = true, maxdepth = 2}); disconnect = function () conn:close(); end; }; session.env = setmetatable({}, default_env_mt); @@ -141,7 +143,10 @@ function console:process_line(session, line) local taskok, message = chunk(); if not message then - session.print("Result: "..tostring(taskok)); + if type(taskok) ~= "string" then + taskok = session.serialize(taskok); + end + session.print("Result: "..taskok); return; elseif (not taskok) and message then session.print("Command completed with a problem"); @@ -149,7 +154,11 @@ function console:process_line(session, line) return; end - session.print("OK: "..tostring(message)); + if type(message) ~= "string" then + message = session.serialize(message); + end + + session.print("OK: "..message); end local sessions = {}; @@ -527,7 +536,7 @@ function def_env.config:get(host, key) host, key = "*", host; end local config_get = require "core.configmanager".get - return true, serialize(config_get(host, key)); + return true, serialize_config(config_get(host, key)); end function def_env.config:reload() -- cgit v1.2.3 From de35ba33a1347a42004b039bce2fc09a284e9dd6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 22:48:36 +0200 Subject: mod_admin_telnet: Document (in the internal help) debug commands --- plugins/mod_admin_telnet.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 5407b737..71a9420b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -251,6 +251,7 @@ function commands.help(session, data) print [[port - Commands to manage ports the server is listening on]] print [[dns - Commands to manage and inspect the internal DNS resolver]] print [[xmpp - Commands for sending XMPP stanzas]] + print [[debug - Commands for debugging the server]] print [[config - Reloading the configuration, etc.]] print [[console - Help regarding the console itself]] elseif section == "c2s" then @@ -299,6 +300,10 @@ function commands.help(session, data) elseif section == "config" then print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] print [[config:get([host,] option) - Show the value of a config option.]] + elseif section == "debug" then + print [[debug:logevents(host) - Enable logging of fired events on host]] + print [[debug:events(host, event) - Show registered event handlers]] + print [[debug:timers() - Show information about scheduled timers]] elseif section == "console" then print [[Hey! Welcome to Prosody's admin console.]] print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] -- cgit v1.2.3 From 3da0521744c13023ebb07bd261154277d103ab25 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 22:56:35 +0200 Subject: mod_admin_telnet: Document HTTP command in internal help --- plugins/mod_admin_telnet.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 71a9420b..96b5a97b 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -244,6 +244,7 @@ function commands.help(session, data) print [[]] print [[c2s - Commands to manage local client-to-server sessions]] print [[s2s - Commands to manage sessions between this server and others]] + print [[http - Commands to inspect HTTP services]] -- XXX plural but there is only one so far print [[module - Commands to load/reload/unload modules/plugins]] print [[host - Commands to activate, deactivate and list virtual hosts]] print [[user - Commands to create and delete users, and change their passwords]] @@ -267,6 +268,8 @@ function commands.help(session, data) print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]] print [[s2s:close(from, to) - Close a connection from one domain to another]] print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]] + elseif section == "http" then + print [[http:list(hosts) - Show HTTP endpoints]] elseif section == "module" then print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] -- cgit v1.2.3 From c38264dd58ffae438f630380fed2996f4f515afe Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 22:59:01 +0200 Subject: mod_admin_telnet: Add a TODO for someone to find in the future --- plugins/mod_admin_telnet.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 96b5a97b..a27f6d5c 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -303,6 +303,7 @@ function commands.help(session, data) elseif section == "config" then print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] print [[config:get([host,] option) - Show the value of a config option.]] + elseif section == "stats" then -- TODO describe how this works elseif section == "debug" then print [[debug:logevents(host) - Enable logging of fired events on host]] print [[debug:events(host, event) - Show registered event handlers]] -- cgit v1.2.3 From 222299d18c5524cc3ee344e6c24f13dfb4a876dd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 23:15:01 +0200 Subject: mod_admin_telnet: Add a command to configure pretty-printing settings Sometimes you wanna adjust the maxdepth or something. --- plugins/mod_admin_telnet.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index a27f6d5c..d25a576a 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -330,6 +330,11 @@ end --luacheck: ignore 212/self +def_env.output = {}; +function def_env.output:configure(opts) + self.session.serialize = serialization.new(opts); +end + def_env.server = {}; function def_env.server:insane_reload() -- cgit v1.2.3 From 7369538232b41b98872b5bf45759fc19d6293727 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 29 Apr 2020 23:28:21 +0200 Subject: mod_admin_telnet: Silence luacheck --- plugins/mod_admin_telnet.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index d25a576a..dcc19687 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -303,7 +303,8 @@ function commands.help(session, data) elseif section == "config" then print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] print [[config:get([host,] option) - Show the value of a config option.]] - elseif section == "stats" then -- TODO describe how this works + elseif section == "stats" then -- luacheck: ignore 542 + -- TODO describe how stats:show() works elseif section == "debug" then print [[debug:logevents(host) - Enable logging of fired events on host]] print [[debug:events(host, event) - Show registered event handlers]] -- cgit v1.2.3 From 75a3d7758bda32792bb3abe412b12f8c85bf757f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 14:13:02 +0200 Subject: mod_storage_sql: Log database connection parameters when creating engine This is meant to help trace down an issue where Prosody apparently creates multiple conflicting SQL engines, causing problems especially with SQLite3, e.g. #616 #784. --- plugins/mod_storage_sql.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 21556715..30e38d49 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -759,9 +759,10 @@ function module.load() if prosody.prosodyctl then return; end local engines = module:shared("/*/sql/connections"); local params = normalize_params(module:get_option("sql", default_params)); - engine = engines[sql.db2uri(params)]; + local db_uri = sql.db2uri(params); + engine = engines[db_uri]; if not engine then - module:log("debug", "Creating new engine"); + module:log("debug", "Creating new engine %s", db_uri); engine = sql:create_engine(params, function (engine) -- luacheck: ignore 431/engine if module:get_option("sql_manage_tables", true) then -- Automatically create table, ignore failure (table probably already exists) -- cgit v1.2.3 From dc8d810f34ba55ec51a238a84c04673efb7fc7a3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 20:12:41 +0200 Subject: MUC: Enforce strict resourceprep when registering room nicknames If nickname enforcement is enabled this would otherwise let you bypass the join check in muc.lib by registering an invalid nickname and then joining with any nickname, letting register.lib change it to the invalid registered nick. --- plugins/muc/register.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index f0a15dd4..d917b396 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -152,7 +152,7 @@ local function handle_register_iq(room, origin, stanza) return true; end -- Is the nickname valid? - local desired_nick = resourceprep(reg_data["muc#register_roomnick"]); + local desired_nick = resourceprep(reg_data["muc#register_roomnick"], true); if not desired_nick then origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid Nickname")); return true; -- cgit v1.2.3 From bfdff4488f72dd5e3595968b2fdb14d054c3977c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 20:32:43 +0200 Subject: mod_admin_telnet: Allow configuring pretty printing defaults Mostly just to have the defaults merged so you can e.g. output:configure({maxdepth=1}) --- plugins/mod_admin_telnet.lua | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index dcc19687..93a4587f 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -330,9 +330,18 @@ end -- Anything in def_env will be accessible within the session as a global variable --luacheck: ignore 212/self +local serialize_defaults = module:get_option("console_prettyprint_settings", { fatal = false, unquoted = true, maxdepth = 2}) def_env.output = {}; function def_env.output:configure(opts) + if type(opts) ~= "table" then + opts = { preset = opts }; + end + for k,v in pairs(serialize_defaults) do + if opts[k] == nil then + opts[k] = v; + end + end self.session.serialize = serialization.new(opts); end -- cgit v1.2.3 From f1c4d468e2134147b6aec12910837d05b332b8d6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 20:37:49 +0200 Subject: mod_admin_telnet: Reuse existing pretty printing setup Didn't do the configurable defaults thing here because I was going to do this, so that there's only one spot where it's done. --- plugins/mod_admin_telnet.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 93a4587f..792f4f78 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -81,7 +81,7 @@ function console:new_session(conn) end w("| "..table.concat(t, "\t").."\n"); end; - serialize = serialization.new({ fatal = false, unquoted = true, maxdepth = 2}); + serialize = tostring; disconnect = function () conn:close(); end; }; session.env = setmetatable({}, default_env_mt); @@ -98,6 +98,8 @@ function console:new_session(conn) end end + session.env.output:configure(); + return session; end -- cgit v1.2.3 From 95b5facf3bc6ec7b346ea6dff07522fc9aceda4e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 20:39:33 +0200 Subject: mod_admin_telnet: Don't pretty-print the normal console stuff Typing e.g. `c2s` would dump out a bunch of stuff that would probably just confuse users. Now you only get pretty-printing when poking around in the internals with `>`. --- plugins/mod_admin_telnet.lua | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 792f4f78..a5657d09 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -145,10 +145,10 @@ function console:process_line(session, line) local taskok, message = chunk(); if not message then - if type(taskok) ~= "string" then + if type(taskok) ~= "string" and useglobalenv then taskok = session.serialize(taskok); end - session.print("Result: "..taskok); + session.print("Result: "..tostring(taskok)); return; elseif (not taskok) and message then session.print("Command completed with a problem"); @@ -156,11 +156,7 @@ function console:process_line(session, line) return; end - if type(message) ~= "string" then - message = session.serialize(message); - end - - session.print("OK: "..message); + session.print("OK: "..tostring(message)); end local sessions = {}; -- cgit v1.2.3 From 783f5430a57d1f543f0eddbc3d6b6a3185be8008 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 May 2020 20:41:35 +0200 Subject: mod_admin_telnet: Use tostring as fallback in pretty printing This has some nice effects such as functions, VirtualHosts and other things being printed using their `__tostring` metamethod. --- plugins/mod_admin_telnet.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index a5657d09..3014517c 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -335,6 +335,10 @@ function def_env.output:configure(opts) if type(opts) ~= "table" then opts = { preset = opts }; end + if not opts.fallback then + -- XXX Error message passed to fallback is lost, does it matter? + opts.fallback = tostring; + end for k,v in pairs(serialize_defaults) do if opts[k] == nil then opts[k] = v; -- cgit v1.2.3 From d146cc6f582196d9d9a79b6d3c2bf030cc26f7b2 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 5 May 2020 22:21:39 +0200 Subject: MAM: Remove 1% of contents when reaching limits, fix #1545 With mod\_storage\_internal this counts out to 100 messages out of 10 000, meaning should not hit the quota limit immediately until that many messages have been added again. --- plugins/mod_mam/mod_mam.lua | 4 +++- plugins/mod_muc_mam.lua | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 72b7639a..8695fe65 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -44,6 +44,8 @@ local archive = module:open_store(archive_store, "archive"); local cleanup_after = module:get_option_string("archive_expires_after", "1w"); local cleanup_interval = module:get_option_number("archive_cleanup_interval", 4 * 60 * 60); local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000); +local archive_truncate = math.floor(archive_item_limit * 0.99); + if not archive.find then error("mod_"..(archive._provided_by or archive.name and "storage_"..archive.name).." does not support archiving\n" .."See https://prosody.im/doc/storage and https://prosody.im/doc/archiving for more information"); @@ -379,7 +381,7 @@ local function message_handler(event, c2s) if not ok and (archive.caps and archive.caps.truncate) then module:log("debug", "User '%s' over quota, truncating archive", store_user); local truncated = archive:delete(store_user, { - truncate = archive_item_limit - 1; + truncate = archive_truncate; }); if truncated then ok, err = archive:append(store_user, nil, clone_for_storage, time, with); diff --git a/plugins/mod_muc_mam.lua b/plugins/mod_muc_mam.lua index 7eeada6d..a151931f 100644 --- a/plugins/mod_muc_mam.lua +++ b/plugins/mod_muc_mam.lua @@ -54,6 +54,7 @@ local archive_store = "muc_log"; local archive = module:open_store(archive_store, "archive"); local archive_item_limit = module:get_option_number("storage_archive_item_limit", archive.caps and archive.caps.quota or 1000); +local archive_truncate = math.floor(archive_item_limit * 0.99); if archive.name == "null" or not archive.find then if not archive.find then @@ -397,7 +398,7 @@ local function save_to_history(self, stanza) if not id and (archive.caps and archive.caps.truncate) then module:log("debug", "User '%s' over quota, truncating archive", room_node); local truncated = archive:delete(room_node, { - truncate = archive_item_limit - 1; + truncate = archive_truncate; }); if truncated then id, err = archive:append(room_node, nil, stored_stanza, time, with); -- cgit v1.2.3 From 9339ebb8e37a72fae02bd5d928f7ce22beff1a80 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 5 May 2020 23:08:47 +0200 Subject: mod_csi_simple: Don't consider presence errors as important A large share of `` appears to be noise from large public channels and failed presence probes. The later at least should count as presence updates, which are currently considered unimportant. See also 8cecb85e4bc4 which is partly reverted here. The intent there was probably mostly about message (delivery) errors, which should be considered important. --- plugins/mod_csi_simple.lua | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index d3bf3a9f..05650957 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -28,18 +28,19 @@ module:hook("csi-is-stanza-important", function (event) local st_name = stanza.name; if not st_name then return false; end local st_type = stanza.attr.type; - if st_type == "error" then - return true; - end if st_name == "presence" then - if st_type == nil or st_type == "unavailable" then + if st_type == nil or st_type == "unavailable" or st_name == "error" then return false; end + -- TODO Some MUC awareness, e.g. check for the 'this relates to you' status code return true; elseif st_name == "message" then if st_type == "headline" then return false; end + if st_type == "error" then + return true; + end if stanza:get_child("sent", "urn:xmpp:carbons:2") then return true; end -- cgit v1.2.3 From 92c97b036113d8b608fd3c85e7deb8712c7004e6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 6 May 2020 12:48:09 +0200 Subject: mod_carbons: Clarify handling of error bounces The :find bit was hard to understand, this should be clearer. --- plugins/mod_carbons.lua | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index fad47a7c..f07e9356 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -5,10 +5,15 @@ local st = require "util.stanza"; local jid_bare = require "util.jid".bare; +local jid_resource = require "util.jid".resource; local xmlns_carbons = "urn:xmpp:carbons:2"; local xmlns_forward = "urn:xmpp:forward:0"; local full_sessions, bare_sessions = prosody.full_sessions, prosody.bare_sessions; +local function is_bare(jid) + return not jid_resource(jid); +end + local function toggle_carbons(event) local origin, stanza = event.origin, event.stanza; local state = stanza.tags[1].name; @@ -43,7 +48,10 @@ local function should_copy(stanza, c2s, user_bare) return true, "type"; end - if st_type == "error" and not c2s and not (stanza.attr.from or ""):find("/") then + -- Normal outgoing chat messages are sent to=bare JID. This clause should + -- match the error bounces from those, which would have from=bare JID and + -- be incoming (not c2s). + if st_type == "error" and not c2s and is_bare(stanza.attr.from) then return true, "bounce"; end -- cgit v1.2.3 From 8da81e9160c093c79754eb7189a2a9fced8df82a Mon Sep 17 00:00:00 2001 From: JC Brand Date: Wed, 22 Apr 2020 16:04:03 +0200 Subject: Fixes #1533 Hats don't get sent out to own MUC user --- plugins/muc/muc.lib.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index d785a5a2..65ed8731 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -312,6 +312,7 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason, pre else -- use their own presences as templates for full_jid, pr in occupant:each_session() do + module:fire_event("muc-build-occupant-presence", { room = self, occupant = occupant, stanza = pr }); pr = st.clone(pr); pr.attr.to = full_jid; pr:add_child(self_x); -- cgit v1.2.3 From b00737a6d32cf4e834cb239172280762e4d620f6 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Wed, 22 Apr 2020 16:12:15 +0200 Subject: mod_muc: let event handlers modify cloned presence Updates #1533 --- plugins/muc/muc.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 65ed8731..2f72c9eb 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -312,8 +312,8 @@ function room_mt:publicise_occupant_status(occupant, x, nick, actor, reason, pre else -- use their own presences as templates for full_jid, pr in occupant:each_session() do - module:fire_event("muc-build-occupant-presence", { room = self, occupant = occupant, stanza = pr }); pr = st.clone(pr); + module:fire_event("muc-build-occupant-presence", { room = self, occupant = occupant, stanza = pr }); pr.attr.to = full_jid; pr:add_child(self_x); self:route_stanza(pr); -- cgit v1.2.3 From 44847d620cf0b7f690682e4906dfcbea8cd3ef03 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 7 May 2020 21:55:29 +0200 Subject: mod_csi_simple: Refactor to allow logging reason for buffer flush Same style as mod_mam and mod_carbons allows easy comparison. BC: Log format changes --- plugins/mod_csi_simple.lua | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 05650957..7b8b3741 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -15,8 +15,7 @@ local queue_size = module:get_option_number("csi_queue_size", 256); local important_payloads = module:get_option_set("csi_important_payloads", { }); -module:hook("csi-is-stanza-important", function (event) - local stanza = event.stanza; +function is_important(stanza) --> boolean, reason: string if not st.is_stanza(stanza) then -- whitespace pings etc return true; @@ -69,8 +68,23 @@ module:hook("csi-is-stanza-important", function (event) elseif st_name == "iq" then return true; end +end + +module:hook("csi-is-stanza-important", function (event) + local important, why = is_important(event.stanza); + event.reason = why; + return important; end, -1); +local function should_flush(stanza, session, ctr) --> boolean, reason: string + if ctr >= queue_size then + return true, "queue size limit reached"; + end + local event = { stanza = stanza, session = session }; + local ret = module:fire_event("csi-is-stanza-important", event) + return ret, event.reason; +end + local function with_timestamp(stanza, from) if st.is_stanza(stanza) and stanza.attr.xmlns == nil and stanza.name ~= "iq" then stanza = st.clone(stanza); @@ -81,11 +95,9 @@ end local function manage_buffer(stanza, session) local ctr = session.csi_counter or 0; - if ctr >= queue_size then - session.log("debug", "Queue size limit hit, flushing buffer (queue size is %d)", session.csi_counter); - session.conn:resume_writes(); - elseif module:fire_event("csi-is-stanza-important", { stanza = stanza, session = session }) then - session.log("debug", "Important stanza, flushing buffer (queue size is %d)", session.csi_counter); + local flush, why = should_flush(stanza, session, ctr); + if flush then + session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter); session.conn:resume_writes(); else stanza = with_timestamp(stanza, jid.join(session.username, session.host)) -- cgit v1.2.3 From a9ba50343ca6fc47d8bf50b0714ca943f38b1410 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 7 May 2020 22:56:30 +0200 Subject: mod_csi_simple: Add short reasons to report Should improve quality of debug logs --- plugins/mod_csi_simple.lua | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 7b8b3741..6274dcb3 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -22,42 +22,46 @@ function is_important(stanza) --> boolean, reason: string end if stanza.attr.xmlns ~= nil then -- stream errors, stream management etc - return true; + return true, "nonza"; end local st_name = stanza.name; if not st_name then return false; end local st_type = stanza.attr.type; if st_name == "presence" then if st_type == nil or st_type == "unavailable" or st_name == "error" then - return false; + return false, "presence update"; end -- TODO Some MUC awareness, e.g. check for the 'this relates to you' status code - return true; + return true, "subscription request"; elseif st_name == "message" then if st_type == "headline" then - return false; + -- Headline messages are ephemeral by definition + return false, "headline"; end if st_type == "error" then - return true; + return true, "delivery failure"; end if stanza:get_child("sent", "urn:xmpp:carbons:2") then - return true; + return true, "carbon"; end local forwarded = stanza:find("{urn:xmpp:carbons:2}received/{urn:xmpp:forward:0}/{jabber:client}message"); if forwarded then stanza = forwarded; end if stanza:get_child("body") then - return true; + return true, "body"; end if stanza:get_child("subject") then - return true; + -- Last step of a MUC join + return true, "subject"; end if stanza:get_child("encryption", "urn:xmpp:eme:0") then - return true; + -- Since we can't know what an encrypted message contains, we assume it's important + -- XXX Experimental XEP + return true, "encrypted"; end if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then - return true; + return true, "invite"; end for important in important_payloads do if stanza:find(important) then -- cgit v1.2.3 From b2baba11247243446e60bea10884d2d2193e9f48 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 7 May 2020 23:02:47 +0200 Subject: mod_csi_simple: Log reasons for not flushing --- plugins/mod_csi_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 6274dcb3..bb8f757a 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -104,6 +104,7 @@ local function manage_buffer(stanza, session) session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter); session.conn:resume_writes(); else + session.log("debug", "Holding buffer (%s; queue size is %d)", why or "unimportant", session.csi_counter); stanza = with_timestamp(stanza, jid.join(session.username, session.host)) end session.csi_counter = ctr + 1; -- cgit v1.2.3 From 289898e68f98fe5edfb31ae622c9c3f0d6e1e039 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 8 May 2020 23:54:17 +0200 Subject: mod_s2s: Improve signaling of stream open events Makes it clearer, cleaner and easier to extend. --- plugins/mod_s2s/mod_s2s.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 8feb6403..2dad864c 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -322,7 +322,7 @@ local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; function stream_callbacks.streamopened(session, attr) -- run _streamopened in async context - session.thread:run({ attr = attr }); + session.thread:run({ stream = "opened", attr = attr }); end function stream_callbacks._streamopened(session, attr) @@ -564,10 +564,10 @@ local function initialize_session(session) local stream = new_xmpp_stream(session, stream_callbacks); session.thread = runner(function (stanza) - if stanza.name == nil then - stream_callbacks._streamopened(session, stanza.attr); - else + if st.is_stanza(stanza) then core_process_stanza(session, stanza); + elseif stanza.stream == "opened" then + stream_callbacks._streamopened(session, stanza.attr); end end, runner_callbacks, session); -- cgit v1.2.3 From a7c0def27f214441fe4881e119194540d291fd75 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 8 May 2020 23:55:51 +0200 Subject: mod_s2s: Run stream close in async context Allows async processing during stream shutdown. Fixes potential ASYNC-01 issues, however no such issues known at the time of this commit. --- plugins/mod_s2s/mod_s2s.lua | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 2dad864c..9f7d4d6d 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -455,11 +455,16 @@ function stream_callbacks._streamopened(session, attr) end end -function stream_callbacks.streamclosed(session) +function stream_callbacks._streamclosed(session) (session.log or log)("debug", "Received "); session:close(false); end +function stream_callbacks.streamclosed(session, attr) + -- run _streamclosed in async context + session.thread:run({ stream = "closed", attr = attr }); +end + function stream_callbacks.error(session, error, data) if error == "no-stream" then session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); @@ -568,6 +573,8 @@ local function initialize_session(session) core_process_stanza(session, stanza); elseif stanza.stream == "opened" then stream_callbacks._streamopened(session, stanza.attr); + elseif stanza.stream == "closed" then + stream_callbacks._streamclosed(session, stanza.attr); end end, runner_callbacks, session); -- cgit v1.2.3 From 0747cbea53bce8930724c4d7de735c07e36e6893 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 8 May 2020 23:58:24 +0200 Subject: mod_c2s: Run stream open and close events in async thread, fixes #1103 Enables async processing during stream opening and closing. --- plugins/mod_c2s.lua | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 536b945e..91e37c4a 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -55,6 +55,11 @@ end); local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; function stream_callbacks.streamopened(session, attr) + -- run _streamopened in async context + session.thread:run({ stream = "opened", attr = attr }); +end + +function stream_callbacks._streamopened(session, attr) local send = session.send; if not attr.to then session:close{ condition = "improper-addressing", @@ -121,7 +126,12 @@ function stream_callbacks.streamopened(session, attr) end end -function stream_callbacks.streamclosed(session) +function stream_callbacks.streamclosed(session, attr) + -- run _streamclosed in async context + session.thread:run({ stream = "closed", attr = attr }); +end + +function stream_callbacks._streamclosed(session) session.log("debug", "Received "); session:close(false); end @@ -280,7 +290,13 @@ function listener.onconnect(conn) end session.thread = runner(function (stanza) - core_process_stanza(session, stanza); + if st.is_stanza(stanza) then + core_process_stanza(session, stanza); + elseif stanza.stream == "opened" then + stream_callbacks._streamopened(session, stanza.attr); + elseif stanza.stream == "closed" then + stream_callbacks._streamclosed(session, stanza.attr); + end end, runner_callbacks, session); local filter = session.filter; -- cgit v1.2.3 From 71d6bde69ce86526dda8b0ee7c14b3418c415a7f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 00:28:10 +0200 Subject: mod_presence: Send unavailable presence in current thread run `session:dispatch_stanza(pres)` enqueues processing of the stanza in the sessions async thread, but becasue the entire stream close handling is now in that thread it would process the presence after the stream and session was completely closed, leading to weird errors "sent to a resting session". We call core_process_stanza() since this is what :dispatch_stanza calls in the end. --- plugins/mod_presence.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_presence.lua b/plugins/mod_presence.lua index d6e2b2b7..3f9a0c12 100644 --- a/plugins/mod_presence.lua +++ b/plugins/mod_presence.lua @@ -14,6 +14,7 @@ local s_find = string.find; local tonumber = tonumber; local core_post_stanza = prosody.core_post_stanza; +local core_process_stanza = prosody.core_process_stanza; local st = require "util.stanza"; local jid_split = require "util.jid".split; local jid_bare = require "util.jid".bare; @@ -370,7 +371,7 @@ module:hook("resource-unbind", function(event) if err then pres:tag("status"):text("Disconnected: "..err):up(); end - session:dispatch_stanza(pres); + core_process_stanza(session, pres); elseif session.directed then local pres = st.presence{ type = "unavailable", from = session.full_jid }; if err then -- cgit v1.2.3 From 527d16b0b372a6103e23c79eb3cb9ed1588d311e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 00:50:59 +0200 Subject: mod_carbons: Describe return types in a comment For similarity with mod_mam, mod_csi_simple --- plugins/mod_carbons.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index f07e9356..ccd16ad5 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -25,7 +25,7 @@ end module:hook("iq-set/self/"..xmlns_carbons..":disable", toggle_carbons); module:hook("iq-set/self/"..xmlns_carbons..":enable", toggle_carbons); -local function should_copy(stanza, c2s, user_bare) +local function should_copy(stanza, c2s, user_bare) --> boolean, reason: string local st_type = stanza.attr.type or "normal"; if stanza:get_child("private", xmlns_carbons) then return false, "private"; -- cgit v1.2.3 From 4443c44e22a58b5cd2d2f16f9748648d5bd8a7e9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 00:55:18 +0200 Subject: mod_carbons: Explicitly carbon XEP-0353: Jingle Message Initiation --- plugins/mod_carbons.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_carbons.lua b/plugins/mod_carbons.lua index ccd16ad5..e0f0a711 100644 --- a/plugins/mod_carbons.lua +++ b/plugins/mod_carbons.lua @@ -55,6 +55,11 @@ local function should_copy(stanza, c2s, user_bare) --> boolean, reason: string return true, "bounce"; end + if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then + -- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment + return true, "jingle call"; + end + for archived in stanza:childtags("stanza-id", "urn:xmpp:sid:0") do if archived and archived.attr.by == user_bare then return true, "archived"; -- cgit v1.2.3 From 1f8daf736d2ebfee0222b2bbccad5ed41eaf16a8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 00:57:42 +0200 Subject: mod_mam: Archive XEP-0353: Jingle Message Initiation --- plugins/mod_mam/mod_mam.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 8695fe65..4fe714eb 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -315,6 +315,10 @@ local function should_store(stanza, c2s) --> boolean, reason: string or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then return true, "invite"; end + if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then + -- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment + return true, "jingle call"; + end -- The IM-NG thing to do here would be to return `not st_to_full` -- One day ... -- cgit v1.2.3 From fc8a50cd73d43df270a88710d26fec550e33752e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 01:01:01 +0200 Subject: mod_csi_simple: Fix unintentional order of rules from merge --- plugins/mod_csi_simple.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 3bad872d..a62b7841 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -63,14 +63,14 @@ function is_important(stanza) --> boolean, reason: string if stanza:get_child("x", "jabber:x:conference") or stanza:find("{http://jabber.org/protocol/muc#user}x/invite") then return true, "invite"; end + if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then + return true, "jingle call"; + end for important in important_payloads do if stanza:find(important) then return true; end end - if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then - return true; - end return false; elseif st_name == "iq" then return true; -- cgit v1.2.3 From ade3caf1ad39b977ea3233238ba86a1f8635a334 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 01:01:03 +0200 Subject: mod_csi_simple: Add comment highlighting that XEP-0353 is experimental To make it easier to find implemented Experimental XEPs later. Also at the time of this commit it has been Proposed as mentinoed in the comment but hopefully that will be resolved soon. --- plugins/mod_csi_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index a62b7841..2c3b3042 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -64,6 +64,7 @@ function is_important(stanza) --> boolean, reason: string return true, "invite"; end if stanza:get_child(nil, "urn:xmpp:jingle-message:0") then + -- XXX Experimental XEP stuck in Proposed for almost a year at the time of this comment return true, "jingle call"; end for important in important_payloads do -- cgit v1.2.3 From 749ed917c1c1a5d34ffb92b0da4cf1cc3f22cf50 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 13:33:26 +0200 Subject: mod_csi_simple: Fix treating presence errors as presence updates Autocomplete fail probably. --- plugins/mod_csi_simple.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 2c3b3042..8c6f75c8 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -28,7 +28,7 @@ function is_important(stanza) --> boolean, reason: string if not st_name then return false; end local st_type = stanza.attr.type; if st_name == "presence" then - if st_type == nil or st_type == "unavailable" or st_name == "error" then + if st_type == nil or st_type == "unavailable" or st_type == "error" then return false, "presence update"; end -- TODO Some MUC awareness, e.g. check for the 'this relates to you' status code -- cgit v1.2.3 From cabd89913a6d1101defb663f964116c6ec9ba37b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 13:50:58 +0200 Subject: mod_csi_simple: Fix flushing when client sent something Forgot to unset the flag afterwards, so it would only work once. The flag is not even needed, it works as intended without it. --- plugins/mod_csi_simple.lua | 5 ----- 1 file changed, 5 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 8c6f75c8..a44237d1 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -116,10 +116,6 @@ local function manage_buffer(stanza, session) end local function flush_buffer(data, session) - if session.csi_flushing then - return data; - end - session.csi_flushing = true; session.log("debug", "Client sent something, flushing buffer once (queue size is %d)", session.csi_counter); session.conn:resume_writes(); return data; @@ -136,7 +132,6 @@ function enable_optimizations(session) end function disable_optimizations(session) - session.csi_flushing = nil; filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); if session.conn and session.conn.resume_writes then -- cgit v1.2.3 From 859c3650e5ad8a3fd101154a5f435ca2589ca4d6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 17:05:46 +0200 Subject: mod_csi_simple: Forget queue counter when disabling optimizations Otherwise it might not start from zero when enabled again. --- plugins/mod_csi_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index a44237d1..fb3d80c5 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -134,6 +134,7 @@ end function disable_optimizations(session) filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); + session.csi_counter = nil; if session.conn and session.conn.resume_writes then session.conn:resume_writes(); end -- cgit v1.2.3 From e1a3982654d6f10ebaa4b6efda5bf72d55c40413 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 17:07:43 +0200 Subject: mod_csi_simple: Reset queue counter to zero when enabling For symmetry. --- plugins/mod_csi_simple.