Software /
code /
prosody-modules
Changeset
927:a9dfa7232d88
Merge
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 12 Mar 2013 12:10:25 +0000 |
parents | 926:f88381a39c56 (current diff) 925:720b8268778e (diff) |
children | 928:4584c3303bb4 |
files | mod_auth_ldap2/mod_auth_ldap.lua |
diffstat | 36 files changed, 1542 insertions(+), 528 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_admin_web/admin_web/mod_admin_web.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_admin_web/admin_web/mod_admin_web.lua Tue Mar 12 12:10:25 2013 +0000 @@ -22,27 +22,15 @@ local is_admin = require "core.usermanager".is_admin; local pubsub = require "util.pubsub"; local jid_bare = require "util.jid".bare; -local lfs = require "lfs"; -local open = io.open; -local stat = lfs.attributes; module:set_global(); local service = {}; -local http_base = module.path:gsub("/[^/]+$","") .. "/www_files/"; - local xmlns_adminsub = "http://prosody.im/adminsub"; local xmlns_c2s_session = "http://prosody.im/streams/c2s"; local xmlns_s2s_session = "http://prosody.im/streams/s2s"; -local mime_map = { - html = "text/html"; - xml = "text/xml"; - js = "text/javascript"; - css = "text/css"; -}; - local idmap = {}; function add_client(session, host) @@ -104,37 +92,14 @@ end end -function serve_file(event, path) - local full_path = http_base .. path; - - if stat(full_path, "mode") == "directory" then - if stat(full_path.."/index.html", "mode") == "file" then - return serve_file(event, path.."/index.html"); - end - return 403; - end - - local f, err = open(full_path, "rb"); - if not f then - return 404; - end - - local data = f:read("*a"); - f:close(); - if not data then - return 403; - end - - local ext = path:match("%.([^.]*)$"); - event.response.headers.content_type = mime_map[ext]; -- Content-Type should be nil when not known - return data; -end - function module.add_host(module) -- Dependencies module:depends("bosh"); module:depends("admin_adhoc"); module:depends("http"); + local serve_file = module:depends("http_files").serve { + path = module:get_directory() .. "/www_files"; + }; -- Setup HTTP server module:provides("http", { @@ -149,12 +114,14 @@ }); -- Setup adminsub service - local function simple_broadcast(node, jids, item) - item = st.clone(item); - item.attr.xmlns = nil; -- Clear the pubsub namespace + local function simple_broadcast(kind, node, jids, item) + if item then + item = st.clone(item); + item.attr.xmlns = nil; -- Clear the pubsub namespace + end local message = st.message({ from = module.host, type = "headline" }) :tag("event", { xmlns = xmlns_adminsub .. "#event" }) - :tag("items", { node = node }) + :tag(kind, { node = node }) :add_child(item); for jid in pairs(jids) do module:log("debug", "Sending notification to %s", jid);
--- a/mod_admin_web/admin_web/www_files/js/main.js Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_admin_web/admin_web/www_files/js/main.js Tue Mar 12 12:10:25 2013 +0000 @@ -96,6 +96,7 @@ if (status == Strophe.Status.CONNECTING) { log('Strophe is connecting.'); } else if (status == Strophe.Status.CONNFAIL) { + alert('Connection failed (Wrong host?)'); log('Strophe failed to connect.'); showConnect(); } else if (status == Strophe.Status.DISCONNECTING) { @@ -104,6 +105,7 @@ log('Strophe is disconnected.'); showConnect(); } else if (status == Strophe.Status.AUTHFAIL) { + alert('Wrong username and/or password'); log('Authentication failed'); if (connection) { connection.disconnect(); @@ -120,7 +122,12 @@ return false; } for (i = 0; i < items.length; i++) { - $('#host').append('<option>' + $(items[i]).text() + '</option>'); + var host = $(items[i]).text(); + if (host == Strophe.getDomainFromJid(connection.jid)) { + $('#host').append('<option selected>' + host + '</option>'); + } else { + $('#host').append('<option>' + host + '</option>'); + } } showDisconnect(); adminsubHost = $(items[0]).text();
--- a/mod_auth_external/mod_auth_external.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_auth_external/mod_auth_external.lua Tue Mar 12 12:10:25 2013 +0000 @@ -10,7 +10,6 @@ -- -local nodeprep = require "util.encodings".stringprep.nodeprep; --local process = require "process"; local lpc; pcall(function() lpc = require "lpc"; end); @@ -81,8 +80,6 @@ function do_query(kind, username, password) if not username then return nil, "not-acceptable"; end - username = nodeprep(username); - if not username then return nil, "jid-malformed"; end local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password); local len = #query @@ -132,12 +129,7 @@ function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - return usermanager.test_password(prepped_username, realm, password), true; + return usermanager.test_password(username, realm, password), true; end, }; return new_sasl(host, testpass_authentication_profile);
--- a/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_auth_internal_yubikey/mod_auth_internal_yubikey.lua Tue Mar 12 12:10:25 2013 +0000 @@ -18,7 +18,6 @@ local config = require "core.configmanager"; local usermanager = require "core.usermanager"; local new_sasl = require "util.sasl".new; -local nodeprep = require "util.encodings".stringprep.nodeprep; local hosts = hosts; local prosody = _G.prosody; @@ -106,12 +105,6 @@ local realm = module:get_option("sasl_realm") or module.host; local getpass_authentication_profile = { plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return false, nil; - end - return usermanager.test_password(username, realm, password), true; end };
--- a/mod_auth_ldap/mod_auth_ldap.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_auth_ldap/mod_auth_ldap.lua Tue Mar 12 12:10:25 2013 +0000 @@ -1,6 +1,5 @@ local new_sasl = require "util.sasl".new; -local nodeprep = require "util.encodings".stringprep.nodeprep; local log = require "util.logger".init("auth_ldap"); local ldap_server = module:get_option("ldap_server") or "localhost"; @@ -42,12 +41,7 @@ function provider.get_sasl_handler() local testpass_authentication_profile = { plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - return provider.test_password(prepped_username, password), true; + return provider.test_password(username, password), true; end }; return new_sasl(module.host, testpass_authentication_profile);
--- a/mod_auth_ldap2/mod_auth_ldap.lua Thu Nov 22 18:59:10 2012 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,84 +0,0 @@ --- vim:sts=4 sw=4 - --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- Copyright (C) 2012 Rob Hoelz --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- --- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua --- adapted to use common LDAP store - -local ldap = module:require 'ldap'; -local new_sasl = require 'util.sasl'.new; -local nodeprep = require 'util.encodings'.stringprep.nodeprep; -local jsplit = require 'util.jid'.split; - -if not ldap then - return; -end - -local provider = {} - -function provider.test_password(username, password) - return ldap.bind(username, password); -end - -function provider.user_exists(username) - local params = ldap.getparams() - - local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); - - return ldap.singlematch { - base = params.user.basedn, - filter = filter, - }; -end - -function provider.get_password(username) - return nil, "Passwords unavailable for LDAP."; -end - -function provider.set_password(username, password) - return nil, "Passwords unavailable for LDAP."; -end - -function provider.create_user(username, password) - return nil, "Account creation/modification not available with LDAP."; -end - -function provider.get_sasl_handler() - local testpass_authentication_profile = { - plain_test = function(sasl, username, password, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - module:log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - return provider.test_password(prepped_username, password), true; - end, - mechanisms = { PLAIN = true }, - }; - return new_sasl(module.host, testpass_authentication_profile); -end - -function provider.is_admin(jid) - local admin_config = ldap.getparams().admin; - - if not admin_config then - return; - end - - local ld = ldap:getconnection(); - local username = jsplit(jid); - local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); - - return ldap.singlematch { - base = admin_config.basedn, - filter = filter, - }; -end - -module:provides("auth", provider);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_auth_ldap2/mod_auth_ldap2.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,78 @@ +-- vim:sts=4 sw=4 + +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- Copyright (C) 2012 Rob Hoelz +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- +-- http://code.google.com/p/prosody-modules/source/browse/mod_auth_ldap/mod_auth_ldap.lua +-- adapted to use common LDAP store + +local ldap = module:require 'ldap'; +local new_sasl = require 'util.sasl'.new; +local jsplit = require 'util.jid'.split; + +if not ldap then + return; +end + +local provider = {} + +function provider.test_password(username, password) + return ldap.bind(username, password); +end + +function provider.user_exists(username) + local params = ldap.getparams() + + local filter = ldap.filter.combine_and(params.user.filter, params.user.usernamefield .. '=' .. username); + + return ldap.singlematch { + base = params.user.basedn, + filter = filter, + }; +end + +function provider.get_password(username) + return nil, "Passwords unavailable for LDAP."; +end + +function provider.set_password(username, password) + return nil, "Passwords unavailable for LDAP."; +end + +function provider.create_user(username, password) + return nil, "Account creation/modification not available with LDAP."; +end + +function provider.get_sasl_handler() + local testpass_authentication_profile = { + plain_test = function(sasl, username, password, realm) + return provider.test_password(username, password), true; + end, + mechanisms = { PLAIN = true }, + }; + return new_sasl(module.host, testpass_authentication_profile); +end + +function provider.is_admin(jid) + local admin_config = ldap.getparams().admin; + + if not admin_config then + return; + end + + local ld = ldap:getconnection(); + local username = jsplit(jid); + local filter = ldap.filter.combine_and(admin_config.filter, admin_config.namefield .. '=' .. username); + + return ldap.singlematch { + base = admin_config.basedn, + filter = filter, + }; +end + +module:provides("auth", provider);
