Software /
code /
prosody
Changeset
3765:0731e5432baa
Merge Tobias->trunk
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 17 Dec 2010 13:50:33 +0000 |
parents | 3764:323169f229fa (current diff) 3761:e5fb26e8faeb (diff) |
children | 3766:0d7137fee360 |
files | plugins/mod_console.lua util/certverification.lua |
diffstat | 25 files changed, 1484 insertions(+), 1089 deletions(-) [+] |
line wrap: on
line diff
--- a/core/loggingmanager.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/core/loggingmanager.lua Fri Dec 17 13:50:33 2010 +0000 @@ -15,7 +15,7 @@ local io_open, io_write = io.open, io.write; local math_max, rep = math.max, string.rep; local os_date, os_getenv = os.date, os.getenv; -local getstyle, getstring = require "util.termcolours".getstyle, require "util.termcolours".getstring; +local getstyle, setstyle = require "util.termcolours".getstyle, require "util.termcolours".setstyle; if os.getenv("__FLUSH_LOG") then local io_flush = io.flush; @@ -217,7 +217,7 @@ end do - local do_pretty_printing = not os_getenv("WINDIR"); + local do_pretty_printing = true; local logstyles = {}; if do_pretty_printing then @@ -244,10 +244,14 @@ if timestamps then io_write(os_date(timestamps), " "); end + io_write(name, rep(" ", sourcewidth-namelen)); + setstyle(logstyles[level]); + io_write(level); + setstyle(); if ... then - io_write(name, rep(" ", sourcewidth-namelen), getstring(logstyles[level], level), "\t", format(message, ...), "\n"); + io_write("\t", format(message, ...), "\n"); else - io_write(name, rep(" ", sourcewidth-namelen), getstring(logstyles[level], level), "\t", message, "\n"); + io_write("\t", message, "\n"); end end end
--- a/core/modulemanager.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/core/modulemanager.lua Fri Dec 17 13:50:33 2010 +0000 @@ -77,6 +77,13 @@ end local modules = global_modules + host_modules; + -- COMPAT w/ pre 0.8 + if modules:contains("console") then + log("error", "The mod_console plugin has been renamed to mod_admin_telnet. Please update your config."); + modules:remove("console"); + modules:add("admin_telnet"); + end + if component then load(host, component); end
--- a/core/s2smanager.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/core/s2smanager.lua Fri Dec 17 13:50:33 2010 +0000 @@ -27,7 +27,7 @@ local st = require "stanza"; local stanza = st.stanza; local nameprep = require "util.encodings".stringprep.nameprep; -local cert_verify_identity = require "util.certverification".verify_identity; +local cert_verify_identity = require "util.x509".verify_identity; local fire_event = prosody.events.fire_event; local uuid_gen = require "util.uuid".generate;
--- a/core/storagemanager.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/core/storagemanager.lua Fri Dec 17 13:50:33 2010 +0000 @@ -11,6 +11,7 @@ local olddm = {}; -- maintain old datamanager, for backwards compatibility for k,v in pairs(datamanager) do olddm[k] = v; end +local prosody = prosody; module("storagemanager") @@ -25,6 +26,7 @@ local stores_available = multitable.new(); function initialize_host(host) + local host_session = hosts[host]; host_session.events.add_handler("item-added/data-driver", function (event) local item = event.item; stores_available:set(host, item.name, item); @@ -35,19 +37,19 @@ stores_available:set(host, item.name, nil); end); end +prosody.events.add_handler("host-activated", initialize_host, 101); local function load_driver(host, driver_name) if not driver_name then return; end local driver = stores_available:get(host, driver_name); - if not driver then - if driver_name ~= "internal" then - modulemanager.load(host, "storage_"..driver_name); - return stores_available:get(host, driver_name); - else - return setmetatable({host = host}, default_driver_mt); - end + if driver then return driver; end + if driver_name ~= "internal" then + modulemanager.load(host, "storage_"..driver_name); + return stores_available:get(host, driver_name); + else + return setmetatable({host = host}, default_driver_mt); end end