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index fb3d80c5..a4ce258b 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -124,6 +124,7 @@ end function enable_optimizations(session) if session.conn and session.conn.pause_writes then session.conn:pause_writes(); + session.csi_counter = 0; filters.add_filter(session, "stanzas/out", manage_buffer); filters.add_filter(session, "bytes/in", flush_buffer); else -- cgit v1.2.3 From 4053cca7dc5b7356cbf53a0ee4e42420000cef35 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 17:38:13 +0200 Subject: mod_csi_simple: Change debug message of client-triggered flush for coherence It now matches other the other source of flush reason logging. --- plugins/mod_csi_simple.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index a4ce258b..0678b5d4 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -116,7 +116,7 @@ local function manage_buffer(stanza, session) end local function flush_buffer(data, session) - session.log("debug", "Client sent something, flushing buffer once (queue size is %d)", session.csi_counter); + session.log("debug", "Flushing buffer (%s; queue size is %d)", "client activity", session.csi_counter); session.conn:resume_writes(); return data; end -- cgit v1.2.3 From edd59660621f044d6402966a4a77ca9867d1f619 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 17:45:45 +0200 Subject: mod_csi_simple: Record stats of how long buffers are held Telnet command `stats:show("buffer_hold"):histogram()` looks nice! --- plugins/mod_csi_simple.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 0678b5d4..c0871c8d 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -101,10 +101,16 @@ local function with_timestamp(stanza, from) return stanza; end +local measure_buffer_hold = module:measure("buffer_hold", "times"); + local function manage_buffer(stanza, session) local ctr = session.csi_counter or 0; local flush, why = should_flush(stanza, session, ctr); if flush then + if session.csi_measure_buffer_hold then + session.csi_measure_buffer_hold(); + session.csi_measure_buffer_hold = nil; + end session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter); session.conn:resume_writes(); else @@ -117,6 +123,10 @@ end local function flush_buffer(data, session) session.log("debug", "Flushing buffer (%s; queue size is %d)", "client activity", session.csi_counter); + if session.csi_measure_buffer_hold then + session.csi_measure_buffer_hold(); + session.csi_measure_buffer_hold = nil; + end session.conn:resume_writes(); return data; end @@ -124,6 +134,7 @@ end function enable_optimizations(session) if session.conn and session.conn.pause_writes then session.conn:pause_writes(); + session.csi_measure_buffer_hold = measure_buffer_hold(); session.csi_counter = 0; filters.add_filter(session, "stanzas/out", manage_buffer); filters.add_filter(session, "bytes/in", flush_buffer); @@ -136,6 +147,10 @@ function disable_optimizations(session) filters.remove_filter(session, "stanzas/out", manage_buffer); filters.remove_filter(session, "bytes/in", flush_buffer); session.csi_counter = nil; + if session.csi_measure_buffer_hold then + session.csi_measure_buffer_hold(); + session.csi_measure_buffer_hold = nil; + end if session.conn and session.conn.resume_writes then session.conn:resume_writes(); end @@ -160,6 +175,7 @@ module:hook("c2s-ondrain", function (event) local session = event.session; if session.state == "inactive" and session.conn and session.conn.pause_writes then session.conn:pause_writes(); + session.csi_measure_buffer_hold = measure_buffer_hold(); session.log("debug", "Buffer flushed, resuming inactive mode (queue size was %d)", session.csi_counter); session.csi_counter = 0; end -- cgit v1.2.3 From d4c1384269b98e3a0e21b4cf3615a6d116100fd6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 9 May 2020 17:47:03 +0200 Subject: mod_csi_simple: Collect stats on flush reasons --- plugins/mod_csi_simple.lua | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index c0871c8d..0c428c4a 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -103,6 +103,15 @@ end local measure_buffer_hold = module:measure("buffer_hold", "times"); +local flush_reasons = setmetatable({}, { + __index = function (t, reason) + local m = module:measure("flush_reason."..reason:gsub("%W", "_"), "rate"); + t[reason] = m; + return m; + end; + }); + + local function manage_buffer(stanza, session) local ctr = session.csi_counter or 0; local flush, why = should_flush(stanza, session, ctr); @@ -111,6 +120,7 @@ local function manage_buffer(stanza, session) session.csi_measure_buffer_hold(); session.csi_measure_buffer_hold = nil; end + flush_reasons[why or "important"](); session.log("debug", "Flushing buffer (%s; queue size is %d)", why or "important", session.csi_counter); session.conn:resume_writes(); else @@ -123,6 +133,7 @@ end local function flush_buffer(data, session) session.log("debug", "Flushing buffer (%s; queue size is %d)", "client activity", session.csi_counter); + flush_reasons["client activity"](); if session.csi_measure_buffer_hold then session.csi_measure_buffer_hold(); session.csi_measure_buffer_hold = nil; -- cgit v1.2.3 From 9b7ab06ef37d1271d76f2ef9cba6b8f72af199ce Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 10 May 2020 23:06:21 +0200 Subject: mod_csi_simple: Identify raw string data in logging and stats --- plugins/mod_csi_simple.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 0c428c4a..3f3271f0 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -16,8 +16,10 @@ local queue_size = module:get_option_number("csi_queue_size", 256); local important_payloads = module:get_option_set("csi_important_payloads", { }); function is_important(stanza) --> boolean, reason: string - if not st.is_stanza(stanza) then + if type(stanza) == "string" then -- whitespace pings etc + return true, "raw data"; + elseif not st.is_stanza(stanza) then return true; end if stanza.attr.xmlns ~= nil then -- cgit v1.2.3 From c34f2c9ebf519ae400018cb81bb0d8141d75af64 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 10 May 2020 23:09:15 +0200 Subject: mod_csi_simple: Report whitespace keepalives Single space character is sent by mod_c2s when a session has been silent for some time. This should account for the vast majority of raw strings passing through here. If this is not the case then having stats to say otherwise will be interesting. --- plugins/mod_csi_simple.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 3f3271f0..679f9b48 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -16,8 +16,9 @@ local queue_size = module:get_option_number("csi_queue_size", 256); local important_payloads = module:get_option_set("csi_important_payloads", { }); function is_important(stanza) --> boolean, reason: string - if type(stanza) == "string" then - -- whitespace pings etc + if stanza == " " then + return true, "whitespace keepalive"; + elseif type(stanza) == "string" then return true, "raw data"; elseif not st.is_stanza(stanza) then return true; -- cgit v1.2.3 From e856c00107938f0442342e3550baae4bab3f3901 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 10 May 2020 23:12:33 +0200 Subject: mod_csi_simple: Report whatever's not a stirng and not a stanza This is either dead code or actually a type error, but catching that should be the responsibility of the session.send function. This type check is left since everything after it assumes a stanza object. These last few commits aren't meant to change any behavior and it did mark things not stanzas as important, but those would have been mostly raw strings which are now specially handled. --- plugins/mod_csi_simple.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_csi_simple.lua b/plugins/mod_csi_simple.lua index 679f9b48..d814f083 100644 --- a/plugins/mod_csi_simple.lua +++ b/plugins/mod_csi_simple.lua @@ -21,7 +21,8 @@ function is_important(stanza) --> boolean, reason: string elseif type(stanza) == "string" then return true, "raw data"; elseif not st.is_stanza(stanza) then - return true; + -- This should probably never happen + return true, type(stanza); end if stanza.attr.xmlns ~= nil then -- stream errors, stream management etc -- cgit v1.2.3 From 82714e54a8dca7ff60365758dd497c3c9c270633 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 11 May 2020 21:56:19 +0200 Subject: mod_storage_internal: Implement key-value API --- plugins/mod_storage_internal.lua | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index c8b902cf..586ea10f 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -208,6 +208,46 @@ function archive:find(username, query) end, count; end +function archive:get(username, wanted_key) + local iter, err = self:find(username, { key = wanted_key }) + if not iter then return iter, err; end + for key, stanza, when, with in iter do + if key == wanted_key then + return stanza, when, with; + end + end + return nil, "item-not-found"; +end + +function archive:set(username, key, new_value, new_when, new_with) + local items, err = datamanager.list_load(username, host, self.store); + if not items then + if err then + return items, err; + else + return nil, "item-not-found"; + end + end + + for i = 1, #items do + local old_item = items[i]; + if old_item.key == key then + local item = st.preserialize(st.clone(new_value)); + + local when = new_when or item.when or datetime.parse(item.attr.stamp); + item.key = key; + item.when = when; + item.with = new_with or old_item.with; + item.attr.stamp = datetime.datetime(when); + item.attr.stamp_legacy = datetime.legacy(when); + items[i] = item; + return datamanager.list_store(username, host, self.store, items); + end + end + + return nil, "item-not-found"; +end + function archive:dates(username) local items, err = datamanager.list_load(username, host, self.store); if not items then return items, err; end -- cgit v1.2.3 From 84f9f4973c41a8094bc935ca5f08c47d7ac672c7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 11 May 2020 23:22:25 +0200 Subject: mod_storage_memory: Add map store methods to archive store --- plugins/mod_storage_memory.lua | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 8beb8c01..67598416 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -167,6 +167,37 @@ function archive_store:find(username, query) end, count; end +function archive_store:get(username, wanted_key) + local items = self.store[username or NULL]; + if not items then return nil, "item-not-found"; end + local i = items[wanted_key]; + if not i then return nil, "item-not-found"; end + local item = items[i]; + return item.value(), item.when, item.with; +end + +function archive_store:set(username, wanted_key, new_value, new_when, new_with) + local items = self.store[username or NULL]; + if not items then return nil, "item-not-found"; end + local i = items[wanted_key]; + if not i then return nil, "item-not-found"; end + local item = items[i]; + + if is_stanza(new_value) then + new_value = st.preserialize(new_value); + item.value = envload("return xml"..serialize(new_value), "=(stanza)", { xml = st.deserialize }) + else + item.value = envload("return "..serialize(new_value), "=(data)", {}); + end + if new_when then + item.when = new_when; + end + if new_with then + item.with = new_when; + end + return true; +end + function archive_store:summary(username, query) local iter, err = self:find(username, query) if not iter then return iter, err; end -- cgit v1.2.3 From d6de70d19f5a657070684ca1d3c68dd966412cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Thu, 14 May 2020 14:59:59 +0200 Subject: mod_http: Add documentation to the non-obvious logic of get_ip_from_request Because docs are good. --- plugins/mod_http.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index c3e19bb3..b89ff21c 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -208,6 +208,13 @@ local function get_ip_from_request(request) local ip = request.conn:ip(); local forwarded_for = request.headers.x_forwarded_for; if forwarded_for then + -- This logic looks weird at first, but it makes sense. + -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. + -- We append the original request IP to the header. Then, since the last IP wins, there are two cases: + -- Case a) The original request IP is *not* in trusted proxies, in which case the X-Forwarded-For header will, effectively, be ineffective; the original request IP will win because it overrides any other IP in the header. + -- Case b) The original request IP is in trusted proxies. In that case, the if branch in the for loop will skip the last IP, causing it to be ignored. The second-to-last IP will be taken instead. + -- Case c) If the second-to-last IP is also a trusted proxy, it will also be ignored, iteratively, up to the last IP which isn’t in trusted proxies. + -- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP. forwarded_for = forwarded_for..", "..ip; for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do if not trusted_proxies[forwarded_ip] then -- cgit v1.2.3 From d689f6c9a103215f7ce2b23aca163c21a63a4ce3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 14 May 2020 16:55:01 +0200 Subject: mod_http: Tell luacheck to ignore the long comment lines --- plugins/mod_http.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index b89ff21c..3bacae61 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -208,6 +208,7 @@ local function get_ip_from_request(request) local ip = request.conn:ip(); local forwarded_for = request.headers.x_forwarded_for; if forwarded_for then + -- luacheck: ignore 631 -- This logic looks weird at first, but it makes sense. -- The for loop will take the last non-trusted-proxy IP from `forwarded_for`. -- We append the original request IP to the header. Then, since the last IP wins, there are two cases: -- cgit v1.2.3 From d916ce38f6b434552a5ebd2a1751286da9cf2d69 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 15 May 2020 20:55:22 +0200 Subject: mod_storage_internal: Fix keeping old timestamp in archive map API This led to a missing 'when' field on changed items, which would cause a traceack. --- plugins/mod_storage_internal.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 586ea10f..472ec642 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -234,7 +234,7 @@ function archive:set(username, key, new_value, new_when, new_with) if old_item.key == key then local item = st.preserialize(st.clone(new_value)); - local when = new_when or item.when or datetime.parse(item.attr.stamp); + local when = new_when or old_item.when or datetime.parse(old_item.attr.stamp); item.key = key; item.when = when; item.with = new_with or old_item.with; -- cgit v1.2.3 From 29f51d7e6dd71d1a702410cf24ea59edd7e5afcd Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 16 May 2020 20:46:12 +0200 Subject: mod_admin_telnet: Update existing sessions on reload This removes the need to disconnect and reconnect to the telnet console for changes to take effect. --- plugins/mod_admin_telnet.lua | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 3014517c..a082a851 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -161,6 +161,20 @@ end local sessions = {}; +function module.save() + return { sessions = sessions } +end + +function module.restore(data) + if data.sessions then + for conn in pairs(data.sessions) do + conn:setlistener(console_listener); + local session = console:new_session(conn); + sessions[conn] = session; + end + end +end + function console_listener.onconnect(conn) -- Handle new connection local session = console:new_session(conn); -- cgit v1.2.3 From d22e85debcc0a230f82af5b07e28f4248f63e072 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 31 May 2020 22:25:48 +0200 Subject: mod_c2s,mod_s2s: Use a distinct stream error for hitting stanza size limit Since this is not a real parse error, it should not be reported as such. --- plugins/mod_c2s.lua | 6 +++++- plugins/mod_s2s/mod_s2s.lua | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index 91e37c4a..c6a95e9e 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -308,7 +308,11 @@ function listener.onconnect(conn) local ok, err = stream:feed(data); if not ok then log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); - session:close("not-well-formed"); + if err == "stanza-too-large" then + session:close({ condition = "policy-violation", text = "XML stanza is too big" }); + else + session:close("not-well-formed"); + end end end end diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 9f7d4d6d..bd6627b8 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -614,7 +614,11 @@ local function initialize_session(session) local ok, err = stream:feed(data); if ok then return; end log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); - session:close("not-well-formed", nil, "Received invalid XML from remote server"); + if err == "stanza-too-large" then + session:close({ condition = "policy-violation", text = "XML stanza is too big" }, nil, "Received invalid XML from remote server"); + else + session:close("not-well-formed", nil, "Received invalid XML from remote server"); + end end end -- cgit v1.2.3 From 5abc2e6a5ce803060cd2c03182d3ae95bd29f694 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 31 May 2020 22:39:34 +0200 Subject: mod_c2s,mod_s2s: Make stanza size limits configurable --- plugins/mod_c2s.lua | 3 ++- plugins/mod_s2s/mod_s2s.lua | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index c6a95e9e..ef4bd4b3 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -26,6 +26,7 @@ local log = module._log; local c2s_timeout = module:get_option_number("c2s_timeout", 300); local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); local opt_keepalives = module:get_option_boolean("c2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); +local stanza_size_limit = module:get_option_number("c2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) local measure_connections = module:measure("connections", "amount"); local measure_ipv6 = module:measure("ipv6", "amount"); @@ -280,7 +281,7 @@ function listener.onconnect(conn) session.close = session_close; - local stream = new_xmpp_stream(session, stream_callbacks); + local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); session.stream = stream; session.notopen = true; diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index bd6627b8..0674f981 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -39,6 +39,7 @@ local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One local secure_domains, insecure_domains = module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; local require_encryption = module:get_option_boolean("s2s_require_encryption", false); +local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) local measure_connections = module:measure("connections", "amount"); local measure_ipv6 = module:measure("ipv6", "amount"); @@ -566,7 +567,7 @@ end -- Session initialization logic shared by incoming and outgoing local function initialize_session(session) - local stream = new_xmpp_stream(session, stream_callbacks); + local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); session.thread = runner(function (stanza) if st.is_stanza(stanza) then -- cgit v1.2.3 From 4c6992a00e582dc2c9c6a7ad721cd7e831202a1e Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 15:42:19 +0100 Subject: mod_admin_socket, util.adminstream: New module to manage a local unix domain socket for admin functionality --- plugins/mod_admin_socket.lua | 69 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 plugins/mod_admin_socket.lua (limited to 'plugins') diff --git a/plugins/mod_admin_socket.lua b/plugins/mod_admin_socket.lua new file mode 100644 index 00000000..c094aad2 --- /dev/null +++ b/plugins/mod_admin_socket.lua @@ -0,0 +1,69 @@ +module:set_global(); + +local have_unix, unix = pcall(require, "socket.unix"); + +if not have_unix or type(unix) ~= "table" then + module:log_status("error", "LuaSocket unix socket support not available or incompatible, ensure it is up to date"); + return; +end + +local server = require "net.server"; + +local adminstream = require "util.adminstream"; + +local socket_path = module:get_option_string("admin_socket", prosody.paths.data.."/prosody.sock"); + +local sessions = module:shared("sessions"); + +local function fire_admin_event(session, stanza) + local event_data = { + origin = session, stanza = stanza; + }; + local event_name; + if stanza.attr.xmlns then + event_name = "admin/"..stanza.attr.xmlns..":"..stanza.name; + else + event_name = "admin/"..stanza.name; + end + module:log("debug", "Firing %s", event_name); + return module:fire_event(event_name, event_data); +end + +module:hook("server-stopping", function () + for _, session in pairs(sessions) do + session:close("system-shutdown"); + end + os.remove(socket_path); +end); + +--- Unix domain socket management + +local conn, sock; + +local listeners = adminstream.server(sessions, fire_admin_event).listeners; + +local function accept_connection() + module:log("debug", "accepting..."); + local client = sock:accept(); + if not client then return; end + server.wrapclient(client, "unix", 0, listeners, "*a"); +end + +function module.load() + sock = unix.stream(); + sock:settimeout(0); + os.remove(socket_path); + assert(sock:bind(socket_path)); + assert(sock:listen()); + conn = server.watchfd(sock:getfd(), accept_connection); +end + +function module.unload() + if conn then + conn:close(); + end + if sock then + sock:close(); + end + os.remove(socket_path); +end -- cgit v1.2.3 From 9daa5c028c5bf48b71e2e03cf0e759ce5368f626 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 15:43:00 +0100 Subject: mod_admin_shell: New module that implements the console interface over an admin socket --- plugins/mod_admin_shell.lua | 1637 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1637 insertions(+) create mode 100644 plugins/mod_admin_shell.lua (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua new file mode 100644 index 00000000..d471e32f --- /dev/null +++ b/plugins/mod_admin_shell.lua @@ -0,0 +1,1637 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +-- luacheck: ignore 212/self + +module:set_global(); +module:depends("admin_socket"); + +local hostmanager = require "core.hostmanager"; +local modulemanager = require "core.modulemanager"; +local s2smanager = require "core.s2smanager"; +local portmanager = require "core.portmanager"; +local helpers = require "util.helpers"; +local server = require "net.server"; +local st = require "util.stanza"; + +local _G = _G; + +local prosody = _G.prosody; + +local unpack = table.unpack or unpack; -- luacheck: ignore 113 +local iterators = require "util.iterators"; +local keys, values = iterators.keys, iterators.values; +local jid_bare, jid_split, jid_join = import("util.jid", "bare", "prepped_split", "join"); +local set, array = require "util.set", require "util.array"; +local cert_verify_identity = require "util.x509".verify_identity; +local envload = require "util.envload".envload; +local envloadfile = require "util.envload".envloadfile; +local has_pposix, pposix = pcall(require, "util.pposix"); +local async = require "util.async"; +local serialization = require "util.serialization"; +local serialize_config = serialization.new ({ fatal = false, unquoted = true}); +local time = require "util.time"; + +local commands = module:shared("commands") +local def_env = module:shared("env"); +local default_env_mt = { __index = def_env }; + +local function redirect_output(target, session) + local env = setmetatable({ print = session.print }, { __index = function (_, k) return rawget(target, k); end }); + env.dofile = function(name) + local f, err = envloadfile(name, env); + if not f then return f, err; end + return f(); + end; + return env; +end + +console = {}; + +local runner_callbacks = {}; + +function runner_callbacks:error(err) + module:log("error", "Traceback[shell]: %s", err); + + self.data.print("Fatal error while running command, it did not complete"); + self.data.print("Error: "..tostring(err)); +end + +local function send_repl_result(session, line) + return session.send(st.stanza("repl-result"):text(tostring(line))); +end + +function console:new_session(admin_session) + local session = { + send = function (t) + return send_repl_result(admin_session, t); + end; + print = function (...) + local t = {}; + for i=1,select("#", ...) do + t[i] = tostring(select(i, ...)); + end + return send_repl_result(admin_session, table.concat(t, "\t")); + end; + serialize = tostring; + disconnect = function () admin_session:close(); end; + }; + session.env = setmetatable({}, default_env_mt); + + session.thread = async.runner(function (line) + console:process_line(session, line); + end, runner_callbacks, session); + + -- Load up environment with helper objects + for name, t in pairs(def_env) do + if type(t) == "table" then + session.env[name] = setmetatable({ session = session }, { __index = t }); + end + end + + session.env.output:configure(); + + return session; +end + +local function handle_line(event) + local session = event.origin.shell_session; + if not session then + session = console:new_session(event.origin); + event.origin.shell_session = session; + end + local line = event.stanza:get_text(); + local useglobalenv; + + + module:log("debug", "HELLO: %s", line) + if line:match("^>") then + line = line:gsub("^>", ""); + useglobalenv = true; + else + local command = line:match("^%w+") or line:match("%p"); + if commands[command] then + commands[command](session, line); + return; + end + end + + session.env._ = line; + + if not useglobalenv and commands[line:lower()] then + commands[line:lower()](session, line); + return; + end + + local chunkname = "=console"; + local env = (useglobalenv and redirect_output(_G, session)) or session.env or nil + -- luacheck: ignore 311/err + local chunk, err = envload("return "..line, chunkname, env); + if not chunk then + chunk, err = envload(line, chunkname, env); + if not chunk then + err = err:gsub("^%[string .-%]:%d+: ", ""); + err = err:gsub("^:%d+: ", ""); + err = err:gsub("''", "the end of the line"); + session.print("Sorry, I couldn't understand that... "..err); + return; + end + end + + local taskok, message = chunk(); + + if not message then + if type(taskok) ~= "string" and useglobalenv then + taskok = session.serialize(taskok); + end + session.print("Result: "..tostring(taskok)); + return; + elseif (not taskok) and message then + session.print("Command completed with a problem"); + session.print("Message: "..tostring(message)); + return; + end + + session.print("OK: "..tostring(message)); +end + +module:hook("admin/repl-line", function (event) + local ok, err = pcall(handle_line, event); + if not ok then + event.origin.send(st.stanza("repl-result", { type = "error" }):text(err)); + end +end); + +-- Console commands -- +-- These are simple commands, not valid standalone in Lua + +function commands.help(session, data) + local print = session.print; + local section = data:match("^help (%w+)"); + if not section then + print [[Commands are divided into multiple sections. For help on a particular section, ]] + print [[type: help SECTION (for example, 'help c2s'). Sections are: ]] + print [[]] + print [[c2s - Commands to manage local client-to-server sessions]] + print [[s2s - Commands to manage sessions between this server and others]] + print [[http - Commands to inspect HTTP services]] -- XXX plural but there is only one so far + print [[module - Commands to load/reload/unload modules/plugins]] + print [[host - Commands to activate, deactivate and list virtual hosts]] + print [[user - Commands to create and delete users, and change their passwords]] + print [[server - Uptime, version, shutting down, etc.]] + print [[port - Commands to manage ports the server is listening on]] + print [[dns - Commands to manage and inspect the internal DNS resolver]] + print [[xmpp - Commands for sending XMPP stanzas]] + print [[debug - Commands for debugging the server]] + print [[config - Reloading the configuration, etc.]] + print [[console - Help regarding the console itself]] + elseif section == "c2s" then + print [[c2s:show(jid) - Show all client sessions with the specified JID (or all if no JID given)]] + print [[c2s:show_insecure() - Show all unencrypted client connections]] + print [[c2s:show_secure() - Show all encrypted client connections]] + print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]] + print [[c2s:count() - Count sessions without listing them]] + print [[c2s:close(jid) - Close all sessions for the specified JID]] + print [[c2s:closeall() - Close all active c2s connections ]] + elseif section == "s2s" then + print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] + print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]] + print [[s2s:close(from, to) - Close a connection from one domain to another]] + print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]] + elseif section == "http" then + print [[http:list(hosts) - Show HTTP endpoints]] + elseif section == "module" then + print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] + print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] + print [[module:unload(module, host) - The same, but just unloads the module from memory]] + print [[module:list(host) - List the modules loaded on the specified host]] + elseif section == "host" then + print [[host:activate(hostname) - Activates the specified host]] + print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]] + print [[host:list() - List the currently-activated hosts]] + elseif section == "user" then + print [[user:create(jid, password) - Create the specified user account]] + print [[user:password(jid, password) - Set the password for the specified user account]] + print [[user:delete(jid) - Permanently remove the specified user account]] + print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] + elseif section == "server" then + print [[server:version() - Show the server's version number]] + print [[server:uptime() - Show how long the server has been running]] + print [[server:memory() - Show details about the server's memory usage]] + print [[server:shutdown(reason) - Shut down the server, with an optional reason to be broadcast to all connections]] + elseif section == "port" then + print [[port:list() - Lists all network ports prosody currently listens on]] + print [[port:close(port, interface) - Close a port]] + elseif section == "dns" then + print [[dns:lookup(name, type, class) - Do a DNS lookup]] + print [[dns:addnameserver(nameserver) - Add a nameserver to the list]] + print [[dns:setnameserver(nameserver) - Replace the list of name servers with the supplied one]] + print [[dns:purge() - Clear the DNS cache]] + print [[dns:cache() - Show cached records]] + elseif section == "xmpp" then + print [[xmpp:ping(localhost, remotehost) -- Sends a ping to a remote XMPP server and reports the response]] + elseif section == "config" then + print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] + print [[config:get([host,] option) - Show the value of a config option.]] + elseif section == "stats" then -- luacheck: ignore 542 + -- TODO describe how stats:show() works + elseif section == "debug" then + print [[debug:logevents(host) - Enable logging of fired events on host]] + print [[debug:events(host, event) - Show registered event handlers]] + print [[debug:timers() - Show information about scheduled timers]] + elseif section == "console" then + print [[Hey! Welcome to Prosody's admin console.]] + print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] + print [[Secondly, note that we don't support the full telnet protocol yet (it's coming)]] + print [[so you may have trouble using the arrow keys, etc. depending on your system.]] + print [[]] + print [[For now we offer a couple of handy shortcuts:]] + print [[!! - Repeat the last command]] + print [[!old!new! - repeat the last command, but with 'old' replaced by 'new']] + print [[]] + print [[For those well-versed in Prosody's internals, or taking instruction from those who are,]] + print [[you can prefix a command with > to escape the console sandbox, and access everything in]] + print [[the running server. Great fun, but be careful not to break anything :)]] + end + print [[]] +end + +-- Session environment -- +-- Anything in def_env will be accessible within the session as a global variable + +--luacheck: ignore 212/self +local serialize_defaults = module:get_option("console_prettyprint_settings", { fatal = false, unquoted = true, maxdepth = 2}) + +def_env.output = {}; +function def_env.output:configure(opts) + if type(opts) ~= "table" then + opts = { preset = opts }; + end + if not opts.fallback then + -- XXX Error message passed to fallback is lost, does it matter? + opts.fallback = tostring; + end + for k,v in pairs(serialize_defaults) do + if opts[k] == nil then + opts[k] = v; + end + end + self.session.serialize = serialization.new(opts); +end + +def_env.server = {}; + +function def_env.server:insane_reload() + prosody.unlock_globals(); + dofile "prosody" + prosody = _G.prosody; + return true, "Server reloaded"; +end + +function def_env.server:version() + return true, tostring(prosody.version or "unknown"); +end + +function def_env.server:uptime() + local t = os.time()-prosody.start_time; + local seconds = t%60; + t = (t - seconds)/60; + local minutes = t%60; + t = (t - minutes)/60; + local hours = t%24; + t = (t - hours)/24; + local days = t; + return true, string.format("This server has been running for %d day%s, %d hour%s and %d minute%s (since %s)", + days, (days ~= 1 and "s") or "", hours, (hours ~= 1 and "s") or "", + minutes, (minutes ~= 1 and "s") or "", os.date("%c", prosody.start_time)); +end + +function def_env.server:shutdown(reason) + prosody.shutdown(reason); + return true, "Shutdown initiated"; +end + +local function human(kb) + local unit = "K"; + if kb > 1024 then + kb, unit = kb/1024, "M"; + end + return ("%0.2f%sB"):format(kb, unit); +end + +function def_env.server:memory() + if not has_pposix or not pposix.meminfo then + return true, "Lua is using "..human(collectgarbage("count")); + end + local mem, lua_mem = pposix.meminfo(), collectgarbage("count"); + local print = self.session.print; + print("Process: "..human((mem.allocated+mem.allocated_mmap)/1024)); + print(" Used: "..human(mem.used/1024).." ("..human(lua_mem).." by Lua)"); + print(" Free: "..human(mem.unused/1024).." ("..human(mem.returnable/1024).." returnable)"); + return true, "OK"; +end + +def_env.module = {}; + +local function get_hosts_set(hosts) + if type(hosts) == "table" then + if hosts[1] then + return set.new(hosts); + elseif hosts._items then + return hosts; + end + elseif type(hosts) == "string" then + return set.new { hosts }; + elseif hosts == nil then + return set.new(array.collect(keys(prosody.hosts))); + end +end + +-- Hosts with a module or all virtualhosts if no module given +-- matching modules_enabled in the global section +local function get_hosts_with_module(hosts, module) + local hosts_set = get_hosts_set(hosts) + / function (host) + if module then + -- Module given, filter in hosts with this module loaded + if modulemanager.is_loaded(host, module) then + return host; + else + return nil; + end + end + if not hosts then + -- No hosts given, filter in VirtualHosts + if prosody.hosts[host].type == "local" then + return host; + else + return nil + end + end; + -- No module given, but hosts are, don't filter at all + return host; + end; + if module and modulemanager.get_module("*", module) then + hosts_set:add("*"); + end + return hosts_set; +end + +function def_env.module:load(name, hosts, config) + hosts = get_hosts_with_module(hosts); + + -- Load the module for each host + local ok, err, count, mod = true, nil, 0; + for host in hosts do + if (not modulemanager.is_loaded(host, name)) then + mod, err = modulemanager.load(host, name, config); + if not mod then + ok = false; + if err == "global-module-already-loaded" then + if count > 0 then + ok, err, count = true, nil, 1; + end + break; + end + self.session.print(err or "Unknown error loading module"); + else + count = count + 1; + self.session.print("Loaded for "..mod.module.host); + end + end + end + + return ok, (ok and "Module loaded onto "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +function def_env.module:unload(name, hosts) + hosts = get_hosts_with_module(hosts, name); + + -- Unload the module for each host + local ok, err, count = true, nil, 0; + for host in hosts do + if modulemanager.is_loaded(host, name) then + ok, err = modulemanager.unload(host, name); + if not ok then + ok = false; + self.session.print(err or "Unknown error unloading module"); + else + count = count + 1; + self.session.print("Unloaded from "..host); + end + end + end + return ok, (ok and "Module unloaded from "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +local function _sort_hosts(a, b) + if a == "*" then return true + elseif b == "*" then return false + else return a:gsub("[^.]