--- a/mod_auth_sql/mod_auth_sql.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_auth_sql/mod_auth_sql.lua Tue Mar 12 12:10:25 2013 +0000 @@ -5,7 +5,6 @@ local log = require "util.logger".init("auth_sql"); local new_sasl = require "util.sasl".new; -local nodeprep = require "util.encodings".stringprep.nodeprep; local DBI = require "DBI" local connection; @@ -101,12 +100,7 @@ function provider.get_sasl_handler() local profile = { plain = function(sasl, username, realm) - local prepped_username = nodeprep(username); - if not prepped_username then - module:log("debug", "NODEprep failed on username: %s", username); - return "", nil; - end - local password = get_password(prepped_username); + local password = get_password(username); if not password then return "", nil; end return password, true; end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_bidi/mod_bidi.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,129 @@ +-- Bidirectional Server-to-Server Connections +-- http://xmpp.org/extensions/xep-0288.html +-- Copyright (C) 2013 Kim Alvefur +-- +-- This file is MIT/X11 licensed. +-- +local s2smanager = require"core.s2smanager"; +local add_filter = require "util.filters".add_filter; +local st = require "util.stanza"; +local jid_split = require"util.jid".prepped_split; + +local xmlns_bidi_feature = "urn:xmpp:features:bidi" +local xmlns_bidi = "urn:xmpp:bidi"; +local noop = function () end +local core_process_stanza = prosody.core_process_stanza or core_process_stanza; +local traceback = debug.traceback; + +local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), traceback()); end +local function handlestanza(session, stanza) + if stanza.attr.xmlns == "jabber:client" then --COMPAT: Prosody pre-0.6.2 may send jabber:client + stanza.attr.xmlns = nil; + end + -- stanza = session.filter("stanzas/in", stanza); + if stanza then + return xpcall(function () return core_process_stanza(session, stanza) end, handleerr); + end +end + +local function new_bidi(origin) + local bidi_session, remote_host; + origin.log("debug", "Creating bidirectional session wrapper"); + if origin.direction == "incoming" then -- then we create an "outgoing" bidirectional session + local conflicting_session = hosts[origin.to_host].s2sout[origin.from_host] + if conflicting_session then + conflicting_session.log("info", "We already have an outgoing connection to %s, closing it...", origin.from_host); + conflicting_session:close{ condition = "conflict", text = "Replaced by bidirectional stream" } + s2smanager.destroy_session(conflicting_session); + end + remote_host = origin.from_host; + bidi_session = s2smanager.new_outgoing(origin.to_host, origin.from_host) + else -- outgoing -- then we create an "incoming" bidirectional session + remote_host = origin.to_host; + bidi_session = s2smanager.new_incoming(origin.conn) + bidi_session.to_host = origin.from_host; + bidi_session.from_host = origin.to_host; + add_filter(origin, "stanzas/in", function(stanza) + if stanza.attr.xmlns ~= nil then return stanza end + local _, host = jid_split(stanza.attr.from); + if host ~= remote_host then return stanza end + handlestanza(bidi_session, stanza); + end, 1); + end + origin.bidi_session = bidi_session; + bidi_session.sends2s = origin.sends2s; + bidi_session.bounce_sendq = noop; + bidi_session.notopen = nil; + bidi_session.is_bidi = true; + bidi_session.bidi_session = false; + bidi_session.orig_session = origin; + bidi_session.secure = origin.secure; + bidi_session.cert_identity_status = origin.cert_identity_status; + bidi_session.cert_chain_status = origin.cert_chain_status; + bidi_session.close = function(...) + return origin.close(...); + end + + bidi_session.log("info", "Bidirectional session established"); + s2smanager.make_authenticated(bidi_session, remote_host); + return bidi_session; +end + +-- Incoming s2s +module:hook("s2s-stream-features", function(event) + local origin, features = event.origin, event.features; + if not origin.is_bidi and not hosts[module.host].s2sout[origin.from_host] then + module:log("debug", "Announcing support for bidirectional streams"); + features:tag("bidi", { xmlns = xmlns_bidi_feature }):up(); + end +end); + +module:hook("stanza/urn:xmpp:bidi:bidi", function(event) + local origin = event.session or event.origin; + if not origin.is_bidi and not origin.bidi_session then + module:log("debug", "%s requested bidirectional stream", origin.from_host); + origin.do_bidi = true; + return true; + end +end); + +-- Outgoing s2s +module:hook("stanza/http://etherx.jabber.org/streams:features", function(event) + local origin = event.session or event.origin; + if not ( origin.bidi_session or origin.is_bidi or origin.do_bidi) + and event.stanza:get_child("bidi", xmlns_bidi_feature) then + module:log("debug", "%s supports bidirectional streams", origin.to_host); + origin.sends2s(st.stanza("bidi", { xmlns = xmlns_bidi })); + origin.do_bidi = true; + end +end, 160); + +function enable_bidi(event) + local session = event.session; + if session.do_bidi and not ( session.is_bidi or session.bidi_session ) then + session.do_bidi = nil; + new_bidi(session); + end +end + +module:hook("s2sin-established", enable_bidi); +module:hook("s2sout-established", enable_bidi); + +function disable_bidi(event) + local session = event.session; + if session.bidi_session then + local bidi_session = session.bidi_session; + session.bidi_session, bidi_session.orig_session = nil, nil; + session.log("debug", "Tearing down bidirectional stream"); + s2smanager.destroy_session(bidi_session, event.reason); + elseif session.orig_session then + local orig_session = session.orig_session; + orig_session.bidi_session, session.orig_session = nil, nil; + orig_session.log("debug", "Tearing down bidirectional stream"); + s2smanager.destroy_session(orig_session, event.reason); + end +end + +module:hook("s2sin-destroyed", disable_bidi); +module:hook("s2sout-destroyed", disable_bidi); +
--- a/mod_carbons/mod_carbons.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_carbons/mod_carbons.lua Tue Mar 12 12:10:25 2013 +0000 @@ -7,6 +7,7 @@ local jid_bare = require "util.jid".bare; local xmlns_carbons = "urn:xmpp:carbons:2"; local xmlns_carbons_old = "urn:xmpp:carbons:1"; +local xmlns_carbons_really_old = "urn:xmpp:carbons:0"; local xmlns_forward = "urn:xmpp:forward:0"; local full_sessions, bare_sessions = full_sessions, bare_sessions; @@ -27,6 +28,19 @@ module:hook("iq/self/"..xmlns_carbons_old..":disable", toggle_carbons); module:hook("iq/self/"..xmlns_carbons_old..":enable", toggle_carbons); +-- COMPAT :( +if module:get_option_boolean("carbons_v0") then + module:hook("iq/self/"..xmlns_carbons_really_old..":carbons", function(event) + local origin, stanza = event.origin, event.stanza; + if stanza.attr.type == "set" then + local state = stanza.tags[1].attr.mode; + origin.want_carbons = state == "enable" and xmlns_carbons_really_old; + origin.send(st.reply(stanza)); + return true; + end + end); +end + local function message_handler(event, c2s) local origin, stanza = event.origin, event.stanza; local orig_type = stanza.attr.type; @@ -76,7 +90,7 @@ local copy = st.clone(stanza); copy.attr.xmlns = "jabber:client"; local carbon = st.message{ from = bare_jid, type = orig_type, } - :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons }):up() + :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons }) :tag("forwarded", { xmlns = xmlns_forward }) :add_child(copy):reset(); @@ -86,6 +100,10 @@ :tag("forwarded", { xmlns = xmlns_forward }) :add_child(copy):reset(); + -- COMPAT + local carbon_really_old = st.clone(stanza) + :tag(c2s and "sent" or "received", { xmlns = xmlns_carbons_really_old }):up() + user_sessions = user_sessions and user_sessions.sessions; for _, session in pairs(user_sessions) do -- Carbons are sent to resources that have enabled it @@ -93,10 +111,14 @@ -- but not the resource that sent the message, or the one that it's directed to and session ~= target_session -- and isn't among the top resources that would receive the message per standard routing rules - and (c2s or session.priority ~= top_priority) then + and (c2s or session.priority ~= top_priority) + -- don't send v0 carbons (or copies) for c2s + and (not c2s or session.want_carbons ~= xmlns_carbons_really_old) then carbon.attr.to = session.full_jid; module:log("debug", "Sending carbon to %s", session.full_jid); - local carbon = session.want_carbons == xmlns_carbons_old and carbon_old or carbon; -- COMPAT + local carbon = session.want_carbons == xmlns_carbons_old and carbon_old -- COMPAT + or session.want_carbons == xmlns_carbons_really_old and carbon_really_old -- COMPAT + or carbon; session.send(carbon); end end @@ -107,6 +129,7 @@ end -- Stanzas sent by local clients +module:hook("pre-message/host", c2s_message_handler, 1); module:hook("pre-message/bare", c2s_message_handler, 1); module:hook("pre-message/full", c2s_message_handler, 1); -- Stanzas to local clients @@ -115,3 +138,6 @@ module:add_feature(xmlns_carbons); module:add_feature(xmlns_carbons_old); +if module:get_option_boolean("carbons_v0") then + module:add_feature(xmlns_carbons_really_old); +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_carbons_adhoc/mod_carbons_adhoc.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,42 @@ +-- Implement a Adhoc command which will show a user +-- the status of carbons generation in regard to his clients +-- +-- Copyright (C) 2012 Michael Holzt +-- +-- This file is MIT/X11 licensed. + +local st = require "util.stanza"; +local jid_bare = require "util.jid".bare; +local adhoc_new = module:require "adhoc".new; +local xmlns_carbons_v2 = "urn:xmpp:carbons:2"; +local xmlns_carbons_v1 = "urn:xmpp:carbons:1"; +local xmlns_carbons_v0 = "urn:xmpp:carbons:0"; + +local bare_sessions = bare_sessions; + +local function adhoc_status(self, data, state) + local result; + + local bare_jid = jid_bare(data.from); + local user_sessions = bare_sessions[bare_jid]; + + local result = ""; + + user_sessions = user_sessions and user_sessions.sessions; + for _, session in pairs(user_sessions) do + if session.full_jid then + result = result .. session.full_jid .. ": " .. + ( (session.want_carbons == xmlns_carbons_v2 and "v2" ) or + (session.want_carbons == xmlns_carbons_v1 and "v1" ) or + (session.want_carbons == xmlns_carbons_v0 and "v0" ) or + "none" ) .. "\n"; + end + end + + return { info = result, status = "completed" }; +end + +local status_desc = adhoc_new("Carbons: Get Status", + "mod_carbons_adhoc#status", adhoc_status); + +module:add_item("adhoc", status_desc);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_carbons_copies/mod_carbons_copies.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,63 @@ +-- Send carbons v0 style copies of incoming messages to clients which +-- are not (yet) capable of Message Carbons (XEP-0280). +-- +-- This extension integrates with the mod_carbons plugin in such a way +-- that a client capable of Message Carbons will not get a v0 copy. +-- +-- This extension can be enabled for all users by default by setting +-- carbons_copies_default = true. +-- +-- Alternatively or additionally setting carbons_copies_adhoc = true +-- will allow the user to enable or disable copies through Adhoc +-- commands. +-- +-- Copyright (C) 2012 Michael Holzt +-- +-- This file is MIT/X11 licensed. + +local jid_split = require "util.jid".split; +local dm_load = require "util.datamanager".load; +local dm_store = require "util.datamanager".store; +local adhoc_new = module:require "adhoc".new; +local xmlns_carbons_v0 = "urn:xmpp:carbons:0"; +local storename = "mod_carbons_copies"; + +local function toggle_copies(data, on) + local username, hostname, resource = jid_split(data.from); + dm_store(username, hostname, storename, { enabled = on }); +end + +local function adhoc_enable_copies(self, data, state) + toggle_copies(data, true); + return { info = "Copies are enabled for you now.\nPlease restart/reconnect clients.", status = "completed" }; +end + +local function adhoc_disable_copies(self, data, state) + toggle_copies(data, false); + return { info = "Copies are disabled for you now.\nPlease restart/reconnect clients.", status = "completed" }; +end + +module:hook("resource-bind", function(event) + local session = event.session; + local username, hostname, resource = jid_split(session.full_jid); + + local store = dm_load(username, hostname, storename) or + { enabled = + module:get_option_boolean("carbons_copies_default") }; + + if store.enabled then + session.want_carbons = xmlns_carbons_v0; + module:log("debug", "%s enabling copies", session.full_jid); + end +end); + +-- Adhoc-Support +if module:get_option_boolean("carbons_copies_adhoc") then + local enable_desc = adhoc_new("Carbons: Enable Copies", + "mod_carbons_copies#enable", adhoc_enable_copies); + local disable_desc = adhoc_new("Carbons: Disable Copies", + "mod_carbons_copies#disable", adhoc_disable_copies); + + module:add_item("adhoc", enable_desc); + module:add_item("adhoc", disable_desc); +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_http_dir_listing/http_dir_listing/mod_http_dir_listing.