--- a/net/dns.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/net/dns.lua Fri Dec 17 13:50:33 2010 +0000 @@ -21,8 +21,8 @@ local coroutine, io, math, string, table = coroutine, io, math, string, table; -local ipairs, next, pairs, print, setmetatable, tostring, assert, error, unpack, select = - ipairs, next, pairs, print, setmetatable, tostring, assert, error, unpack, select; +local ipairs, next, pairs, print, setmetatable, tostring, assert, error, unpack, select, type= + ipairs, next, pairs, print, setmetatable, tostring, assert, error, unpack, select, type; local ztact = { -- public domain 20080404 lua@ztact.com get = function(parent, ...) @@ -160,29 +160,24 @@ local SRV_tostring; +local function default_rr_tostring(rr) + local rr_val = rr.type and rr[rr.type:lower()]; + if type(rr_val) ~= "string" then + return "<UNKNOWN RDATA TYPE>"; + end + return rr_val; +end + +local special_tostrings = { + LOC = resolver.LOC_tostring; + MX = function (rr) return string.format('%2i %s', rr.pref, rr.mx); end; + SRV = SRV_tostring; +}; local rr_metatable = {}; -- - - - - - - - - - - - - - - - - - - rr_metatable function rr_metatable.__tostring(rr) - local s0 = string.format('%2s %-5s %6i %-28s', rr.class, rr.type, rr.ttl, rr.name); - local s1 = ''; - if rr.type == 'A' then - s1 = ' '..rr.a; - elseif rr.type == 'MX' then - s1 = string.format(' %2i %s', rr.pref, rr.mx); - elseif rr.type == 'CNAME' then - s1 = ' '..rr.cname; - elseif rr.type == 'LOC' then - s1 = ' '..resolver.LOC_tostring(rr); - elseif rr.type == 'NS' then - s1 = ' '..rr.ns; - elseif rr.type == 'SRV' then - s1 = ' '..SRV_tostring(rr); - elseif rr.type == 'TXT' then - s1 = ' '..rr.txt; - else - s1 = ' <UNKNOWN RDATA TYPE>'; - end - return s0..s1; + local rr_string = (special_tostrings[rr.type] or default_rr_tostring)(rr); + return string.format('%2s %-5s %6i %-28s %s', rr.class, rr.type, rr.ttl, rr.name, rr_string); end @@ -939,6 +934,9 @@ return self:peek(qname, qtype, qclass) or self:query(qname, qtype, qclass); end +function resolver:tohostname(ip) + return dns.lookup(ip:gsub("(%d+)%.(%d+)%.(%d+)%.(%d+)", "%4.%3.%2.%1.in-addr.arpa."), "PTR"); +end --print ---------------------------------------------------------------- print @@ -1014,6 +1012,10 @@ return _resolver:lookup(...); end +function dns.tohostname(...) + return _resolver:tohostname(...); +end + function dns.purge(...) -- - - - - - - - - - - - - - - - - - - - - - purge return _resolver:purge(...); end
--- a/net/httpserver.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/net/httpserver.lua Fri Dec 17 13:50:33 2010 +0000 @@ -190,6 +190,7 @@ log("warn", "Old syntax of httpserver.new_from_config being used to register %s", handle_request); handle_request, default_options = default_options, { base = handle_request }; end + ports = ports or {5280}; for _, options in ipairs(ports) do local port = default_options.port or 5280; local base = default_options.base;
--- a/net/xmppclient_listener.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/net/xmppclient_listener.lua Fri Dec 17 13:50:33 2010 +0000 @@ -10,22 +10,19 @@ local logger = require "logger"; local log = logger.init("xmppclient_listener"); -local lxp = require "lxp" local new_xmpp_stream = require "util.xmppstream".new; -local sm_new_session = require "core.sessionmanager".new_session; local connlisteners_register = require "net.connlisteners".register; -local t_insert = table.insert; -local t_concat = table.concat; -local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end -local m_random = math.random; -local format = string.format; local sessionmanager = require "core.sessionmanager"; local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session; local sm_streamopened = sessionmanager.streamopened; local sm_streamclosed = sessionmanager.streamclosed; local st = require "util.stanza"; +local xpcall = xpcall; +local tostring = tostring; +local type = type; +local traceback = debug.traceback; local config = require "core.configmanager"; local opt_keepalives = config.get("*", "core", "tcp_keepalives"); @@ -62,7 +59,7 @@ end end -local function handleerr(err) log("error", "Traceback[c2s]: %s: %s", tostring(err), debug.traceback()); end +local function handleerr(err) log("error", "Traceback[c2s]: %s: %s", tostring(err), traceback()); end function stream_callbacks.handlestanza(session, stanza) stanza = session.filter("stanzas/in", stanza); if stanza then
--- a/net/xmppcomponent_listener.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/net/xmppcomponent_listener.lua Fri Dec 17 13:50:33 2010 +0000 @@ -10,6 +10,9 @@ local hosts = _G.hosts; local t_concat = table.concat; +local tostring = tostring; +local type = type; +local pairs = pairs; local lxp = require "lxp"; local logger = require "util.logger"; @@ -162,46 +165,42 @@ end --- Component connlistener +function component_listener.onconnect(conn) + local _send = conn.write; + local session = { type = "component", conn = conn, send = function (data) return _send(conn, tostring(data)); end }; + + -- Logging functions -- + local conn_name = "jcp"..tostring(conn):match("[a-f0-9]+$"); + session.log = logger.init(conn_name); + session.close = session_close; + + session.log("info", "Incoming Jabber component connection"); + + local stream = new_xmpp_stream(session, stream_callbacks); + session.stream = stream; + + session.notopen = true; + + function session.reset_stream() + session.notopen = true; + session.stream:reset(); + end + + function session.data(conn, data) + local ok, err = stream:feed(data); + if ok then return; end + log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); + session:close("not-well-formed"); + end + + session.dispatch_stanza = stream_callbacks.handlestanza; + + sessions[conn] = session; +end function component_listener.onincoming(conn, data) local session = sessions[conn]; - if not session then - local _send = conn.write; - session = { type = "component", conn = conn, send = function (data) return _send(conn, tostring(data)); end }; - sessions[conn] = session; - - -- Logging functions -- - - local conn_name = "jcp"..tostring(conn):match("[a-f0-9]+$"); - session.log = logger.init(conn_name); - session.close = session_close; - - session.log("info", "Incoming Jabber component connection"); - - local stream = new_xmpp_stream(session, stream_callbacks); - session.stream = stream; - - session.notopen = true; - - function session.reset_stream() - session.notopen = true; - session.stream:reset(); - end - - function session.data(conn, data) - local ok, err = stream:feed(data); - if ok then return; end - log("debug", "Received invalid XML (%s) %d bytes: %s", tostring(err), #data, data:sub(1, 300):gsub("[\r\n]+", " "):gsub("[%z\1-\31]", "_")); - session:close("not-well-formed"); - end - - session.dispatch_stanza = stream_callbacks.handlestanza; - - end - if data then - session.data(conn, data); - end + session.data(conn, data); end - function component_listener.ondisconnect(conn, err) local session = sessions[conn]; if session then
--- a/net/xmppserver_listener.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/net/xmppserver_listener.lua Fri Dec 17 13:50:33 2010 +0000 @@ -7,10 +7,16 @@ -- +local tostring = tostring; +local type = type; +local xpcall = xpcall; +local s_format = string.format; +local traceback = debug.traceback; local logger = require "logger"; local log = logger.init("xmppserver_listener"); -local lxp = require "lxp" +local st = require "util.stanza"; +local connlisteners_register = require "net.connlisteners".register; local new_xmpp_stream = require "util.xmppstream".new; local s2s_new_incoming = require "core.s2smanager".new_incoming; local s2s_streamopened = require "core.s2smanager".streamopened; @@ -48,7 +54,7 @@ end end -local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), debug.traceback()); end +local function handleerr(err) log("error", "Traceback[s2s]: %s: %s", tostring(err), traceback()); end function stream_callbacks.handlestanza(session, stanza) if stanza.attr.xmlns == "jabber:client" then --COMPAT: Prosody pre-0.6.2 may send jabber:client stanza.attr.xmlns = nil; @@ -59,17 +65,6 @@ end end -local connlisteners_register = require "net.connlisteners".register; - -local t_insert = table.insert; -local t_concat = table.concat; -local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end -local m_random = math.random; -local format = string.format; -local sessionmanager = require "core.sessionmanager"; -local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session; -local st = require "util.stanza"; - local sessions = {}; local xmppserver = { default_port = 5269, default_mode = "*a" }; @@ -173,9 +168,9 @@ if status == "ssl-handshake-complete" then local session = sessions[conn]; if session and session.direction == "outgoing" then - local format, to_host, from_host = string.format, session.to_host, session.from_host; + local to_host, from_host = session.to_host, session.from_host; session.log("debug", "Sending stream header..."); - session.sends2s(format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0'>]], from_host, to_host)); + session.sends2s(s_format([[<stream:stream xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams' from='%s' to='%s' version='1.0'>]], from_host, to_host)); end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/mod_admin_telnet.lua Fri Dec 17 13:50:33 2010 +0000 @@ -0,0 +1,759 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +module.host = "*"; + +local _G = _G; + +local prosody = _G.prosody; +local hosts = prosody.hosts; +local connlisteners_register = require "net.connlisteners".register; + +local console_listener = { default_port = 5582; default_mode = "*l"; default_interface = "127.0.0.1" }; + +require "util.iterators"; +local jid_bare = require "util.jid".bare; +local