+", string.reverse):reverse() < b:gsub("[^.]+", string.reverse):reverse(); end +end + +function def_env.module:reload(name, hosts) + hosts = array.collect(get_hosts_with_module(hosts, name)):sort(_sort_hosts) + + -- Reload the module for each host + local ok, err, count = true, nil, 0; + for _, host in ipairs(hosts) do + if modulemanager.is_loaded(host, name) then + ok, err = modulemanager.reload(host, name); + if not ok then + ok = false; + self.session.print(err or "Unknown error reloading module"); + else + count = count + 1; + if ok == nil then + ok = true; + end + self.session.print("Reloaded on "..host); + end + end + end + return ok, (ok and "Module reloaded on "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +function def_env.module:list(hosts) + hosts = array.collect(set.new({ not hosts and "*" or nil }) + get_hosts_set(hosts)):sort(_sort_hosts); + + local print = self.session.print; + for _, host in ipairs(hosts) do + print((host == "*" and "Global" or host)..":"); + local modules = array.collect(keys(modulemanager.get_modules(host) or {})):sort(); + if #modules == 0 then + if prosody.hosts[host] then + print(" No modules loaded"); + else + print(" Host not found"); + end + else + for _, name in ipairs(modules) do + local status, status_text = modulemanager.get_module(host, name).module:get_status(); + local status_summary = ""; + if status == "warn" or status == "error" then + status_summary = (" (%s: %s)"):format(status, status_text); + end + print((" %s%s"):format(name, status_summary)); + end + end + end +end + +def_env.config = {}; +function def_env.config:load(filename, format) + local config_load = require "core.configmanager".load; + local ok, err = config_load(filename, format); + if not ok then + return false, err or "Unknown error loading config"; + end + return true, "Config loaded"; +end + +function def_env.config:get(host, key) + if key == nil then + host, key = "*", host; + end + local config_get = require "core.configmanager".get + return true, serialize_config(config_get(host, key)); +end + +function def_env.config:reload() + local ok, err = prosody.reload_config(); + return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err); +end + +local function common_info(session, line) + if session.id then + line[#line+1] = "["..session.id.."]" + else + line[#line+1] = "["..session.type..(tostring(session):match("%x*$")).."]" + end +end + +local function session_flags(session, line) + line = line or {}; + common_info(session, line); + if session.type == "c2s" then + local status, priority = "unavailable", tostring(session.priority or "-"); + if session.presence then + status = session.presence:get_child_text("show") or "available"; + end + line[#line+1] = status.."("..priority..")"; + end + if session.cert_identity_status == "valid" then + line[#line+1] = "(authenticated)"; + end + if session.dialback_key then + line[#line+1] = "(dialback)"; + end + if session.external_auth then + line[#line+1] = "(SASL)"; + end + if session.secure then + line[#line+1] = "(encrypted)"; + end + if session.compressed then + line[#line+1] = "(compressed)"; + end + if session.smacks then + line[#line+1] = "(sm)"; + end + if session.ip and session.ip:match(":") then + line[#line+1] = "(IPv6)"; + end + if session.remote then + line[#line+1] = "(remote)"; + end + if session.incoming and session.outgoing then + line[#line+1] = "(bidi)"; + elseif session.is_bidi or session.bidi_session then + line[#line+1] = "(bidi)"; + end + if session.bosh_version then + line[#line+1] = "(bosh)"; + end + if session.websocket_request then + line[#line+1] = "(websocket)"; + end + return table.concat(line, " "); +end + +local function tls_info(session, line) + line = line or {}; + common_info(session, line); + if session.secure then + local sock = session.conn and session.conn.socket and session.conn:socket(); + if sock then + local info = sock.info and sock:info(); + if info then + line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher); + else + -- TLS session might not be ready yet + line[#line+1] = "(cipher info unavailable)"; + end + if sock.getsniname then + local name = sock:getsniname(); + if name then + line[#line+1] = ("(SNI:%q)"):format(name); + end + end + if sock.getalpn then + local proto = sock:getalpn(); + if proto then + line[#line+1] = ("(ALPN:%q)"):format(proto); + end + end + end + else + line[#line+1] = "(insecure)"; + end + return table.concat(line, " "); +end + +def_env.c2s = {}; + +local function get_jid(session) + if session.username then + return session.full_jid or jid_join(session.username, session.host, session.resource); + end + + local conn = session.conn; + local ip = session.ip or "?"; + local clientport = conn and conn:clientport() or "?"; + local serverip = conn and conn.server and conn:server():ip() or "?"; + local serverport = conn and conn:serverport() or "?" + return jid_join("["..ip.."]:"..clientport, session.host or "["..serverip.."]:"..serverport); +end + +local function get_c2s() + local c2s = array.collect(values(prosody.full_sessions)); + c2s:append(array.collect(values(module:shared"/*/c2s/sessions"))); + c2s:append(array.collect(values(module:shared"/*/bosh/sessions"))); + c2s:unique(); + return c2s; +end + +local function show_c2s(callback) + get_c2s():sort(function(a, b) + if a.host == b.host then + if a.username == b.username then + return (a.resource or "") > (b.resource or ""); + end + return (a.username or "") > (b.username or ""); + end + return _sort_hosts(a.host or "", b.host or ""); + end):map(function (session) + callback(get_jid(session), session) + end); +end + +function def_env.c2s:count() + local c2s = get_c2s(); + return true, "Total: ".. #c2s .." clients"; +end + +function def_env.c2s:show(match_jid, annotate) + local print, count = self.session.print, 0; + annotate = annotate or session_flags; + local curr_host = false; + show_c2s(function (jid, session) + if curr_host ~= session.host then + curr_host = session.host; + print(curr_host or "(not connected to any host yet)"); + end + if (not match_jid) or jid:match(match_jid) then + count = count + 1; + print(annotate(session, { " ", jid })); + end + end); + return true, "Total: "..count.." clients"; +end + +function def_env.c2s:show_insecure(match_jid) + local print, count = self.session.print, 0; + show_c2s(function (jid, session) + if ((not match_jid) or jid:match(match_jid)) and not session.secure then + count = count + 1; + print(jid); + end + end); + return true, "Total: "..count.." insecure client connections"; +end + +function def_env.c2s:show_secure(match_jid) + local print, count = self.session.print, 0; + show_c2s(function (jid, session) + if ((not match_jid) or jid:match(match_jid)) and session.secure then + count = count + 1; + print(jid); + end + end); + return true, "Total: "..count.." secure client connections"; +end + +function def_env.c2s:show_tls(match_jid) + return self:show(match_jid, tls_info); +end + +local function build_reason(text, condition) + if text or condition then + return { + text = text, + condition = condition or "undefined-condition", + }; + end +end + +function def_env.c2s:close(match_jid, text, condition) + local count = 0; + show_c2s(function (jid, session) + if jid == match_jid or jid_bare(jid) == match_jid then + count = count + 1; + session:close(build_reason(text, condition)); + end + end); + return true, "Total: "..count.." sessions closed"; +end + +function def_env.c2s:closeall(text, condition) + local count = 0; + --luacheck: ignore 212/jid + show_c2s(function (jid, session) + count = count + 1; + session:close(build_reason(text, condition)); + end); + return true, "Total: "..count.." sessions closed"; +end + + +def_env.s2s = {}; +function def_env.s2s:show(match_jid, annotate) + local print = self.session.print; + annotate = annotate or session_flags; + + local count_in, count_out = 0,0; + local s2s_list = { }; + + local s2s_sessions = module:shared"/*/s2s/sessions"; + for _, session in pairs(s2s_sessions) do + local remotehost, localhost, direction; + if session.direction == "outgoing" then + direction = "->"; + count_out = count_out + 1; + remotehost, localhost = session.to_host or "?", session.from_host or "?"; + else + direction = "<-"; + count_in = count_in + 1; + remotehost, localhost = session.from_host or "?", session.to_host or "?"; + end + local sess_lines = { l = localhost, r = remotehost, + annotate(session, { "", direction, remotehost or "?" })}; + + if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then + table.insert(s2s_list, sess_lines); + -- luacheck: ignore 421/print + local print = function (s) table.insert(sess_lines, " "..s); end + if session.sendq then + print("There are "..#session.sendq.." queued outgoing stanzas for this connection"); + end + if session.type == "s2sout_unauthed" then + if session.connecting then + print("Connection not yet established"); + if not session.srv_hosts then + if not session.conn then + print("We do not yet have a DNS answer for this host's SRV records"); + else + print("This host has no SRV records, using A record instead"); + end + elseif session.srv_choice then + print("We are on SRV record "..session.srv_choice.." of "..#session.srv_hosts); + local srv_choice = session.srv_hosts[session.srv_choice]; + print("Using "..(srv_choice.target or ".")..":"..(srv_choice.port or 5269)); + end + elseif session.notopen then + print("The has not yet been opened"); + elseif not session.dialback_key then + print("Dialback has not been initiated yet"); + elseif session.dialback_key then + print("Dialback has been requested, but no result received"); + end + end + if session.type == "s2sin_unauthed" then + print("Connection not yet authenticated"); + elseif session.type == "s2sin" then + for name in pairs(session.hosts) do + if name ~= session.from_host then + print("also hosts "..tostring(name)); + end + end + end + end + end + + -- Sort by local host, then remote host + table.sort(s2s_list, function(a,b) + if a.l == b.l then return _sort_hosts(a.r, b.r); end + return _sort_hosts(a.l, b.l); + end); + local lasthost; + for _, sess_lines in ipairs(s2s_list) do + if sess_lines.l ~= lasthost then print(sess_lines.l); lasthost=sess_lines.l end + for _, line in ipairs(sess_lines) do print(line); end + end + return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; +end + +function def_env.s2s:show_tls(match_jid) + return self:show(match_jid, tls_info); +end + +local function print_subject(print, subject) + for _, entry in ipairs(subject) do + print( + (" %s: %q"):format( + entry.name or entry.oid, + entry.value:gsub("[\r\n%z%c]", " ") + ) + ); + end +end + +-- As much as it pains me to use the 0-based depths that OpenSSL does, +-- I think there's going to be more confusion among operators if we +-- break from that. +local function print_errors(print, errors) + for depth, t in pairs(errors) do + print( + (" %d: %s"):format( + depth-1, + table.concat(t, "\n| ") + ) + ); + end +end + +function def_env.s2s:showcert(domain) + local print = self.session.print; + local s2s_sessions = module:shared"/*/s2s/sessions"; + local domain_sessions = set.new(array.collect(values(s2s_sessions))) + /function(session) return (session.to_host == domain or session.from_host == domain) and session or nil; end; + local cert_set = {}; + for session in domain_sessions do + local conn = session.conn; + conn = conn and conn:socket(); + if not conn.getpeerchain then + if conn.dohandshake then + error("This version of LuaSec does not support certificate viewing"); + end + else + local cert = conn:getpeercertificate(); + if cert then + local certs = conn:getpeerchain(); + local digest = cert:digest("sha1"); + if not cert_set[digest] then + local chain_valid, chain_errors = conn:getpeerverification(); + cert_set[digest] = { + { + from = session.from_host, + to = session.to_host, + direction = session.direction + }; + chain_valid = chain_valid; + chain_errors = chain_errors; + certs = certs; + }; + else + table.insert(cert_set[digest], { + from = session.from_host, + to = session.to_host, + direction = session.direction + }); + end + end + end + end + local domain_certs = array.collect(values(cert_set)); + -- Phew. We now have a array of unique certificates presented by domain. + local n_certs = #domain_certs; + + if n_certs == 0 then + return "No certificates found for "..domain; + end + + local function _capitalize_and_colon(byte) + return string.upper(byte)..":"; + end + local function pretty_fingerprint(hash) + return hash:gsub("..", _capitalize_and_colon):sub(1, -2); + end + + for cert_info in values(domain_certs) do + local certs = cert_info.certs; + local cert = certs[1]; + print("---") + print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); + print(""); + local n_streams = #cert_info; + print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); + for _, stream in ipairs(cert_info) do + if stream.direction == "incoming" then + print(" "..stream.to.." <- "..stream.from); + else + print(" "..stream.from.." -> "..stream.to); + end + end + print(""); + local chain_valid, errors = cert_info.chain_valid, cert_info.chain_errors; + local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); + if chain_valid then + print("Trusted certificate: Yes"); + else + print("Trusted certificate: No"); + print_errors(print, errors); + end + print(""); + print("Issuer: "); + print_subject(print, cert:issuer()); + print(""); + print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); + print("Subject:"); + print_subject(print, cert:subject()); + end + print("---"); + return ("Showing "..n_certs.." certificate" + ..(n_certs==1 and "" or "s") + .." presented by "..domain.."."); +end + +function def_env.s2s:close(from, to, text, condition) + local print, count = self.session.print, 0; + local s2s_sessions = module:shared"/*/s2s/sessions"; + + local match_id; + if from and not to then + match_id, from = from, nil; + elseif not to then + return false, "Syntax: s2s:close('from', 'to') - Closes all s2s sessions from 'from' to 'to'"; + elseif from == to then + return false, "Both from and to are the same... you can't do that :)"; + end + + for _, session in pairs(s2s_sessions) do + local id = session.id or (session.type..tostring(session):match("[a-f0-9]+$")); + if (match_id and match_id == id) + or (session.from_host == from and session.to_host == to) then + print(("Closing connection from %s to %s [%s]"):format(session.from_host, session.to_host, id)); + (session.close or s2smanager.destroy_session)(session, build_reason(text, condition)); + count = count + 1 ; + end + end + return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); +end + +function def_env.s2s:closeall(host, text, condition) + local count = 0; + local s2s_sessions = module:shared"/*/s2s/sessions"; + for _,session in pairs(s2s_sessions) do + if not host or session.from_host == host or session.to_host == host then + session:close(build_reason(text, condition)); + count = count + 1; + end + end + if count == 0 then return false, "No sessions to close."; + else return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); end +end + +def_env.host = {}; def_env.hosts = def_env.host; + +function def_env.host:activate(hostname, config) + return hostmanager.activate(hostname, config); +end +function def_env.host:deactivate(hostname, reason) + return hostmanager.deactivate(hostname, reason); +end + +function def_env.host:list() + local print = self.session.print; + local i = 0; + local type; + for host, host_session in iterators.sorted_pairs(prosody.hosts, _sort_hosts) do + i = i + 1; + type = host_session.type; + if type == "local" then + print(host); + else + type = module:context(host):get_option_string("component_module", type); + if type ~= "component" then + type = type .. " component"; + end + print(("%s (%s)"):format(host, type)); + end + end + return true, i.." hosts"; +end + +def_env.port = {}; + +function def_env.port:list() + local print = self.session.print; + local services = portmanager.get_active_services().data; + local n_services, n_ports = 0, 0; + for service, interfaces in iterators.sorted_pairs(services) do + n_services = n_services + 1; + local ports_list = {}; + for interface, ports in pairs(interfaces) do + for port in pairs(ports) do + table.insert(ports_list, "["..interface.."]:"..port); + end + end + n_ports = n_ports + #ports_list; + print(service..": "..table.concat(ports_list, ", ")); + end + return true, n_services.." services listening on "..n_ports.." ports"; +end + +function def_env.port:close(close_port, close_interface) + close_port = assert(tonumber(close_port), "Invalid port number"); + local n_closed = 0; + local services = portmanager.get_active_services().data; + for service, interfaces in pairs(services) do -- luacheck: ignore 213 + for interface, ports in pairs(interfaces) do + if not close_interface or close_interface == interface then + if ports[close_port] then + self.session.print("Closing ["..interface.."]:"..close_port.."..."); + local ok, err = portmanager.close(interface, close_port) + if not ok then + self.session.print("Failed to close "..interface.." "..close_port..": "..err); + else + n_closed = n_closed + 1; + end + end + end + end + end + return true, "Closed "..n_closed.." ports"; +end + +def_env.muc = {}; + +local console_room_mt = { + __index = function (self, k) return self.room[k]; end; + __tostring = function (self) + return "MUC room <"..self.room.jid..">"; + end; +}; + +local function check_muc(jid) + local room_name, host = jid_split(jid); + if not prosody.hosts[host] then + return nil, "No such host: "..host; + elseif not prosody.hosts[host].modules.muc then + return nil, "Host '"..host.."' is not a MUC service"; + end + return room_name, host; +end + +function def_env.muc:create(room_jid, config) + local room_name, host = check_muc(room_jid); + if not room_name then + return room_name, host; + end + if not room_name then return nil, host end + if config ~= nil and type(config) ~= "table" then return nil, "Config must be a table"; end + if prosody.hosts[host].modules.muc.get_room_from_jid(room_jid) then return nil, "Room exists already" end + return prosody.hosts[host].modules.muc.create_room(room_jid, config); +end + +function def_env.muc:room(room_jid) + local room_name, host = check_muc(room_jid); + if not room_name then + return room_name, host; + end + local room_obj = prosody.hosts[host].modules.muc.get_room_from_jid(room_jid); + if not room_obj then + return nil, "No such room: "..room_jid; + end + return setmetatable({ room = room_obj }, console_room_mt); +end + +function def_env.muc:list(host) + local host_session = prosody.hosts[host]; + if not host_session or not host_session.modules.muc then + return nil, "Please supply the address of a local MUC component"; + end + local print = self.session.print; + local c = 0; + for room in host_session.modules.muc.each_room() do + print(room.jid); + c = c + 1; + end + return true, c.." rooms"; +end + +local um = require"core.usermanager"; + +def_env.user = {}; +function def_env.user:create(jid, password) + local username, host = jid_split(jid); + if not prosody.hosts[host] then + return nil, "No such host: "..host; + elseif um.user_exists(username, host) then + return nil, "User exists"; + end + local ok, err = um.create_user(username, password, host); + if ok then + return true, "User created"; + else + return nil, "Could not create user: "..err; + end +end + +function def_env.user:delete(jid) + local username, host = jid_split(jid); + if not prosody.hosts[host] then + return nil, "No such host: "..host; + elseif not um.user_exists(username, host) then + return nil, "No such user"; + end + local ok, err = um.delete_user(username, host); + if ok then + return true, "User deleted"; + else + return nil, "Could not delete user: "..err; + end +end + +function def_env.user:password(jid, password) + local username, host = jid_split(jid); + if not prosody.hosts[host] then + return nil, "No such host: "..host; + elseif not um.user_exists(username, host) then + return nil, "No such user"; + end + local ok, err = um.set_password(username, password, host, nil); + if ok then + return true, "User password changed"; + else + return nil, "Could not change password for user: "..err; + end +end + +function def_env.user:list(host, pat) + if not host then + return nil, "No host given"; + elseif not prosody.hosts[host] then + return nil, "No such host"; + end + local print = self.session.print; + local total, matches = 0, 0; + for user in um.users(host) do + if not pat or user:match(pat) then + print(user.."@"..host); + matches = matches + 1; + end + total = total + 1; + end + return true, "Showing "..(pat and (matches.." of ") or "all " )..total.." users"; +end + +def_env.xmpp = {}; + +local new_id = require "util.id".medium; +function def_env.xmpp:ping(localhost, remotehost, timeout) + localhost = select(2, jid_split(localhost)); + remotehost = select(2, jid_split(remotehost)); + if not localhost then + return nil, "Invalid sender hostname"; + elseif not prosody.hosts[localhost] then + return nil, "No such local host"; + end + if not remotehost then + return nil, "Invalid destination hostname"; + elseif prosody.hosts[remotehost] then + return nil, "Both hosts are local"; + end + local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} + :tag("ping", {xmlns="urn:xmpp:ping"}); + local time_start = time.now(); + local ret, err = async.wait(module:context(localhost):send_iq(iq, nil, timeout)); + if ret then + return true, ("pong from %s in %gs"):format(ret.stanza.attr.from, time.now() - time_start); + else + return false, tostring(err); + end +end + +def_env.dns = {}; +local adns = require"net.adns"; + +local function get_resolver(session) + local resolver = session.dns_resolver; + if not resolver then + resolver = adns.resolver(); + session.dns_resolver = resolver; + end + return resolver; +end + +function def_env.dns:lookup(name, typ, class) + local resolver = get_resolver(self.session); + local ret, err = async.wait(resolver:lookup_promise(name, typ, class)); + if ret then + return true, ret; + elseif err then + return false, err; + end +end + +function def_env.dns:addnameserver(...) + local resolver = get_resolver(self.session); + resolver._resolver:addnameserver(...) + return true +end + +function def_env.dns:setnameserver(...) + local resolver = get_resolver(self.session); + resolver._resolver:setnameserver(...) + return true +end + +function def_env.dns:purge() + local resolver = get_resolver(self.session); + resolver._resolver:purge() + return true +end + +function def_env.dns:cache() + local resolver = get_resolver(self.session); + return true, "Cache:\n"..tostring(resolver._resolver.cache) +end + +def_env.http = {}; + +function def_env.http:list(hosts) + local print = self.session.print; + + for host in get_hosts_set(hosts) do + local http_apps = modulemanager.get_items("http-provider", host); + if #http_apps > 0 then + local http_host = module:context(host):get_option_string("http_host"); + print("HTTP endpoints on "..host..(http_host and (" (using "..http_host.."):") or ":")); + for _, provider in ipairs(http_apps) do + local url = module:context(host):http_url(provider.name, provider.default_path); + print("", url); + end + print(""); + end + end + + local default_host = module:get_option_string("http_default_host"); + if not default_host then + print("HTTP requests to unknown hosts will return 404 Not Found"); + else + print("HTTP requests to unknown hosts will be handled by "..default_host); + end + return true; +end + +def_env.debug = {}; + +function def_env.debug:logevents(host) + helpers.log_host_events(host); + return true; +end + +function def_env.debug:events(host, event) + local events_obj; + if host and host ~= "*" then + if host == "http" then + events_obj = require "net.http.server"._events; + elseif not prosody.hosts[host] then + return false, "Unknown host: "..host; + else + events_obj = prosody.hosts[host].events; + end + else + events_obj = prosody.events; + end + return true, helpers.show_events(events_obj, event); +end + +function def_env.debug:timers() + local print = self.session.print; + local add_task = require"util.timer".add_task; + local h, params = add_task.h, add_task.params; + if h then + print("-- util.timer"); + for i, id in ipairs(h.ids) do + if not params[id] then + print(os.date("%F %T", h.priorities[i]), h.items[id]); + elseif not params[id].callback then + print(os.date("%F %T", h.priorities[i]), h.items[id], unpack(params[id])); + else + print(os.date("%F %T", h.priorities[i]), params[id].callback, unpack(params[id])); + end + end + end + if server.event_base then + local count = 0; + for _, v in pairs(debug.getregistry()) do + if type(v) == "function" and v.callback and v.callback == add_task._on_timer then + count = count + 1; + end + end + print(count .. " libevent callbacks"); + end + if h then + local next_time = h:peek(); + if next_time then + return true, os.date("Next event at %F %T (in %%.6fs)", next_time):format(next_time - time.now()); + end + end + return true; +end + +-- COMPAT: debug:timers() was timer:info() for some time in trunk +def_env.timer = { info = def_env.debug.timers }; + +def_env.stats = {}; + +local function format_stat(type, value, ref_value) + ref_value = ref_value or value; + --do return tostring(value) end + if type == "duration" then + if ref_value < 0.001 then + return ("%g µs"):format(value*1000000); + elseif ref_value < 0.9 then + return ("%0.2f ms"):format(value*1000); + end + return ("%0.2f"):format(value); + elseif type == "size" then + if ref_value > 1048576 then + return ("%d MB"):format(value/1048576); + elseif ref_value > 1024 then + return ("%d KB"):format(value/1024); + end + return ("%d bytes"):format(value); + elseif type == "rate" then + if ref_value < 0.9 then + return ("%0.2f/min"):format(value*60); + end + return ("%0.2f/sec"):format(value); + end + return tostring(value); +end + +local stats_methods = {}; +function stats_methods:bounds(_lower, _upper) + for _, stat_info in ipairs(self) do + local data = stat_info[4]; + if data then + local lower = _lower or data.min; + local upper = _upper or data.max; + local new_data = { + min = lower; + max = upper; + samples = {}; + sample_count = 0; + count = data.count; + units = data.units; + }; + local sum = 0; + for _, v in ipairs(data.samples) do + if v > upper then + break; + elseif v>=lower then + table.insert(new_data.samples, v); + sum = sum + v; + end + end + new_data.sample_count = #new_data.samples; + stat_info[4] = new_data; + stat_info[3] = sum/new_data.sample_count; + end + end + return self; +end + +function stats_methods:trim(lower, upper) + upper = upper or (100-lower); + local statistics = require "util.statistics"; + for _, stat_info in ipairs(self) do + -- Strip outliers + local data = stat_info[4]; + if data then + local new_data = { + min = statistics.get_percentile(data, lower); + max = statistics.get_percentile(data, upper); + samples = {}; + sample_count = 0; + count = data.count; + units = data.units; + }; + local sum = 0; + for _, v in ipairs(data.samples) do + if v > new_data.max then + break; + elseif v>=new_data.min then + table.insert(new_data.samples, v); + sum = sum + v; + end + end + new_data.sample_count = #new_data.samples; + stat_info[4] = new_data; + stat_info[3] = sum/new_data.sample_count; + end + end + return self; +end + +function stats_methods:max(upper) + return self:bounds(nil, upper); +end + +function stats_methods:min(lower) + return self:bounds(lower, nil); +end + +function stats_methods:summary() + local statistics = require "util.statistics"; + for _, stat_info in ipairs(self) do + local type, value, data = stat_info[2], stat_info[3], stat_info[4]; + if data and data.samples then + table.insert(stat_info.output, string.format("Count: %d (%d captured)", + data.count, + data.sample_count + )); + table.insert(stat_info.output, string.format("Min: %s Mean: %s Max: %s", + format_stat(type, data.min), + format_stat(type, value), + format_stat(type, data.max) + )); + table.insert(stat_info.output, string.format("Q1: %s Median: %s Q3: %s", + format_stat(type, statistics.get_percentile(data, 25)), + format_stat(type, statistics.get_percentile(data, 50)), + format_stat(type, statistics.get_percentile(data, 75)) + )); + end + end + return self; +end + +function stats_methods:cfgraph() + for _, stat_info in ipairs(self) do + local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 + local function print(s) + table.insert(stat_info.output, s); + end + + if data and data.sample_count and data.sample_count > 0 then + local raw_histogram = require "util.statistics".get_histogram(data); + + local graph_width, graph_height = 50, 10; + local eighth_chars = " ▁▂▃▄▅▆▇█"; + + local range = data.max - data.min; + + if range > 0 then + local x_scaling = #raw_histogram/graph_width; + local histogram = {}; + for i = 1, graph_width do + histogram[i] = math.max(raw_histogram[i*x_scaling-1] or 0, raw_histogram[i*x_scaling] or 0); + end + + print(""); + print(("_"):rep(52)..format_stat(type, data.max)); + for row = graph_height, 1, -1 do + local row_chars = {}; + local min_eighths, max_eighths = 8, 0; + for i = 1, #histogram do + local char_eighths = math.ceil(math.max(math.min((graph_height/(data.max/histogram[i]))-(row-1), 1), 0)*8); + if char_eighths < min_eighths then + min_eighths = char_eighths; + end + if char_eighths > max_eighths then + max_eighths = char_eighths; + end + if char_eighths == 0 then + row_chars[i] = "-"; + else + local char = eighth_chars:sub(char_eighths*3+1, char_eighths*3+3); + row_chars[i] = char; + end + end + print(table.concat(row_chars).."|-"..format_stat(type, data.max/(graph_height/(row-0.5)))); + end + print(("\\ "):rep(11)); + local x_labels = {}; + for i = 1, 11 do + local s = ("%-4s"):format((i-1)*10); + if #s > 4 then + s = s:sub(1, 3).."…"; + end + x_labels[i] = s; + end + print(" "..table.concat(x_labels, " ")); + local units = "%"; + local margin = math.floor((graph_width-#units)/2); + print((" "):rep(margin)..units); + else + print("[range too small to graph]"); + end + print(""); + end + end + return self; +end + +function stats_methods:histogram() + for _, stat_info in ipairs(self) do + local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 + local function print(s) + table.insert(stat_info.output, s); + end + + if not data then + print("[no data]"); + return self; + elseif not data.sample_count then + print("[not a sampled metric type]"); + return self; + end + + local graph_width, graph_height = 50, 10; + local eighth_chars = " ▁▂▃▄▅▆▇█"; + + local range = data.max - data.min; + + if range > 0 then + local n_buckets = graph_width; + + local histogram = {}; + for i = 1, n_buckets do + histogram[i] = 0; + end + local max_bin_samples = 0; + for _, d in ipairs(data.samples) do + local bucket = math.floor(1+(n_buckets-1)/(range/(d-data.min))); + histogram[bucket] = histogram[bucket] + 1; + if histogram[bucket] > max_bin_samples then + max_bin_samples = histogram[bucket]; + end + end + + print(""); + print(("_"):rep(52)..max_bin_samples); + for row = graph_height, 1, -1 do + local row_chars = {}; + local min_eighths, max_eighths = 8, 0; + for i = 1, #histogram do + local char_eighths = math.ceil(math.max(math.min((graph_height/(max_bin_samples/histogram[i]))-(row-1), 1), 0)*8); + if char_eighths < min_eighths then + min_eighths = char_eighths; + end + if char_eighths > max_eighths then + max_eighths = char_eighths; + end + if char_eighths == 0 then + row_chars[i] = "-"; + else + local char = eighth_chars:sub(char_eighths*3+1, char_eighths*3+3); + row_chars[i] = char; + end + end + print(table.concat(row_chars).."|-"..math.ceil((max_bin_samples/graph_height)*(row-0.5))); + end + print(("\\ "):rep(11)); + local x_labels = {}; + for i = 1, 11 do + local s = ("%-4s"):format(format_stat(type, data.min+range*i/11, data.min):match("^%S+")); + if #s > 4 then + s = s:sub(1, 3).."…"; + end + x_labels[i] = s; + end + print(" "..table.concat(x_labels, " ")); + local units = format_stat(type, data.min):match("%s+(.