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,58 @@ +-- Prosody IM +-- Copyright (C) 2012 Kim Alvefur +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +module:set_global(); +local server = require"net.http.server"; +local lfs = require "lfs"; +local stat = lfs.attributes; +local build_path = require"socket.url".build_path; +local base64_encode = require"util.encodings".base64.encode; +local tag = require"util.stanza".stanza; +local template = require"util.template"; + +local function get_resource(resource) + local fh = assert(module:load_resource(resource)); + local data = fh:read"*a"; + fh:close(); + return data; +end + +local dir_index_template = template(get_resource("resources/template.html")); +local style = get_resource("resources/style.css"):gsub("url%((.-)%)", function(url) + --module:log("debug", "Inlineing %s", url); + return "url(data:image/png;base64,"..base64_encode(get_resource("resources/"..url))..")"; +end); + +local function generate_directory_index(path, full_path) + local filelist = tag("ul", { class = "filelist" } ):text"\n"; + if path ~= "/" then + filelist:tag("li", { class = "parent directory" }) + :tag("a", { href = "..", rel = "up" }):text("Parent Directory"):up():up():text"\n" + end + for file in lfs.dir(full_path) do + if file:sub(1,1) ~= "." then + local attr = stat(full_path..file) or {}; + local path = { file }; + path.is_directory = attr.mode == "directory"; + filelist:tag("li", { class = attr.mode }) + :tag("a", { href = build_path(path) }):text(file):up() + :up():text"\n"; + end + end + return "<!DOCTYPE html>\n"..tostring(dir_index_template.apply{ + path = path, + style = style, + filelist = filelist, + footer = "Prosody "..prosody.version, + }); +end + +module:hook_object_event(server, "directory-index", function (event) + local ok, data = pcall(generate_directory_index, event.path, event.full_path); + if ok then return data end + module:log("warn", data); +end);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_http_dir_listing/http_dir_listing/resources/style.css Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,10 @@ + +body{background-color:#eeeeec;font-family:sans-serif;} +h1{font-size:xx-large;} +a:link,a:visited{color:#2e3436;text-decoration:none;} +a:link:hover,a:visited:hover{color:#3465a4;} +.filelist{background-color:white;padding:1em;list-style-position:inside;-moz-column-width:20em;-webkit-column-width:20em;-ms-column-width:20em;column-width:20em;} +.file{list-style-image:url(text-x-generic.png);} +.directory{list-style-image:url(folder.png);} +.parent{list-style-image:url(user-home.png);} +footer{margin-top:1ex;font-size:smaller;color:#babdb6;}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_http_dir_listing/http_dir_listing/resources/template.html Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,14 @@ +<html> + <head> + <title>Index of {path}</title> + <meta charset="utf-8"/> + <style>{style}</style> + </head> + <body> + <h1>Index of {path}</h1> + + {filelist} + + <footer>{footer}</footer> + </body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_incidents_handling/incidents_handling/incidents_handling.lib.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,405 @@ +-- This contains the auxiliary functions for the Incidents Handling module. +-- (C) 2012-2013, Marco Cirillo (LW.Org) + +local pairs, ipairs, os_date, string, table, tonumber = pairs, ipairs, os.date, string, table, tonumber + +local dataforms_new = require "util.dataforms".new +local st = require "util.stanza" + +local xmlns_inc = "urn:xmpp:incident:2" +local xmlns_iodef = "urn:ietf:params:xml:ns:iodef-1.0" +local my_host = nil + +-- // Util and Functions // + +local function ft_str() + local d = os_date("%FT%T%z"):gsub("^(.*)(%+%d+)", function(dt, z) + if z == "+0000" then return dt.."Z" else return dt..z end + end) + return d +end + +local function get_incident_layout(i_type) + local layout = { + title = (i_type == "report" and "Incident report form") or (i_type == "request" and "Request for assistance with incident form"), + instructions = "Started/Ended Time, Contacts, Sources and Targets of the attack are mandatory. See RFC 5070 for further format instructions.", + { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/commands" }, + + { name = "name", type = "hidden", value = my_host }, + { name = "entity", type ="text-single", label = "Remote entity to query" }, + { name = "started", type = "text-single", label = "Incident Start Time" }, + { name = "ended", type = "text-single", label = "Incident Ended Time" }, + { name = "reported", type = "hidden", value = ft_str() }, + { name = "description", type = "text-single", label = "Description", + desc = "Description syntax is: <lang (in xml:lang format)> <short description>" }, + { name = "contacts", type = "text-multi", label = "Contacts", + desc = "Contacts entries format is: <address> <type> <role> - separated by new lines" }, + { name = "related", type = "text-multi", label = "Related Incidents", + desc = "Related incidents entries format is: <CSIRT's FQDN> <Incident ID> - separated by new lines" }, + { name = "impact", type = "text-single", label = "Impact Assessment", + desc = "Impact assessment format is: <severity> <completion> <type>" }, + { name = "sources", type = "text-multi", label = "Attack Sources", + desc = "Attack sources format is: <address> <category> <count> <count-type>" }, + { name = "targets", type = "text-multi", label = "Attack Targets", + desc = "Attack target format is: <address> <category> <noderole>" } + } + + if i_type == "request" then + table.insert(layout, { + name = "expectation", + type = "list-single", + label = "Expected action from remote entity", + value = { + { value = "nothing", label = "No action" }, + { value = "contact-sender", label = "Contact us, regarding the incident" }, + { value = "investigate", label = "Investigate the entities listed into the incident" }, + { value = "block-host", label = "Block the involved accounts" }, + { value = "other", label = "Other action, filling the description field is required" } + }}) + table.insert(layout, { name = "description", type = "text-single", label = "Description" }) + end + + return dataforms_new(layout) +end + +local function render_list(incidents) + local layout = { + title = "Stored Incidents List", + instructions = "You can select and view incident reports here, if a followup/response is possible it'll be noted in the step after selection.", + { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/commands" }, + { + name = "ids", + type = "list-single", + label = "Stored Incidents", + value = {} + } + } + + -- Render stored incidents list + + for id in pairs(incidents) do + table.insert(layout[2].value, { value = id, label = id }) + end + + return dataforms_new(layout) +end + +local function insert_fixed(t, item) table.insert(t, { type = "fixed", value = item }) end + +local function render_single(incident) + local layout = { + title = string.format("Incident ID: %s - Friendly Name: %s", incident.data.id.text, incident.data.id.name), + instructions = incident.data.desc.text, + { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/commands" } + } + + insert_fixed(layout, "Start Time: "..incident.data.start_time) + insert_fixed(layout, "End Time: "..incident.data.end_time) + insert_fixed(layout, "Report Time: "..incident.data.report_time) + + insert_fixed(layout, "Contacts --") + for _, contact in ipairs(incident.data.contacts) do + insert_fixed(layout, string.format("Role: %s Type: %s", contact.role, contact.type)) + if contact.jid then insert_fixed(layout, "--> JID: "..contact.jid..(contact.xmlns and ", XMLNS: "..contact.xmlns or "")) end + if contact.email then insert_fixed(layout, "--> E-Mail: "..contact.email) end + if contact.telephone then insert_fixed(layout, "--> Telephone: "..contact.telephone) end + if contact.postaladdr then insert_fixed(layout, "--> Postal Address: "..contact.postaladdr) end + end + + insert_fixed(layout, "Related Activity --") + for _, related in ipairs(incident.data.related) do + insert_fixed(layout, string.format("Name: %s ID: %s", related.name, related.text)) + end + + insert_fixed(layout, "Assessment --") + insert_fixed(layout, string.format("Language: %s Severity: %s Completion: %s Type: %s", + incident.data.assessment.lang, incident.data.assessment.severity, incident.data.assessment.completion, incident.data.assessment.type)) + + insert_fixed(layout, "Sources --") + for _, source in ipairs(incident.data.event_data.sources) do + insert_fixed(layout, string.format("Address: %s Counter: %s", source.address.text, source.counter.value)) + end + + insert_fixed(layout, "Targets --") + for _, target in ipairs(incident.data.event_data.targets) do + insert_fixed(layout, string.format("For NodeRole: %s", (target.noderole.cat == "ext-category" and target.noderole.ext) or targets.noderole.cat)) + for _, address in ipairs(target.addresses) do + insert_fixed(layout, string.format("---> Address: %s Type: %s", address.text, (address.cat == "ext-category" and address.ext) or address.cat)) + end + end + + if incident.data.expectation then + insert_fixed(layout, "Expected Action: "..incident.data.expectation.action) + if incident.data.expectation.desc then + insert_fixed(layout, "Expected Action Description: "..incident.data.expectation.desc) + end + end + + if incident.type == "request" and incident.status == "open" then + table.insert(layout, { name = "response-datetime", type = "hidden", value = ft_str() }) + table.insert(layout, { name = "response", type = "text-single", label = "Respond to the request" }) + end + + return dataforms_new(layout) +end + +local function get_type(var, typ) + if typ == "counter" then + local count_type, count_ext = var, nil + if count_type ~= "byte" or count_type ~= "packet" or count_type ~= "flow" or count_type ~= "session" or + count_type ~= "alert" or count_type ~= "message" or count_type ~= "event" or count_type ~= "host" or + count_type ~= "site" or count_type ~= "organization" then + count_ext = count_type + count_type = "ext-type" + end + return count_type, count_ext + elseif typ == "category" then + local cat, cat_ext = var, nil + if cat ~= "asn" or cat ~= "atm" or cat ~= "e-mail" or cat ~= "ipv4-addr" or + cat ~= "ipv4-net" or cat ~= "ipv4-net-mask" or cat ~= "ipv6-addr" or cat ~= "ipv6-net" or + cat ~= "ipv6-net-mask" or cat ~= "mac" then + cat_ext = cat + cat = "ext-category" + end + return cat, cat_ext + elseif type == "noderole" then + local noderole_ext = nil + if cat ~= "client" or cat ~= "server-internal" or cat ~= "server-public" or cat ~= "www" or + cat ~= "mail" or cat ~= "messaging" or cat ~= "streaming" or cat ~= "voice" or + cat ~= "file" or cat ~= "ftp" or cat ~= "p2p" or cat ~= "name" or + cat ~= "directory" or cat ~= "credential" or cat ~= "print" or cat ~= "application" or + cat ~= "database" or cat ~= "infra" or cat ~= "log" then + noderole_ext = true + end + return noderole_ext + end +end + +local function do_tag_mapping(tag, object) + if tag.name == "IncidentID" then + object.id = { text = tag:get_text(), name = tag.attr.name } + elseif tag.name == "StartTime" then + object.start_time = tag:get_text() + elseif tag.name == "EndTime" then + object.end_time = tag:get_text() + elseif tag.name == "ReportTime" then + object.report_time = tag:get_text() + elseif tag.name == "Description" then + object.desc = { text = tag:get_text(), lang = tag.attr["xml:lang"] } + elseif tag.name == "Contact" then + local jid = tag:get_child("AdditionalData").tags[1] + local email = tag:get_child("Email") + local telephone = tag:get_child("Telephone") + local postaladdr = tag:get_child("PostalAddress") + if not object.contacts then + object.contacts = {} + object.contacts[1] = { + role = tag.attr.role, + ext_role = (tag.attr["ext-role"] and true) or nil, + type = tag.attr.type, + ext_type = (tag.attr["ext-type"] and true) or nil, + xmlns = jid.attr.xmlns, + jid = jid:get_text(), + email = email, + telephone = telephone, + postaladdr = postaladdr + } + else + object.contacts[#object.contacts + 1] = { + role = tag.attr.role, + ext_role = (tag.attr["ext-role"] and true) or nil, + type = tag.attr.type, + ext_type = (tag.attr["ext-type"] and true) or nil, + xmlns = jid.attr.xmlns, + jid = jid:get_text(), + email = email, + telephone = telephone, + postaladdr = postaladdr + } + end + elseif tag.name == "RelatedActivity" then + object.related = {} + for _, t in ipairs(tag.tags) do + if tag.name == "IncidentID" then + object.related[#object.related + 1] = { text = t:get_text(), name = tag.attr.name } + end + end + elseif tag.name == "Assessment" then + local impact = tag:get_child("Impact") + object.assessment = { lang = impact.attr.lang, severity = impact.attr.severity, completion = impact.attr.completion, type = impact.attr.type } + elseif tag.name == "EventData" then + local source = tag:get_child("Flow").tags[1] + local target = tag:get_child("Flow").tags[2] + local expectation = tag:get_child("Flow").tags[3] + object.event_data = { sources = {}, targets = {} } + for _, t in ipairs(source.tags) do + local addr = t:get_child("Address") + local cntr = t:get_child("Counter") + object.event_data.sources[#object.event_data.sources + 1] = { + address = { cat = addr.attr.category, ext = addr.attr["ext-category"], text = addr:get_text() }, + counter = { type = cntr.attr.type, ext_type = cntr.attr["ext-type"], value = cntr:get_text() } + } + end + for _, entry in ipairs(target.tags) do + local noderole = { cat = entry:get_child("NodeRole").attr.category, ext = entry:get_child("NodeRole").attr["ext-category"] } + local current = #object.event_data.targets + 1 + object.event_data.targets[current] = { addresses = {}, noderole = noderole } + for _, tag in ipairs(entry.tags) do + object.event_data.targets[current].addresses[#object.event_data.targets[current].addresses + 1] = { text = tag:get_text(), cat = tag.attr.category, ext = tag.attr["ext-category"] } + end + end + if expectation then + object.event_data.expectation = { + action = expectation.attr.action, + desc = expectation:get_child("Description") and expectation:get_child("Description"):get_text() + } + end + elseif tag.name == "History" then + object.history = {} + for _, t in ipairs(tag.tags) do + object.history[#object.history + 1] = { + action = t.attr.action, + date = t:get_child("DateTime"):get_text(), + desc = t:get_chilld("Description"):get_text() + } + end + end +end + +local function stanza_parser(stanza) + local object = {} + + if stanza:get_child("report", xmlns_inc) then + local report = st.clone(stanza):get_child("report", xmlns_inc):get_child("Incident", xmlns_iodef) + for _, tag in ipairs(report.tags) do do_tag_mapping(tag, object) end + elseif stanza:get_child("request", xmlns_inc) then + local request = st.clone(stanza):get_child("request", xmlns_inc):get_child("Incident", xmlns_iodef) + for _, tag in ipairs(request.tags) do do_tag_mapping(tag, object) end + elseif stanza:get_child("response", xmlns_inc) then + local response = st.clone(stanza):get_child("response", xmlns_inc):get_child("Incident", xmlns_iodef) + for _, tag in ipairs(response.tags) do do_tag_mapping(tag, object) end + end + + return object +end + +local function stanza_construct(id) + if not id then return nil + else + local object = incidents[id].data + local s_type = incidents[id].type + local stanza = st.iq():tag(s_type or "report", { xmlns = xmlns_inc }) + stanza:tag("Incident", { xmlns = xmlns_iodef, purpose = incidents[id].purpose }) + :tag("IncidentID", { name = object.id.name }):text(object.id.text):up() + :tag("StartTime"):text(object.start_time):up() + :tag("EndTime"):text(object.end_time):up() + :tag("ReportTime"):text(object.report_time):up() + :tag("Description", { ["xml:lang"] = object.desc.lang }):text(object.desc.text):up():up(); + + local incident = stanza:get_child(s_type, xmlns_inc):get_child("Incident", xmlns_iodef) + + for _, contact in ipairs(object.contacts) do + incident:tag("Contact", { role = (contact.ext_role and "ext-role") or contact.role, + ["ext-role"] = (contact.ext_role and contact.role) or nil, + type = (contact.ext_type and "ext-type") or contact.type, + ["ext-type"] = (contact.ext_type and contact.type) or nil }) + :tag("Email"):text(contact.email):up() + :tag("Telephone"):text(contact.telephone):up() + :tag("PostalAddress"):text(contact.postaladdr):up() + :tag("AdditionalData") + :tag("jid", { xmlns = contact.xmlns }):text(contact.jid):up():up():up() + + end + + incident:tag("RelatedActivity"):up(); + + for _, related in ipairs(object.related) do + incident:get_child("RelatedActivity") + :tag("IncidentID", { name = related.name }):text(related.text):up(); + end + + incident:tag("Assessment") + :tag("Impact", { + lang = object.assessment.lang, + severity = object.assessment.severity, + completion = object.assessment.completion, + type = object.assessment.type + }):up():up(); + + incident:tag("EventData") + :tag("Flow") + :tag("System", { category = "source" }):up() + :tag("System", { category = "target" }):up():up():up(); + + local e_data = incident:get_child("EventData") + + local sources = e_data:get_child("Flow").tags[1] + local targets = e_data:get_child("Flow").tags[2] + + for _, source in ipairs(object.event_data.sources) do + sources:tag("Node") + :tag("Address", { category = source.address.cat, ["ext-category"] = source.address.ext }) + :text(source.address.text):up() + :tag("Counter", { type = source.counter.type, ["ext-type"] = source.counter.ext_type }) + :text(source.counter.value):up():up(); + end + + for _, target in ipairs(object.event_data.targets) do + targets:tag("Node"):up() ; local node = targets.tags[#targets.tags] + for _, address in ipairs(target.addresses) do + node:tag("Address", { category = address.cat, ["ext-category"] = address.ext }):text(address.text):up(); + end + node:tag("NodeRole", { category = target.noderole.cat, ["ext-category"] = target.noderole.ext }):up(); + end + + if object.event_data.expectation then + e_data:tag("Expectation", { action = object.event_data.expectation.action }):up(); + if object.event_data.expectation.desc then + local expectation = e_data:get_child("Expectation") + expectation:tag("Description"):text(object.event_data.expectation.desc):up(); + end + end + + if object.history then + local history = incident:tag("History"):up(); + + for _, item in ipairs(object.history) do + history:tag("HistoryItem", { action = item.action }) + :tag("DateTime"):text(item.date):up() + :tag("Description"):text(item.desc):up():up(); + end + end + + -- Sanitize contact empty tags + for _, tag in ipairs(incident) do + if tag.name == "Contact" then + for i, check in ipairs(tag) do + if (check.name == "Email" or check.name == "PostalAddress" or check.name == "Telephone") and + not check:get_text() then + table.remove(tag, i) + end + end + end + end + + if s_type == "request" then stanza.attr.type = "get" + elseif s_type == "response" then stanza.attr.type = "set" + else stanza.attr.type = "set" end + + return stanza + end +end + + +_M = {} -- wraps methods into the library. +_M.ft_str = ft_str +_M.get_incident_layout = get_incident_layout +_M.render_list = render_list +_M.render_single = render_single +_M.get_type = get_type +_M.stanza_parser = stanza_parser +_M.stanza_construct = stanza_construct +_M.set_my_host = function(host) my_host = host end + +return _M +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_incidents_handling/incidents_handling/mod_incidents_handling.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,352 @@ +-- This plugin implements XEP-268 (Incidents Handling) +-- (C) 2012-2013, Marco Cirillo (LW.Org) + +-- Note: Only part of the IODEF specifications are supported. + +module:depends("adhoc") + +local datamanager = require "util.datamanager" +local dataforms_new = require "util.dataforms".new +local st = require "util.stanza" +local id_gen = require "util.uuid".generate + +local pairs, os_time = pairs, os.time + +local xmlns_inc = "urn:xmpp:incident:2" +local xmlns_iodef = "urn:ietf:params:xml:ns:iodef-1.0" + +local my_host = module:get_host() +local ih_lib = module:require("incidents_handling") +ih_lib.set_my_host(my_host) +incidents = {} + +local expire_time = module:get_option_number("incidents_expire_time", 0) + +-- Incidents Table Methods + +local _inc_mt = {} ; _inc_mt.__index = _inc_mt + +function _inc_mt:init() + self:clean() ; self:save() +end + +function _inc_mt:clean() + if expire_time > 0 then + for id, incident in pairs(self) do + if ((os_time() - incident.time) > expire_time) and incident.status ~= "open" then + incident = nil + end + end + end +end + +function _inc_mt:save() + if not datamanager.store("incidents", my_host, "incidents_store", incidents) then + module:log("error", "Failed to save the incidents store!") + end +end + +function _inc_mt:add(stanza, report) + local data = ih_lib.stanza_parser(stanza) + local new_object = { + time = os_time(), + status = (not report and "open") or nil, + data = data + } + + self[data.id.text] = new_object + self:clean() ; self:save() +end + +function _inc_mt:new_object(fields, formtype) + local start_time, end_time, report_time = fields.started, fields.ended, fields.reported + + local _desc, _contacts, _related, _impact, _sources, _targets = fields.description, fields.contacts, fields.related, fields.impact, fields.sources, fields.targets + local fail = false + + local _lang, _dtext = _desc:match("^(%a%a)%s(.