set, array = require "util.set", require "util.array"; +local cert_verify_identity = require "util.x509".verify_identity; + +local commands = {}; +local def_env = {}; +local default_env_mt = { __index = def_env }; + +prosody.console = { commands = commands, env = def_env }; + +local function redirect_output(_G, session) + local env = setmetatable({ print = session.print }, { __index = function (t, k) return rawget(_G, k); end }); + env.dofile = function(name) + local f, err = loadfile(name); + if not f then return f, err; end + return setfenv(f, env)(); + end; + return env; +end + +console = {}; + +function console:new_session(conn) + local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; + local session = { conn = conn; + send = function (t) w(tostring(t)); end; + print = function (...) + local t = {}; + for i=1,select("#", ...) do + t[i] = tostring(select(i, ...)); + end + w("| "..table.concat(t, "\t").."\n"); + end; + disconnect = function () conn:close(); end; + }; + session.env = setmetatable({}, default_env_mt); + + -- Load up environment with helper objects + for name, t in pairs(def_env) do + if type(t) == "table" then + session.env[name] = setmetatable({ session = session }, { __index = t }); + end + end + + return session; +end + +local sessions = {}; + +function console_listener.onconnect(conn) + -- Handle new connection + local session = console:new_session(conn); + sessions[conn] = session; + printbanner(session); + session.send(string.char(0)); +end + +function console_listener.onincoming(conn, data) + local session = sessions[conn]; + + -- Handle data + (function(session, data) + local useglobalenv; + + if data:match("^>") then + data = data:gsub("^>", ""); + useglobalenv = true; + elseif data == "\004" then + commands["bye"](session, data); + return; + else + local command = data:lower(); + command = data:match("^%w+") or data:match("%p"); + if commands[command] then + commands[command](session, data); + return; + end + end + + session.env._ = data; + + local chunkname = "=console"; + local chunk, err = loadstring("return "..data, chunkname); + if not chunk then + chunk, err = loadstring(data, chunkname); + if not chunk then + err = err:gsub("^%[string .-%]:%d+: ", ""); + err = err:gsub("^:%d+: ", ""); + err = err:gsub("'<eof>'", "the end of the line"); + session.print("Sorry, I couldn't understand that... "..err); + return; + end + end + + setfenv(chunk, (useglobalenv and redirect_output(_G, session)) or session.env or nil); + + local ranok, taskok, message = pcall(chunk); + + if not (ranok or message or useglobalenv) and commands[data:lower()] then + commands[data:lower()](session, data); + return; + end + + if not ranok then + session.print("Fatal error while running command, it did not complete"); + session.print("Error: "..taskok); + return; + end + + if not message then + session.print("Result: "..tostring(taskok)); + return; + elseif (not taskok) and message then + session.print("Command completed with a problem"); + session.print("Message: "..tostring(message)); + return; + end + + session.print("OK: "..tostring(message)); + end)(session, data); + + session.send(string.char(0)); +end + +function console_listener.ondisconnect(conn, err) + local session = sessions[conn]; + if session then + session.disconnect(); + sessions[conn] = nil; + end +end + +connlisteners_register('console', console_listener); + +-- Console commands -- +-- These are simple commands, not valid standalone in Lua + +function commands.bye(session) + session.print("See you! :)"); + session.disconnect(); +end +commands.quit, commands.exit = commands.bye, commands.bye; + +commands["!"] = function (session, data) + if data:match("^!!") and session.env._ then + session.print("!> "..session.env._); + return console_listener.onincoming(session.conn, session.env._); + end + local old, new = data:match("^!(.-[^\\])!(.-)!$"); + if old and new then + local ok, res = pcall(string.gsub, session.env._, old, new); + if not ok then + session.print(res) + return; + end + session.print("!