+)$") or data.units or ""; + local margin = math.floor((graph_width-#units)/2); + print((" "):rep(margin)..units); + else + print("[range too small to graph]"); + end + print(""); + end + return self; +end + +local function stats_tostring(stats) + local print = stats.session.print; + for _, stat_info in ipairs(stats) do + if #stat_info.output > 0 then + print("\n#"..stat_info[1]); + print(""); + for _, v in ipairs(stat_info.output) do + print(v); + end + print(""); + else + print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], stat_info[3]))); + end + end + return #stats.." statistics displayed"; +end + +local stats_mt = {__index = stats_methods, __tostring = stats_tostring } +local function new_stats_context(self) + return setmetatable({ session = self.session, stats = true }, stats_mt); +end + +function def_env.stats:show(filter) + -- luacheck: ignore 211/changed + local stats, changed, extra = require "core.statsmanager".get_stats(); + local available, displayed = 0, 0; + local displayed_stats = new_stats_context(self); + for name, value in iterators.sorted_pairs(stats) do + available = available + 1; + if not filter or name:match(filter) then + displayed = displayed + 1; + local type = name:match(":(%a+)$"); + table.insert(displayed_stats, { + name, type, value, extra[name]; + output = {}; + }); + end + end + return displayed_stats; +end + + + +------------- + +function printbanner(session) + local option = module:get_option_string("console_banner", "full"); + if option == "full" or option == "graphic" then + session.print [[ + ____ \ / _ + | _ \ _ __ ___ ___ _-_ __| |_ _ + | |_) | '__/ _ \/ __|/ _ \ / _` | | | | + | __/| | | (_) \__ \ |_| | (_| | |_| | + |_| |_| \___/|___/\___/ \__,_|\__, | + A study in simplicity |___/ + +]] + end + if option == "short" or option == "full" then + session.print("Welcome to the Prosody administration console. For a list of commands, type: help"); + session.print("You may find more help on using this console in our online documentation at "); + session.print("https://prosody.im/doc/console\n"); + end + if option ~= "short" and option ~= "full" and option ~= "graphic" then + session.print(option); + end +end -- cgit v1.2.3 From b0463f02908a21058f273aa971a1c06808a4cdd0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 15:43:47 +0100 Subject: mod_admin_telnet: Become a front for mod_admin_shell --- plugins/mod_admin_telnet.lua | 1623 +----------------------------------------- 1 file changed, 35 insertions(+), 1588 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index a082a851..ec8ff136 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -8,46 +8,37 @@ -- luacheck: ignore 212/self module:set_global(); - -local hostmanager = require "core.hostmanager"; -local modulemanager = require "core.modulemanager"; -local s2smanager = require "core.s2smanager"; -local portmanager = require "core.portmanager"; -local helpers = require "util.helpers"; -local server = require "net.server"; - -local _G = _G; - -local prosody = _G.prosody; +module:depends("admin_shell"); local console_listener = { default_port = 5582; default_mode = "*a"; interface = "127.0.0.1" }; -local unpack = table.unpack or unpack; -- luacheck: ignore 113 -local iterators = require "util.iterators"; -local keys, values = iterators.keys, iterators.values; -local jid_bare, jid_split, jid_join = import("util.jid", "bare", "prepped_split", "join"); -local set, array = require "util.set", require "util.array"; -local cert_verify_identity = require "util.x509".verify_identity; -local envload = require "util.envload".envload; -local envloadfile = require "util.envload".envloadfile; -local has_pposix, pposix = pcall(require, "util.pposix"); local async = require "util.async"; -local serialization = require "util.serialization"; -local serialize_config = serialization.new ({ fatal = false, unquoted = true}); -local time = require "util.time"; +local st = require "util.stanza"; -local commands = module:shared("commands") -local def_env = module:shared("env"); +local def_env = module:shared("admin_shell/env"); local default_env_mt = { __index = def_env }; -local function redirect_output(target, session) - local env = setmetatable({ print = session.print }, { __index = function (_, k) return rawget(target, k); end }); - env.dofile = function(name) - local f, err = envloadfile(name, env); - if not f then return f, err; end - return f(); - end; - return env; +local function printbanner(session) + local option = module:get_option_string("console_banner", "full"); + if option == "full" or option == "graphic" then + session.print [[ + ____ \ / _ + | _ \ _ __ ___ ___ _-_ __| |_ _ + | |_) | '__/ _ \/ __|/ _ \ / _` | | | | + | __/| | | (_) \__ \ |_| | (_| | |_| | + |_| |_| \___/|___/\___/ \__,_|\__, | + A study in simplicity |___/ + +]] + end + if option == "short" or option == "full" then + session.print("Welcome to the Prosody administration console. For a list of commands, type: help"); + session.print("You may find more help on using this console in our online documentation at "); + session.print("https://prosody.im/doc/console\n"); + end + if option ~= "short" and option ~= "full" and option ~= "graphic" then + session.print(option); + end end console = {}; @@ -73,7 +64,12 @@ end function console:new_session(conn) local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; local session = { conn = conn; - send = function (t) w(tostring(t)); end; + send = function (t) + if st.is_stanza(t) and t.name == "repl-result" then + t = "| "..t:get_text().."\n"; + end + w(tostring(t)); + end; print = function (...) local t = {}; for i=1,select("#", ...) do @@ -104,59 +100,13 @@ function console:new_session(conn) end function console:process_line(session, line) - local useglobalenv; - - if line:match("^>") then - line = line:gsub("^>", ""); - useglobalenv = true; - elseif line == "\004" then - commands["bye"](session, line); - return; - else - local command = line:match("^%w+") or line:match("%p"); - if commands[command] then - commands[command](session, line); - return; - end - end - - session.env._ = line; - - if not useglobalenv and commands[line:lower()] then - commands[line:lower()](session, line); - return; - end - - local chunkname = "=console"; - local env = (useglobalenv and redirect_output(_G, session)) or session.env or nil - -- luacheck: ignore 311/err - local chunk, err = envload("return "..line, chunkname, env); - if not chunk then - chunk, err = envload(line, chunkname, env); - if not chunk then - err = err:gsub("^%[string .-%]:%d+: ", ""); - err = err:gsub("^:%d+: ", ""); - err = err:gsub("''", "the end of the line"); - session.print("Sorry, I couldn't understand that... "..err); - return; - end - end - - local taskok, message = chunk(); - - if not message then - if type(taskok) ~= "string" and useglobalenv then - taskok = session.serialize(taskok); - end - session.print("Result: "..tostring(taskok)); - return; - elseif (not taskok) and message then - session.print("Command completed with a problem"); - session.print("Message: "..tostring(message)); + line = line:gsub("\r?\n$", ""); + if line == "bye" or line == "quit" or line == "exit" or line:byte() == 4 then + session.print("See you!"); + session:disconnect(); return; end - - session.print("OK: "..tostring(message)); + return module:fire_event("admin/repl-line", { origin = session, stanza = st.stanza("repl"):text(line) }); end local sessions = {}; @@ -218,1509 +168,6 @@ function console_listener.ondetach(conn) sessions[conn] = nil; end --- Console commands -- --- These are simple commands, not valid standalone in Lua - -function commands.bye(session) - session.print("See you! :)"); - session.closed = true; - session.disconnect(); -end -commands.quit, commands.exit = commands.bye, commands.bye; - -commands["!"] = function (session, data) - if data:match("^!!") and session.env._ then - session.print("!> "..session.env._); - return console_listener.onincoming(session.conn, session.env._); - end - local old, new = data:match("^!(.-[^\\])!(.-)!$"); - if old and new then - local ok, res = pcall(string.gsub, session.env._, old, new); - if not ok then - session.print(res) - return; - end - session.print("!> "..res); - return console_listener.onincoming(session.conn, res); - end - session.print("Sorry, not sure what you want"); -end - - -function commands.help(session, data) - local print = session.print; - local section = data:match("^help (%w+)"); - if not section then - print [[Commands are divided into multiple sections. For help on a particular section, ]] - print [[type: help SECTION (for example, 'help c2s'). Sections are: ]] - print [[]] - print [[c2s - Commands to manage local client-to-server sessions]] - print [[s2s - Commands to manage sessions between this server and others]] - print [[http - Commands to inspect HTTP services]] -- XXX plural but there is only one so far - print [[module - Commands to load/reload/unload modules/plugins]] - print [[host - Commands to activate, deactivate and list virtual hosts]] - print [[user - Commands to create and delete users, and change their passwords]] - print [[server - Uptime, version, shutting down, etc.]] - print [[port - Commands to manage ports the server is listening on]] - print [[dns - Commands to manage and inspect the internal DNS resolver]] - print [[xmpp - Commands for sending XMPP stanzas]] - print [[debug - Commands for debugging the server]] - print [[config - Reloading the configuration, etc.]] - print [[console - Help regarding the console itself]] - elseif section == "c2s" then - print [[c2s:show(jid) - Show all client sessions with the specified JID (or all if no JID given)]] - print [[c2s:show_insecure() - Show all unencrypted client connections]] - print [[c2s:show_secure() - Show all encrypted client connections]] - print [[c2s:show_tls() - Show TLS cipher info for encrypted sessions]] - print [[c2s:count() - Count sessions without listing them]] - print [[c2s:close(jid) - Close all sessions for the specified JID]] - print [[c2s:closeall() - Close all active c2s connections ]] - elseif section == "s2s" then - print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] - print [[s2s:show_tls(domain) - Show TLS cipher info for encrypted sessions]] - print [[s2s:close(from, to) - Close a connection from one domain to another]] - print [[s2s:closeall(host) - Close all the incoming/outgoing s2s sessions to specified host]] - elseif section == "http" then - print [[http:list(hosts) - Show HTTP endpoints]] - elseif section == "module" then - print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] - print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] - print [[module:unload(module, host) - The same, but just unloads the module from memory]] - print [[module:list(host) - List the modules loaded on the specified host]] - elseif section == "host" then - print [[host:activate(hostname) - Activates the specified host]] - print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]] - print [[host:list() - List the currently-activated hosts]] - elseif section == "user" then - print [[user:create(jid, password) - Create the specified user account]] - print [[user:password(jid, password) - Set the password for the specified user account]] - print [[user:delete(jid) - Permanently remove the specified user account]] - print [[user:list(hostname, pattern) - List users on the specified host, optionally filtering with a pattern]] - elseif section == "server" then - print [[server:version() - Show the server's version number]] - print [[server:uptime() - Show how long the server has been running]] - print [[server:memory() - Show details about the server's memory usage]] - print [[server:shutdown(reason) - Shut down the server, with an optional reason to be broadcast to all connections]] - elseif section == "port" then - print [[port:list() - Lists all network ports prosody currently listens on]] - print [[port:close(port, interface) - Close a port]] - elseif section == "dns" then - print [[dns:lookup(name, type, class) - Do a DNS lookup]] - print [[dns:addnameserver(nameserver) - Add a nameserver to the list]] - print [[dns:setnameserver(nameserver) - Replace the list of name servers with the supplied one]] - print [[dns:purge() - Clear the DNS cache]] - print [[dns:cache() - Show cached records]] - elseif section == "xmpp" then - print [[xmpp:ping(localhost, remotehost) -- Sends a ping to a remote XMPP server and reports the response]] - elseif section == "config" then - print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] - print [[config:get([host,] option) - Show the value of a config option.]] - elseif section == "stats" then -- luacheck: ignore 542 - -- TODO describe how stats:show() works - elseif section == "debug" then - print [[debug:logevents(host) - Enable logging of fired events on host]] - print [[debug:events(host, event) - Show registered event handlers]] - print [[debug:timers() - Show information about scheduled timers]] - elseif section == "console" then - print [[Hey! Welcome to Prosody's admin console.]] - print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] - print [[Secondly, note that we don't support the full telnet protocol yet (it's coming)]] - print [[so you may have trouble using the arrow keys, etc. depending on your system.]] - print [[]] - print [[For now we offer a couple of handy shortcuts:]] - print [[!! - Repeat the last command]] - print [[!old!new! - repeat the last command, but with 'old' replaced by 'new']] - print [[]] - print [[For those well-versed in Prosody's internals, or taking instruction from those who are,]] - print [[you can prefix a command with > to escape the console sandbox, and access everything in]] - print [[the running server. Great fun, but be careful not to break anything :)]] - end - print [[]] -end - --- Session environment -- --- Anything in def_env will be accessible within the session as a global variable - ---luacheck: ignore 212/self -local serialize_defaults = module:get_option("console_prettyprint_settings", { fatal = false, unquoted = true, maxdepth = 2}) - -def_env.output = {}; -function def_env.output:configure(opts) - if type(opts) ~= "table" then - opts = { preset = opts }; - end - if not opts.fallback then - -- XXX Error message passed to fallback is lost, does it matter? - opts.fallback = tostring; - end - for k,v in pairs(serialize_defaults) do - if opts[k] == nil then - opts[k] = v; - end - end - self.session.serialize = serialization.new(opts); -end - -def_env.server = {}; - -function def_env.server:insane_reload() - prosody.unlock_globals(); - dofile "prosody" - prosody = _G.prosody; - return true, "Server reloaded"; -end - -function def_env.server:version() - return true, tostring(prosody.version or "unknown"); -end - -function def_env.server:uptime() - local t = os.time()-prosody.start_time; - local seconds = t%60; - t = (t - seconds)/60; - local minutes = t%60; - t = (t - minutes)/60; - local hours = t%24; - t = (t - hours)/24; - local days = t; - return true, string.format("This server has been running for %d day%s, %d hour%s and %d minute%s (since %s)", - days, (days ~= 1 and "s") or "", hours, (hours ~= 1 and "s") or "", - minutes, (minutes ~= 1 and "s") or "", os.date("%c", prosody.start_time)); -end - -function def_env.server:shutdown(reason) - prosody.shutdown(reason); - return true, "Shutdown initiated"; -end - -local function human(kb) - local unit = "K"; - if kb > 1024 then - kb, unit = kb/1024, "M"; - end - return ("%0.2f%sB"):format(kb, unit); -end - -function def_env.server:memory() - if not has_pposix or not pposix.meminfo then - return true, "Lua is using "..human(collectgarbage("count")); - end - local mem, lua_mem = pposix.meminfo(), collectgarbage("count"); - local print = self.session.print; - print("Process: "..human((mem.allocated+mem.allocated_mmap)/1024)); - print(" Used: "..human(mem.used/1024).." ("..human(lua_mem).." by Lua)"); - print(" Free: "..human(mem.unused/1024).." ("..human(mem.returnable/1024).." returnable)"); - return true, "OK"; -end - -def_env.module = {}; - -local function get_hosts_set(hosts) - if type(hosts) == "table" then - if hosts[1] then - return set.new(hosts); - elseif hosts._items then - return hosts; - end - elseif type(hosts) == "string" then - return set.new { hosts }; - elseif hosts == nil then - return set.new(array.collect(keys(prosody.hosts))); - end -end - --- Hosts with a module or all virtualhosts if no module given --- matching modules_enabled in the global section -local function get_hosts_with_module(hosts, module) - local hosts_set = get_hosts_set(hosts) - / function (host) - if module then - -- Module given, filter in hosts with this module loaded - if modulemanager.is_loaded(host, module) then - return host; - else - return nil; - end - end - if not hosts then - -- No hosts given, filter in VirtualHosts - if prosody.hosts[host].type == "local" then - return host; - else - return nil - end - end; - -- No module given, but hosts are, don't filter at all - return host; - end; - if module and modulemanager.get_module("*", module) then - hosts_set:add("*"); - end - return hosts_set; -end - -function def_env.module:load(name, hosts, config) - hosts = get_hosts_with_module(hosts); - - -- Load the module for each host - local ok, err, count, mod = true, nil, 0; - for host in hosts do - if (not modulemanager.is_loaded(host, name)) then - mod, err = modulemanager.load(host, name, config); - if not mod then - ok = false; - if err == "global-module-already-loaded" then - if count > 0 then - ok, err, count = true, nil, 1; - end - break; - end - self.session.print(err or "Unknown error loading module"); - else - count = count + 1; - self.session.print("Loaded for "..mod.module.host); - end - end - end - - return ok, (ok and "Module loaded onto "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -function def_env.module:unload(name, hosts) - hosts = get_hosts_with_module(hosts, name); - - -- Unload the module for each host - local ok, err, count = true, nil, 0; - for host in hosts do - if modulemanager.is_loaded(host, name) then - ok, err = modulemanager.unload(host, name); - if not ok then - ok = false; - self.session.print(err or "Unknown error unloading module"); - else - count = count + 1; - self.session.print("Unloaded from "..host); - end - end - end - return ok, (ok and "Module unloaded from "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -local function _sort_hosts(a, b) - if a == "*" then return true - elseif b == "*" then return false - else return a:gsub("[^.]+", string.reverse):reverse() < b:gsub("[^.]+", string.reverse):reverse(); end -end - -function def_env.module:reload(name, hosts) - hosts = array.collect(get_hosts_with_module(hosts, name)):sort(_sort_hosts) - - -- Reload the module for each host - local ok, err, count = true, nil, 0; - for _, host in ipairs(hosts) do - if modulemanager.is_loaded(host, name) then - ok, err = modulemanager.reload(host, name); - if not ok then - ok = false; - self.session.print(err or "Unknown error reloading module"); - else - count = count + 1; - if ok == nil then - ok = true; - end - self.session.print("Reloaded on "..host); - end - end - end - return ok, (ok and "Module reloaded on "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -function def_env.module:list(hosts) - hosts = array.collect(set.new({ not hosts and "*" or nil }) + get_hosts_set(hosts)):sort(_sort_hosts); - - local print = self.session.print; - for _, host in ipairs(hosts) do - print((host == "*" and "Global" or host)..":"); - local modules = array.collect(keys(modulemanager.get_modules(host) or {})):sort(); - if #modules == 0 then - if prosody.hosts[host] then - print(" No modules loaded"); - else - print(" Host not found"); - end - else - for _, name in ipairs(modules) do - local status, status_text = modulemanager.get_module(host, name).module:get_status(); - local status_summary = ""; - if status == "warn" or status == "error" then - status_summary = (" (%s: %s)"):format(status, status_text); - end - print((" %s%s"):format(name, status_summary)); - end - end - end -end - -def_env.config = {}; -function def_env.config:load(filename, format) - local config_load = require "core.configmanager".load; - local ok, err = config_load(filename, format); - if not ok then - return false, err or "Unknown error loading config"; - end - return true, "Config loaded"; -end - -function def_env.config:get(host, key) - if key == nil then - host, key = "*", host; - end - local config_get = require "core.configmanager".get - return true, serialize_config(config_get(host, key)); -end - -function def_env.config:reload() - local ok, err = prosody.reload_config(); - return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err); -end - -local function common_info(session, line) - if session.id then - line[#line+1] = "["..session.id.."]" - else - line[#line+1] = "["..session.type..(tostring(session):match("%x*$")).."]" - end -end - -local function session_flags(session, line) - line = line or {}; - common_info(session, line); - if session.type == "c2s" then - local status, priority = "unavailable", tostring(session.priority or "-"); - if session.presence then - status = session.presence:get_child_text("show") or "available"; - end - line[#line+1] = status.."("..priority..")"; - end - if session.cert_identity_status == "valid" then - line[#line+1] = "(authenticated)"; - end - if session.dialback_key then - line[#line+1] = "(dialback)"; - end - if session.external_auth then - line[#line+1] = "(SASL)"; - end - if session.secure then - line[#line+1] = "(encrypted)"; - end - if session.compressed then - line[#line+1] = "(compressed)"; - end - if session.smacks then - line[#line+1] = "(sm)"; - end - if session.ip and session.ip:match(":") then - line[#line+1] = "(IPv6)"; - end - if session.remote then - line[#line+1] = "(remote)"; - end - if session.incoming and session.outgoing then - line[#line+1] = "(bidi)"; - elseif session.is_bidi or session.bidi_session then - line[#line+1] = "(bidi)"; - end - if session.bosh_version then - line[#line+1] = "(bosh)"; - end - if session.websocket_request then - line[#line+1] = "(websocket)"; - end - return table.concat(line, " "); -end - -local function tls_info(session, line) - line = line or {}; - common_info(session, line); - if session.secure then - local sock = session.conn and session.conn.socket and session.conn:socket(); - if sock then - local info = sock.info and sock:info(); - if info then - line[#line+1] = ("(%s with %s)"):format(info.protocol, info.cipher); - else - -- TLS session might not be ready yet - line[#line+1] = "(cipher info unavailable)"; - end - if sock.getsniname then - local name = sock:getsniname(); - if name then - line[#line+1] = ("(SNI:%q)"):format(name); - end - end - if sock.getalpn then - local proto = sock:getalpn(); - if proto then - line[#line+1] = ("(ALPN:%q)"):format(proto); - end - end - end - else - line[#line+1] = "(insecure)"; - end - return table.concat(line, " "); -end - -def_env.c2s = {}; - -local function get_jid(session) - if session.username then - return session.full_jid or jid_join(session.username, session.host, session.resource); - end - - local conn = session.conn; - local ip = session.ip or "?"; - local clientport = conn and conn:clientport() or "?"; - local serverip = conn and conn.server and conn:server():ip() or "?"; - local serverport = conn and conn:serverport() or "?" - return jid_join("["..ip.."]:"..clientport, session.host or "["..serverip.."]:"..serverport); -end - -local function get_c2s() - local c2s = array.collect(values(prosody.full_sessions)); - c2s:append(array.collect(values(module:shared"/*/c2s/sessions"))); - c2s:append(array.collect(values(module:shared"/*/bosh/sessions"))); - c2s:unique(); - return c2s; -end - -local function show_c2s(callback) - get_c2s():sort(function(a, b) - if a.host == b.host then - if a.username == b.username then - return (a.resource or "") > (b.resource or ""); - end - return (a.username or "") > (b.username or ""); - end - return _sort_hosts(a.host or "", b.host or ""); - end):map(function (session) - callback(get_jid(session), session) - end); -end - -function def_env.c2s:count() - local c2s = get_c2s(); - return true, "Total: ".. #c2s .." clients"; -end - -function def_env.c2s:show(match_jid, annotate) - local print, count = self.session.print, 0; - annotate = annotate or session_flags; - local curr_host = false; - show_c2s(function (jid, session) - if curr_host ~= session.host then - curr_host = session.host; - print(curr_host or "(not connected to any host yet)"); - end - if (not match_jid) or jid:match(match_jid) then - count = count + 1; - print(annotate(session, { " ", jid })); - end - end); - return true, "Total: "..count.." clients"; -end - -function def_env.c2s:show_insecure(match_jid) - local print, count = self.session.print, 0; - show_c2s(function (jid, session) - if ((not match_jid) or jid:match(match_jid)) and not session.secure then - count = count + 1; - print(jid); - end - end); - return true, "Total: "..count.." insecure client connections"; -end - -function def_env.c2s:show_secure(match_jid) - local print, count = self.session.print, 0; - show_c2s(function (jid, session) - if ((not match_jid) or jid:match(match_jid)) and session.secure then - count = count + 1; - print(jid); - end - end); - return true, "Total: "..count.." secure client connections"; -end - -function def_env.c2s:show_tls(match_jid) - return self:show(match_jid, tls_info); -end - -local function build_reason(text, condition) - if text or condition then - return { - text = text, - condition = condition or "undefined-condition", - }; - end -end - -function def_env.c2s:close(match_jid, text, condition) - local count = 0; - show_c2s(function (jid, session) - if jid == match_jid or jid_bare(jid) == match_jid then - count = count + 1; - session:close(build_reason(text, condition)); - end - end); - return true, "Total: "..count.." sessions closed"; -end - -function def_env.c2s:closeall(text, condition) - local count = 0; - --luacheck: ignore 212/jid - show_c2s(function (jid, session) - count = count + 1; - session:close(build_reason(text, condition)); - end); - return true, "Total: "..count.." sessions closed"; -end - - -def_env.s2s = {}; -function def_env.s2s:show(match_jid, annotate) - local print = self.session.print; - annotate = annotate or session_flags; - - local count_in, count_out = 0,0; - local s2s_list = { }; - - local s2s_sessions = module:shared"/*/s2s/sessions"; - for _, session in pairs(s2s_sessions) do - local remotehost, localhost, direction; - if session.direction == "outgoing" then - direction = "->"; - count_out = count_out + 1; - remotehost, localhost = session.to_host or "?", session.from_host or "?"; - else - direction = "<-"; - count_in = count_in + 1; - remotehost, localhost = session.from_host or "?", session.to_host or "?"; - end - local sess_lines = { l = localhost, r = remotehost, - annotate(session, { "", direction, remotehost or "?" })}; - - if (not match_jid) or remotehost:match(match_jid) or localhost:match(match_jid) then - table.insert(s2s_list, sess_lines); - -- luacheck: ignore 421/print - local print = function (s) table.insert(sess_lines, " "..s); end - if session.sendq then - print("There are "..#session.sendq.." queued outgoing stanzas for this connection"); - end - if session.type == "s2sout_unauthed" then - if session.connecting then - print("Connection not yet established"); - if not session.srv_hosts then - if not session.conn then - print("We do not yet have a DNS answer for this host's SRV records"); - else - print("This host has no SRV records, using A record instead"); - end - elseif session.srv_choice then - print("We are on SRV record "..session.srv_choice.." of "..#session.srv_hosts); - local srv_choice = session.srv_hosts[session.srv_choice]; - print("Using "..(srv_choice.target or ".")..":"..(srv_choice.port or 5269)); - end - elseif session.notopen then - print("The has not yet been opened"); - elseif not session.dialback_key then - print("Dialback has not been initiated yet"); - elseif session.dialback_key then - print("Dialback has been requested, but no result received"); - end - end - if session.type == "s2sin_unauthed" then - print("Connection not yet authenticated"); - elseif session.type == "s2sin" then - for name in pairs(session.hosts) do - if name ~= session.from_host then - print("also hosts "..tostring(name)); - end - end - end - end - end - - -- Sort by local host, then remote host - table.sort(s2s_list, function(a,b) - if a.l == b.l then return _sort_hosts(a.r, b.r); end - return _sort_hosts(a.l, b.l); - end); - local lasthost; - for _, sess_lines in ipairs(s2s_list) do - if sess_lines.l ~= lasthost then print(sess_lines.l); lasthost=sess_lines.l end - for _, line in ipairs(sess_lines) do print(line); end - end - return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; -end - -function def_env.s2s:show_tls(match_jid) - return self:show(match_jid, tls_info); -end - -local function print_subject(print, subject) - for _, entry in ipairs(subject) do - print( - (" %s: %q"):format( - entry.name or entry.oid, - entry.value:gsub("[\r\n%z%c]", " ") - ) - ); - end -end - --- As much as it pains me to use the 0-based depths that OpenSSL does, --- I think there's going to be more confusion among operators if we --- break from that. -local function print_errors(print, errors) - for depth, t in pairs(errors) do - print( - (" %d: %s"):format( - depth-1, - table.concat(t, "\n| ") - ) - ); - end -end - -function def_env.s2s:showcert(domain) - local print = self.session.print; - local s2s_sessions = module:shared"/*/s2s/sessions"; - local domain_sessions = set.new(array.collect(values(s2s_sessions))) - /function(session) return (session.to_host == domain or session.from_host == domain) and session or nil; end; - local cert_set = {}; - for session in domain_sessions do - local conn = session.conn; - conn = conn and conn:socket(); - if not conn.getpeerchain then - if conn.dohandshake then - error("This version of LuaSec does not support certificate viewing"); - end - else - local cert = conn:getpeercertificate(); - if cert then - local certs = conn:getpeerchain(); - local digest = cert:digest("sha1"); - if not cert_set[digest] then - local chain_valid, chain_errors = conn:getpeerverification(); - cert_set[digest] = { - { - from = session.from_host, - to = session.to_host, - direction = session.direction - }; - chain_valid = chain_valid; - chain_errors = chain_errors; - certs = certs; - }; - else - table.insert(cert_set[digest], { - from = session.from_host, - to = session.to_host, - direction = session.direction - }); - end - end - end - end - local domain_certs = array.collect(values(cert_set)); - -- Phew. We now have a array of unique certificates presented by domain. - local n_certs = #domain_certs; - - if n_certs == 0 then - return "No certificates found for "..domain; - end - - local function _capitalize_and_colon(byte) - return string.upper(byte)..":"; - end - local function pretty_fingerprint(hash) - return hash:gsub("..", _capitalize_and_colon):sub(1, -2); - end - - for cert_info in values(domain_certs) do - local certs = cert_info.certs; - local cert = certs[1]; - print("---") - print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); - print(""); - local n_streams = #cert_info; - print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); - for _, stream in ipairs(cert_info) do - if stream.direction == "incoming" then - print(" "..stream.to.." <- "..stream.from); - else - print(" "..stream.from.." -> "..stream.to); - end - end - print(""); - local chain_valid, errors = cert_info.chain_valid, cert_info.chain_errors; - local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); - if chain_valid then - print("Trusted certificate: Yes"); - else - print("Trusted certificate: No"); - print_errors(print, errors); - end - print(""); - print("Issuer: "); - print_subject(print, cert:issuer()); - print(""); - print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); - print("Subject:"); - print_subject(print, cert:subject()); - end - print("---"); - return ("Showing "..n_certs.." certificate" - ..(n_certs==1 and "" or "s") - .." presented by "..domain.."."); -end - -function def_env.s2s:close(from, to, text, condition) - local print, count = self.session.print, 0; - local s2s_sessions = module:shared"/*/s2s/sessions"; - - local match_id; - if from and not to then - match_id, from = from, nil; - elseif not to then - return false, "Syntax: s2s:close('from', 'to') - Closes all s2s sessions from 'from' to 'to'"; - elseif from == to then - return false, "Both from and to are the same... you can't do that :)"; - end - - for _, session in pairs(s2s_sessions) do - local id = session.id or (session.type..tostring(session):match("[a-f0-9]+$")); - if (match_id and match_id == id) - or (session.from_host == from and session.to_host == to) then - print(("Closing connection from %s to %s [%s]"):format(session.from_host, session.to_host, id)); - (session.close or s2smanager.destroy_session)(session, build_reason(text, condition)); - count = count + 1 ; - end - end - return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); -end - -function def_env.s2s:closeall(host, text, condition) - local count = 0; - local s2s_sessions = module:shared"/*/s2s/sessions"; - for _,session in pairs(s2s_sessions) do - if not host or session.from_host == host or session.to_host == host then - session:close(build_reason(text, condition)); - count = count + 1; - end - end - if count == 0 then return false, "No sessions to close."; - else return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); end -end - -def_env.host = {}; def_env.hosts = def_env.host; - -function def_env.host:activate(hostname, config) - return hostmanager.activate(hostname, config); -end -function def_env.host:deactivate(hostname, reason) - return hostmanager.deactivate(hostname, reason); -end - -function def_env.host:list() - local print = self.session.print; - local i = 0; - local type; - for host, host_session in iterators.sorted_pairs(prosody.hosts, _sort_hosts) do - i = i + 1; - type = host_session.type; - if type == "local" then - print(host); - else - type = module:context(host):get_option_string("component_module", type); - if type ~= "component" then - type = type .. " component"; - end - print(("%s (%s)"):format(host, type)); - end - end - return true, i.." hosts"; -end - -def_env.port = {}; - -function def_env.port:list() - local print = self.session.print; - local services = portmanager.get_active_services().data; - local n_services, n_ports = 0, 0; - for service, interfaces in iterators.sorted_pairs(services) do - n_services = n_services + 1; - local ports_list = {}; - for interface, ports in pairs(interfaces) do - for port in pairs(ports) do - table.insert(ports_list, "["..interface.."]:"..port); - end - end - n_ports = n_ports + #ports_list; - print(service..": "..table.concat(ports_list, ", ")); - end - return true, n_services.." services listening on "..n_ports.." ports"; -end - -function def_env.port:close(close_port, close_interface) - close_port = assert(tonumber(close_port), "Invalid port number"); - local n_closed = 0; - local services = portmanager.get_active_services().data; - for service, interfaces in pairs(services) do -- luacheck: ignore 213 - for interface, ports in pairs(interfaces) do - if not close_interface or close_interface == interface then - if ports[close_port] then - self.session.print("Closing ["..interface.."]:"..close_port.."..."); - local ok, err = portmanager.close(interface, close_port) - if not ok then - self.session.print("Failed to close "..interface.." "..close_port..": "..err); - else - n_closed = n_closed + 1; - end - end - end - end - end - return true, "Closed "..n_closed.." ports"; -end - -def_env.muc = {}; - -local console_room_mt = { - __index = function (self, k) return self.room[k]; end; - __tostring = function (self) - return "MUC room <"..self.room.jid..">"; - end; -}; - -local function check_muc(jid) - local room_name, host = jid_split(jid); - if not prosody.hosts[host] then - return nil, "No such host: "..host; - elseif not prosody.hosts[host].modules.muc then - return nil, "Host '"..host.."' is not a MUC service"; - end - return room_name, host; -end - -function def_env.muc:create(room_jid, config) - local room_name, host = check_muc(room_jid); - if not room_name then - return room_name, host; - end - if not room_name then return nil, host end - if config ~= nil and type(config) ~= "table" then return nil, "Config must be a table"; end - if prosody.hosts[host].modules.muc.get_room_from_jid(room_jid) then return nil, "Room exists already" end - return prosody.hosts[host].modules.muc.create_room(room_jid, config); -end - -function def_env.muc:room(room_jid) - local room_name, host = check_muc(room_jid); - if not room_name then - return room_name, host; - end - local room_obj = prosody.hosts[host].modules.muc.get_room_from_jid(room_jid); - if not room_obj then - return nil, "No such room: "..room_jid; - end - return setmetatable({ room = room_obj }, console_room_mt); -end - -function def_env.muc:list(host) - local host_session = prosody.hosts[host]; - if not host_session or not host_session.modules.muc then - return nil, "Please supply the address of a local MUC component"; - end - local print = self.session.print; - local c = 0; - for room in host_session.modules.muc.each_room() do - print(room.jid); - c = c + 1; - end - return true, c.." rooms"; -end - -local um = require"core.usermanager"; - -def_env.user = {}; -function def_env.user:create(jid, password) - local username, host = jid_split(jid); - if not prosody.hosts[host] then - return nil, "No such host: "..host; - elseif um.user_exists(username, host) then - return nil, "User exists"; - end - local ok, err = um.create_user(username, password, host); - if ok then - return true, "User created"; - else - return nil, "Could not create user: "..err; - end -end - -function def_env.user:delete(jid) - local username, host = jid_split(jid); - if not prosody.hosts[host] then - return nil, "No such host: "..host; - elseif not um.user_exists(username, host) then - return nil, "No such user"; - end - local ok, err = um.delete_user(username, host); - if ok then - return true, "User deleted"; - else - return nil, "Could not delete user: "..err; - end -end - -function def_env.user:password(jid, password) - local username, host = jid_split(jid); - if not prosody.hosts[host] then - return nil, "No such host: "..host; - elseif not um.user_exists(username, host) then - return nil, "No such user"; - end - local ok, err = um.set_password(username, password, host, nil); - if ok then - return true, "User password changed"; - else - return nil, "Could not change password for user: "..err; - end -end - -function def_env.user:list(host, pat) - if not host then - return nil, "No host given"; - elseif not prosody.hosts[host] then - return nil, "No such host"; - end - local print = self.session.print; - local total, matches = 0, 0; - for user in um.users(host) do - if not pat or user:match(pat) then - print(user.."