*)$") + if not _lang or not _dtext then return false end + local desc = { text = _dtext, lang = _lang } + + local contacts = {} + for contact in _contacts:gmatch("[%w%p]+%s[%w%p]+%s[%w%p]+") do + local address, atype, role = contact:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") + if not address or not atype or not role then fail = true ; break end + contacts[#contacts + 1] = { + role = role, + ext_role = (role ~= "creator" or role ~= "admin" or role ~= "tech" or role ~= "irt" or role ~= "cc" and true) or nil, + type = atype, + ext_type = (atype ~= "person" or atype ~= "organization" and true) or nil, + jid = (atype == "jid" and address) or nil, + email = (atype == "email" and address) or nil, + telephone = (atype == "telephone" and address) or nil, + postaladdr = (atype == "postaladdr" and address) or nil + } + end + + local related = {} + if _related then + for related in _related:gmatch("[%w%p]+%s[%w%p]+") do + local fqdn, id = related:match("^([%w%p]+)%s([%w%p]+)$") + if fqdn and id then related[#related + 1] = { text = id, name = fqdn } end + end + end + + local _severity, _completion, _type = _impact:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") + local assessment = { lang = "en", severity = _severity, completion = _completion, type = _type } + + local sources = {} + for source in _sources:gmatch("[%w%p]+%s[%w%p]+%s[%d]+%s[%w%p]+") do + local address, cat, count, count_type = source:match("^([%w%p]+)%s([%w%p]+)%s(%d+)%s([%w%p]+)$") + if not address or not cat or not count or not count_type then fail = true ; break end + local cat, cat_ext = ih_lib.get_type(cat, "category") + local count_type, count_ext = ih_lib.get_type(count_type, "counter") + + sources[#sources + 1] = { + address = { cat = cat, ext = cat_ext, text = address }, + counter = { type = count_type, ext_type = count_ext, value = count } + } + end + + local targets, _preprocess = {}, {} + for target in _targets:gmatch("[%w%p]+%s[%w%p]+%s[%w%p]+") do + local address, cat, noderole, noderole_ext + local address, cat, noderole = target:match("^([%w%p]+)%s([%w%p]+)%s([%w%p]+)$") + if not address or not cat or not noderole then fail = true ; break end + cat, cat_ext = ih_lib.get_type(cat, "category") + noderole_ext = ih_lib.get_type(cat, "noderole") + + if not _preprocess[noderole] then _preprocess[noderole] = { addresses = {}, ext = noderole_ext } end + + _preprocess[noderole].addresses[#_preprocess[noderole].addresses + 1] = { + text = address, cat = cat, ext = cat_ext + } + end + for noderole, data in pairs(_preprocess) do + local nr_cat = (data.ext and "ext-category") or noderole + local nr_ext = (data.ext and noderole) or nil + targets[#targets + 1] = { addresses = data.addresses, noderole = { cat = nr_cat, ext = nr_ext } } + end + + local new_object = {} + if not fail then + new_object["time"] = os_time() + new_object["status"] = (formtype == "request" and "open") or nil + new_object["type"] = formtype + new_object["data"] = { + id = { text = id_gen(), name = my_host }, + start_time = start_time, + end_time = end_time, + report_time = report_time, + desc = desc, + contacts = contacts, + related = related, + assessment = assessment, + event_data = { sources = sources, targets = targets } + } + + self[new_object.data.id.text] = new_object + self:clean() ; self:save() + return new_object.data.id.text + else return false end +end + +-- // Handler Functions // + +local function report_handler(event) + local origin, stanza = event.origin, event.stanza + + incidents:add(stanza, true) + return origin.send(st.reply(stanza)) +end + +local function inquiry_handler(event) + local origin, stanza = event.origin, event.stanza + + local inc_id = stanza:get_child("inquiry", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() + if incidents[inc_id] then + module:log("debug", "Server %s queried for incident %s which we know about, sending it", stanza.attr.from, inc_id) + local report_iq = stanza_construct(incidents[inc_id]) + report_iq.attr.from = stanza.attr.to + report_iq.attr.to = stanza.attr.from + report_iq.attr.type = "set" + + origin.send(st.reply(stanza)) + origin.send(report_iq) + return true + else + module:log("error", "Server %s queried for incident %s but we don't know about it", stanza.attr.from, inc_id) + origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true + end +end + +local function request_handler(event) + local origin, stanza = event.origin, event.stanza + + local req_id = stanza:get_child("request", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() + if not incidents[req_id] then + origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true + else + origin.send(st.reply(stanza)) ; return true + end +end + +local function response_handler(event) + local origin, stanza = event.origin, event.stanza + + local res_id = stanza:get_child("response", xmlns_inc):get_child("Incident", xmlns_iodef):get_child("IncidentID"):get_text() + if incidents[res_id] then + incidents[res_id] = nil + incidents:add(stanza, true) + origin.send(st.reply(stanza)) ; return true + else + origin.send(st.error_reply(stanza, "cancel", "item-not-found")) ; return true + end +end + +local function results_handler(event) return true end -- TODO results handling + +-- // Adhoc Commands // + +local function list_incidents_command_handler(self, data, state) + local list_incidents_layout = ih_lib.render_list(incidents) + + if state then + if state.step == 1 then + if data.action == "cancel" then + return { status = "canceled" } + elseif data.action == "prev" then + return { status = "executing", actions = { "next", default = "next" }, form = list_incidents_layout }, {} + end + + local single_incident_layout = state.form_layout + local fields = single_incident_layout:data(data.form) + + if fields.response then + incidents[state.id].status = "closed" + + local iq_send = ih_lib.stanza_construct(incidents[state.id]) + module:send(iq_send) + return { status = "completed", info = "Response sent." } + else + return { status = "completed" } + end + else + if data.action == "cancel" then return { status = "canceled" } end + local fields = list_incidents_layout:data(data.form) + + if fields.ids then + local single_incident_layout = ih_lib.render_single(incidents[fields.ids]) + return { status = "executing", actions = { "prev", "complete", default = "complete" }, form = single_incident_layout }, { step = 1, form_layout = single_incident_layout, id = fields.ids } + else + return { status = "completed", error = { message = "You need to select the report ID to continue." } } + end + end + else + return { status = "executing", actions = { "next", default = "next" }, form = list_incidents_layout }, {} + end +end + +local function send_inquiry_command_handler(self, data, state) + local send_inquiry_layout = dataforms_new{ + title = "Send an inquiry about an incident report to a host"; + instructions = "Please specify both the server host and the incident ID."; + + { name = "FORM_TYPE", type = "hidden", value = "http://jabber.org/protocol/commands" }; + { name = "server", type = "text-single", label = "Server to inquiry" }; + { name = "hostname", type = "text-single", label = "Involved incident host" }; + { name = "id", type = "text-single", label = "Incident ID" }; + } + + if state then + if data.action == "cancel" then return { status = "canceled" } end + local fields = send_inquiry_layout:data(data.form) + + if not fields.hostname or not fields.id or not fields.server then + return { status = "completed", error = { message = "You must supply the server to quest, the involved incident host and the incident ID." } } + else + local iq_send = st.iq({ from = my_host, to = fields.server, type = "get" }) + :tag("inquiry", { xmlns = xmlns_inc }) + :tag("Incident", { xmlns = xmlns_iodef, purpose = "traceback" }) + :tag("IncidentID", { name = data.hostname }):text(fields.id):up():up():up() + + module:log("debug", "Sending incident inquiry to %s", fields.server) + module:send(iq_send) + return { status = "completed", info = "Inquiry sent, if an answer can be obtained from the remote server it'll be listed between incidents." } + end + else + return { status = "executing", form = send_inquiry_layout }, "executing" + end +end + +local function rr_command_handler(self, data, state, formtype) + local send_layout = ih_lib.get_incident_layout(formtype) + local err_no_fields = { status = "completed", error = { message = "You need to fill all fields, except the eventual related incident." } } + local err_proc = { status = "completed", error = { message = "There was an error processing your request, check out the syntax" } } + + if state then + if data.action == "cancel" then return { status = "canceled" } end + local fields = send_layout:data(data.form) + + if fields.started and fields.ended and fields.reported and fields.description and fields.contacts and + fields.impact and fields.sources and fields.targets and fields.entity then + if formtype == "request" and not fields.expectation then return err_no_fields end + local id = incidents:new_object(fields, formtype) + if not id then return err_proc end + + local stanza = ih_lib.stanza_construct(id) + stanza.attr.from = my_host + stanza.attr.to = fields.entity + module:log("debug","Sending incident %s stanza to: %s", formtype, stanza.attr.to) + module:send(stanza) + + return { status = "completed", info = string.format("Incident %s sent to %s.", formtype, fields.entity) } + else + return err_no_fields + end + else + return { status = "executing", form = send_layout }, "executing" + end +end + +local function send_report_command_handler(self, data, state) + return rr_command_handler(self, data, state, "report") +end + +local function send_request_command_handler(self, data, state) + return rr_command_handler(self, data, state, "request") +end + +local adhoc_new = module:require "adhoc".new +local list_incidents_descriptor = adhoc_new("List Incidents", xmlns_inc.."#list", list_incidents_command_handler, "admin") +local send_inquiry_descriptor = adhoc_new("Send Incident Inquiry", xmlns_inc.."#send_inquiry", send_inquiry_command_handler, "admin") +local send_report_descriptor = adhoc_new("Send Incident Report", xmlns_inc.."#send_report", send_report_command_handler, "admin") +local send_request_descriptor = adhoc_new("Send Incident Request", xmlns_inc.."#send_request", send_request_command_handler, "admin") +module:provides("adhoc", list_incidents_descriptor) +module:provides("adhoc", send_inquiry_descriptor) +module:provides("adhoc", send_report_descriptor) +module:provides("adhoc", send_request_descriptor) + +-- // Hooks // + +module:hook("iq-set/host/urn:xmpp:incident:2:report", report_handler) +module:hook("iq-get/host/urn:xmpp:incident:2:inquiry", inquiry_handler) +module:hook("iq-get/host/urn:xmpp:incident:2:request", request_handler) +module:hook("iq-set/host/urn:xmpp:incident:2:response", response_handler) +module:hook("iq-result/host/urn:xmpp:incident:2", results_handler) + +-- // Module Methods // + +module.load = function() + if datamanager.load("incidents", my_host, "incidents_store") then incidents = datamanager.load("incidents", my_host, "incidents_store") end + setmetatable(incidents, _inc_mt) ; incidents:init() +end + +module.save = function() + return { incidents = incidents } +end + +module.restore = function(data) + incidents = data.incidents or {} + setmetatable(incidents, _inc_mt) ; incidents:init() +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_last_offline/mod_last_offline.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,33 @@ +local datamanager = require "util.datamanager"; +local jid_split = require "util.jid".split; +local time = os.time; +local NULL = {}; +local host = module.host; + +module:hook("resource-unbind", function(event) + local session = event.session; + if session.username then + datamanager.store(session.username, host, "last_online", { + timestamp = time(), + }); + end +end); + +local function offline_stamp(event) + local stanza = event.stanza; + local node, to_host = jid_split(stanza.attr.from); + if to_host == host and event.origin == hosts[host] and stanza.attr.type == "unavailable" then + local timestamp = (datamanager.load(node, host, "last_online") or NULL).timestamp; + if timestamp then + stanza:tag("delay", { + xmlns = "urn:xmpp:delay", + from = host, + stamp = datetime.datetime(timestamp), + }):up(); + end + end +end + +module:hook("pre-presence/bare", offline_stamp); +module:hook("pre-presence/full", offline_stamp); +
--- a/mod_lib_ldap/README.md Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/README.md Tue Mar 12 12:10:25 2013 +0000 @@ -12,7 +12,7 @@ With that note in mind, you need to set 'allow\_unencrypted\_plain\_auth' to true in your configuration if you want to use LDAP authentication. -To enable LDAP authentication, set 'authentication' to 'ldap' in your configuration file. +To enable LDAP authentication, set 'authentication' to 'ldap2' in your configuration file. See also http://prosody.im/doc/authentication. # LDAP Storage