> "..res); + return console_listener.onincoming(session.conn, res); + end + session.print("Sorry, not sure what you want"); +end + + +function commands.help(session, data) + local print = session.print; + local section = data:match("^help (%w+)"); + if not section then + print [[Commands are divided into multiple sections. For help on a particular section, ]] + print [[type: help SECTION (for example, 'help c2s'). Sections are: ]] + print [[]] + print [[c2s - Commands to manage local client-to-server sessions]] + print [[s2s - Commands to manage sessions between this server and others]] + print [[module - Commands to load/reload/unload modules/plugins]] + print [[host - Commands to activate, deactivate and list virtual hosts]] + print [[server - Uptime, version, shutting down, etc.]] + print [[config - Reloading the configuration, etc.]] + print [[console - Help regarding the console itself]] + elseif section == "c2s" then + print [[c2s:show(jid) - Show all client sessions with the specified JID (or all if no JID given)]] + print [[c2s:show_insecure() - Show all unencrypted client connections]] + print [[c2s:show_secure() - Show all encrypted client connections]] + print [[c2s:close(jid) - Close all sessions for the specified JID]] + elseif section == "s2s" then + print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] + print [[s2s:close(from, to) - Close a connection from one domain to another]] + elseif section == "module" then + print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] + print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] + print [[module:unload(module, host) - The same, but just unloads the module from memory]] + print [[module:list(host) - List the modules loaded on the specified host]] + elseif section == "host" then + print [[host:activate(hostname) - Activates the specified host]] + print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]] + print [[host:list() - List the currently-activated hosts]] + elseif section == "server" then + print [[server:version() - Show the server's version number]] + print [[server:uptime() - Show how long the server has been running]] + print [[server:shutdown(reason) - Shut down the server, with an optional reason to be broadcast to all connections]] + elseif section == "config" then + print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] + elseif section == "console" then + print [[Hey! Welcome to Prosody's admin console.]] + print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] + print [[Secondly, note that we don't support the full telnet protocol yet (it's coming)]] + print [[so you may have trouble using the arrow keys, etc. depending on your system.]] + print [[]] + print [[For now we offer a couple of handy shortcuts:]] + print [[!! - Repeat the last command]] + print [[!old!new! - repeat the last command, but with 'old' replaced by 'new']] + print [[]] + print [[For those well-versed in Prosody's internals, or taking instruction from those who are,]] + print [[you can prefix a command with > to escape the console sandbox, and access everything in]] + print [[the running server. Great fun, but be careful not to break anything :)]] + end + print [[]] +end + +-- Session environment -- +-- Anything in def_env will be accessible within the session as a global variable + +def_env.server = {}; + +function def_env.server:insane_reload() + prosody.unlock_globals(); + dofile "prosody" + prosody = _G.prosody; + return true, "Server reloaded"; +end + +function def_env.server:version() + return true, tostring(prosody.version or "unknown"); +end + +function def_env.server:uptime() + local t = os.time()-prosody.start_time; + local seconds = t%60; + t = (t - seconds)/60; + local minutes = t%60; + t = (t - minutes)/60; + local hours = t%24; + t = (t - hours)/24; + local days = t; + return true, string.format("This server has been running for %d day%s, %d hour%s and %d minute%s (since %s)", + days, (days ~= 1 and "s") or "", hours, (hours ~= 1 and "s") or "", + minutes, (minutes ~= 1 and "s") or "", os.date("%c", prosody.start_time)); +end + +function def_env.server:shutdown(reason) + prosody.shutdown(reason); + return true, "Shutdown initiated"; +end + +def_env.module = {}; + +local function get_hosts_set(hosts, module) + if type(hosts) == "table" then + if hosts[1] then + return set.new(hosts); + elseif hosts._items then + return hosts; + end + elseif type(hosts) == "string" then + return set.new { hosts }; + elseif hosts == nil then + local mm = require "modulemanager"; + return set.new(array.collect(keys(prosody.hosts))) + / function (host) return prosody.hosts[host].type == "local" or module and mm.is_loaded(host, module); end; + end +end + +function def_env.module:load(name, hosts, config) + local mm = require "modulemanager"; + + hosts = get_hosts_set(hosts); + + -- Load the module for each host + local ok, err, count = true, nil, 0; + for host in hosts do + if (not mm.is_loaded(host, name)) then + ok, err = mm.load(host, name, config); + if not ok then + ok = false; + self.session.print(err or "Unknown error loading module"); + else + count = count + 1; + self.session.print("Loaded