@"..host); - matches = matches + 1; - end - total = total + 1; - end - return true, "Showing "..(pat and (matches.." of ") or "all " )..total.." users"; -end - -def_env.xmpp = {}; - -local st = require "util.stanza"; -local new_id = require "util.id".medium; -function def_env.xmpp:ping(localhost, remotehost, timeout) - localhost = select(2, jid_split(localhost)); - remotehost = select(2, jid_split(remotehost)); - if not localhost then - return nil, "Invalid sender hostname"; - elseif not prosody.hosts[localhost] then - return nil, "No such local host"; - end - if not remotehost then - return nil, "Invalid destination hostname"; - elseif prosody.hosts[remotehost] then - return nil, "Both hosts are local"; - end - local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} - :tag("ping", {xmlns="urn:xmpp:ping"}); - local time_start = time.now(); - local ret, err = async.wait(module:context(localhost):send_iq(iq, nil, timeout)); - if ret then - return true, ("pong from %s in %gs"):format(ret.stanza.attr.from, time.now() - time_start); - else - return false, tostring(err); - end -end - -def_env.dns = {}; -local adns = require"net.adns"; - -local function get_resolver(session) - local resolver = session.dns_resolver; - if not resolver then - resolver = adns.resolver(); - session.dns_resolver = resolver; - end - return resolver; -end - -function def_env.dns:lookup(name, typ, class) - local resolver = get_resolver(self.session); - local ret, err = async.wait(resolver:lookup_promise(name, typ, class)); - if ret then - return true, ret; - elseif err then - return false, err; - end -end - -function def_env.dns:addnameserver(...) - local resolver = get_resolver(self.session); - resolver._resolver:addnameserver(...) - return true -end - -function def_env.dns:setnameserver(...) - local resolver = get_resolver(self.session); - resolver._resolver:setnameserver(...) - return true -end - -function def_env.dns:purge() - local resolver = get_resolver(self.session); - resolver._resolver:purge() - return true -end - -function def_env.dns:cache() - local resolver = get_resolver(self.session); - return true, "Cache:\n"..tostring(resolver._resolver.cache) -end - -def_env.http = {}; - -function def_env.http:list(hosts) - local print = self.session.print; - - for host in get_hosts_set(hosts) do - local http_apps = modulemanager.get_items("http-provider", host); - if #http_apps > 0 then - local http_host = module:context(host):get_option_string("http_host"); - print("HTTP endpoints on "..host..(http_host and (" (using "..http_host.."):") or ":")); - for _, provider in ipairs(http_apps) do - local url = module:context(host):http_url(provider.name, provider.default_path); - print("", url); - end - print(""); - end - end - - local default_host = module:get_option_string("http_default_host"); - if not default_host then - print("HTTP requests to unknown hosts will return 404 Not Found"); - else - print("HTTP requests to unknown hosts will be handled by "..default_host); - end - return true; -end - -def_env.debug = {}; - -function def_env.debug:logevents(host) - helpers.log_host_events(host); - return true; -end - -function def_env.debug:events(host, event) - local events_obj; - if host and host ~= "*" then - if host == "http" then - events_obj = require "net.http.server"._events; - elseif not prosody.hosts[host] then - return false, "Unknown host: "..host; - else - events_obj = prosody.hosts[host].events; - end - else - events_obj = prosody.events; - end - return true, helpers.show_events(events_obj, event); -end - -function def_env.debug:timers() - local print = self.session.print; - local add_task = require"util.timer".add_task; - local h, params = add_task.h, add_task.params; - if h then - print("-- util.timer"); - for i, id in ipairs(h.ids) do - if not params[id] then - print(os.date("%F %T", h.priorities[i]), h.items[id]); - elseif not params[id].callback then - print(os.date("%F %T", h.priorities[i]), h.items[id], unpack(params[id])); - else - print(os.date("%F %T", h.priorities[i]), params[id].callback, unpack(params[id])); - end - end - end - if server.event_base then - local count = 0; - for _, v in pairs(debug.getregistry()) do - if type(v) == "function" and v.callback and v.callback == add_task._on_timer then - count = count + 1; - end - end - print(count .. " libevent callbacks"); - end - if h then - local next_time = h:peek(); - if next_time then - return true, os.date("Next event at %F %T (in %%.6fs)", next_time):format(next_time - time.now()); - end - end - return true; -end - --- COMPAT: debug:timers() was timer:info() for some time in trunk -def_env.timer = { info = def_env.debug.timers }; - -module:hook("server-stopping", function(event) - for _, session in pairs(sessions) do - session.print("Shutting down: "..(event.reason or "unknown reason")); - end -end); - -def_env.stats = {}; - -local function format_stat(type, value, ref_value) - ref_value = ref_value or value; - --do return tostring(value) end - if type == "duration" then - if ref_value < 0.001 then - return ("%g µs"):format(value*1000000); - elseif ref_value < 0.9 then - return ("%0.2f ms"):format(value*1000); - end - return ("%0.2f"):format(value); - elseif type == "size" then - if ref_value > 1048576 then - return ("%d MB"):format(value/1048576); - elseif ref_value > 1024 then - return ("%d KB"):format(value/1024); - end - return ("%d bytes"):format(value); - elseif type == "rate" then - if ref_value < 0.9 then - return ("%0.2f/min"):format(value*60); - end - return ("%0.2f/sec"):format(value); - end - return tostring(value); -end - -local stats_methods = {}; -function stats_methods:bounds(_lower, _upper) - for _, stat_info in ipairs(self) do - local data = stat_info[4]; - if data then - local lower = _lower or data.min; - local upper = _upper or data.max; - local new_data = { - min = lower; - max = upper; - samples = {}; - sample_count = 0; - count = data.count; - units = data.units; - }; - local sum = 0; - for _, v in ipairs(data.samples) do - if v > upper then - break; - elseif v>=lower then - table.insert(new_data.samples, v); - sum = sum + v; - end - end - new_data.sample_count = #new_data.samples; - stat_info[4] = new_data; - stat_info[3] = sum/new_data.sample_count; - end - end - return self; -end - -function stats_methods:trim(lower, upper) - upper = upper or (100-lower); - local statistics = require "util.statistics"; - for _, stat_info in ipairs(self) do - -- Strip outliers - local data = stat_info[4]; - if data then - local new_data = { - min = statistics.get_percentile(data, lower); - max = statistics.get_percentile(data, upper); - samples = {}; - sample_count = 0; - count = data.count; - units = data.units; - }; - local sum = 0; - for _, v in ipairs(data.samples) do - if v > new_data.max then - break; - elseif v>=new_data.min then - table.insert(new_data.samples, v); - sum = sum + v; - end - end - new_data.sample_count = #new_data.samples; - stat_info[4] = new_data; - stat_info[3] = sum/new_data.sample_count; - end - end - return self; -end - -function stats_methods:max(upper) - return self:bounds(nil, upper); -end - -function stats_methods:min(lower) - return self:bounds(lower, nil); -end - -function stats_methods:summary() - local statistics = require "util.statistics"; - for _, stat_info in ipairs(self) do - local type, value, data = stat_info[2], stat_info[3], stat_info[4]; - if data and data.samples then - table.insert(stat_info.output, string.format("Count: %d (%d captured)", - data.count, - data.sample_count - )); - table.insert(stat_info.output, string.format("Min: %s Mean: %s Max: %s", - format_stat(type, data.min), - format_stat(type, value), - format_stat(type, data.max) - )); - table.insert(stat_info.output, string.format("Q1: %s Median: %s Q3: %s", - format_stat(type, statistics.get_percentile(data, 25)), - format_stat(type, statistics.get_percentile(data, 50)), - format_stat(type, statistics.get_percentile(data, 75)) - )); - end - end - return self; -end - -function stats_methods:cfgraph() - for _, stat_info in ipairs(self) do - local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 - local function print(s) - table.insert(stat_info.output, s); - end - - if data and data.sample_count and data.sample_count > 0 then - local raw_histogram = require "util.statistics".get_histogram(data); - - local graph_width, graph_height = 50, 10; - local eighth_chars = " ▁▂▃▄▅▆▇█"; - - local range = data.max - data.min; - - if range > 0 then - local x_scaling = #raw_histogram/graph_width; - local histogram = {}; - for i = 1, graph_width do - histogram[i] = math.max(raw_histogram[i*x_scaling-1] or 0, raw_histogram[i*x_scaling] or 0); - end - - print(""); - print(("_"):rep(52)..format_stat(type, data.max)); - for row = graph_height, 1, -1 do - local row_chars = {}; - local min_eighths, max_eighths = 8, 0; - for i = 1, #histogram do - local char_eighths = math.ceil(math.max(math.min((graph_height/(data.max/histogram[i]))-(row-1), 1), 0)*8); - if char_eighths < min_eighths then - min_eighths = char_eighths; - end - if char_eighths > max_eighths then - max_eighths = char_eighths; - end - if char_eighths == 0 then - row_chars[i] = "-"; - else - local char = eighth_chars:sub(char_eighths*3+1, char_eighths*3+3); - row_chars[i] = char; - end - end - print(table.concat(row_chars).."|-"..format_stat(type, data.max/(graph_height/(row-0.5)))); - end - print(("\\ "):rep(11)); - local x_labels = {}; - for i = 1, 11 do - local s = ("%-4s"):format((i-1)*10); - if #s > 4 then - s = s:sub(1, 3).."…"; - end - x_labels[i] = s; - end - print(" "..table.concat(x_labels, " ")); - local units = "%"; - local margin = math.floor((graph_width-#units)/2); - print((" "):rep(margin)..units); - else - print("[range too small to graph]"); - end - print(""); - end - end - return self; -end - -function stats_methods:histogram() - for _, stat_info in ipairs(self) do - local name, type, value, data = unpack(stat_info, 1, 4); -- luacheck: ignore 211 - local function print(s) - table.insert(stat_info.output, s); - end - - if not data then - print("[no data]"); - return self; - elseif not data.sample_count then - print("[not a sampled metric type]"); - return self; - end - - local graph_width, graph_height = 50, 10; - local eighth_chars = " ▁▂▃▄▅▆▇█"; - - local range = data.max - data.min; - - if range > 0 then - local n_buckets = graph_width; - - local histogram = {}; - for i = 1, n_buckets do - histogram[i] = 0; - end - local max_bin_samples = 0; - for _, d in ipairs(data.samples) do - local bucket = math.floor(1+(n_buckets-1)/(range/(d-data.min))); - histogram[bucket] = histogram[bucket] + 1; - if histogram[bucket] > max_bin_samples then - max_bin_samples = histogram[bucket]; - end - end - - print(""); - print(("_"):rep(52)..max_bin_samples); - for row = graph_height, 1, -1 do - local row_chars = {}; - local min_eighths, max_eighths = 8, 0; - for i = 1, #histogram do - local char_eighths = math.ceil(math.max(math.min((graph_height/(max_bin_samples/histogram[i]))-(row-1), 1), 0)*8); - if char_eighths < min_eighths then - min_eighths = char_eighths; - end - if char_eighths > max_eighths then - max_eighths = char_eighths; - end - if char_eighths == 0 then - row_chars[i] = "-"; - else - local char = eighth_chars:sub(char_eighths*3+1, char_eighths*3+3); - row_chars[i] = char; - end - end - print(table.concat(row_chars).."|-"..math.ceil((max_bin_samples/graph_height)*(row-0.5))); - end - print(("\\ "):rep(11)); - local x_labels = {}; - for i = 1, 11 do - local s = ("%-4s"):format(format_stat(type, data.min+range*i/11, data.min):match("^%S+")); - if #s > 4 then - s = s:sub(1, 3).."…"; - end - x_labels[i] = s; - end - print(" "..table.concat(x_labels, " ")); - local units = format_stat(type, data.min):match("%s+(.+)$") or data.units or ""; - local margin = math.floor((graph_width-#units)/2); - print((" "):rep(margin)..units); - else - print("[range too small to graph]"); - end - print(""); - end - return self; -end - -local function stats_tostring(stats) - local print = stats.session.print; - for _, stat_info in ipairs(stats) do - if #stat_info.output > 0 then - print("\n#"..stat_info[1]); - print(""); - for _, v in ipairs(stat_info.output) do - print(v); - end - print(""); - else - print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], stat_info[3]))); - end - end - return #stats.." statistics displayed"; -end - -local stats_mt = {__index = stats_methods, __tostring = stats_tostring } -local function new_stats_context(self) - return setmetatable({ session = self.session, stats = true }, stats_mt); -end - -function def_env.stats:show(filter) - -- luacheck: ignore 211/changed - local stats, changed, extra = require "core.statsmanager".get_stats(); - local available, displayed = 0, 0; - local displayed_stats = new_stats_context(self); - for name, value in iterators.sorted_pairs(stats) do - available = available + 1; - if not filter or name:match(filter) then - displayed = displayed + 1; - local type = name:match(":(%a+)$"); - table.insert(displayed_stats, { - name, type, value, extra[name]; - output = {}; - }); - end - end - return displayed_stats; -end - - - -------------- - -function printbanner(session) - local option = module:get_option_string("console_banner", "full"); - if option == "full" or option == "graphic" then - session.print [[ - ____ \ / _ - | _ \ _ __ ___ ___ _-_ __| |_ _ - | |_) | '__/ _ \/ __|/ _ \ / _` | | | | - | __/| | | (_) \__ \ |_| | (_| | |_| | - |_| |_| \___/|___/\___/ \__,_|\__, | - A study in simplicity |___/ - -]] - end - if option == "short" or option == "full" then - session.print("Welcome to the Prosody administration console. For a list of commands, type: help"); - session.print("You may find more help on using this console in our online documentation at "); - session.print("https://prosody.im/doc/console\n"); - end - if option ~= "short" and option ~= "full" and option ~= "graphic" then - session.print(option); - end -end - module:provides("net", { name = "console"; listener = console_listener; -- cgit v1.2.3 From e703759258ebed21e3a0aa5e55a163b22fd9d91b Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 16:14:06 +0100 Subject: mod_admin_shell, mod_admin_telnet, util.prosodyctl.shell: Separate output from final result Fixes the client pausing for input after output from commands. --- plugins/mod_admin_shell.lua | 32 +++++++++++++++++++------------- plugins/mod_admin_telnet.lua | 4 ++-- 2 files changed, 21 insertions(+), 15 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index d471e32f..b94ab07b 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -61,21 +61,21 @@ function runner_callbacks:error(err) self.data.print("Error: "..tostring(err)); end -local function send_repl_result(session, line) - return session.send(st.stanza("repl-result"):text(tostring(line))); +local function send_repl_output(session, line) + return session.send(st.stanza("repl-output"):text(tostring(line))); end function console:new_session(admin_session) local session = { send = function (t) - return send_repl_result(admin_session, t); + return send_repl_output(admin_session, t); end; print = function (...) local t = {}; for i=1,select("#", ...) do t[i] = tostring(select(i, ...)); end - return send_repl_result(admin_session, table.concat(t, "\t")); + return send_repl_output(admin_session, table.concat(t, "\t")); end; serialize = tostring; disconnect = function () admin_session:close(); end; @@ -107,8 +107,8 @@ local function handle_line(event) local line = event.stanza:get_text(); local useglobalenv; + local result = st.stanza("repl-result"); - module:log("debug", "HELLO: %s", line) if line:match("^>") then line = line:gsub("^>", ""); useglobalenv = true; @@ -116,6 +116,7 @@ local function handle_line(event) local command = line:match("^%w+") or line:match("%p"); if commands[command] then commands[command](session, line); + event.origin.send(result); return; end end @@ -124,6 +125,7 @@ local function handle_line(event) if not useglobalenv and commands[line:lower()] then commands[line:lower()](session, line); + event.origin.send(result); return; end @@ -137,29 +139,33 @@ local function handle_line(event) err = err:gsub("^%[string .-%]:%d+: ", ""); err = err:gsub("^:%d+: ", ""); err = err:gsub("''", "the end of the line"); - session.print("Sorry, I couldn't understand that... "..err); + result.attr.type = "error"; + result:text("Sorry, I couldn't understand that... "..err); + event.origin.send(result); return; end end local taskok, message = chunk(); + local result = st.stanza("repl-result"); + if not message then if type(taskok) ~= "string" and useglobalenv then taskok = session.serialize(taskok); end - session.print("Result: "..tostring(taskok)); - return; + result:text("Result: "..tostring(taskok)); elseif (not taskok) and message then - session.print("Command completed with a problem"); - session.print("Message: "..tostring(message)); - return; + result.attr.type = "error"; + result:text("Error: "..tostring(message)); + else + result:text("OK: "..tostring(message)); end - session.print("OK: "..tostring(message)); + event.origin.send(result); end -module:hook("admin/repl-line", function (event) +module:hook("admin/repl-input", function (event) local ok, err = pcall(handle_line, event); if not ok then event.origin.send(st.stanza("repl-result", { type = "error" }):text(err)); diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index ec8ff136..15220ec9 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -65,7 +65,7 @@ function console:new_session(conn) local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; local session = { conn = conn; send = function (t) - if st.is_stanza(t) and t.name == "repl-result" then + if st.is_stanza(t) and (t.name == "repl-result" or t.name == "repl-output") then t = "| "..t:get_text().."\n"; end w(tostring(t)); @@ -106,7 +106,7 @@ function console:process_line(session, line) session:disconnect(); return; end - return module:fire_event("admin/repl-line", { origin = session, stanza = st.stanza("repl"):text(line) }); + return module:fire_event("admin/repl-input", { origin = session, stanza = st.stanza("repl-input"):text(line) }); end local sessions = {}; -- cgit v1.2.3 From f554caa3ac8cd7c7c8223d121f59947e9f0ded68 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 16:14:44 +0100 Subject: mod_admin_shell: Remove extra newline at end of help text --- plugins/mod_admin_shell.lua | 1 - 1 file changed, 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index b94ab07b..a38bd000 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -263,7 +263,6 @@ function commands.help(session, data) print [[you can prefix a command with > to escape the console sandbox, and access everything in]] print [[the running server. Great fun, but be careful not to break anything :)]] end - print [[]] end -- Session environment -- -- cgit v1.2.3 From 5cdbe0edde662c434cb5c4df8c5153a1b324a4b0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 1 Jun 2020 17:27:50 +0200 Subject: mod_admin_socket: Use wrapserver if available Why have a custom accept function when this is net.server's entire thing? --- plugins/mod_admin_socket.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_socket.lua b/plugins/mod_admin_socket.lua index c094aad2..2085c5b0 100644 --- a/plugins/mod_admin_socket.lua +++ b/plugins/mod_admin_socket.lua @@ -55,7 +55,11 @@ function module.load() os.remove(socket_path); assert(sock:bind(socket_path)); assert(sock:listen()); - conn = server.watchfd(sock:getfd(), accept_connection); + if server.wrapserver then + conn = server.wrapserver(sock, socket_path, 0, listeners); + else + conn = server.watchfd(sock:getfd(), accept_connection); + end end function module.unload() -- cgit v1.2.3 From 81457f2fff2c6700073c3df3af2565f250df3045 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 1 Jun 2020 16:38:16 +0100 Subject: mod_admin_shell: Remove old variable declaration [luacheck] --- plugins/mod_admin_shell.lua | 2 -- 1 file changed, 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index a38bd000..a9ca797c 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -148,8 +148,6 @@ local function handle_line(event) local taskok, message = chunk(); - local result = st.stanza("repl-result"); - if not message then if type(taskok) ~= "string" and useglobalenv then taskok = session.serialize(taskok); -- cgit v1.2.3 From cd40d2a63038338c66c0d7115dfb87ab4b1c6ca6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 1 Jun 2020 17:37:54 +0200 Subject: mod_vcard_legacy: Remove semi-broken support for multiple avatars Nobody does this. If someone wants to they should go use the PEP method directly instead. Additionally, this got in the way of doing multiple avatars The PEP Way, since it treated each 'data' as a distinct avatar with an optional corresponding 'metadata', which is not how it works. --- plugins/mod_vcard_legacy.lua | 62 ++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 34 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index a6ff47d0..3b175df4 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -126,22 +126,25 @@ module:hook("iq-get/bare/vcard-temp:vCard", function (event) end end - local meta_ok, avatar_meta = pep_service:get_items("urn:xmpp:avatar:metadata", stanza.attr.from); - local data_ok, avatar_data = pep_service:get_items("urn:xmpp:avatar:data", stanza.attr.from); - - if data_ok then - for _, hash in ipairs(avatar_data) do - local meta = meta_ok and avatar_meta[hash]; - local data = avatar_data[hash]; - local info = meta and meta.tags[1]:get_child("info"); + local ok, avatar_hash, meta = pep_service:get_last_item("urn:xmpp:avatar:metadata", true); + if ok and avatar_hash then + + local info = meta.tags[1]:get_child("info"); + if info then vcard_temp:tag("PHOTO"); - if info and info.attr.type then + + if info.attr.type then vcard_temp:text_tag("TYPE", info.attr.type); end - if data then - vcard_temp:text_tag("BINVAL", data.tags[1]:get_text()); - elseif info and info.attr.url then + + if info.attr.url then vcard_temp:text_tag("EXTVAL", info.attr.url); + elseif info.attr.id then + local data_ok, avatar_data = pep_service:get_items("urn:xmpp:avatar:data", stanza.attr.from, { info.attr.id }); + if data_ok and avatar_data and avatar_data[info.attr.id] then + local data = avatar_data[info.attr.id]; + vcard_temp:text_tag("BINVAL", data.tags[1]:get_text()); + end end vcard_temp:up(); end @@ -157,7 +160,7 @@ local node_defaults = { }; function vcard_to_pep(vcard_temp) - local avatars = {}; + local avatar = {}; local vcard4 = st.stanza("item", { xmlns = "http://jabber.org/protocol/pubsub", id = "current" }) :tag("vcard", { xmlns = 'urn:ietf:params:xml:ns:vcard-4.0' }); @@ -246,7 +249,9 @@ function vcard_to_pep(vcard_temp) local avatar_raw = base64_decode(avatar_payload); local avatar_hash = sha1(avatar_raw, true); - local avatar_meta = st.stanza("item", { id = avatar_hash, xmlns = "http://jabber.org/protocol/pubsub" }) + avatar.hash = avatar_hash; + + avatar.meta = st.stanza("item", { id = avatar_hash, xmlns = "http://jabber.org/protocol/pubsub" }) :tag("metadata", { xmlns="urn:xmpp:avatar:metadata" }) :tag("info", { bytes = tostring(#avatar_raw), @@ -254,40 +259,29 @@ function vcard_to_pep(vcard_temp) type = avatar_type, }); - local avatar_data = st.stanza("item", { id = avatar_hash, xmlns = "http://jabber.org/protocol/pubsub" }) + avatar.data = st.stanza("item", { id = avatar_hash, xmlns = "http://jabber.org/protocol/pubsub" }) :tag("data", { xmlns="urn:xmpp:avatar:data" }) :text(avatar_payload); - table.insert(avatars, { hash = avatar_hash, meta = avatar_meta, data = avatar_data }); end end end - return vcard4, avatars; + return vcard4, avatar; end -function save_to_pep(pep_service, actor, vcard4, avatars) - if avatars then +function save_to_pep(pep_service, actor, vcard4, avatar) + if avatar then if pep_service:purge("urn:xmpp:avatar:metadata", actor) then pep_service:purge("urn:xmpp:avatar:data", actor); end - local avatar_defaults = node_defaults; - if #avatars > 1 then - avatar_defaults = {}; - for k,v in pairs(node_defaults) do - avatar_defaults[k] = v; - end - avatar_defaults.max_items = #avatars; + local ok, err = pep_service:publish("urn:xmpp:avatar:data", actor, avatar.hash, avatar.data, node_defaults); + if ok then + ok, err = pep_service:publish("urn:xmpp:avatar:metadata", actor, avatar.hash, avatar.meta, node_defaults); end - for _, avatar in ipairs(avatars) do - local ok, err = pep_service:publish("urn:xmpp:avatar:data", actor, avatar.hash, avatar.data, avatar_defaults); - if ok then - ok, err = pep_service:publish("urn:xmpp:avatar:metadata", actor, avatar.hash, avatar.meta, avatar_defaults); - end - if not ok then - return ok, err; - end + if not ok then + return ok, err; end end -- cgit v1.2.3 From a78297bb6c6514d5360339a84f6acc1a94d5198f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 1 Jun 2020 17:55:01 +0200 Subject: mod_vcard_legacy: Fix publishing vcard without avatar --- plugins/mod_vcard_legacy.lua | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_vcard_legacy.lua b/plugins/mod_vcard_legacy.lua index 3b175df4..92b1d5e9 100644 --- a/plugins/mod_vcard_legacy.lua +++ b/plugins/mod_vcard_legacy.lua @@ -276,12 +276,14 @@ function save_to_pep(pep_service, actor, vcard4, avatar) pep_service:purge("urn:xmpp:avatar:data", actor); end - local ok, err = pep_service:publish("urn:xmpp:avatar:data", actor, avatar.hash, avatar.data, node_defaults); - if ok then - ok, err = pep_service:publish("urn:xmpp:avatar:metadata", actor, avatar.hash, avatar.meta, node_defaults); - end - if not ok then - return ok, err; + if avatar.data and avatar.meta then + local ok, err = assert(pep_service:publish("urn:xmpp:avatar:data", actor, avatar.hash, avatar.data, node_defaults)); + if ok then + ok, err = assert(pep_service:publish("urn:xmpp:avatar:metadata", actor, avatar.hash, avatar.meta, node_defaults)); + end + if not ok then + return ok, err; + end end end -- cgit v1.2.3 From aa8c162f111c2d0e2e5f9c20b2ea8e9588ed4e14 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 1 Jun 2020 23:17:20 +0200 Subject: mod_admin_socket: Use module API meant for file paths Makes it so that a relative path in the config becomes relative to the data directory. --- plugins/mod_admin_socket.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_socket.lua b/plugins/mod_admin_socket.lua index 2085c5b0..b197adae 100644 --- a/plugins/mod_admin_socket.lua +++ b/plugins/mod_admin_socket.lua @@ -11,7 +11,7 @@ local server = require "net.server"; local adminstream = require "util.adminstream"; -local socket_path = module:get_option_string("admin_socket", prosody.paths.data.."/prosody.sock"); +local socket_path = module:get_option_path("admin_socket", "prosody.sock", "data"); local sessions = module:shared("sessions"); -- cgit v1.2.3 From 753836c876d5060cbc7e0c2029597abaae844eed Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Jun 2020 16:40:23 +0200 Subject: mod_admin_shell: Fix error due to float passed to os.date in Lua 5.3 Thanks Martin --- plugins/mod_admin_shell.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index a9ca797c..fd88f59c 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1273,11 +1273,11 @@ function def_env.debug:timers() print("-- util.timer"); for i, id in ipairs(h.ids) do if not params[id] then - print(os.date("%F %T", h.priorities[i]), h.items[id]); + print(os.date("%F %T", math.floor(h.priorities[i])), h.items[id]); elseif not params[id].callback then - print(os.date("%F %T", h.priorities[i]), h.items[id], unpack(params[id])); + print(os.date("%F %T", math.floor(h.priorities[i])), h.items[id], unpack(params[id])); else - print(os.date("%F %T", h.priorities[i]), params[id].callback, unpack(params[id])); + print(os.date("%F %T", math.floor(h.priorities[i])), params[id].callback, unpack(params[id])); end end end @@ -1293,7 +1293,7 @@ function def_env.debug:timers() if h then local next_time = h:peek(); if next_time then - return true, os.date("Next event at %F %T (in %%.6fs)", next_time):format(next_time - time.now()); + return true, os.date("Next event at %F %T (in %%.6fs)", math.floor(next_time)):format(next_time - time.now()); end end return true; -- cgit v1.2.3 From 6b98a3f55143f5be0b22ff5ce83999363cd5e253 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Jun 2020 19:43:50 +0200 Subject: mod_s2s: Move out of empty directory mod_s2s.lua had been all alone in there since the removal of s2sout.lib.lua in 756b8821007a --- plugins/mod_s2s.lua | 810 ++++++++++++++++++++++++++++++++++++++++++++ plugins/mod_s2s/mod_s2s.lua | 810 -------------------------------------------- 2 files changed, 810 insertions(+), 810 deletions(-) create mode 100644 plugins/mod_s2s.lua delete mode 100644 plugins/mod_s2s/mod_s2s.lua (limited to 'plugins') diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua new file mode 100644 index 00000000..0674f981 --- /dev/null +++ b/plugins/mod_s2s.lua @@ -0,0 +1,810 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +module:set_global(); + +local prosody = prosody; +local hosts = prosody.hosts; +local core_process_stanza = prosody.core_process_stanza; + +local tostring, type = tostring, type; +local t_insert = table.insert; +local traceback = debug.traceback; + +local add_task = require "util.timer".add_task; +local st = require "util.stanza"; +local initialize_filters = require "util.filters".initialize; +local nameprep = require "util.encodings".stringprep.nameprep; +local new_xmpp_stream = require "util.xmppstream".new; +local s2s_new_incoming = require "core.s2smanager".new_incoming; +local s2s_new_outgoing = require "core.s2smanager".new_outgoing; +local s2s_destroy_session = require "core.s2smanager".destroy_session; +local uuid_gen = require "util.uuid".generate; +local fire_global_event = prosody.events.fire_event; +local runner = require "util.async".runner; +local connect = require "net.connect".connect; +local service = require "net.resolvers.service"; +local errors = require "util.error"; +local set = require "util.set"; + +local connect_timeout = module:get_option_number("s2s_timeout", 90); +local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); +local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); +local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... +local secure_domains, insecure_domains = + module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; +local require_encryption = module:get_option_boolean("s2s_require_encryption", false); +local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) + +local measure_connections = module:measure("connections", "amount"); +local measure_ipv6 = module:measure("ipv6", "amount"); + +local sessions = module:shared("sessions"); + +local runner_callbacks = {}; + +local listener = {}; + +local log = module._log; + +local s2s_service_options = { + default_port = 5269; + use_ipv4 = module:get_option_boolean("use_ipv4", true); + use_ipv6 = module:get_option_boolean("use_ipv6", true); +}; + +module:hook("stats-update", function () + local count = 0; + local ipv6 = 0; + for _, session in pairs(sessions) do + count = count + 1; + if session.ip and session.ip:match(":") then + ipv6 = ipv6 + 1; + end + end + measure_connections(count); + measure_ipv6(ipv6); +end); + +--- Handle stanzas to remote domains + +local bouncy_stanzas = { message = true, presence = true, iq = true }; +local function bounce_sendq(session, reason) + local sendq = session.sendq; + if not sendq then return; end + session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", #sendq, session.to_host); + local dummy = { + type = "s2sin"; + send = function () + (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback()); + end; + dummy = true; + close = function () + (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback()); + end; + }; + -- FIXME Allow for more specific error conditions + -- TODO use util.error ? + local error_type = "cancel"; + local condition = "remote-server-not-found"; + local reason_text; + if session.had_stream then -- set when a stream is opened by the remote + error_type, condition = "wait", "remote-server-timeout"; + end + if errors.is_err(reason) then + error_type, condition, reason_text = reason.type, reason.condition, reason.text; + elseif type(reason) == "string" then + reason_text = reason; + end + for i, data in ipairs(sendq) do + local reply = data[2]; + if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then + reply.attr.type = "error"; + reply:tag("error", {type = error_type, by = session.from_host}) + :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); + if reason_text then + reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}) + :text("Server-to-server connection failed: "..reason_text):up(); + end + core_process_stanza(dummy, reply); + end + sendq[i] = nil; + end + session.sendq = nil; +end + +-- Handles stanzas to existing s2s sessions +function route_to_existing_session(event) + local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; + if not hosts[from_host] then + log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); + return false; + end + if hosts[to_host] then + log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host); + return false; + end + local host = hosts[from_host].s2sout[to_host]; + if not host then return end + + -- We have a connection to this host already + if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then + (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); + + -- Queue stanza until we are able to send it + local queued_item = { + tostring(stanza), + stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza); + }; + if host.sendq then + t_insert(host.sendq, queued_item); + else + -- luacheck: ignore 122 + host.sendq = { queued_item }; + end + host.log("debug", "stanza [%s] queued ", stanza.name); + return true; + elseif host.type == "local" or host.type == "component" then + log("error", "Trying to send a stanza to ourselves??") + log("error", "Traceback: %s", traceback()); + log("error", "Stanza: %s", stanza); + return false; + else + if host.sends2s(stanza) then + return true; + end + end +end + +-- Create a new outgoing session for a stanza +function route_to_new_session(event) + local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; + log("debug", "opening a new outgoing connection for this stanza"); + local host_session = s2s_new_outgoing(from_host, to_host); + host_session.version = 1; + + -- Store in buffer + host_session.bounce_sendq = bounce_sendq; + host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; + log("debug", "stanza [%s] queued until connection complete", stanza.name); + connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session }); + return true; +end + +local function keepalive(event) + return event.session.sends2s(' '); +end + +module:hook("s2s-read-timeout", keepalive, -1); + +function module.add_host(module) + if module:get_option_boolean("disallow_s2s", false) then + module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling"); + return nil, "This host has disallow_s2s set"; + end + module:hook("route/remote", route_to_existing_session, -1); + module:hook("route/remote", route_to_new_session, -10); + module:hook("s2s-authenticated", make_authenticated, -1); + module:hook("s2s-read-timeout", keepalive, -1); + module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza + if session.type == "s2sout" then + -- Stream is authenticated and we are seem to be done with feature negotiation, + -- so the stream is ready for stanzas. RFC 6120 Section 4.3 + mark_connected(session); + return true; + elseif require_encryption and not session.secure then + session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host); + session:close({ + condition = "policy-violation", + text = "Encrypted server-to-server communication is required but was not offered", + }, nil, "Could not establish encrypted connection to remote server"); + return true; + elseif not session.dialback_verifying then + session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); + session:close({ + condition = "unsupported-feature", + text = "No viable authentication method offered", + }, nil, "No viable authentication method offered by remote server"); + return true; + end + end, -1); +end + +-- Stream is authorised, and ready for normal stanzas +function mark_connected(session) + + local sendq = session.sendq; + + local from, to = session.from_host, session.to_host; + + session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to); + + local event_data = { session = session }; + if session.type == "s2sout" then + fire_global_event("s2sout-established", event_data); + hosts[from].events.fire_event("s2sout-established", event_data); + + if session.incoming then + session.send = function(stanza) + return hosts[from].events.fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza }); + end; + end + + else + if session.outgoing and not hosts[to].s2sout[from] then + session.log("debug", "Setting up to handle route from %s to %s", to, from); + hosts[to].s2sout[from] = session; -- luacheck: ignore 122 + end + local host_session = hosts[to]; + session.send = function(stanza) + return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); + end; + + fire_global_event("s2sin-established", event_data); + hosts[to].events.fire_event("s2sin-established", event_data); + end + + if session.direction == "outgoing" then + if sendq then + session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); + local send = session.sends2s; + for i, data in ipairs(sendq) do + send(data[1]); + sendq[i] = nil; + end + session.sendq = nil; + end + end +end + +function make_authenticated(event) + local session, host = event.session, event.host; + if not session.secure then + if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then + session:close({ + condition = "policy-violation", + text = "Encrypted server-to-server communication is required but was not " + ..