--- a/mod_lib_ldap/dev/posix-users.ldif Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/dev/posix-users.ldif Tue Mar 12 12:10:25 2013 +0000 @@ -19,6 +19,10 @@ ou: Users objectclass: organizationalUnit +dn: ou=Admins,ou=Users,dc=example,dc=com +ou: Admins +objectclass: organizationalUnit + dn: uid=one,ou=Users,dc=example,dc=com objectclass: posixAccount objectclass: person @@ -212,6 +216,28 @@ K7j+qA4/I0UUNElHxV4s0HW/D81vBcP54IeNWiYZP5ehNeM3NrP5rFImYZ6gUUVDirmsJNKxGsE6 9YZB/wABNTJkcEEfWiigpM6rwgyR6vDLJ/q4zvb6Dmiiioe5dj//2Q== +dn: uid=six,ou=Admins,ou=Users,dc=example,dc=com +objectclass: posixAccount +objectclass: person +uid: six +uidNumber: 1005 +gidNumber: 1005 +sn: Testerson +cn: Admin Testerson +userPassword: 123456 +homeDirectory: /home/six + +dn: uid=seven,ou=Users,dc=example,dc=com +objectclass: posixAccount +objectclass: person +uid: seven +uidNumber: 1006 +gidNumber: 1006 +sn: User +cn: Invalid User +userPassword: 1234567 +homeDirectory: /home/seven + dn: cn=Everyone,ou=Groups,dc=example,dc=com objectclass: posixGroup cn: Everyone
--- a/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/dev/prosody-posix-ldap.cfg.lua Tue Mar 12 12:10:25 2013 +0000 @@ -1,6 +1,6 @@ -- Use Include 'prosody-posix-ldap.cfg.lua' from prosody.cfg.lua to include this file -authentication = 'ldap' -- Indicate that we want to use LDAP for authentication -storage = 'ldap' -- Indicate that we want to use LDAP for roster/vcard storage +authentication = 'ldap2' -- Indicate that we want to use LDAP for authentication +storage = 'ldap' -- Indicate that we want to use LDAP for roster/vcard storage ldap = { hostname = 'localhost', -- LDAP server location @@ -8,10 +8,10 @@ bind_password = 'prosody', -- Bind password (optional if anonymous bind is supported) user = { - basedn = 'ou=Users,dc=example,dc=com', -- The base DN where user records can be found - filter = 'objectClass=posixAccount', -- Filter expression to find user records under basedn - usernamefield = 'uid', -- The field that contains the user's ID (this will be the username portion of the JID) - namefield = 'cn', -- The field that contains the user's full name (this will be the alias found in the roster) + basedn = 'ou=Users,dc=example,dc=com', -- The base DN where user records can be found + filter = '(&(objectClass=posixAccount)(!(uid=seven)))', -- Filter expression to find user records under basedn + usernamefield = 'uid', -- The field that contains the user's ID (this will be the username portion of the JID) + namefield = 'cn', -- The field that contains the user's full name (this will be the alias found in the roster) }, groups = {
--- a/mod_lib_ldap/dev/t/00-login.t Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/dev/t/00-login.t Tue Mar 12 12:10:25 2013 +0000 @@ -11,9 +11,10 @@ 'three', 'four', 'five', + 'six', ); -plan tests => scalar(@users) + 2; +plan tests => scalar(@users) + 3; foreach my $username (@users) { my $conn = TestConnection->new($username); @@ -23,7 +24,7 @@ }); my $error = $conn->cond->recv; - ok(! $error) or diag($error); + ok(! $error) or diag("$username login failed: $error"); } do { @@ -38,7 +39,7 @@ }; do { - my $conn = TestConnection->new('six', password => '12345'); + my $conn = TestConnection->new('invalid', password => '12345'); $conn->reg_cb(session_ready => sub { $conn->cond->send; @@ -47,3 +48,14 @@ my $error = $conn->cond->recv; ok($error); }; + +do { + my $conn = TestConnection->new('seven', password => '1234567'); + + $conn->reg_cb(session_ready => sub { + $conn->cond->send; + }); + + my $error = $conn->cond->recv; + ok($error); +};
--- a/mod_lib_ldap/dev/t/TestConnection.pm Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/dev/t/TestConnection.pm Tue Mar 12 12:10:25 2013 +0000 @@ -14,6 +14,8 @@ three => '34512', four => '45123', five => '51234', + six => '123456', + seven => '1234567', ); sub new {
--- a/mod_lib_ldap/ldap.lib.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_lib_ldap/ldap.lib.lua Tue Mar 12 12:10:25 2013 +0000 @@ -177,7 +177,27 @@ -- XXX consider renaming this...it doesn't bind the current connection function _M.bind(username, password) - local who = format('%s=%s,%s', params.user.usernamefield, username, params.user.basedn); + local conn = _M.getconnection(); + local filter = format('%s=%s', params.user.usernamefield, username); + + if filter then + filter = _M.filter.combine_and(filter, params.user.filter); + end + + local who = _M.singlematch { + attrs = params.user.usernamefield, + base = params.user.basedn, + filter = filter, + }; + + if who then + who = who.dn; + module:log('debug', '_M.bind - who: %s', who); + else + module:log('debug', '_M.bind - no DN found for username = %s', username); + return nil, format('no DN found for username = %s', username); + end + local conn, err = ldap.open_simple(params.hostname, who, password, params.use_tls); if conn then @@ -192,9 +212,10 @@ local ld = _M.getconnection(); query.sizelimit = 1; - query.scope = 'onelevel'; + query.scope = 'subtree'; for dn, attribs in ld:search(query) do + attribs.dn = dn; return attribs; end end
--- a/mod_mam/mod_mam.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_mam/mod_mam.lua Tue Mar 12 12:10:25 2013 +0000 @@ -23,6 +23,7 @@ local tostring = tostring; local time_now = os.time; local m_min = math.min; +local t_insert = table.insert; local timestamp, timestamp_parse = require "util.datetime".datetime, require "util.datetime".parse; local uuid = require "util.uuid".generate; local default_max_items, max_max_items = 20, module:get_option_number("max_archive_query_results", 50); @@ -165,9 +166,12 @@ local first, last, index; local n = 0; local start = qset and qset.index or 1; + local results = {}; + -- An empty <before/> means: give the last n items. So we loop backwards. + local reverse = qset and qset.before or false; module:log("debug", "Loaded %d items, about to filter", #data); - for i=start,#data do + for i=(reverse and #data or start),(reverse and start or #data),(reverse and -1 or 1) do local item = data[i]; local when, with, resource = item.when, item.with, item.resource; local id = item.id; @@ -195,7 +199,11 @@ local orig_stanza = st.deserialize(item.stanza); orig_stanza.attr.xmlns = "jabber:client"; fwd_st:add_child(orig_stanza); - origin.send(fwd_st); + if reverse then + t_insert(results, 1, fwd_st); + else + results[#results + 1] = fwd_st; + end if not first then index = i; first = id; @@ -219,13 +227,16 @@ break end end + for _,v in pairs(results) do + origin.send(v); + end -- That's all folks! module:log("debug", "Archive query %s completed", tostring(qid)); local reply = st.reply(stanza); if last then -- This is a bit redundant, isn't it? - reply:query(xmlns_mam):add_child(rsm.generate{first = first, last = last, count = n}); + reply:query(xmlns_mam):add_child(rsm.generate{first = (reverse and last or first), last = (reverse and first or last), count = n}); end origin.send(reply); return true
--- a/mod_register_json/mod_register_json.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_register_json/mod_register_json.lua Tue Mar 12 12:10:25 2013 +0000 @@ -69,7 +69,6 @@ return http_response(event, 400, "JSON Decoding failed.") else -- Decode JSON data and check that all bits are there else throw an error - req_body = json_decode(body) if req_body["username"] == nil or req_body["password"] == nil or req_body["host"] == nil or req_body["ip"] == nil then module:log("debug", "%s supplied an insufficent number of elements or wrong elements for the JSON registration", user) return http_response(event, 400, "Invalid syntax.") @@ -86,7 +85,7 @@ -- And nodeprep the username local username = nodeprep(req_body["username"]) if not username then - module:log("debug", "%s supplied an username containing invalid characters: %s", user, username) + module:log("debug", "An username containing invalid characters was supplied: %s", user) return http_response(event, 406, "Supplied username contains invalid characters, see RFC 6122.") else if not usermanager.user_exists(username, req_body["host"]) then
--- a/mod_s2s_never_encrypt_blacklist/mod_s2s_never_encrypt_blacklist.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_s2s_never_encrypt_blacklist/mod_s2s_never_encrypt_blacklist.lua Tue Mar 12 12:10:25 2013 +0000 @@ -1,18 +1,24 @@ -- Filter out servers which gets choppy and buggy when it comes to starttls. -local bad_servers = module:get_option_set("tls_s2s_blacklist") -local bad_servers_ip = module:get_option_set("tls_s2s_blacklist_ip") +local bad_servers = module:get_option_set("tls_s2s_blacklist", {}) +local bad_servers_ip = module:get_option_set("tls_s2s_blacklist_ip", {}) +local libev = module:get_option_boolean("use_libevent") local function disable_tls_for_baddies_in(event) - if bad_servers:contains(event.origin.to_host) or bad_servers_ip:contains(event.origin.conn:ip()) - then event.origin.conn.starttls = nil end + local session = event.origin + if bad_servers:contains(session.from_host) or bad_servers_ip:contains(session.conn:ip()) then + module:log("debug", "disabling tls on incoming stream from %s...", tostring(session.from_host)); + if libev then session.conn.starttls = false; else session.conn.starttls = nil; end + end end local function disable_tls_for_baddies_out(event) - if bad_servers:contains(event.origin.from_host) or bad_servers_ip:contains(event.origin.conn:ip()) - then event.origin.conn.starttls = nil end + local session = event.origin + if bad_servers:contains(session.to_host) then + module:log("debug", "disabling tls on outgoing stream from %s...", tostring(session.to_host)); + if libev then session.conn.starttls = false; else session.conn.starttls = nil; end + end end -module:hook("s2s-stream-features", disable_tls_for_baddies_out, 10) -module:hook("stanza/http://etherx.jabber.org/streams:features", disable_tls_for_baddies_in, 510) - +module:hook("s2s-stream-features", disable_tls_for_baddies_in, 600) +module:hook("stanza/http://etherx.jabber.org/streams:features", disable_tls_for_baddies_out, 600)
--- a/mod_service_directories/mod_service_directories.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_service_directories/mod_service_directories.lua Tue Mar 12 12:10:25 2013 +0000 @@ -14,6 +14,7 @@ local adhoc_new = module:require "adhoc".new; local to_ascii = require "util.encodings".idna.to_ascii; local nameprep = require "util.encodings".stringprep.nameprep; +local dataforms_new = require "util.dataforms".new; local pairs, ipairs = pairs, ipairs; local module = module; local hosts = hosts; @@ -79,7 +80,7 @@ -- Admin ad-hoc command to subscribe local function add_contact_handler(self, data, state) - local layout = { + local layout = dataforms_new{ title = "Adding a Server Buddy"; instructions = "Fill out this form to add a \"server buddy\"."; @@ -92,7 +93,7 @@ elseif data.action == "canceled" then return { status = "canceled" }; else - local fields = layout:data(data); + local fields = layout:data(data.form); local peerjid = nameprep(fields.peerjid); if not peerjid or peerjid == "" or #peerjid > 1023 or not to_ascii(peerjid) then return { status = "completed", error = { message = "Invalid JID" } };