for "..host); + end + end + end + + return ok, (ok and "Module loaded onto "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +function def_env.module:unload(name, hosts) + local mm = require "modulemanager"; + + hosts = get_hosts_set(hosts, name); + + -- Unload the module for each host + local ok, err, count = true, nil, 0; + for host in hosts do + if mm.is_loaded(host, name) then + ok, err = mm.unload(host, name); + if not ok then + ok = false; + self.session.print(err or "Unknown error unloading module"); + else + count = count + 1; + self.session.print("Unloaded from "..host); + end + end + end + return ok, (ok and "Module unloaded from "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +function def_env.module:reload(name, hosts) + local mm = require "modulemanager"; + + hosts = get_hosts_set(hosts, name); + + -- Reload the module for each host + local ok, err, count = true, nil, 0; + for host in hosts do + if mm.is_loaded(host, name) then + ok, err = mm.reload(host, name); + if not ok then + ok = false; + self.session.print(err or "Unknown error reloading module"); + else + count = count + 1; + if ok == nil then + ok = true; + end + self.session.print("Reloaded on "..host); + end + end + end + return ok, (ok and "Module reloaded on "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); +end + +function def_env.module:list(hosts) + if hosts == nil then + hosts = array.collect(keys(prosody.hosts)); + end + if type(hosts) == "string" then + hosts = { hosts }; + end + if type(hosts) ~= "table" then + return false, "Please supply a host or a list of hosts you would like to see"; + end + + local print = self.session.print; + for _, host in ipairs(hosts) do + print(host..":"); + local modules = array.collect(keys(prosody.hosts[host] and prosody.hosts[host].modules or {})):sort(); + if #modules == 0 then + if prosody.hosts[host] then + print(" No modules loaded"); + else + print(" Host not found"); + end + else + for _, name in ipairs(modules) do + print(" "..name); + end + end + end +end + +def_env.config = {}; +function def_env.config:load(filename, format) + local config_load = require "core.configmanager".load; + local ok, err = config_load(filename, format); + if not ok then + return false, err or "Unknown error loading config"; + end + return true, "Config loaded"; +end + +function def_env.config:get(host, section, key) + local config_get = require "core.configmanager".get + return true, tostring(config_get(host, section, key)); +end + +function def_env.config:reload() + local ok, err = prosody.reload_config(); + return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err); +end + +def_env.hosts = {}; +function def_env.hosts:list() + for host, host_session in pairs(hosts) do + self.session.print(host); + end + return true, "Done"; +end + +function def_env.hosts:add(name) +end + +def_env.c2s = {}; + +local function show_c2s(callback) + for hostname, host in pairs(hosts) do + for username, user in pairs(host.sessions or {}) do + for resource, session in pairs(user.sessions or {}) do + local jid = username.."@"..hostname.."/"..resource; + callback(jid, session); + end + end + end +end + +function def_env.c2s:show(match_jid) + local print, count = self.session.print, 0; + local curr_host; + show_c2s(function (jid, session) + if curr_host ~= session.host then + curr_host = session.host; + print(curr_host); + end + if (not match_jid) or jid:match(match_jid) then + count = count + 1; + local status, priority = "unavailable", tostring(session.priority or "-"); + if session.presence then + status = session.presence:child_with_name("show"); + if status then + status = status:get_text() or "[invalid!]"; + else + status = "available"; + end + end + print(" "..jid.." - "..status.."("..priority..")"); + end + end); + return true, "Total: "..count.." clients"; +end + +function def_env.c2s:show_insecure(match_jid) + local print, count = self.session.print, 0; + show_c2s(function (jid, session) + if ((not match_jid) or jid:match(match_jid)) and not session.secure then + count = count + 1; + print(jid); + end + end); + return true, "Total: "..count.." insecure client connections"; +end + +function def_env.c2s:show_secure(match_jid) + local print, count = self.session.print, 0; + show_c2s(function (jid, session) + if ((not match_jid) or jid:match(match_jid)) and session.secure then + count = count + 1; + print(jid); + end + end); + return true, "Total: "..count.." secure client connections"; +end + +function def_env.c2s:close(match_jid) + local print, count = self.session.print, 0; + show_c2s(function (jid, session) + if jid == match_jid or jid_bare(jid) == match_jid then + count = count + 1; + session:close(); + end + end); + return true, "Total: "..count.." sessions closed"; +end + +def_env.s2s = {}; +function def_env.s2s:show(match_jid) + local _print = self.session.print; + local print = self.session.print; + + local count_in, count_out = 0,0; + + for host, host_session in pairs(hosts) do + print = function (...) _print(host); _print(...); print = _print; end + for remotehost, session in pairs(host_session.s2sout) do + if (not match_jid) or remotehost:match(match_jid) or host:match(match_jid) then + count_out = count_out + 1; + print(" "..host.." -> "..remotehost..