((session.direction == "outgoing" and "offered") or "used") + }, nil, "Could not establish encrypted connection to remote server"); + end + end + if hosts[host] then + session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); + end + if session.type == "s2sout_unauthed" then + session.type = "s2sout"; + elseif session.type == "s2sin_unauthed" then + session.type = "s2sin"; + elseif session.type ~= "s2sin" and session.type ~= "s2sout" then + return false; + end + + if session.incoming and host then + if not session.hosts[host] then session.hosts[host] = {}; end + session.hosts[host].authed = true; + end + session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); + + if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then + -- Stream either used dialback for authentication or is an incoming stream. + mark_connected(session); + end + + return true; +end + +--- Helper to check that a session peer's certificate is valid +function check_cert_status(session) + local host = session.direction == "outgoing" and session.to_host or session.from_host + local conn = session.conn:socket() + local cert + if conn.getpeercertificate then + cert = conn:getpeercertificate() + end + + return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); +end + +--- XMPP stream event handlers + +local stream_callbacks = { default_ns = "jabber:server" }; + +function stream_callbacks.handlestanza(session, stanza) + stanza = session.filter("stanzas/in", stanza); + session.thread:run(stanza); +end + +local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; + +function stream_callbacks.streamopened(session, attr) + -- run _streamopened in async context + session.thread:run({ stream = "opened", attr = attr }); +end + +function stream_callbacks._streamopened(session, attr) + session.version = tonumber(attr.version) or 0; + session.had_stream = true; -- Had a stream opened at least once + + -- TODO: Rename session.secure to session.encrypted + if session.secure == false then + session.secure = true; + session.encrypted = true; + + local sock = session.conn:socket(); + if sock.info then + local info = sock:info(); + (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); + session.compressed = info.compression; + else + (session.log or log)("info", "Stream encrypted"); + end + end + + if session.direction == "incoming" then + -- Send a reply stream header + + -- Validate to/from + local to, from = attr.to, attr.from; + if to then to = nameprep(attr.to); end + if from then from = nameprep(attr.from); end + if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) + session:close({ condition = "improper-addressing", text = "Invalid 'to' address" }); + return; + end + if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts) + session:close({ condition = "improper-addressing", text = "Invalid 'from' address" }); + return; + end + + -- Set session.[from/to]_host if they have not been set already and if + -- this session isn't already authenticated + if session.type == "s2sin_unauthed" and from and not session.from_host then + session.from_host = from; + elseif from ~= session.from_host then + session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" }); + return; + end + if session.type == "s2sin_unauthed" and to and not session.to_host then + session.to_host = to; + elseif to ~= session.to_host then + session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" }); + return; + end + + -- For convenience we'll put the sanitised values into these variables + to, from = session.to_host, session.from_host; + + session.streamid = uuid_gen(); + (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag()); + if to then + if not hosts[to] then + -- Attempting to connect to a host we don't serve + session:close({ + condition = "host-unknown"; + text = "This host does not serve "..to + }); + return; + elseif not hosts[to].modules.s2s then + -- Attempting to connect to a host that disallows s2s + session:close({ + condition = "policy-violation"; + text = "Server-to-server communication is disabled for this host"; + }); + return; + end + end + + if hosts[from] then + session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" }); + return; + end + + if session.secure and not session.cert_chain_status then + if check_cert_status(session) == false then + return; + end + end + + session:open_stream(session.to_host, session.from_host) + session.notopen = nil; + if session.version >= 1.0 then + local features = st.stanza("stream:features"); + + if to then + hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features }); + else + (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); + fire_global_event("s2s-stream-features-legacy", { origin = session, features = features }); + end + + if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then + log("debug", "Sending stream features: %s", features); + session.sends2s(features); + else + (session.log or log)("warn", "No stream features to offer, giving up"); + session:close({ condition = "undefined-condition", text = "No stream features to offer" }); + end + end + elseif session.direction == "outgoing" then + session.notopen = nil; + if not attr.id then + log("warn", "Stream response did not give us a stream id!"); + session:close({ condition = "undefined-condition", text = "Missing stream ID" }); + return; + end + session.streamid = attr.id; + + if session.secure and not session.cert_chain_status then + if check_cert_status(session) == false then + return; + end + end + + -- If server is pre-1.0, don't wait for features, just do dialback + if session.version < 1.0 then + if not session.dialback_verifying then + hosts[session.from_host].events.fire_event("s2sout-authenticate-legacy", { origin = session }); + else + mark_connected(session); + end + end + end +end + +function stream_callbacks._streamclosed(session) + (session.log or log)("debug", "Received "); + session:close(false); +end + +function stream_callbacks.streamclosed(session, attr) + -- run _streamclosed in async context + session.thread:run({ stream = "closed", attr = attr }); +end + +function stream_callbacks.error(session, error, data) + if error == "no-stream" then + session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); + session:close("invalid-namespace"); + elseif error == "parse-error" then + session.log("debug", "Server-to-server XML parse error: %s", error); + session:close("not-well-formed"); + elseif error == "stream-error" then + local condition, text = "undefined-condition"; + for child in data:childtags(nil, xmlns_xmpp_streams) do + if child.name ~= "text" then + condition = child.name; + else + text = child:get_text(); + end + if condition ~= "undefined-condition" and text then + break; + end + end + text = condition .. (text and (" ("..text..")") or ""); + session.log("info", "Session closed by remote with error: %s", text); + session:close(nil, text); + end +end + +--- Session methods +local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; +-- reason: stream error to send to the remote server +-- remote_reason: stream error received from the remote server +-- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different +local function session_close(session, reason, remote_reason, bounce_reason) + local log = session.log or log; + if session.conn then + if session.notopen then + if session.direction == "incoming" then + session:open_stream(session.to_host, session.from_host); + else + session:open_stream(session.from_host, session.to_host); + end + end + if reason then -- nil == no err, initiated by us, false == initiated by remote + local stream_error; + if type(reason) == "string" then -- assume stream error + stream_error = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); + elseif type(reason) == "table" and not st.is_stanza(reason) then + stream_error = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); + if reason.text then + stream_error:tag("text", stream_xmlns_attr):text(reason.text):up(); + end + if reason.extra then + stream_error:add_child(reason.extra); + end + end + if st.is_stanza(stream_error) then + -- to and from are never unknown on outgoing connections + log("debug", "Disconnecting %s->%s[%s], is: %s", + session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); + session.sends2s(stream_error); + end + end + + session.sends2s(""); + function session.sends2s() return false; end + + -- luacheck: ignore 422/reason + -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc + local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason; + session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper), + session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); + + -- Authenticated incoming stream may still be sending us stanzas, so wait for from remote + local conn = session.conn; + if reason == nil and not session.notopen and session.incoming then + add_task(stream_close_timeout, function () + if not session.destroyed then + session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); + s2s_destroy_session(session, reason, bounce_reason); + conn:close(); + end + end); + else + s2s_destroy_session(session, reason, bounce_reason); + conn:close(); -- Close immediately, as this is an outgoing connection or is not authed + end + end +end + +function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session + if not from or (hosts[from] and hosts[from].modules.dialback) then + attr["xmlns:db"] = 'jabber:server:dialback'; + end + if not from then + attr.from = ''; + end + if not to then + attr.to = ''; + end +end + +-- Session initialization logic shared by incoming and outgoing +local function initialize_session(session) + local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); + + session.thread = runner(function (stanza) + if st.is_stanza(stanza) then + core_process_stanza(session, stanza); + elseif stanza.stream == "opened" then + stream_callbacks._streamopened(session, stanza.attr); + elseif stanza.stream == "closed" then + stream_callbacks._streamclosed(session, stanza.attr); + end + end, runner_callbacks, session); + + local log = session.log or log; + session.stream = stream; + + session.notopen = true; + + function session.reset_stream() + session.notopen = true; + session.streamid = nil; + session.stream:reset(); + end + + session.stream_attrs = session_stream_attrs; + + local filter = initialize_filters(session); + local conn = session.conn; + local w = conn.write; + + function session.sends2s(t) + log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?")); + if t.name then + t = filter("stanzas/out", t); + end + if t then + t = filter("bytes/out", tostring(t)); + if t then + return w(conn, t); + end + end + end + + function session.data(data) + data = filter("bytes/in", data); + if data then + local ok, err = stream:feed(data); + if ok then return; end + log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); + if err == "stanza-too-large" then + session:close({ condition = "policy-violation", text = "XML stanza is too big" }, nil, "Received invalid XML from remote server"); + else + session:close("not-well-formed", nil, "Received invalid XML from remote server"); + end + end + end + + session.close = session_close; + + local handlestanza = stream_callbacks.handlestanza; + function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session + return handlestanza(session, stanza); + end + + module:fire_event("s2s-created", { session = session }); + + add_task(connect_timeout, function () + if session.type == "s2sin" or session.type == "s2sout" then + return; -- Ok, we're connected + elseif session.type == "s2s_destroyed" then + return; -- Session already destroyed + end + -- Not connected, need to close session and clean up + (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity", + session.from_host or "(unknown)", session.to_host or "(unknown)"); + session:close("connection-timeout"); + end); +end + +function runner_callbacks:ready() + self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread)); + self.data.conn:resume(); +end + +function runner_callbacks:waiting() + self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread)); + self.data.conn:pause(); +end + +function runner_callbacks:error(err) + (self.data.log or log)("error", "Traceback[s2s]: %s", err); +end + +function listener.onconnect(conn) + conn:setoption("keepalive", opt_keepalives); + local session = sessions[conn]; + if not session then -- New incoming connection + session = s2s_new_incoming(conn); + sessions[conn] = session; + session.log("debug", "Incoming s2s connection"); + initialize_session(session); + else -- Outgoing session connected + session:open_stream(session.from_host, session.to_host); + end + session.ip = conn:ip(); +end + +function listener.onincoming(conn, data) + local session = sessions[conn]; + if session then + session.data(data); + end +end + +function listener.onstatus(conn, status) + if status == "ssl-handshake-complete" then + local session = sessions[conn]; + if session and session.direction == "outgoing" then + session.log("debug", "Sending stream header..."); + session:open_stream(session.from_host, session.to_host); + end + end +end + +function listener.ondisconnect(conn, err) + local session = sessions[conn]; + if session then + sessions[conn] = nil; + (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); + if session.secure == false and err then + -- TODO util.error-ify this + err = "Error during negotiation of encrypted connection: "..err; + end + s2s_destroy_session(session, err); + end +end + +function listener.onfail(data, err) + local session = data and data.session; + if session then + if err and session.direction == "outgoing" and session.notopen then + (session.log or log)("debug", "s2s connection attempt failed: %s", err); + end + (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); + s2s_destroy_session(session, err); + end +end + +function listener.onreadtimeout(conn) + local session = sessions[conn]; + if session then + local host = session.host or session.to_host; + return (hosts[host] or prosody).events.fire_event("s2s-read-timeout", { session = session }); + end +end + +function listener.register_outgoing(conn, session) + sessions[conn] = session; + initialize_session(session); +end + +function listener.ondetach(conn) + sessions[conn] = nil; +end + +function listener.onattach(conn, data) + local session = data and data.session; + if session then + session.conn = conn; + sessions[conn] = session; + initialize_session(session); + end +end + +-- Complete the sentence "Your certificate " with what's wrong +local function friendly_cert_error(session) --> string + if session.cert_chain_status == "invalid" then + if session.cert_chain_errors then + local cert_errors = set.new(session.cert_chain_errors[1]); + if cert_errors:contains("certificate has expired") then + return "has expired"; + elseif cert_errors:contains("self signed certificate") then + return "is self-signed"; + end + end + return "is not trusted"; -- for some other reason + elseif session.cert_identity_status == "invalid" then + return "is not valid for this name"; + end + -- this should normally be unreachable except if no s2s auth module was loaded + return "could not be validated"; +end + +function check_auth_policy(event) + local host, session = event.host, event.session; + local must_secure = secure_auth; + + if not must_secure and secure_domains[host] then + must_secure = true; + elseif must_secure and insecure_domains[host] then + must_secure = false; + end + + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then + local reason = friendly_cert_error(session); + session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); + -- XEP-0178 recommends closing outgoing connections without warning + -- but does not give a rationale for this. + -- In practice most cases are configuration mistakes or forgotten + -- certificate renewals. We think it's better to let the other party + -- know about the problem so that they can fix it. + session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, + nil, "Remote server's certificate "..reason); + return false; + end +end + +module:hook("s2s-check-certificate", check_auth_policy, -1); + +module:hook("server-stopping", function(event) + local reason = event.reason; + for _, session in pairs(sessions) do + session:close{ condition = "system-shutdown", text = reason }; + end +end, -200); + + + +module:provides("net", { + name = "s2s"; + listener = listener; + default_port = 5269; + encryption = "starttls"; + ssl_config = { -- FIXME This is not used atm, see mod_tls + verify = { "peer", "client_once", }; + }; + multiplex = { + protocol = "xmpp-server"; + pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; + }; +}); + diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua deleted file mode 100644 index 0674f981..00000000 --- a/plugins/mod_s2s/mod_s2s.lua +++ /dev/null @@ -1,810 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -module:set_global(); - -local prosody = prosody; -local hosts = prosody.hosts; -local core_process_stanza = prosody.core_process_stanza; - -local tostring, type = tostring, type; -local t_insert = table.insert; -local traceback = debug.traceback; - -local add_task = require "util.timer".add_task; -local st = require "util.stanza"; -local initialize_filters = require "util.filters".initialize; -local nameprep = require "util.encodings".stringprep.nameprep; -local new_xmpp_stream = require "util.xmppstream".new; -local s2s_new_incoming = require "core.s2smanager".new_incoming; -local s2s_new_outgoing = require "core.s2smanager".new_outgoing; -local s2s_destroy_session = require "core.s2smanager".destroy_session; -local uuid_gen = require "util.uuid".generate; -local fire_global_event = prosody.events.fire_event; -local runner = require "util.async".runner; -local connect = require "net.connect".connect; -local service = require "net.resolvers.service"; -local errors = require "util.error"; -local set = require "util.set"; - -local connect_timeout = module:get_option_number("s2s_timeout", 90); -local stream_close_timeout = module:get_option_number("s2s_close_timeout", 5); -local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); -local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... -local secure_domains, insecure_domains = - module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; -local require_encryption = module:get_option_boolean("s2s_require_encryption", false); -local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) - -local measure_connections = module:measure("connections", "amount"); -local measure_ipv6 = module:measure("ipv6", "amount"); - -local sessions = module:shared("sessions"); - -local runner_callbacks = {}; - -local listener = {}; - -local log = module._log; - -local s2s_service_options = { - default_port = 5269; - use_ipv4 = module:get_option_boolean("use_ipv4", true); - use_ipv6 = module:get_option_boolean("use_ipv6", true); -}; - -module:hook("stats-update", function () - local count = 0; - local ipv6 = 0; - for _, session in pairs(sessions) do - count = count + 1; - if session.ip and session.ip:match(":") then - ipv6 = ipv6 + 1; - end - end - measure_connections(count); - measure_ipv6(ipv6); -end); - ---- Handle stanzas to remote domains - -local bouncy_stanzas = { message = true, presence = true, iq = true }; -local function bounce_sendq(session, reason) - local sendq = session.sendq; - if not sendq then return; end - session.log("info", "Sending error replies for %d queued stanzas because of failed outgoing connection to %s", #sendq, session.to_host); - local dummy = { - type = "s2sin"; - send = function () - (session.log or log)("error", "Replying to to an s2s error reply, please report this! Traceback: %s", traceback()); - end; - dummy = true; - close = function () - (session.log or log)("error", "Attempting to close the dummy origin of s2s error replies, please report this! Traceback: %s", traceback()); - end; - }; - -- FIXME Allow for more specific error conditions - -- TODO use util.error ? - local error_type = "cancel"; - local condition = "remote-server-not-found"; - local reason_text; - if session.had_stream then -- set when a stream is opened by the remote - error_type, condition = "wait", "remote-server-timeout"; - end - if errors.is_err(reason) then - error_type, condition, reason_text = reason.type, reason.condition, reason.text; - elseif type(reason) == "string" then - reason_text = reason; - end - for i, data in ipairs(sendq) do - local reply = data[2]; - if reply and not(reply.attr.xmlns) and bouncy_stanzas[reply.name] then - reply.attr.type = "error"; - reply:tag("error", {type = error_type, by = session.from_host}) - :tag(condition, {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}):up(); - if reason_text then - reply:tag("text", {xmlns = "urn:ietf:params:xml:ns:xmpp-stanzas"}) - :text("Server-to-server connection failed: "..reason_text):up(); - end - core_process_stanza(dummy, reply); - end - sendq[i] = nil; - end - session.sendq = nil; -end - --- Handles stanzas to existing s2s sessions -function route_to_existing_session(event) - local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; - if not hosts[from_host] then - log("warn", "Attempt to send stanza from %s - a host we don't serve", from_host); - return false; - end - if hosts[to_host] then - log("warn", "Attempt to route stanza to a remote %s - a host we do serve?!", from_host); - return false; - end - local host = hosts[from_host].s2sout[to_host]; - if not host then return end - - -- We have a connection to this host already - if host.type == "s2sout_unauthed" and (stanza.name ~= "db:verify" or not host.dialback_key) then - (host.log or log)("debug", "trying to send over unauthed s2sout to "..to_host); - - -- Queue stanza until we are able to send it - local queued_item = { - tostring(stanza), - stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza); - }; - if host.sendq then - t_insert(host.sendq, queued_item); - else - -- luacheck: ignore 122 - host.sendq = { queued_item }; - end - host.log("debug", "stanza [%s] queued ", stanza.name); - return true; - elseif host.type == "local" or host.type == "component" then - log("error", "Trying to send a stanza to ourselves??") - log("error", "Traceback: %s", traceback()); - log("error", "Stanza: %s", stanza); - return false; - else - if host.sends2s(stanza) then - return true; - end - end -end - --- Create a new outgoing session for a stanza -function route_to_new_session(event) - local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; - log("debug", "opening a new outgoing connection for this stanza"); - local host_session = s2s_new_outgoing(from_host, to_host); - host_session.version = 1; - - -- Store in buffer - host_session.bounce_sendq = bounce_sendq; - host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; - log("debug", "stanza [%s] queued until connection complete", stanza.name); - connect(service.new(to_host, "xmpp-server", "tcp", s2s_service_options), listener, nil, { session = host_session }); - return true; -end - -local function keepalive(event) - return event.session.sends2s(' '); -end - -module:hook("s2s-read-timeout", keepalive, -1); - -function module.add_host(module) - if module:get_option_boolean("disallow_s2s", false) then - module:log("warn", "The 'disallow_s2s' config option is deprecated, please see https://prosody.im/doc/s2s#disabling"); - return nil, "This host has disallow_s2s set"; - end - module:hook("route/remote", route_to_existing_session, -1); - module:hook("route/remote", route_to_new_session, -10); - module:hook("s2s-authenticated", make_authenticated, -1); - module:hook("s2s-read-timeout", keepalive, -1); - module:hook_stanza("http://etherx.jabber.org/streams", "features", function (session, stanza) -- luacheck: ignore 212/stanza - if session.type == "s2sout" then - -- Stream is authenticated and we are seem to be done with feature negotiation, - -- so the stream is ready for stanzas. RFC 6120 Section 4.3 - mark_connected(session); - return true; - elseif require_encryption and not session.secure then - session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host); - session:close({ - condition = "policy-violation", - text = "Encrypted server-to-server communication is required but was not offered", - }, nil, "Could not establish encrypted connection to remote server"); - return true; - elseif not session.dialback_verifying then - session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); - session:close({ - condition = "unsupported-feature", - text = "No viable authentication method offered", - }, nil, "No viable authentication method offered by remote server"); - return true; - end - end, -1); -end - --- Stream is authorised, and ready for normal stanzas -function mark_connected(session) - - local sendq = session.sendq; - - local from, to = session.from_host, session.to_host; - - session.log("info", "%s s2s connection %s->%s complete", session.direction:gsub("^.", string.upper), from, to); - - local event_data = { session = session }; - if session.type == "s2sout" then - fire_global_event("s2sout-established", event_data); - hosts[from].events.fire_event("s2sout-established", event_data); - - if session.incoming then - session.send = function(stanza) - return hosts[from].events.fire_event("route/remote", { from_host = from, to_host = to, stanza = stanza }); - end; - end - - else - if session.outgoing and not hosts[to].s2sout[from] then - session.log("debug", "Setting up to handle route from %s to %s", to, from); - hosts[to].s2sout[from] = session; -- luacheck: ignore 122 - end - local host_session = hosts[to]; - session.send = function(stanza) - return host_session.events.fire_event("route/remote", { from_host = to, to_host = from, stanza = stanza }); - end; - - fire_global_event("s2sin-established", event_data); - hosts[to].events.fire_event("s2sin-established", event_data); - end - - if session.direction == "outgoing" then - if sendq then - session.log("debug", "sending %d queued stanzas across new outgoing connection to %s", #sendq, session.to_host); - local send = session.sends2s; - for i, data in ipairs(sendq) do - send(data[1]); - sendq[i] = nil; - end - session.sendq = nil; - end - end -end - -function make_authenticated(event) - local session, host = event.session, event.host; - if not session.secure then - if require_encryption or (secure_auth and not(insecure_domains[host])) or secure_domains[host] then - session:close({ - condition = "policy-violation", - text = "Encrypted server-to-server communication is required but was not " - ..((session.direction == "outgoing" and "offered") or "used") - }, nil, "Could not establish encrypted connection to remote server"); - end - end - if hosts[host] then - session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); - end - if session.type == "s2sout_unauthed" then - session.type = "s2sout"; - elseif session.type == "s2sin_unauthed" then - session.type = "s2sin"; - elseif session.type ~= "s2sin" and session.type ~= "s2sout" then - return false; - end - - if session.incoming and host then - if not session.hosts[host] then session.hosts[host] = {}; end - session.hosts[host].authed = true; - end - session.log("debug", "connection %s->%s is now authenticated for %s", session.from_host, session.to_host, host); - - if (session.type == "s2sout" and session.external_auth ~= "succeeded") or session.type == "s2sin" then - -- Stream either used dialback for authentication or is an incoming stream. - mark_connected(session); - end - - return true; -end - ---- Helper to check that a session peer's certificate is valid -function check_cert_status(session) - local host = session.direction == "outgoing" and session.to_host or session.from_host - local conn = session.conn:socket() - local cert - if conn.getpeercertificate then - cert = conn:getpeercertificate() - end - - return module:fire_event("s2s-check-certificate", { host = host, session = session, cert = cert }); -end - ---- XMPP stream event handlers - -local stream_callbacks = { default_ns = "jabber:server" }; - -function stream_callbacks.handlestanza(session, stanza) - stanza = session.filter("stanzas/in", stanza); - session.thread:run(stanza); -end - -local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; - -function stream_callbacks.streamopened(session, attr) - -- run _streamopened in async context - session.thread:run({ stream = "opened", attr = attr }); -end - -function stream_callbacks._streamopened(session, attr) - session.version = tonumber(attr.version) or 0; - session.had_stream = true; -- Had a stream opened at least once - - -- TODO: Rename session.secure to session.encrypted - if session.secure == false then - session.secure = true; - session.encrypted = true; - - local sock = session.conn:socket(); - if sock.info then - local info = sock:info(); - (session.log or log)("info", "Stream encrypted (%s with %s)", info.protocol, info.cipher); - session.compressed = info.compression; - else - (session.log or log)("info", "Stream encrypted"); - end - end - - if session.direction == "incoming" then - -- Send a reply stream header - - -- Validate to/from - local to, from = attr.to, attr.from; - if to then to = nameprep(attr.to); end - if from then from = nameprep(attr.from); end - if not to and attr.to then -- COMPAT: Some servers do not reliably set 'to' (especially on stream restarts) - session:close({ condition = "improper-addressing", text = "Invalid 'to' address" }); - return; - end - if not from and attr.from then -- COMPAT: Some servers do not reliably set 'from' (especially on stream restarts) - session:close({ condition = "improper-addressing", text = "Invalid 'from' address" }); - return; - end - - -- Set session.