--- a/mod_smacks/mod_smacks.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_smacks/mod_smacks.lua Tue Mar 12 12:10:25 2013 +0000 @@ -83,6 +83,11 @@ queue[#queue+1] = cached_stanza; end + if session.hibernating then + -- The session is hibernating, no point in sending the stanza + -- over a dead connection. It will be delivered upon resumption. + return true; + end local ok, err = _send(stanza); if ok and #queue > max_unacked_stanzas and not session.awaiting_ack and attr and not attr.xmlns then session.awaiting_ack = true; @@ -203,7 +208,7 @@ module:hook("pre-resource-unbind", function (event) local session, err = event.session, event.error; - if session.smacks and err ~= "session closed" then + if session.smacks and err then if not session.resumption_token then local queue = session.outgoing_stanza_queue; if #queue > 0 then @@ -244,6 +249,14 @@ end); module:hook_stanza(xmlns_sm, "resume", function (session, stanza) + if session.full_jid then + session.log("debug", "Tried to resume after resource binding"); + session.send(st.stanza("failed", sm_attr) + :tag("unexpected-request", { xmlns = xmlns_errors }) + ); + return true; + end + local id = stanza.attr.previd; local original_session = session_registry[id]; if not original_session then
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_strict_https/mod_strict_https.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,44 @@ +-- HTTP Strict Transport Security +-- https://tools.ietf.org/html/rfc6797 + +module:set_global(); + +local http_server = require "net.http.server"; + +local hsts_header = module:get_option_string("hsts_header", "max-age=31556952"); -- This means "Don't even try to access without HTTPS for a year" + +local _old_send_response; +local _old_fire_event; + +local modules = {}; + +function module.load() + _old_send_response = http_server.send_response; + function http_server.send_response(response, body) + response.headers.strict_transport_security = hsts_header; + return _old_send_response(response, body); + end + + _old_fire_event = http_server._events.fire_event; + function http_server._events.fire_event(event, payload) + local request = payload.request; + local host = event:match("^[A-Z]+ ([^/]+)"); + local module = modules[host]; + if module and not request.secure then + payload.response.headers.location = module:http_url(request.path); + return 301; + end + return _old_fire_event(event, payload); + end +end +function module.unload() + http_server.send_response = _old_send_response; + http_server._events.fire_event = _old_fire_event; +end +function module.add_host(module) + local http_host = module:get_option_string("http_host", module.host); + modules[http_host] = module; + function module.unload() + modules[http_host] = nil; + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_uptime_presence/mod_uptime_presence.lua Tue Mar 12 12:10:25 2013 +0000 @@ -0,0 +1,17 @@ +local st = require"util.stanza"; +local datetime = require"util.datetime"; + +local presence = st.presence({ from = module.host }) + :tag("delay", { xmlns = "urn:xmpp:delay", + stamp = datetime.datetime(prosody.start_time) }); + +module:hook("presence/host", function(event) + local stanza = event.stanza; + if stanza.attr.type == "probe" then + presence.attr.id = stanza.attr.id; + presence.attr.to = stanza.attr.from; + module:send(presence); + return true; + end +end, 10); +
--- a/mod_vjud/mod_vjud.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_vjud/mod_vjud.lua Tue Mar 12 12:10:25 2013 +0000 @@ -6,6 +6,8 @@ local jid_split = require "util.jid".prepped_split; local vcard = module:require "vcard"; local rawget, rawset = rawget, rawset; +local s_lower = string.lower; +local s_find = string.find; local st = require "util.stanza"; local template = require "util.template"; @@ -28,6 +30,8 @@ </item> ]]; +local search_mode = module:get_option_string("vjud_mode", "opt-in"); +local allow_remote = module:get_option_boolean("allow_remote_searches", search_mode ~= "all"); local base_host = module:get_option_string("vjud_search_domain", module:get_host_type() == "component" and module.host:gsub("^[^.]+%.","") @@ -36,23 +40,6 @@ module:depends"disco"; module:add_feature("jabber:iq:search"); -local opted_in; -function module.load() - opted_in = dm_load(nil, module.host, "user_index") or {}; -end -function module.unload() - dm_store(nil, module.host, "user_index", opted_in); -end - -local opt_in_layout = dataforms_new{ - title = "Search settings"; - instructions = "Do you want to appear in search results?"; - { - name = "searchable", - label = "Appear in search results?", - type = "boolean", - }, -}; local vCard_mt = { __index = function(t, k) if type(k) ~= "string" then return nil end @@ -77,21 +64,32 @@ local at_host = "@"..base_host; +local users; -- The user iterator + module:hook("iq/host/jabber:iq:search:query", function(event) local origin, stanza = event.origin, event.stanza; + if not (allow_remote or origin.type == "c2s") then + origin.send(st.error_reply(stanza, "cancel", "not-allowed")) + return true; + end + if stanza.attr.type == "get" then origin.send(st.reply(stanza):add_child(get_reply)); else -- type == "set" local query = stanza.tags[1]; local first, last, nick, email = - (query:get_child_text"first" or false), - (query:get_child_text"last" or false), - (query:get_child_text"nick" or false), - (query:get_child_text"email" or false); + s_lower(query:get_child_text"first" or ""), + s_lower(query:get_child_text"last" or ""), + s_lower(query:get_child_text"nick" or ""), + s_lower(query:get_child_text"email" or ""); + first = #first >= 2 and first; + last = #last >= 2 and last; + nick = #nick >= 2 and nick; + email = #email >= 2 and email; if not ( first or last or nick or email ) then - origin.send(st.error_reply(stanza, "modify", "not-acceptable", "All fields were empty")); + origin.send(st.error_reply(stanza, "modify", "not-acceptable", "All fields were empty or too short")); return true; end @@ -110,13 +108,13 @@ }); end else - for username in pairs(opted_in) do + for username in users() do local vCard = get_user_vcard(username); - if vCard and ( - (vCard.N and vCard.N[2] == first) or - (vCard.N and vCard.N[1] == last) or - (vCard.NICKNAME and vCard.NICKNAME[1] == nick) or - (vCard.EMAIL and vCard.EMAIL[1] == email)) then + if vCard + and ((first and vCard.N and s_find(s_lower(vCard.N[2]), first, nil, true)) + or (last and vCard.N and s_find(s_lower(vCard.N[1]), last, nil, true)) + or (nick and vCard.NICKNAME and s_find(s_lower(vCard.NICKNAME[1]), nick, nil, true)) + or (email and vCard.EMAIL and s_find(s_lower(vCard.EMAIL[1]), email, nil, true))) then reply:add_child(item_template.apply{ jid = username..at_host; first = vCard.N and vCard.N[2] or nil; @@ -132,30 +130,55 @@ return true; end); -local function opt_in_handler(self, data, state) - local username, hostname = jid_split(data.from); - if state then -- the second return value - if data.action == "cancel" then - return { status = "canceled" }; - end - - if not username or not hostname or hostname ~= base_host then - return { status = "error", error = { type = "cancel", - condition = "forbidden", message = "Invalid user or hostname." } }; - end +if search_mode == "all" then + function users() + return usermanager.users(base_host); + end +else -- if "opt-in", default + local opted_in; + function module.load() + opted_in = dm_load(nil, module.host, "user_index") or {}; + end + function module.unload() + dm_store(nil, module.host, "user_index", opted_in); + end + function users() + return pairs(opted_in); + end + local opt_in_layout = dataforms_new{ + title = "Search settings"; + instructions = "Do you want to appear in search results?"; + { + name = "searchable", + label = "Appear in search results?", + type = "boolean", + }, + }; + local function opt_in_handler(self, data, state) + local username, hostname = jid_split(data.from); + if state then -- the second return value + if data.action == "cancel" then + return { status = "canceled" }; + end - local fields = opt_in_layout:data(data.form); - opted_in[username] = fields.searchable or nil + if not username or not hostname or hostname ~= base_host then + return { status = "error", error = { type = "cancel", + condition = "forbidden", message = "Invalid user or hostname." } }; + end - return { status = "completed" } - else -- No state, send the form. - return { status = "executing", actions = { "complete" }, + local fields = opt_in_layout:data(data.form); + opted_in[username] = fields.searchable or nil + + return { status = "completed" } + else -- No state, send the form. + return { status = "executing", actions = { "complete" }, form = { layout = opt_in_layout, values = { searchable = opted_in[username] } } }, true; + end end -end -local adhoc_new = module:require "adhoc".new; -local adhoc_vjudsetup = adhoc_new("Search settings", "vjudsetup", opt_in_handler);--, "self");-- and nil); -module:depends"adhoc"; -module:provides("adhoc", adhoc_vjudsetup); + local adhoc_new = module:require "adhoc".new; + local adhoc_vjudsetup = adhoc_new("Search settings", "vjudsetup", opt_in_handler);--, "self");-- and nil); + module:depends"adhoc"; + module:provides("adhoc", adhoc_vjudsetup); +end
--- a/mod_websocket/mod_websocket.lua Thu Nov 22 18:59:10 2012 +0000 +++ b/mod_websocket/mod_websocket.lua Tue Mar 12 12:10:25 2013 +0000 @@ -1,6 +1,4 @@ -- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain -- Copyright (C) 2012 Florian Zeitz -- -- This project is MIT/X11 licensed. Please see the @@ -9,28 +7,19 @@ module:set_global(); -local add_task = require "util.timer".add_task; -local new_xmpp_stream = require "util.xmppstream".new; -local nameprep = require "util.encodings".stringprep.nameprep; -local sessionmanager = require "core.sessionmanager"; -local st = require "util.stanza"; -local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session; -local uuid_generate = require "util.uuid".generate; +local add_filter = require "util.filters".add_filter; local sha1 = require "util.hashes".sha1; local base64 = require "util.encodings".base64.encode; -local band = require "bit".band; -local bxor = require "bit".bxor; - -local xpcall, tostring, type = xpcall, tostring, type; -local traceback = debug.traceback; +local softreq = require "util.dependencies".softreq; +local portmanager = require "core.portmanager"; -local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; - -local log = module._log; - -local c2s_timeout = module:get_option_number("c2s_timeout"); -local stream_close_timeout = module:get_option_number("c2s_close_timeout", 5); -local opt_keepalives = module:get_option_boolean("tcp_keepalives", false); +local bit; +pcall(function() bit = require"bit"; end); +bit = bit or softreq"bit32" +if not bit then module:log("error", "No bit module found. Either LuaJIT 2, lua-bitop or Lua 5.2 is required"); end +local band = bit.band; +local bxor = bit.bxor; +local rshift = bit.rshift; local cross_domain = module:get_option("cross_domain_websocket"); if cross_domain then @@ -44,11 +33,9 @@ end end -local sessions = module:shared("sessions"); -local core_process_stanza = prosody.core_process_stanza; - -local stream_callbacks = { default_ns = "jabber:client", handlestanza = core_process_stanza }; -local listener = {}; +module:depends("c2s") +local sessions = module:shared("c2s/sessions"); +local c2s_listener = portmanager.get_service("c2s").listener; -- Websocket helpers local function parse_frame(frame) @@ -118,11 +105,11 @@ result = result .. string.char(length); elseif length <= 0xFFFF then -- 2-byte length result = result .. string.char(126); - result = result .. string.char(length/0x100) .. string.char(length%0x100); + result = result .. string.char(rshift(length, 8)) .. string.char(length%0x100); else -- 8-byte length result = result .. string.char(127); for i = 7, 0, -1 do - result = result .. string.char(( length / (2^(8*i)) ) % 0x100); + result = result .. string.char(rshift(length, 8*i) % 0x100); end end @@ -131,198 +118,33 @@ return result; end ---- Stream events handlers -local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; -local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/streams", xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; - -function stream_callbacks.streamopened(session, attr) - local send = session.send; - session.host = nameprep(attr.to); - if not session.host then - session:close{ condition = "improper-addressing", - text = "A valid 'to' attribute is required on stream headers" }; - return; - end - session.version = tonumber(attr.version) or 0; - session.streamid = uuid_generate(); - (session.log or session)("debug", "Client sent opening <stream:stream> to %s", session.host); +--- Filter stuff +function handle_request(event, path) + local request, response = event.request, event.response; + local conn = response.conn; - if not hosts[session.host] then - -- We don't serve this host... - session:close{ condition = "host-unknown", text = "This server does not serve "..tostring(session.host)}; - return; - end - - -- COMPAT: Some current client implementations need this to be self-closing - if session.self_closing_stream then - send("<?xml version='1.0'?