(session.cert_identity_status == "valid" and " (secure)" or "")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); + if session.sendq then + print(" There are "..#session.sendq.." queued outgoing stanzas for this connection"); + end + if session.type == "s2sout_unauthed" then + if session.connecting then + print(" Connection not yet established"); + if not session.srv_hosts then + if not session.conn then + print(" We do not yet have a DNS answer for this host's SRV records"); + else + print(" This host has no SRV records, using A record instead"); + end + elseif session.srv_choice then + print(" We are on SRV record "..session.srv_choice.." of "..#session.srv_hosts); + local srv_choice = session.srv_hosts[session.srv_choice]; + print(" Using "..(srv_choice.target or ".")..":"..(srv_choice.port or 5269)); + end + elseif session.notopen then + print(" The <stream> has not yet been opened"); + elseif not session.dialback_key then + print(" Dialback has not been initiated yet"); + elseif session.dialback_key then + print(" Dialback has been requested, but no result received"); + end + end + end + end + local subhost_filter = function (h) + return (match_jid and h:match(match_jid)); + end + for session in pairs(incoming_s2s) do + if session.to_host == host and ((not match_jid) or host:match(match_jid) + or (session.from_host and session.from_host:match(match_jid)) + -- Pft! is what I say to list comprehensions + or (session.hosts and #array.collect(keys(session.hosts)):filter(subhost_filter)>0)) then + count_in = count_in + 1; + print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.cert_identity_status == "valid" and " (secure)" or "")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); + if session.type == "s2sin_unauthed" then + print(" Connection not yet authenticated"); + end + for name in pairs(session.hosts) do + if name ~= session.from_host then + print(" also hosts "..tostring(name)); + end + end + end + end + + print = _print; + end + + for session in pairs(incoming_s2s) do + if not session.to_host and ((not match_jid) or session.from_host and session.from_host:match(match_jid)) then + count_in = count_in + 1; + print("Other incoming s2s connections"); + print(" (unknown) <- "..(session.from_host or "(unknown)")); + end + end + + return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; +end + +local function print_subject(print, subject) + for _, entry in ipairs(subject) do + print( + (" %s: %q"):format( + entry.name or entry.oid, + entry.value:gsub("[\r\n%z%c]", " ") + ) + ); + end +end + +function def_env.s2s:showcert(domain) + local ser = require "util.serialization".serialize; + local print = self.session.print; + local domain_sessions = set.new(array.collect(keys(incoming_s2s))) + /function(session) return session.from_host == domain; end; + for local_host in values(prosody.hosts) do + local s2sout = local_host.s2sout; + if s2sout and s2sout[domain] then + domain_sessions:add(s2sout[domain]); + end + end + local cert_set = {}; + for session in domain_sessions do + local conn = session.conn; + conn = conn and conn:socket(); + if not conn.getpeercertificate then + if conn.dohandshake then + error("This version of LuaSec does not support certificate viewing"); + end + else + local cert = conn:getpeercertificate(); + if cert then + local digest = cert:digest("sha1"); + if not cert_set[digest] then + local chain_valid, chain_err = conn:getpeerchainvalid(); + cert_set[digest] = { + { + from = session.from_host, + to = session.to_host, + direction = session.direction + }; + chain_valid = chain_valid; + chain_err = chain_err; + cert = cert; + }; + else + table.insert(cert_set[digest], { + from = session.from_host, + to = session.to_host, + direction = session.direction + }); + end + end + end + end + local domain_certs = array.collect(values(cert_set)); + -- Phew. We now have a array of unique certificates presented by domain. + local