[from/to]_host if they have not been set already and if - -- this session isn't already authenticated - if session.type == "s2sin_unauthed" and from and not session.from_host then - session.from_host = from; - elseif from ~= session.from_host then - session:close({ condition = "improper-addressing", text = "New stream 'from' attribute does not match original" }); - return; - end - if session.type == "s2sin_unauthed" and to and not session.to_host then - session.to_host = to; - elseif to ~= session.to_host then - session:close({ condition = "improper-addressing", text = "New stream 'to' attribute does not match original" }); - return; - end - - -- For convenience we'll put the sanitised values into these variables - to, from = session.to_host, session.from_host; - - session.streamid = uuid_gen(); - (session.log or log)("debug", "Incoming s2s received %s", st.stanza("stream:stream", attr):top_tag()); - if to then - if not hosts[to] then - -- Attempting to connect to a host we don't serve - session:close({ - condition = "host-unknown"; - text = "This host does not serve "..to - }); - return; - elseif not hosts[to].modules.s2s then - -- Attempting to connect to a host that disallows s2s - session:close({ - condition = "policy-violation"; - text = "Server-to-server communication is disabled for this host"; - }); - return; - end - end - - if hosts[from] then - session:close({ condition = "undefined-condition", text = "Attempt to connect from a host we serve" }); - return; - end - - if session.secure and not session.cert_chain_status then - if check_cert_status(session) == false then - return; - end - end - - session:open_stream(session.to_host, session.from_host) - session.notopen = nil; - if session.version >= 1.0 then - local features = st.stanza("stream:features"); - - if to then - hosts[to].events.fire_event("s2s-stream-features", { origin = session, features = features }); - else - (session.log or log)("warn", "No 'to' on stream header from %s means we can't offer any features", from or session.ip or "unknown host"); - fire_global_event("s2s-stream-features-legacy", { origin = session, features = features }); - end - - if ( session.type == "s2sin" or session.type == "s2sout" ) or features.tags[1] then - log("debug", "Sending stream features: %s", features); - session.sends2s(features); - else - (session.log or log)("warn", "No stream features to offer, giving up"); - session:close({ condition = "undefined-condition", text = "No stream features to offer" }); - end - end - elseif session.direction == "outgoing" then - session.notopen = nil; - if not attr.id then - log("warn", "Stream response did not give us a stream id!"); - session:close({ condition = "undefined-condition", text = "Missing stream ID" }); - return; - end - session.streamid = attr.id; - - if session.secure and not session.cert_chain_status then - if check_cert_status(session) == false then - return; - end - end - - -- If server is pre-1.0, don't wait for features, just do dialback - if session.version < 1.0 then - if not session.dialback_verifying then - hosts[session.from_host].events.fire_event("s2sout-authenticate-legacy", { origin = session }); - else - mark_connected(session); - end - end - end -end - -function stream_callbacks._streamclosed(session) - (session.log or log)("debug", "Received "); - session:close(false); -end - -function stream_callbacks.streamclosed(session, attr) - -- run _streamclosed in async context - session.thread:run({ stream = "closed", attr = attr }); -end - -function stream_callbacks.error(session, error, data) - if error == "no-stream" then - session.log("debug", "Invalid opening stream header (%s)", (data:gsub("^([^\1]+)\1", "{%1}"))); - session:close("invalid-namespace"); - elseif error == "parse-error" then - session.log("debug", "Server-to-server XML parse error: %s", error); - session:close("not-well-formed"); - elseif error == "stream-error" then - local condition, text = "undefined-condition"; - for child in data:childtags(nil, xmlns_xmpp_streams) do - if child.name ~= "text" then - condition = child.name; - else - text = child:get_text(); - end - if condition ~= "undefined-condition" and text then - break; - end - end - text = condition .. (text and (" ("..text..")") or ""); - session.log("info", "Session closed by remote with error: %s", text); - session:close(nil, text); - end -end - ---- Session methods -local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; --- reason: stream error to send to the remote server --- remote_reason: stream error received from the remote server --- bounce_reason: stanza error to pass to bounce_sendq because stream- and stanza errors are different -local function session_close(session, reason, remote_reason, bounce_reason) - local log = session.log or log; - if session.conn then - if session.notopen then - if session.direction == "incoming" then - session:open_stream(session.to_host, session.from_host); - else - session:open_stream(session.from_host, session.to_host); - end - end - if reason then -- nil == no err, initiated by us, false == initiated by remote - local stream_error; - if type(reason) == "string" then -- assume stream error - stream_error = st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' }); - elseif type(reason) == "table" and not st.is_stanza(reason) then - stream_error = st.stanza("stream:error"):tag(reason.condition or "undefined-condition", stream_xmlns_attr):up(); - if reason.text then - stream_error:tag("text", stream_xmlns_attr):text(reason.text):up(); - end - if reason.extra then - stream_error:add_child(reason.extra); - end - end - if st.is_stanza(stream_error) then - -- to and from are never unknown on outgoing connections - log("debug", "Disconnecting %s->%s[%s], is: %s", - session.from_host or "(unknown host)" or session.ip, session.to_host or "(unknown host)", session.type, reason); - session.sends2s(stream_error); - end - end - - session.sends2s(""); - function session.sends2s() return false; end - - -- luacheck: ignore 422/reason - -- FIXME reason should be managed in a place common to c2s, s2s, bosh, component etc - local reason = remote_reason or (reason and (reason.text or reason.condition)) or reason; - session.log("info", "%s s2s stream %s->%s closed: %s", session.direction:gsub("^.", string.upper), - session.from_host or "(unknown host)", session.to_host or "(unknown host)", reason or "stream closed"); - - -- Authenticated incoming stream may still be sending us stanzas, so wait for from remote - local conn = session.conn; - if reason == nil and not session.notopen and session.incoming then - add_task(stream_close_timeout, function () - if not session.destroyed then - session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); - s2s_destroy_session(session, reason, bounce_reason); - conn:close(); - end - end); - else - s2s_destroy_session(session, reason, bounce_reason); - conn:close(); -- Close immediately, as this is an outgoing connection or is not authed - end - end -end - -function session_stream_attrs(session, from, to, attr) -- luacheck: ignore 212/session - if not from or (hosts[from] and hosts[from].modules.dialback) then - attr["xmlns:db"] = 'jabber:server:dialback'; - end - if not from then - attr.from = ''; - end - if not to then - attr.to = ''; - end -end - --- Session initialization logic shared by incoming and outgoing -local function initialize_session(session) - local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); - - session.thread = runner(function (stanza) - if st.is_stanza(stanza) then - core_process_stanza(session, stanza); - elseif stanza.stream == "opened" then - stream_callbacks._streamopened(session, stanza.attr); - elseif stanza.stream == "closed" then - stream_callbacks._streamclosed(session, stanza.attr); - end - end, runner_callbacks, session); - - local log = session.log or log; - session.stream = stream; - - session.notopen = true; - - function session.reset_stream() - session.notopen = true; - session.streamid = nil; - session.stream:reset(); - end - - session.stream_attrs = session_stream_attrs; - - local filter = initialize_filters(session); - local conn = session.conn; - local w = conn.write; - - function session.sends2s(t) - log("debug", "Sending[%s]: %s", session.type, t.top_tag and t:top_tag() or t:match("^[^>]*>?")); - if t.name then - t = filter("stanzas/out", t); - end - if t then - t = filter("bytes/out", tostring(t)); - if t then - return w(conn, t); - end - end - end - - function session.data(data) - data = filter("bytes/in", data); - if data then - local ok, err = stream:feed(data); - if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); - if err == "stanza-too-large" then - session:close({ condition = "policy-violation", text = "XML stanza is too big" }, nil, "Received invalid XML from remote server"); - else - session:close("not-well-formed", nil, "Received invalid XML from remote server"); - end - end - end - - session.close = session_close; - - local handlestanza = stream_callbacks.handlestanza; - function session.dispatch_stanza(session, stanza) -- luacheck: ignore 432/session - return handlestanza(session, stanza); - end - - module:fire_event("s2s-created", { session = session }); - - add_task(connect_timeout, function () - if session.type == "s2sin" or session.type == "s2sout" then - return; -- Ok, we're connected - elseif session.type == "s2s_destroyed" then - return; -- Session already destroyed - end - -- Not connected, need to close session and clean up - (session.log or log)("debug", "Destroying incomplete session %s->%s due to inactivity", - session.from_host or "(unknown)", session.to_host or "(unknown)"); - session:close("connection-timeout"); - end); -end - -function runner_callbacks:ready() - self.data.log("debug", "Runner %s ready (%s)", self.thread, coroutine.status(self.thread)); - self.data.conn:resume(); -end - -function runner_callbacks:waiting() - self.data.log("debug", "Runner %s waiting (%s)", self.thread, coroutine.status(self.thread)); - self.data.conn:pause(); -end - -function runner_callbacks:error(err) - (self.data.log or log)("error", "Traceback[s2s]: %s", err); -end - -function listener.onconnect(conn) - conn:setoption("keepalive", opt_keepalives); - local session = sessions[conn]; - if not session then -- New incoming connection - session = s2s_new_incoming(conn); - sessions[conn] = session; - session.log("debug", "Incoming s2s connection"); - initialize_session(session); - else -- Outgoing session connected - session:open_stream(session.from_host, session.to_host); - end - session.ip = conn:ip(); -end - -function listener.onincoming(conn, data) - local session = sessions[conn]; - if session then - session.data(data); - end -end - -function listener.onstatus(conn, status) - if status == "ssl-handshake-complete" then - local session = sessions[conn]; - if session and session.direction == "outgoing" then - session.log("debug", "Sending stream header..."); - session:open_stream(session.from_host, session.to_host); - end - end -end - -function listener.ondisconnect(conn, err) - local session = sessions[conn]; - if session then - sessions[conn] = nil; - (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); - if session.secure == false and err then - -- TODO util.error-ify this - err = "Error during negotiation of encrypted connection: "..err; - end - s2s_destroy_session(session, err); - end -end - -function listener.onfail(data, err) - local session = data and data.session; - if session then - if err and session.direction == "outgoing" and session.notopen then - (session.log or log)("debug", "s2s connection attempt failed: %s", err); - end - (session.log or log)("debug", "s2s disconnected: %s->%s (%s)", session.from_host, session.to_host, err or "connection closed"); - s2s_destroy_session(session, err); - end -end - -function listener.onreadtimeout(conn) - local session = sessions[conn]; - if session then - local host = session.host or session.to_host; - return (hosts[host] or prosody).events.fire_event("s2s-read-timeout", { session = session }); - end -end - -function listener.register_outgoing(conn, session) - sessions[conn] = session; - initialize_session(session); -end - -function listener.ondetach(conn) - sessions[conn] = nil; -end - -function listener.onattach(conn, data) - local session = data and data.session; - if session then - session.conn = conn; - sessions[conn] = session; - initialize_session(session); - end -end - --- Complete the sentence "Your certificate " with what's wrong -local function friendly_cert_error(session) --> string - if session.cert_chain_status == "invalid" then - if session.cert_chain_errors then - local cert_errors = set.new(session.cert_chain_errors[1]); - if cert_errors:contains("certificate has expired") then - return "has expired"; - elseif cert_errors:contains("self signed certificate") then - return "is self-signed"; - end - end - return "is not trusted"; -- for some other reason - elseif session.cert_identity_status == "invalid" then - return "is not valid for this name"; - end - -- this should normally be unreachable except if no s2s auth module was loaded - return "could not be validated"; -end - -function check_auth_policy(event) - local host, session = event.host, event.session; - local must_secure = secure_auth; - - if not must_secure and secure_domains[host] then - must_secure = true; - elseif must_secure and insecure_domains[host] then - must_secure = false; - end - - if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then - local reason = friendly_cert_error(session); - session.log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason); - -- XEP-0178 recommends closing outgoing connections without warning - -- but does not give a rationale for this. - -- In practice most cases are configuration mistakes or forgotten - -- certificate renewals. We think it's better to let the other party - -- know about the problem so that they can fix it. - session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, - nil, "Remote server's certificate "..reason); - return false; - end -end - -module:hook("s2s-check-certificate", check_auth_policy, -1); - -module:hook("server-stopping", function(event) - local reason = event.reason; - for _, session in pairs(sessions) do - session:close{ condition = "system-shutdown", text = reason }; - end -end, -200); - - - -module:provides("net", { - name = "s2s"; - listener = listener; - default_port = 5269; - encryption = "starttls"; - ssl_config = { -- FIXME This is not used atm, see mod_tls - verify = { "peer", "client_once", }; - }; - multiplex = { - protocol = "xmpp-server"; - pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; - }; -}); - -- cgit v1.2.3 From 509549f679bc6772bd36984d0f5ca056018d974d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 3 Jun 2020 19:27:44 +0200 Subject: mod_admin_shell: Format stats with util.human.units --- plugins/mod_admin_shell.lua | 72 ++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 36 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index fd88f59c..afbd2922 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -36,6 +36,8 @@ local serialization = require "util.serialization"; local serialize_config = serialization.new ({ fatal = false, unquoted = true}); local time = require "util.time"; +local format_number = require "util.human.units".format; + local commands = module:shared("commands") local def_env = module:shared("env"); local default_env_mt = { __index = def_env }; @@ -319,11 +321,7 @@ function def_env.server:shutdown(reason) end local function human(kb) - local unit = "K"; - if kb > 1024 then - kb, unit = kb/1024, "M"; - end - return ("%0.2f%sB"):format(kb, unit); + return format_number(kb*1024, "B", "b"); end function def_env.server:memory() @@ -1304,30 +1302,32 @@ def_env.timer = { info = def_env.debug.timers }; def_env.stats = {}; -local function format_stat(type, value, ref_value) +local short_units = { + seconds = "s", + bytes = "B", +}; + +local function format_stat(type, unit, value, ref_value) ref_value = ref_value or value; --do return tostring(value) end - if type == "duration" then - if ref_value < 0.001 then - return ("%g µs"):format(value*1000000); - elseif ref_value < 0.9 then - return ("%0.2f ms"):format(value*1000); - end - return ("%0.2f"):format(value); - elseif type == "size" then - if ref_value > 1048576 then - return ("%d MB"):format(value/1048576); - elseif ref_value > 1024 then - return ("%d KB"):format(value/1024); - end - return ("%d bytes"):format(value); - elseif type == "rate" then - if ref_value < 0.9 then - return ("%0.2f/min"):format(value*60); + if not unit then + if type == "duration" then + unit = "seconds" + elseif type == "size" then + unit = "bytes"; + elseif type == "rate" then + unit = " events/sec" + if ref_value < 0.9 then + unit = " events/min" + value = value*60; + if ref_value < 0.6/60 then + unit = " events/h" + value = value*60; + end + end end - return ("%0.2f/sec"):format(value); end - return tostring(value); + return format_number(value, short_units[unit] or unit or "", unit == "bytes" and 'b' or nil); end local stats_methods = {}; @@ -1412,14 +1412,14 @@ function stats_methods:summary() data.sample_count )); table.insert(stat_info.output, string.format("Min: %s Mean: %s Max: %s", - format_stat(type, data.min), - format_stat(type, value), - format_stat(type, data.max) + format_stat(type, data.units, data.min), + format_stat(type, data.units, value), + format_stat(type, data.units, data.max) )); table.insert(stat_info.output, string.format("Q1: %s Median: %s Q3: %s", - format_stat(type, statistics.get_percentile(data, 25)), - format_stat(type, statistics.get_percentile(data, 50)), - format_stat(type, statistics.get_percentile(data, 75)) + format_stat(type, data.units, statistics.get_percentile(data, 25)), + format_stat(type, data.units, statistics.get_percentile(data, 50)), + format_stat(type, data.units, statistics.get_percentile(data, 75)) )); end end @@ -1449,7 +1449,7 @@ function stats_methods:cfgraph() end print(""); - print(("_"):rep(52)..format_stat(type, data.max)); + print(("_"):rep(52)..format_stat(type, data.units, data.max)); for row = graph_height, 1, -1 do local row_chars = {}; local min_eighths, max_eighths = 8, 0; @@ -1468,7 +1468,7 @@ function stats_methods:cfgraph() row_chars[i] = char; end end - print(table.concat(row_chars).."|-"..format_stat(type, data.max/(graph_height/(row-0.5)))); + print(table.concat(row_chars).."|-"..format_stat(type, data.units, data.max/(graph_height/(row-0.5)))); end print(("\\ "):rep(11)); local x_labels = {}; @@ -1553,14 +1553,14 @@ function stats_methods:histogram() print(("\\ "):rep(11)); local x_labels = {}; for i = 1, 11 do - local s = ("%-4s"):format(format_stat(type, data.min+range*i/11, data.min):match("^%S+")); + local s = ("%-4s"):format(format_stat(type, data.units, data.min+range*i/11, data.min):match("^%S+")); if #s > 4 then s = s:sub(1, 3).."…"; end x_labels[i] = s; end print(" "..table.concat(x_labels, " ")); - local units = format_stat(type, data.min):match("%s+(.+)$") or data.units or ""; + local units = format_stat(type, data.units, data.min):match("%s+(.+)$") or data.units or ""; local margin = math.floor((graph_width-#units)/2); print((" "):rep(margin)..units); else @@ -1582,7 +1582,7 @@ local function stats_tostring(stats) end print(""); else - print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], stat_info[3]))); + print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], (stat_info[4] or {}).unit, stat_info[3]))); end end return #stats.." statistics displayed"; -- cgit v1.2.3 From 4a087da58efef206a0ad39abf510723b8c77e239 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 4 Jun 2020 16:54:52 +0200 Subject: mod_admin_shell: Skip multiplier adjustment for rates --- plugins/mod_admin_shell.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index afbd2922..f3672496 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1318,13 +1318,14 @@ local function format_stat(type, unit, value, ref_value) elseif type == "rate" then unit = " events/sec" if ref_value < 0.9 then - unit = " events/min" + unit = "events/min" value = value*60; if ref_value < 0.6/60 then - unit = " events/h" + unit = "events/h" value = value*60; end end + return ("%.3g %s"):format(value, unit); end end return format_number(value, short_units[unit] or unit or "", unit == "bytes" and 'b' or nil); -- cgit v1.2.3 From ababc84794a77543eb1b84b5414d46f0eacb41f6 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 7 Jun 2020 00:18:14 +0200 Subject: mod_admin_shell: Fix display of units for some statistics --- plugins/mod_admin_shell.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index f3672496..0154cc65 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1583,7 +1583,7 @@ local function stats_tostring(stats) end print(""); else - print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], (stat_info[4] or {}).unit, stat_info[3]))); + print(("%-50s %s"):format(stat_info[1], format_stat(stat_info[2], (stat_info[4] or {}).units, stat_info[3]))); end end return #stats.." statistics displayed"; -- cgit v1.2.3 From edd798dd98d083d81369e232348a23ebc8cc7b96 Mon Sep 17 00:00:00 2001 From: Boris Grozev Date: Wed, 10 Jun 2020 13:15:57 -0500 Subject: mod_http: Support CIDR for trusted proxies. --- plugins/mod_http.lua | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 3bacae61..cf63ecfb 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -18,6 +18,11 @@ local url_build = require "socket.url".build; local normalize_path = require "util.http".normalize_path; local set = require "util.set"; +local ip_util = require "util.ip"; +local new_ip = ip_util.new_ip; +local match_ip = ip_util.match; +local parse_cidr = ip_util.parse_cidr; + local server = require "net.http.server"; server.set_default_host(module:get_option_string("http_default_host")); @@ -204,6 +209,16 @@ module.add_host(module); -- set up handling on global context too local trusted_proxies = module:get_option_set("trusted_proxies", { "127.0.0.1", "::1" })._items; +local function is_trusted_proxy(ip) + local parsed_ip = new_ip(ip) + for trusted_proxy in trusted_proxies do + if match_ip(parsed_ip, parse_cidr(trusted_proxy)) then + return true; + end + end + return false +end + local function get_ip_from_request(request) local ip = request.conn:ip(); local forwarded_for = request.headers.x_forwarded_for; @@ -218,7 +233,7 @@ local function get_ip_from_request(request) -- Case d) If all IPs are in trusted proxies, something went obviously wrong and the logic never overwrites `ip`, leaving it at the original request IP. forwarded_for = forwarded_for..", "..ip; for forwarded_ip in forwarded_for:gmatch("[^%s,]+") do - if not trusted_proxies[forwarded_ip] then + if not is_trusted_proxy(forwarded_ip) then ip = forwarded_ip; end end -- cgit v1.2.3 From 371d05a0c6f7a9353155588d617a1efd468fd9d0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 12 Jun 2020 16:54:38 +0100 Subject: mod_storage_sql: Fix incorrect results when fetching items before specific archive id Copy/paste error, introduced in deb68066c7aa --- plugins/mod_storage_sql.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 30e38d49..67e7ad17 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -391,7 +391,7 @@ local function archive_where_id_range(query, args, where) end if query.before then local before_id = nil; - for row in engine:select(id_lookup_sql, query.after, args[1], args[2], args[3]) do + for row in engine:select(id_lookup_sql, query.before, args[1], args[2], args[3]) do before_id = row[1]; end if not before_id then -- cgit v1.2.3 From 0919bb30d392aabf24ff9e35792c2a9ee1666aa0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 12 Jun 2020 16:55:35 +0100 Subject: mod_storage_internal, mod_storage_memory: Add support for query.before Previously returned all results. --- plugins/mod_storage_internal.lua | 8 ++++++-- plugins/mod_storage_memory.lua | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_storage_internal.lua b/plugins/mod_storage_internal.lua index 3998165b..28dc8921 100644 --- a/plugins/mod_storage_internal.lua +++ b/plugins/mod_storage_internal.lua @@ -135,7 +135,7 @@ function archive:find(username, query) return function () end; end local count = nil; - local i = 0; + local i, last_key = 0; if query then items = array(items); if query.key then @@ -178,6 +178,8 @@ function archive:find(username, query) return nil, "item-not-found"; end end + elseif query.before then + last_key = query.before; elseif query.after then local found = false; for j = 1, #items do @@ -198,7 +200,9 @@ function archive:find(username, query) return function () i = i + 1; local item = items[i]; - if not item then return; end + if not item or (last_key and item.key == last_key) then + return; + end local key = item.key or tostring(i); local when = item.when or datetime.parse(item.attr.stamp); local with = item.with; diff --git a/plugins/mod_storage_memory.lua b/plugins/mod_storage_memory.lua index 67598416..d71dc0f0 100644 --- a/plugins/mod_storage_memory.lua +++ b/plugins/mod_storage_memory.lua @@ -101,7 +101,7 @@ function archive_store:find(username, query) return function () end; end local count = nil; - local i = 0; + local i, last_key = 0; if query then items = array():append(items); if query.key then @@ -142,6 +142,8 @@ function archive_store:find(username, query) return nil, "item-not-found"; end end + elseif query.before then + last_key = query.before; elseif query.after then local found = false; for j = 1, #items do @@ -162,7 +164,7 @@ function archive_store:find(username, query) return function () i = i + 1; local item = items[i]; - if not item then return; end + if not item or (last_key and item.key == last_key) then return; end return item.key, item.value(), item.when, item.with; end, count; end -- cgit v1.2.3 From efcf7cb7d423525536b15bc4347ceb227556260e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 13 Jun 2020 14:40:41 +0200 Subject: mod_admin_shell: Update for async.wait_for rename --- plugins/mod_admin_shell.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 0154cc65..8f966e6e 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1160,7 +1160,7 @@ function def_env.xmpp:ping(localhost, remotehost, timeout) local iq = st.iq{ from=localhost, to=remotehost, type="get", id=new_id()} :tag("ping", {xmlns="urn:xmpp:ping"}); local time_start = time.now(); - local ret, err = async.wait(module:context(localhost):send_iq(iq, nil, timeout)); + local ret, err = async.wait_for(module:context(localhost):send_iq(iq, nil, timeout)); if ret then return true, ("pong from %s in %gs"):format(ret.stanza.attr.from, time.now() - time_start); else @@ -1182,7 +1182,7 @@ end function def_env.dns:lookup(name, typ, class) local resolver = get_resolver(self.session); - local ret, err = async.wait(resolver:lookup_promise(name, typ, class)); + local ret, err = async.wait_for(resolver:lookup_promise(name, typ, class)); if ret then return true, ret; elseif err then -- cgit v1.2.3 From f4805838390ce2f2127e70fac6f18d0ef7867c7d Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 18 Jun 2020 16:42:22 +0100 Subject: mod_register_ibr: Allow registration to reset an existing account password if permitted by a plugin --- plugins/mod_register_ibr.lua | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index e79fc763..000ae740 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -9,10 +9,12 @@ local st = require "util.stanza"; local dataform_new = require "util.dataforms".new; -local usermanager_user_exists = require "core.usermanager".user_exists; -local usermanager_create_user = require "core.usermanager".create_user; -local usermanager_delete_user = require "core.usermanager".delete_user; +local usermanager_user_exists = require "core.usermanager".user_exists; +local usermanager_create_user = require "core.usermanager".create_user; +local usermanager_set_password = require "core.usermanager".create_user; +local usermanager_delete_user = require "core.usermanager".delete_user; local nodeprep = require "util.encodings".stringprep.nodeprep; +local util_error = require "util.error"; local additional_fields = module:get_option("additional_registration_fields", {}); local require_encryption = module:get_option_boolean("c2s_require_encryption", @@ -181,9 +183,20 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) end if usermanager_user_exists(username, host) then - log("debug", "Attempt to register with existing username"); - session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); - return true; + if user.allow_reset == username then + local ok, err = util_error.coerce(usermanager_set_password(username, password, host)); + if ok then + session.send(st.reply(stanza)); -- reset ok! + else + session.log("error", "Unable to reset password for %s@%s: %s", username, host, err); + session.send(st.error_reply(stanza, err.type, err.condition, err.text)); + end + return true; + else + log("debug", "Attempt to register with existing username"); + session.send(st.error_reply(stanza, "cancel", "conflict", "The requested username already exists.")); + return true; + end end local created, err = usermanager_create_user(username, password, host); -- cgit v1.2.3 From 073a654eff55f79b67bd424529734538a1d7009e Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Mon, 22 Jun 2020 11:35:24 +0100 Subject: mod_register_ibr: Add event for successful password reset This is in addition to the existing event for password changes. This one includes additional details about the actor, and only triggers when the change is due to the account owner (presumably) resetting. As example use case is to invalidate one-time password reset tokens. --- plugins/mod_register_ibr.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_register_ibr.lua b/plugins/mod_register_ibr.lua index 000ae740..83d284c8 100644 --- a/plugins/mod_register_ibr.lua +++ b/plugins/mod_register_ibr.lua @@ -186,6 +186,7 @@ module:hook("stanza/iq/jabber:iq:register:query", function(event) if user.allow_reset == username then local ok, err = util_error.coerce(usermanager_set_password(username, password, host)); if ok then + module:fire_event("user-password-reset", user); session.send(st.reply(stanza)); -- reset ok! else session.log("error", "Unable to reset password for %s@%s: %s", username, host, err); -- cgit v1.2.3 From 64614cb420301e20e2c385acc3fbebf3b254a443 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 29 Jun 2020 21:43:51 +0200 Subject: mod_admin_shell: Fix debug:timers to handle net.server native timers --- plugins/mod_admin_shell.lua | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 8f966e6e..89e4049f 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1269,14 +1269,24 @@ function def_env.debug:timers() local h, params = add_task.h, add_task.params; if h then print("-- util.timer"); + elseif server.timer then + print("-- net.server.timer"); + h = server.timer.add_task.timers; + end + if h then for i, id in ipairs(h.ids) do - if not params[id] then - print(os.date("%F %T", math.floor(h.priorities[i])), h.items[id]); - elseif not params[id].callback then - print(os.date("%F %T", math.floor(h.priorities[i])), h.items[id], unpack(params[id])); - else - print(os.date("%F %T", math.floor(h.priorities[i])), params[id].callback, unpack(params[id])); + local t, cb = h.priorities[i], h.items[id]; + if not params then + local param = cb.param; + if param then + cb = param.callback; + else + cb = cb.timer_callback or cb; + end + elseif params[id] then + cb = params[id].callback or cb; end + print(os.date("%F %T", math.floor(t)), cb); end end if server.event_base then -- cgit v1.2.3 From 7fb1dd361bf747dc02e2b25ae521ffc6670551f5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 30 Jun 2020 02:31:57 +0200 Subject: mod_admin_shell: Handle server_epoll using monotonic time internally --- plugins/mod_admin_shell.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 89e4049f..2db0cbb0 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -1267,11 +1267,18 @@ function def_env.debug:timers() local print = self.session.print; local add_task = require"util.timer".add_task; local h, params = add_task.h, add_task.params; + local function normalize_time(t) + return t; + end + local function format_time(t) + return os.date("%F %T", math.floor(normalize_time(t))); + end if h then print("-- util.timer"); elseif server.timer then print("-- net.server.timer"); h = server.timer.add_task.timers; + normalize_time = server.timer.to_absolute_time or normalize_time; end if h then for i, id in ipairs(h.ids) do @@ -1286,7 +1293,7 @@ function def_env.debug:timers() elseif params[id] then cb = params[id].callback or cb; end - print(os.date("%F %T", math.floor(t)), cb); + print(format_time(t), cb); end end if server.event_base then @@ -1301,7 +1308,7 @@ function def_env.debug:timers() if h then local next_time = h:peek(); if next_time then - return true, os.date("Next event at %F %T (in %%.6fs)", math.floor(next_time)):format(next_time - time.now()); + return true, ("Next event at %s (in %.6fs)"):format(format_time(next_time), normalize_time(next_time) - time.now()); end end return true; -- cgit v1.2.3 From 18525691a4b86ceefd7627abb8744c1f4d4fb2f0 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 2 Jul 2020 19:03:59 +0200 Subject: mod_storage_sql: Measure hits/misses on the item count cache A cache miss can be expensive so having numbers on how often this occurs may be valuable. --- plugins/mod_storage_sql.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_storage_sql.lua b/plugins/mod_storage_sql.lua index 67e7ad17..8fc92410 100644 --- a/plugins/mod_storage_sql.lua +++ b/plugins/mod_storage_sql.lua @@ -153,6 +153,9 @@ end local archive_item_limit = module:get_option_number("storage_archive_item_limit"); local archive_item_count_cache = cache.new(module:get_option("storage_archive_item_limit_cache_size", 1000)); +local item_count_cache_hit = module:measure("item_count_cache_hit", "rate"); +local item_count_cache_miss = module:measure("item_count_cache_miss", "rate") + -- luacheck: ignore 512 431/user 431/store 431/err local map_store = {}; map_store.__index = map_store; @@ -286,6 +289,7 @@ function archive_store:append(username, key, value, when, with) local cache_key = jid_join(username, host, store); local item_count = archive_item_count_cache:get(cache_key); if not item_count then + item_count_cache_miss(); local ok, ret = engine:transaction(function() local count_sql = [[ SELECT COUNT(*) FROM "prosodyarchive" @@ -303,6 +307,8 @@ function archive_store:append(username, key, value, when, with) return nil, "Failure while checking quota"; end archive_item_count_cache:set(cache_key, item_count); + else + item_count_cache_hit(); end if archive_item_limit then @@ -408,6 +414,7 @@ function archive_store:find(username, query) local user,store = username,self.store; local cache_key = jid_join(username, host, self.store); local total = archive_item_count_cache:get(cache_key); + (total and item_count_cache_hit or item_count_cache_miss)(); if total ~= nil and query.limit == 0 and query.start == nil and query.with == nil and query["end"] == nil and query.key == nil then return noop, total; end -- cgit v1.2.3 From 1c0950bc362d76da12c33ea7e0f87545556c2a82 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 27 May 2020 19:47:52 +0200 Subject: mod_server_contact_info: Add status-addresses field XEP-0157 version 1.1.0 --- plugins/mod_server_contact_info.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_server_contact_info.lua b/plugins/mod_server_contact_info.lua index 0110ceaf..9c916ebc 100644 --- a/plugins/mod_server_contact_info.lua +++ b/plugins/mod_server_contact_info.lua @@ -16,6 +16,7 @@ local form_layout = require "util.dataforms".new({ { name = "feedback", var = "feedback-addresses", type = "list-multi" }, { name = "sales", var = "sales-addresses", type = "list-multi" }, { name = "security", var = "security-addresses", type = "list-multi" }, + { name = "status", var = "status-addresses", type = "list-multi" }, { name = "support", var = "support-addresses", type = "list-multi" }, }); -- cgit v1.2.3 From d89a99eb4320d5b2d6067fde78be6c5706cac4ab Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 16 Jul 2020 10:26:36 +0200 Subject: mod_proxy65: Log invalid greetings escaped instead of as base64 Makes it easier to see human-readable parts and thus identifying the garbage. Also consistent with mod_c2s and others. --- plugins/mod_proxy65.lua | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua index 29c821e2..aacf6309 100644 --- a/plugins/mod_proxy65.lua +++ b/plugins/mod_proxy65.lua @@ -12,7 +12,6 @@ module:set_global(); local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep; local st = require "util.stanza"; local sha1 = require "util.hashes".sha1; -local b64 = require "util.encodings".base64.encode; local server = require "net.server"; local portmanager = require "core.portmanager"; @@ -45,7 +44,7 @@ function listener.onincoming(conn, data) end -- else error, unexpected input conn:write("\5\255"); -- send (SOCKS version 5, no acceptable method) conn:close(); - module:log("debug", "Invalid SOCKS5 greeting received: '%s'", b64(data)); + module:log("debug", "Invalid SOCKS5 greeting received: %q", data); else -- connection request --local head = string.char( 0x05, 0x01, 0x00, 0x03, 40 ); -- ( VER=5=SOCKS5, CMD=1=CONNECT, RSV=0=RESERVED, ATYP=3=DOMAIMNAME, SHA-1 size ) if #data == 47 and data:sub(1,5) == "\5\1\0\3\40" and data:sub(-2) == "\0\0" then @@ -67,7 +66,7 @@ function listener.onincoming(conn, data) else -- error, unexpected input conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) conn:close(); - module:log("debug", "Invalid SOCKS5 negotiation received: '%s'", b64(data)); + module:log("debug", "Invalid SOCKS5 negotiation received: %q", data); end end end -- cgit v1.2.3 From f1fcdfc2467753cc0f1ba3f48a64401395cba9af Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 17 Jul 2020 08:29:03 +0200 Subject: mod_proxy65: Limit dump of invalid data to 300 bytes (like mod_c2s) --- plugins/mod_proxy65.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua index aacf6309..bac36b55 100644 --- a/plugins/mod_proxy65.lua +++ b/plugins/mod_proxy65.lua @@ -44,7 +44,7 @@ function listener.onincoming(conn, data) end -- else error, unexpected input conn:write("\5\255"); -- send (SOCKS version 5, no acceptable method) conn:close(); - module:log("debug", "Invalid SOCKS5 greeting received: %q", data); + module:log("debug", "Invalid SOCKS5 greeting received: %q", data:sub(1, 300)); else -- connection request --local head = string.char( 0x05, 0x01, 0x00, 0x03, 40 ); -- ( VER=5=SOCKS5, CMD=1=CONNECT, RSV=0=RESERVED, ATYP=3=DOMAIMNAME, SHA-1 size ) if #data == 47 and data:sub(1,5) == "\5\1\0\3\40" and data:sub(-2) == "\0\0" then @@ -66,7 +66,7 @@ function listener.onincoming(conn, data) else -- error, unexpected input conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) conn:close(); - module:log("debug", "Invalid SOCKS5 negotiation received: %q", data); + module:log("debug", "Invalid SOCKS5 negotiation received: %q", data:sub(1, 300)); end end end -- cgit v1.2.3 From 0314b7063c4487231a71e3c16b326aeb4bb75032 Mon Sep 17 00:00:00 2001 From: Emmanuel Gil Peyrot Date: Mon, 29 Jun 2020 21:03:13 +0200 Subject: mod_register: Add a dependency on mod_watchregistrations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Spammers are a big hassle, hopefully this will make admins aware of them sooner than when they’ve already spammed a bunch. --- plugins/mod_register.