>"..tostring(st.stanza("stream:stream", { - xmlns = 'jabber:client', ["xmlns:stream"] = 'http://etherx.jabber.org/streams'; - id = session.streamid, from = session.host, version = '1.0', ["xml:lang"] = 'en' }))); - else - send("<?xml version='1.0'?>"..st.stanza("stream:stream", { - xmlns = 'jabber:client', ["xmlns:stream"] = 'http://etherx.jabber.org/streams'; - id = session.streamid, from = session.host, version = '1.0', ["xml:lang"] = 'en' }):top_tag()); - end - - (session.log or log)("debug", "Sent reply <stream:stream> to client"); - session.notopen = nil; - - -- If session.secure is *false* (not nil) then it means we /were/ encrypting - -- since we now have a new stream header, session is secured - if session.secure == false then - session.secure = true; + if not request.headers.sec_websocket_key then + response.headers.content_type = "text/html"; + return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> + <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p> + </body></html>]]; end - local features = st.stanza("stream:features"); - hosts[session.host].events.fire_event("stream-features", { origin = session, features = features }); - module:fire_event("stream-features", session, features); - - send(features); -end - -function stream_callbacks.streamclosed(session) - session.log("debug", "Received </stream:stream>"); - session:close(false); -end - -function stream_callbacks.error(session, error, data) - if error == "no-stream" then - session.log("debug", "Invalid opening stream header"); - session:close("invalid-namespace"); - elseif error == "parse-error" then - (session.log or log)("debug", "Client XML parse error: %s", tostring(data)); - session:close("not-well-formed"); - elseif error == "stream-error" then - local condition, text = "undefined-condition"; - for child in data:children() do - if child.attr.xmlns == xmlns_xmpp_streams then - if child.name ~= "text" then - condition = child.name; - else - text = child:get_text(); - end - if condition ~= "undefined-condition" and text then - break; - end - end - end - text = condition .. (text and (" ("..text..")") or ""); - session.log("info", "Session closed by remote with error: %s", text); - session:close(nil, text); - end -end - -local function handleerr(err) log("error", "Traceback[c2s]: %s: %s", tostring(err), traceback()); end -function stream_callbacks.handlestanza(session, stanza) - stanza = session.filter("stanzas/in", stanza); - if stanza then - return xpcall(function () return core_process_stanza(session, stanza) end, handleerr); - end -end + local wants_xmpp = false; + (request.headers.sec_websocket_protocol or ""):gsub("([^,]*),?", function (proto) + if proto == "xmpp" then wants_xmpp = true; end + end); ---- Session methods -local function session_close(session, reason) - local log = session.log or log; - if session.conn then - if session.notopen then - -- COMPAT: Some current client implementations need this to be self-closing - if session.self_closing_stream then - session.send("<?xml version='1.0'?>"..tostring(st.stanza("stream:stream", default_stream_attr))); - else - session.send("<?xml version='1.0'?>"..st.stanza("stream:stream", default_stream_attr):top_tag()); - end - end - if reason then -- nil == no err, initiated by us, false == initiated by client - if type(reason) == "string" then -- assume stream error - log("debug", "Disconnecting client, <stream:error> is: %s", reason); - session.send(st.stanza("stream:error"):tag(reason, {xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' })); - elseif type(reason) == "table" then - if reason.condition then - local stanza = st.stanza("stream:error"):tag(reason.condition, stream_xmlns_attr):up(); - if reason.text then - stanza:tag("text", stream_xmlns_attr):text(reason.text):up(); - end - if reason.extra then - stanza:add_child(reason.extra); - end - log("debug", "Disconnecting client, <stream:error> is: %s", tostring(stanza)); - session.send(stanza); - elseif reason.name then -- a stanza - log("debug", "Disconnecting client, <stream:error> is: %s", tostring(reason)); - session.send(reason); - end - end - end - session.send("</stream:stream>"); - function session.send() return false; end - - local reason = (reason and (reason.text or reason.condition)) or reason; - session.log("info", "c2s stream for %s closed: %s", session.full_jid or ("<"..session.ip..">"), reason or "session closed"); - - -- Authenticated incoming stream may still be sending us stanzas, so wait for </stream:stream> from remote - local conn = session.conn; - if reason == nil and not session.notopen and session.type == "c2s" then - -- Grace time to process data from authenticated cleanly-closed stream - add_task(stream_close_timeout, function () - if not session.destroyed then - session.log("warn", "Failed to receive a stream close response, closing connection anyway..."); - sm_destroy_session(session, reason); - conn:close(); - end - end); - else - sm_destroy_session(session, reason); - conn:close(); - end - end -end - -module:hook_global("user-deleted", function(event) - local username, host = event.username, event.host; - local user = hosts[host].sessions[username]; - if user and user.sessions then - for jid, session in pairs(user.sessions) do - session:close{ condition = "not-authorized", text = "Account deleted" }; - end - end -end, 200); - ---- Port listener -function listener.onconnect(conn) - local session = sm_new_session(conn); - sessions[conn] = session; - - session.log("info", "Client connected"); - - -- Client is using legacy SSL (otherwise mod_tls sets this flag) - if conn:ssl() then - session.secure = true; - end - - if opt_keepalives then - conn:setoption("keepalive", opt_keepalives); - end - - session.close = session_close; - - session.conn.starttls = nil; - - local stream = new_xmpp_stream(session, stream_callbacks); - session.stream = stream; - session.notopen = true; - - function session.reset_stream() - session.notopen = true; - session.stream:reset(); + if not wants_xmpp then + return 501; end local function websocket_close(code, message) - local data = string.char(code/0x100) .. string.char(code%0x100) .. message; + local data = string.char(rshift(code, 8)) .. string.char(code%0x100) .. message; conn:write(build_frame({opcode = 0x8, FIN = true, data = data})); conn:close(); end - local filter = session.filter; local dataBuffer; local function handle_frame(frame) module:log("debug", "Websocket received: %s (%i bytes)", frame.data, #frame.data); @@ -365,115 +187,58 @@ dataBuffer = frame.data; elseif frame.opcode == 0x2 then -- Binary frame websocket_close(1003, "Only text frames are supported"); - return false; + return; elseif frame.opcode == 0x8 then -- Close request websocket_close(1000, "Goodbye"); - return false; + return; elseif frame.opcode == 0x9 then -- Ping frame frame.opcode = 0xA; conn:write(build_frame(frame)); - return true; + return ""; else log("warn", "Received frame with unsupported opcode %i", frame.opcode); - return true; + return ""; end if frame.FIN then data = dataBuffer; dataBuffer = nil; - -- COMPAT: Some current client implementations send a self-closing <stream:stream> - data, session.self_closing_stream = data:gsub("^(<stream:stream.*)/>$", "%1>"); - session.self_closing_stream = (session.self_closing_stream == 1) - - data = filter("bytes/in", data); - if data then - local ok, err = stream:feed(data); - if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); - session:close("not-well-formed"); - end + return data; end - return true; + return ""; end + conn:setlistener(c2s_listener); + c2s_listener.onconnect(conn); + local frameBuffer = ""; - function session.data(data) + add_filter(sessions[conn], "bytes/in", function(data) + local cache = ""; frameBuffer = frameBuffer .. data; local frame, length = parse_frame(frameBuffer); while frame do frameBuffer = frameBuffer:sub(length + 1); - if not handle_frame(frame) then return; end + local result = handle_frame(frame); + if not result then return; end + cache = cache .. result; frame, length = parse_frame(frameBuffer); end - end - - function session.send(s) - conn:write(build_frame({ FIN = true, opcode = 0x01, data = tostring(s)})); - end - - if c2s_timeout then - add_task(c2s_timeout, function () - if session.type == "c2s_unauthed" then - session:close("connection-timeout"); - end - end); - end - - session.dispatch_stanza = stream_callbacks.handlestanza; -end + return cache; -function listener.onincoming(conn, data) - local session = sessions[conn]; - if session then - session.data(data); - else - listener.onconnect(conn, data); - session = sessions[conn]; - session.data(data); - end -end - -function listener.ondisconnect(conn, err) - local session = sessions[conn]; - if session then - (session.log or log)("info", "Client disconnected: %s", err or "connection closed"); - sm_destroy_session(session, err); - sessions[conn] = nil; - end -end - -function listener.associate_session(conn, session) - sessions[conn] = session; -end - -function handle_request(event, path) - local request, response = event.request, event.response; - - if not request.headers.sec_websocket_key then - response.headers.content_type = "text/html"; - return [[<!DOCTYPE html><html><head><title>Websocket</title></head><body> - <p>It works! Now point your WebSocket client to this URL to connect to Prosody.</p> - </body></html>]]; - end - - local wants_xmpp = false; - (request.headers.sec_websocket_protocol or ""):gsub("([^,]*),?", function (proto) - if proto == "xmpp" then wants_xmpp = true; end end); - if not wants_xmpp then - return 501; - end + add_filter(sessions[conn], "bytes/out", function(data) + return build_frame({ FIN = true, opcode = 0x01, data = tostring(data)}); + end); - response.conn:setlistener(listener); response.status = "101 Switching Protocols"; - response.headers.Upgrade = "websocket"; - response.headers.Connection = "Upgrade"; - response.headers.Sec_WebSocket_Accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); - response.headers.Sec_WebSocket_Protocol = "xmpp"; - response.headers.Access_Control_Allow_Origin = cross_domain; + response.headers.upgrade = "websocket"; + response.headers.connection = "Upgrade"; + response.headers.sec_webSocket_accept = base64(sha1(request.headers.sec_websocket_key .. "258EAFA5-E914-47DA-95CA-C5AB0DC85B11")); + response.headers.sec_webSocket_protocol = "xmpp"; + response.headers.access_control_allow_origin = cross_domain; return ""; end @@ -481,7 +246,8 @@ function module.add_host(module) module:depends("http"); module:provides("http", { - name = "xmpp-websocket"; + name = "websocket"; + default_path = "xmpp-websocket"; route = { ["GET"] = handle_request; ["GET /"] = handle_request;