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins') diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua index 763e2fd9..bec3fb5a 100644 --- a/plugins/mod_register.lua +++ b/plugins/mod_register.lua @@ -11,6 +11,7 @@ local allow_registration = module:get_option_boolean("allow_registration", false if allow_registration then module:depends("register_ibr"); + module:depends("watchregistrations"); end module:depends("user_account_management"); -- cgit v1.2.3 From 91d2ab91086d2aebcbc4d47a5bce05c6cd3abdcb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 1 Aug 2020 18:41:23 +0200 Subject: net.http.parser: Allow specifying sink for large request bodies This enables uses such as saving uploaded files directly to a file on disk or streaming parsing of payloads. See #726 --- plugins/mod_http.lua | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index cf63ecfb..54c6089b 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -160,6 +160,15 @@ function module.add_host(module) elseif event_name:sub(-1, -1) == "/" then module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1); end + do + -- COMPAT Modules not compatible with streaming uploads behave as before. + local _handler = handler; + function handler(event) -- luacheck: ignore 432/event + if event.request.body ~= false then + return _handler(event); + end + end + end if not app_handlers[event_name] then app_handlers[event_name] = { main = handler; -- cgit v1.2.3 From 933c04882934fdc8633c93e706c8b28c977f776e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 1 Aug 2020 18:41:30 +0200 Subject: mod_http: Add way to signal that a module supports streaming uploads Fixes #726 API: module:provides("http", { streaming_uploads = true; route = { PUT = function (event) event.request.body_sink = io.tmpfile(); return true; end } }) --- plugins/mod_http.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 54c6089b..1248a06c 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -138,6 +138,8 @@ function module.add_host(module) return ""; end + local streaming = event.item.streaming_uploads; + for key, handler in pairs(event.item.route or {}) do local event_name = get_http_event(host, app_path, key); if event_name then @@ -160,7 +162,7 @@ function module.add_host(module) elseif event_name:sub(-1, -1) == "/" then module:hook_object_event(server, event_name:sub(1, -2), redir_handler, -1); end - do + if not streaming then -- COMPAT Modules not compatible with streaming uploads behave as before. local _handler = handler; function handler(event) -- luacheck: ignore 432/event -- cgit v1.2.3 From 8fae7acf319d7ff48a12f62e208ddd62665c81ba Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 2 Aug 2020 00:22:57 +0200 Subject: mod_net_multiplex: Read no more than the max buffer size setting Otherwise the '*a' read mode applies, which under certain circumstances can read infinite amounts of data into memory. --- plugins/mod_net_multiplex.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index 849b22ee..42a41709 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -41,7 +41,7 @@ end local buffers = {}; -local listener = { default_mode = "*a" }; +local listener = { default_mode = max_buffer_len }; function listener.onconnect(conn) local sock = conn:socket(); -- cgit v1.2.3 From 7acd3092ecba0fde91d7e56770c47d7bf98dfc30 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 2 Aug 2020 00:24:54 +0200 Subject: mod_net_multiplex: Set read size/mode to that of the target listener Otherwise it would use the configured buffer size, or previously '*a'. Using the read size set by the listener seems more sensible. --- plugins/mod_net_multiplex.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_net_multiplex.lua b/plugins/mod_net_multiplex.lua index 42a41709..ddd58463 100644 --- a/plugins/mod_net_multiplex.lua +++ b/plugins/mod_net_multiplex.lua @@ -2,6 +2,7 @@ module:set_global(); local array = require "util.array"; local max_buffer_len = module:get_option_number("multiplex_buffer_size", 1024); +local default_mode = module:get_option_number("network_default_read_size", 4096); local portmanager = require "core.portmanager"; @@ -52,6 +53,7 @@ function listener.onconnect(conn) module:log("debug", "Routing incoming connection to %s based on ALPN %q", service.name, selected_proto); local next_listener = service.listener; conn:setlistener(next_listener); + conn:set_mode(next_listener.default_mode or default_mode); local onconnect = next_listener.onconnect; if onconnect then return onconnect(conn) end end @@ -67,6 +69,7 @@ function listener.onincoming(conn, data) module:log("debug", "Routing incoming connection to %s", service.name); local next_listener = service.listener; conn:setlistener(next_listener); + conn:set_mode(next_listener.default_mode or default_mode); local onconnect = next_listener.onconnect; if onconnect then onconnect(conn) end return next_listener.onincoming(conn, buf); -- cgit v1.2.3 From 2f67c339a3a06a759fe504a2158113e826369e27 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 13 Apr 2020 02:46:03 +0200 Subject: mod_component: Reply with a different error when not connected The wait, service-unavailable is overloaded by XEP-0045 to mean that the room has reached the maximum number of users. See #1495. Bouncing errors for components is tricky since there is no way to tell that it comes from the server hosting the component, not from the other end of the component connection. --- plugins/mod_component.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index 9ffc496e..2189aceb 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -132,7 +132,7 @@ function module.add_host(module) end module:log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag()); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then - event.origin.send(st.error_reply(stanza, "wait", "service-unavailable", "Component unavailable", module.host)); + event.origin.send(st.error_reply(stanza, "wait", "remote-server-timeout", "Component unavailable", module.host)); end end return true; -- cgit v1.2.3 From aeaad491d454d15c215cfc4eeb587f85d6f23837 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 13 Apr 2020 02:49:19 +0200 Subject: mod_component: Return extended error condition when not connected This might be something to write a XEP about. --- plugins/mod_component.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_component.lua b/plugins/mod_component.lua index 2189aceb..d06df71c 100644 --- a/plugins/mod_component.lua +++ b/plugins/mod_component.lua @@ -132,7 +132,8 @@ function module.add_host(module) end module:log("warn", "Component not connected, bouncing error for: %s", stanza:top_tag()); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then - event.origin.send(st.error_reply(stanza, "wait", "remote-server-timeout", "Component unavailable", module.host)); + event.origin.send(st.error_reply(stanza, "wait", "remote-server-timeout", "Component unavailable", module.host) + :tag("not-connected", { xmlns = "xmpp:prosody.im/protocol/component" })); end end return true; -- cgit v1.2.3 From b289d05cfbde014799fcf66fec36895bee5be071 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 18 Jul 2020 15:36:25 +0200 Subject: mod_external_services: XEP-0215: External Service Discovery --- plugins/mod_external_services.lua | 205 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 plugins/mod_external_services.lua (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua new file mode 100644 index 00000000..51d2d313 --- /dev/null +++ b/plugins/mod_external_services.lua @@ -0,0 +1,205 @@ + +local dt = require "util.datetime"; +local base64 = require "util.encodings".base64; +local hashes = require "util.hashes"; +local st = require "util.stanza"; +local jid = require "util.jid"; + +local default_host = module:get_option_string("external_service_host", module.host); +local default_port = module:get_option_number("external_service_port"); +local default_secret = module:get_option_string("external_service_secret"); +local default_ttl = module:get_option_number("external_service_ttl", 86400); + +local configured_services = module:get_option_array("external_services", {}); + +local access = module:get_option_set("external_service_access", {}); + +-- filter config into well-defined service records +local function prepare(item) + if type(item) ~= "table" then + module:log("error", "Service definition is not a table: %q", item); + return nil; + end + + local srv = { + type = nil; + transport = nil; + host = default_host; + port = default_port; + username = nil; + password = nil; + restricted = nil; + expires = nil; + }; + + if type(item.type) == "string" then + srv.type = item.type; + else + module:log("error", "Service missing mandatory 'type' field: %q", item); + return nil; + end + if type(item.transport) == "string" then + srv.transport = item.transport; + end + if type(item.host) == "string" then + srv.host = item.host; + end + if type(item.port) == "number" then + srv.port = item.port; + end + if type(item.username) == "string" then + srv.username = item.username; + end + if type(item.password) == "string" then + srv.password = item.password; + srv.restricted = true; + end + if item.restricted == true then + srv.restricted = true; + end + if type(item.expires) == "number" then + srv.expires = item.expires; + elseif type(item.ttl) == "number" then + srv.expires = os.time() + item.ttl; + end + if (item.secret == true and default_secret) or type(item.secret) == "string" then + local ttl = default_ttl; + if type(item.ttl) == "number" then + ttl = item.ttl; + end + local expires = os.time() + ttl; + local secret = item.secret; + if secret == true then + secret = default_secret; + end + local username; + if type(item.username) == "string" then + username = string.format("%d:%s", expires, item.username); + else + username = string.format("%d", expires); + end + srv.username = username; + srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); + srv.restricted = true; + end + return srv; +end + +function module.load() + -- Trigger errors on startup + local services = configured_services / prepare; + if #services == 0 then + module:log("warn", "No services configured or all had errors"); + end +end + +local function handle_services(event) + local origin, stanza = event.origin, event.stanza; + local action = stanza.tags[1]; + + local user_bare = jid.bare(stanza.attr.from); + local user_host = jid.host(user_bare); + if not ((access:empty() and origin.type == "c2s") or access:contains(user_bare) or access:contains(user_host)) then + origin.send(st.error_reply(stanza, "auth", "forbidden")); + return true; + end + + local reply = st.reply(stanza):tag("services", { xmlns = action.attr.xmlns }); + local services = configured_services / prepare; + + local requested_type = action.attr.type; + if requested_type then + services:filter(function(item) + return item.type == requested_type; + end); + end + + module:fire_event("external_service/services", { + origin = origin; + stanza = stanza; + reply = reply; + requested_type = requested_type; + services = services; + }); + + for _, srv in ipairs(services) do + reply:tag("service", { + type = srv.type; + transport = srv.transport; + host = srv.host; + port = srv.port and string.format("%d", srv.port) or nil; + username = srv.username; + password = srv.password; + expires = srv.expires and dt.datetime(srv.expires) or nil; + restricted = srv.restricted and "1" or nil; + }):up(); + end + + origin.send(reply); + return true; +end + +local function handle_credentials(event) + local origin, stanza = event.origin, event.stanza; + local action = stanza.tags[1]; + + if origin.type ~= "c2s" then + origin.send(st.error_reply(stanza, "auth", "forbidden")); + return true; + end + + local reply = st.reply(stanza):tag("credentials", { xmlns = action.attr.xmlns }); + local services = configured_services / prepare; + services:filter(function (item) + return item.restricted; + end) + + local requested_credentials = {}; + for service in action:childtags("service") do + table.insert(requested_credentials, { + type = service.attr.type; + host = service.attr.host; + port = tonumber(service.attr.port); + }); + end + + module:fire_event("external_service/credentials", { + origin = origin; + stanza = stanza; + reply = reply; + requested_credentials = requested_credentials; + services = services; + }); + + for req_srv in action:childtags("service") do + for _, srv in ipairs(services) do + if srv.type == req_srv.attr.type and srv.host == req_srv.attr.host + and not req_srv.attr.port or srv.port == tonumber(req_srv.attr.port) then + reply:tag("service", { + type = srv.type; + transport = srv.transport; + host = srv.host; + port = srv.port and string.format("%d", srv.port) or nil; + username = srv.username; + password = srv.password; + expires = srv.expires and dt.datetime(srv.expires) or nil; + restricted = srv.restricted and "1" or nil; + }):up(); + end + end + end + + origin.send(reply); + return true; +end + +-- XEP-0215 v0.7 +module:add_feature("urn:xmpp:extdisco:2"); +module:hook("iq-get/host/urn:xmpp:extdisco:2:services", handle_services); +module:hook("iq-get/host/urn:xmpp:extdisco:2:credentials", handle_credentials); + +-- COMPAT XEP-0215 v0.6 +-- Those still on the old version gets to deal with undefined attributes until they upgrade. +module:add_feature("urn:xmpp:extdisco:1"); +module:hook("iq-get/host/urn:xmpp:extdisco:1:services", handle_services); +module:hook("iq-get/host/urn:xmpp:extdisco:1:credentials", handle_credentials); -- cgit v1.2.3 From 6dfae9bbfa4b60374a52482bdf60355acafd5a6a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Jul 2020 10:22:37 +0200 Subject: mod_external_services: Support adding services via items API --- plugins/mod_external_services.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index 51d2d313..c4762e65 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -105,7 +105,8 @@ local function handle_services(event) end local reply = st.reply(stanza):tag("services", { xmlns = action.attr.xmlns }); - local services = configured_services / prepare; + local extras = module:get_host_items("external_service"); + local services = ( configured_services + extras ) / prepare; local requested_type = action.attr.type; if requested_type then @@ -149,7 +150,8 @@ local function handle_credentials(event) end local reply = st.reply(stanza):tag("credentials", { xmlns = action.attr.xmlns }); - local services = configured_services / prepare; + local extras = module:get_host_items("external_service"); + local services = ( configured_services + extras ) / prepare; services:filter(function (item) return item.restricted; end) -- cgit v1.2.3 From 0b65dea7c01b57dc036de2c62de3dd8e55c3f293 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Jul 2020 12:09:19 +0200 Subject: mod_external_services: Prepare to allow more credential algorithms Not sure what algorithms might fit here. Separation makes some sense. This is also a preparation for having a callback. (See next commit) --- plugins/mod_external_services.lua | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index c4762e65..e1c72387 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -14,6 +14,27 @@ local configured_services = module:get_option_array("external_services", {}); local access = module:get_option_set("external_service_access", {}); +-- https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 +local function behave_turn_rest_credentials(srv, item, secret) + local ttl = default_ttl; + if type(item.ttl) == "number" then + ttl = item.ttl; + end + local expires = srv.expires or os.time() + ttl; + local username; + if type(item.username) == "string" then + username = string.format("%d:%s", expires, item.username); + else + username = string.format("%d", expires); + end + srv.username = username; + srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); +end + +local algorithms = { + turn = behave_turn_rest_credentials; +} + -- filter config into well-defined service records local function prepare(item) if type(item) ~= "table" then @@ -63,24 +84,15 @@ local function prepare(item) srv.expires = os.time() + item.ttl; end if (item.secret == true and default_secret) or type(item.secret) == "string" then - local ttl = default_ttl; - if type(item.ttl) == "number" then - ttl = item.ttl; - end - local expires = os.time() + ttl; + local secret_cb = algorithms[item.algorithm] or algorithms[srv.type]; local secret = item.secret; if secret == true then secret = default_secret; end - local username; - if type(item.username) == "string" then - username = string.format("%d:%s", expires, item.username); - else - username = string.format("%d", expires); + if secret_cb then + secret_cb(srv, item, secret); + srv.restricted = true; end - srv.username = username; - srv.password = base64.encode(hashes.hmac_sha1(secret, srv.username)); - srv.restricted = true; end return srv; end -- cgit v1.2.3 From 5bc6130e57fe2af3108ec538b83768100bdc177c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 25 Jul 2020 12:22:03 +0200 Subject: mod_external_services: Allow specifying a credential generation callback This is especially targeted at services added via the items API. More involved credential generation should use the event hook. --- plugins/mod_external_services.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index e1c72387..7c18e326 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -84,7 +84,7 @@ local function prepare(item) srv.expires = os.time() + item.ttl; end if (item.secret == true and default_secret) or type(item.secret) == "string" then - local secret_cb = algorithms[item.algorithm] or algorithms[srv.type]; + local secret_cb = item.credentials_cb or algorithms[item.algorithm] or algorithms[srv.type]; local secret = item.secret; if secret == true then secret = default_secret; -- cgit v1.2.3 From fb6c098ed661d4bd14f1a0515e4ae6b110c76b19 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 17 Aug 2020 00:24:11 +0200 Subject: mod_external_services: Validate services added via events While writing developer documentation it became obvious that i was silly to have one item format for config and items API, and another format for the event API. Then there's the stanza format, but that's a common pattern. This change reduces the possible input formats to two and allows other modules the benefit of the processing and validation performed on items from the config. --- plugins/mod_external_services.lua | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index 7c18e326..e18e7c3e 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -4,6 +4,7 @@ local base64 = require "util.encodings".base64; local hashes = require "util.hashes"; local st = require "util.stanza"; local jid = require "util.jid"; +local array = require "util.array"; local default_host = module:get_option_string("external_service_host", module.host); local default_port = module:get_option_number("external_service_port"); @@ -105,6 +106,14 @@ function module.load() end end +-- Ensure only valid items are added in events +local services_mt = { + __index = getmetatable(array()).__index; + __newindex = function (self, i, v) + rawset(self, i, assert(prepare(v), "Invalid service entry added")); + end; +} + local function handle_services(event) local origin, stanza = event.origin, event.stanza; local action = stanza.tags[1]; @@ -127,6 +136,8 @@ local function handle_services(event) end); end + setmetatable(services, services_mt); + module:fire_event("external_service/services", { origin = origin; stanza = stanza; @@ -177,6 +188,9 @@ local function handle_credentials(event) }); end + setmetatable(services, services_mt); + setmetatable(requested_credentials, services_mt); + module:fire_event("external_service/credentials", { origin = origin; stanza = stanza; -- cgit v1.2.3 From 460a55c86eb3ab164c54c7b49fe1b84d78520b85 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 22 Aug 2020 14:34:33 +0200 Subject: mod_admin_shell: Report CSI state in c2s:show() --- plugins/mod_admin_shell.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 2db0cbb0..3650e7f6 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -543,6 +543,9 @@ local function session_flags(session, line) if session.smacks then line[#line+1] = "(sm)"; end + if session.state then + line[#line+1] = string.format("(csi:%s)", session.state); + end if session.ip and session.ip:match(":") then line[#line+1] = "(IPv6)"; end -- cgit v1.2.3 From 6c5dd70664236b524f3b2524f3ed48cbc8f0bc42 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 22 Aug 2020 14:34:57 +0200 Subject: mod_admin_shell: Report CSI queue length from mod_csi_simple --- plugins/mod_admin_shell.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 3650e7f6..5b4c2a61 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -544,7 +544,11 @@ local function session_flags(session, line) line[#line+1] = "(sm)"; end if session.state then - line[#line+1] = string.format("(csi:%s)", session.state); + if type(session.csi_counter) == "number" then + line[#line+1] = string.format("(csi:%s queue #%d)", session.state, session.csi_counter); + else + line[#line+1] = string.format("(csi:%s)", session.state); + end end if session.ip and session.ip:match(":") then line[#line+1] = "(IPv6)"; -- cgit v1.2.3 From f25f4bb11a7e68ec997d360c71195e2941042f2a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 24 Aug 2020 19:48:47 +0200 Subject: mod_posix: Remove ancient undocumented user switching MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit User switching has been done by prosodyctl or init scripts for a very long time now, so this is not needed. Using this would not have worked with module reloading (e.g. to reload certificates) since ports are closed and re-bound, which would then not be allowed. Today there exists better ways to grant low ports, i.e. capabilities(7) Why do we have this? Remove it --- plugins/mod_posix.lua | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 5177aaa5..0a658009 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -30,39 +30,12 @@ module:set_global(); -- we're a global module local umask = module:get_option_string("umask", "027"); pposix.umask(umask); --- Allow switching away from root, some people like strange ports. -module:hook("server-started", function () - local uid = module:get_option("setuid"); - local gid = module:get_option("setgid"); - if gid then - local success, msg = pposix.setgid(gid); - if success then - module:log("debug", "Changed group to %s successfully.", gid); - else - module:log("error", "Failed to change group to %s. Error: %s", gid, msg); - prosody.shutdown("Failed to change group to %s", gid); - end - end - if uid then - local success, msg = pposix.setuid(uid); - if success then - module:log("debug", "Changed user to %s successfully.", uid); - else - module:log("error", "Failed to change user to %s. Error: %s", uid, msg); - prosody.shutdown("Failed to change user to %s", uid); - end - end -end); - -- Don't even think about it! if not prosody.start_time then -- server-starting - local suid = module:get_option("setuid"); - if not suid or suid == 0 or suid == "root" then - if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then - module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!"); - module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root"); - prosody.shutdown("Refusing to run as root"); - end + if pposix.getuid() == 0 and not module:get_option_boolean("run_as_root") then + module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!"); + module:log("error", "For more information on running Prosody as root, see https://prosody.im/doc/root"); + prosody.shutdown("Refusing to run as root"); end end -- cgit v1.2.3 From 1cec1146460848a60dca8ebc85c97d7c45544c65 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 29 Aug 2020 18:51:13 +0200 Subject: MUC: Don't default room name to JID localpart (API breaking change) Behavior with turning empty name into localpart was originally introduced in 711eb5bf94b4 This has caused some problems for clients, making it difficult to differentiate between a room actually named like the localpart from a room without a name. Breaking: The function signature of the :get_name() method changes from always returning a string to optional string. --- plugins/muc/mod_muc.lua | 16 +++++++++++++--- plugins/muc/name.lib.lua | 4 +--- 2 files changed, 14 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/mod_muc.lua b/plugins/muc/mod_muc.lua index d911de08..e9fd1521 100644 --- a/plugins/muc/mod_muc.lua +++ b/plugins/muc/mod_muc.lua @@ -137,7 +137,12 @@ local room_items_cache = {}; local function room_save(room, forced, savestate) local node = jid_split(room.jid); local is_persistent = persistent.get(room); - room_items_cache[room.jid] = room:get_public() and room:get_name() or nil; + if room:get_public() then + room_items_cache[room.jid] = room:get_name() or ""; + else + room_items_cache[room.jid] = nil; + end + if is_persistent or savestate then persistent_rooms:set(nil, room.jid, true); local data, state = room:freeze(savestate); @@ -163,7 +168,11 @@ local rooms = cache.new(max_rooms or max_live_rooms, function (jid, room) end module:log("debug", "Evicting room %s", jid); room_eviction(); - room_items_cache[room.jid] = room:get_public() and room:get_name() or nil; + if room:get_public() then + room_items_cache[room.jid] = room:get_name() or ""; + else + room_items_cache[room.jid] = nil; + end local ok, err = room_save(room, nil, true); -- Force to disk if not ok then module:log("error", "Failed to swap inactive room %s to disk: %s", jid, err); @@ -337,13 +346,14 @@ module:hook("host-disco-items", function(event) module:log("debug", "host-disco-items called"); if next(room_items_cache) ~= nil then for jid, room_name in pairs(room_items_cache) do + if room_name == "" then room_name = nil; end reply:tag("item", { jid = jid, name = room_name }):up(); end else for room in all_rooms() do if not room:get_hidden() then local jid, room_name = room.jid, room:get_name(); - room_items_cache[jid] = room_name; + room_items_cache[jid] = room_name or ""; reply:tag("item", { jid = jid, name = room_name }):up(); end end diff --git a/plugins/muc/name.lib.lua b/plugins/muc/name.lib.lua index 37fe1259..5d73e74d 100644 --- a/plugins/muc/name.lib.lua +++ b/plugins/muc/name.lib.lua @@ -7,10 +7,8 @@ -- COPYING file in the source package for more information. -- -local jid_split = require "util.jid".split; - local function get_name(room) - return room._data.name or jid_split(room.jid); + return room._data.name; end local function set_name(room, name) -- cgit v1.2.3 From 33e7e5ef2d5e97b45cd9bcb56ce5ec6adc3a66c9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 8 Sep 2020 22:50:43 +0200 Subject: mod_posix: Daemonize later Daemonizing later means we can use that as a "successful startup" signal and problems can be reported via exit code. --- plugins/mod_posix.lua | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index 0a658009..d3ff1f7c 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -117,9 +117,7 @@ if daemonize then write_pidfile(); end end - if not prosody.start_time then -- server-starting - daemonize_server(); - end + module:hook("server-started", daemonize_server) else -- Not going to daemonize, so write the pid of this process write_pidfile(); -- cgit v1.2.3 From 29f2e5906fab2bc82b04041a1e29399d044a662f Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 11 Sep 2020 12:37:07 +0100 Subject: mod_http: Silence warnings when running under prosodyctl --- plugins/mod_http.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 1248a06c..84e2d18f 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -93,7 +93,9 @@ function moduleapi.http_url(module, app_name, default_path) return url_build(url); end end - module:log("warn", "No http ports enabled, can't generate an external URL"); + if prosody.process_type == "prosody" then + module:log("warn", "No http ports enabled, can't generate an external URL"); + end return "http://disabled.invalid/"; end @@ -190,7 +192,7 @@ function module.add_host(module) local services = portmanager.get_active_services(); if services:get("https") or services:get("http") then module:log("info", "Serving '%s' at %s", app_name, module:http_url(app_name, app_path)); - else + elseif prosody.process_type == "prosody" then module:log("warn", "Not listening on any ports, '%s' will be unreachable", app_name); end end -- cgit v1.2.3 From be5199db29773bad53139598f2dfc8a4d65fbe1a Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 2 Oct 2020 16:44:30 +0100 Subject: mod_auth_anonymous: Add config option to allow/disallow storage writes --- plugins/mod_auth_anonymous.lua | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_auth_anonymous.lua b/plugins/mod_auth_anonymous.lua index 1f2bceb3..90646e71 100644 --- a/plugins/mod_auth_anonymous.lua +++ b/plugins/mod_auth_anonymous.lua @@ -11,6 +11,8 @@ local new_sasl = require "util.sasl".new; local datamanager = require "util.datamanager"; local hosts = prosody.hosts; +local allow_storage = module:get_option_boolean("allow_anonymous_storage", false); + -- define auth provider local provider = {}; @@ -62,10 +64,14 @@ if not module:get_option_boolean("allow_anonymous_s2s", false) then end function module.load() - datamanager.add_callback(dm_callback); + if not allow_storage then + datamanager.add_callback(dm_callback); + end end function module.unload() - datamanager.remove_callback(dm_callback); + if not allow_storage then + datamanager.remove_callback(dm_callback); + end end module:provides("auth", provider); -- cgit v1.2.3 From 7eb15b0b3fd49a58656e510866349c9725cd27cc Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 3 Oct 2020 15:09:12 +0200 Subject: mod_bosh: Count connection attempts non-VirtualHost as "bad host" (stats) --- plugins/mod_bosh.lua | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index c5f5e044..6393a73e 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -293,6 +293,7 @@ function stream_callbacks.streamopened(context, attr) if not prosody.hosts[to_host] then log("debug", "BOSH client tried to connect to non-existant host: %s", attr.to); + report_bad_host(); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); response:send(tostring(close_reply)); @@ -301,6 +302,7 @@ function stream_callbacks.streamopened(context, attr) if prosody.hosts[to_host].type ~= "local" then log("debug", "BOSH client tried to connect to %s host: %s", prosody.hosts[to_host].type, attr.to); + report_bad_host(); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); response:send(tostring(close_reply)); -- cgit v1.2.3 From 09e8795afb2f3d218be88fbe51819c01d3f7ed13 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Oct 2020 18:13:20 +0200 Subject: mod_http_errors: Use a class on extra data section This CSS selector makes it awkward to add more items. --- plugins/mod_http_errors.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index e151a68e..1abdc57e 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -41,7 +41,7 @@ p { font-size : x-large } -p+p { +p.extra { font-size : large; font-family : courier } @@ -50,7 +50,7 @@ p+p {

{title}

{message}

-

{extra?}

+

{extra?}

]]; -- cgit v1.2.3 From 6518e5f41b9ebf9a4be4e9e8a4872fad7ff88f3f Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Oct 2020 18:16:18 +0200 Subject: mod_http_errors: Dark theme! --- plugins/mod_http_errors.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index 1abdc57e..727b2516 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -45,6 +45,13 @@ p.extra { font-size : large; font-family : courier } + +@media(prefers-color-scheme: dark) { + body { + background-color: #161616; + color: #eee + } +} -- cgit v1.2.3 From b4af560c9711221a4da3da41c8cef1d302b63beb Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 12 Oct 2020 18:27:42 +0200 Subject: mod_http_errors: Remove 'extra' element when empty --- plugins/mod_http_errors.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_http_errors.lua b/plugins/mod_http_errors.lua index 727b2516..a2138d88 100644 --- a/plugins/mod_http_errors.lua +++ b/plugins/mod_http_errors.lua @@ -57,7 +57,7 @@ p.extra {

{title}

{message}

-

{extra?}

+{extra&

{extra?}

} ]]; -- cgit v1.2.3 From 8f059290a719e2dd5aba81477749863c0c663350 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Fri, 16 Oct 2020 14:01:25 +0100 Subject: mod_posix: Hook and fire events on SIGUSR1/2 --- plugins/mod_posix.lua | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_posix.lua b/plugins/mod_posix.lua index d3ff1f7c..03177530 100644 --- a/plugins/mod_posix.lua +++ b/plugins/mod_posix.lua @@ -147,5 +147,20 @@ if have_signal then prosody.shutdown("Received SIGINT"); prosody.lock_globals(); end); + + signal.signal("SIGUSR1", function () + module:log("info", "Received SIGUSR1"); + module:fire_event("signal/SIGUSR1"); + end); + + signal.signal("SIGUSR2", function () + module:log("info", "Received SIGUSR2"); + module:fire_event("signal/SIGUSR2"); + end); end); end + +-- For other modules to reference +features = { + signal_events = true; +}; -- cgit v1.2.3 From 6b306e33131a800f7a6c914f3ca6d65a81371019 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 17 Oct 2020 14:19:41 +0200 Subject: MUC: Remove XEP-0091: Legacy Delayed Delivery Why do we still include this? Deprecated in 2007, obsoleted in 2009. Removes redundant timestamp that nobody should be looking at since many years and a redundant copy of the room JID. --- plugins/muc/history.lib.lua | 3 --- 1 file changed, 3 deletions(-) (limited to 'plugins') diff --git a/plugins/muc/history.lib.lua b/plugins/muc/history.lib.lua index 1b7167af..fdf65365 100644 --- a/plugins/muc/history.lib.lua +++ b/plugins/muc/history.lib.lua @@ -182,9 +182,6 @@ module:hook("muc-add-history", function(event) stanza:tag("delay", { -- XEP-0203 xmlns = "urn:xmpp:delay", from = room.jid, stamp = stamp }):up(); - stanza:tag("x", { -- XEP-0091 (deprecated) - xmlns = "jabber:x:delay", from = room.jid, stamp = datetime.legacy() - }):up(); local entry = { stanza = stanza, timestamp = ts }; table.insert(history, entry); while #history > get_historylength(room) do table.remove(history, 1) end -- cgit v1.2.3 From 3133ff234af7809ee5271ab995fcd68786858c56 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Oct 2020 15:20:14 +0100 Subject: mod_pubsub: Don't set store as metatable 'archive' is not a metatable here, so this has no effect. Remove since apparently nothing depends on this. --- plugins/mod_pubsub/pubsub.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 0938dbbc..6a2c6ad9 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -872,7 +872,7 @@ local function archive_itemstore(archive, config, user, node) return item.attr.id, item; end end - return setmetatable(get_set, archive); + return get_set; end _M.archive_itemstore = archive_itemstore; -- cgit v1.2.3 From c34989f57eb0403f6c3849c3ebc4fe86c128e09a Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Oct 2020 15:21:34 +0100 Subject: mod_pubsub: Clarify kind of item store created Planning to make this configurable, so good to distinguish it from future backends. --- plugins/mod_pubsub/pubsub.lib.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/pubsub.lib.lua b/plugins/mod_pubsub/pubsub.lib.lua index 6a2c6ad9..c84208a2 100644 --- a/plugins/mod_pubsub/pubsub.lib.lua +++ b/plugins/mod_pubsub/pubsub.lib.lua @@ -796,7 +796,7 @@ local function create_encapsulating_item(id, payload) end local function archive_itemstore(archive, config, user, node) - module:log("debug", "Creation of itemstore for node %s with config %s", node, config); + module:log("debug", "Creation of archive itemstore for node %s with config %q", node, config); local get_set = {}; local max_items = config["max_items"]; function get_set:items() -- luacheck: ignore 212/self -- cgit v1.2.3 From 7af694f5104fcf0adf05b5bfebcb81d5b5e44009 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 25 Oct 2020 15:23:36 +0100 Subject: mod_pubsub: Comment on itemstore type --- plugins/mod_pubsub/mod_pubsub.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_pubsub/mod_pubsub.lua b/plugins/mod_pubsub/mod_pubsub.lua index 4f901ba4..9b89f3e0 100644 --- a/plugins/mod_pubsub/mod_pubsub.lua +++ b/plugins/mod_pubsub/mod_pubsub.lua @@ -42,7 +42,7 @@ end local node_store = module:open_store(module.name.."_nodes"); -local function create_simple_itemstore(node_config, node_name) +local function create_simple_itemstore(node_config, node_name) --> util.cache like object local driver = storagemanager.get_driver(module.host, "pubsub_data"); local archive = driver:open("pubsub_"..node_name, "archive"); return lib_pubsub.archive_itemstore(archive, node_config, nil, node_name); -- cgit v1.2.3