print = self.session.print; + local n_certs = #domain_certs; + + if n_certs == 0 then + return "No certificates found for "..domain; + end + + local function _capitalize_and_colon(byte) + return string.upper(byte)..":"; + end + local function pretty_fingerprint(hash) + return hash:gsub("..", _capitalize_and_colon):sub(1, -2); + end + + for cert_info in values(domain_certs) do + local cert = cert_info.cert; + print("---") + print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); + print(""); + local n_streams = #cert_info; + print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); + for _, stream in ipairs(cert_info) do + if stream.direction == "incoming" then + print(" "..stream.to.." <- "..stream.from); + else + print(" "..stream.from.." -> "..stream.to); + end + end + print(""); + local chain_valid, err = cert_info.chain_valid, cert_info.chain_err; + local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); + print("Trusted certificate: "..(chain_valid and "Yes" or ("No ("..err..")"))); + print("Issuer: "); + print_subject(print, cert:issuer()); + print(""); + print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); + print("Subject:"); + print_subject(print, cert:subject()); + end + print("---"); + return ("Showing "..n_certs.." certificate" + ..(n_certs==1 and "" or "s") + .." presented by "..domain.."."); +end + +function def_env.s2s:close(from, to) + local print, count = self.session.print, 0; + + if not (from and to) then + return false, "Syntax: s2s:close('from', 'to') - Closes all s2s sessions from 'from' to 'to'"; + elseif from == to then + return false, "Both from and to are the same... you can't do that :)"; + end + + if hosts[from] and not hosts[to] then + -- Is an outgoing connection + local session = hosts[from].s2sout[to]; + if not session then + print("No outgoing connection from "..from.." to "..to) + else + (session.close or s2smanager.destroy_session)(session); + count = count + 1; + print("Closed outgoing session from "..from.." to "..to); + end + elseif hosts[to] and not hosts[from] then + -- Is an incoming connection + for session in pairs(incoming_s2s) do + if session.to_host == to and session.from_host == from then + (session.close or s2smanager.destroy_session)(session); + count = count + 1; + end + end + + if count == 0 then + print("No incoming connections from "..from.." to "..to); + else + print("Closed "..count.." incoming session"..((count == 1 and "") or "s").." from "..from.." to "..to); + end + elseif hosts[to] and hosts[from] then + return false, "Both of the hostnames you specified are local, there are no s2s sessions to close"; + else + return false, "Neither of the hostnames you specified are being used on this server"; + end + + return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); +end + +def_env.host = {}; def_env.hosts = def_env.host; + +function def_env.host:activate(hostname, config) + return hostmanager.activate(hostname, config); +end +function def_env.host:deactivate(hostname, reason) + return hostmanager.deactivate(hostname, reason); +end + +function def_env.host:list() + local print = self.session.print; + local i = 0; + for host in values(array.collect(keys(prosody.hosts)):sort()) do + i = i + 1; + print(host); + end + return true, i.." hosts"; +end + +------------- + +function printbanner(session) + local option = config.get("*", "core", "console_banner"); +if option == nil or option == "full" or option == "graphic" then +session.print [[ + ____ \ / _ + | _ \ _ __ ___ ___ _-_ __| |_ _ + | |_) | '__/ _ \/ __|/ _ \ / _` | | | | + | __/| | | (_) \__ \ |_| | (_| | |_| | + |_| |_| \___/|___/\___/ \__,_|\__, | + A study in simplicity |___/ + +]] +end +if option == nil or option == "short" or option == "full" then +session.print("Welcome to the Prosody administration console. For a list of commands, type: help"); +session.print("You may find more help on using this console in our online documentation at "); +session.print("http://prosody.im/doc/console\n"); +end +if option and option ~= "short" and option ~= "full" and option ~= "graphic" then + if type(option) == "string" then + session.print(option) + elseif type(option) == "function" then + setfenv(option, redirect_output(_G, session)); + pcall(option, session); + end +end +end + +prosody.net_activate_ports("console", "console", {5582}, "tcp");
--- a/plugins/mod_bosh.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/plugins/mod_bosh.lua Fri Dec 17 13:50:33 2010 +0000 @@ -33,7 +33,6 @@ local BOSH_DEFAULT_INACTIVITY = tonumber(module:get_option("bosh_max_inactivity")) or 60; local BOSH_DEFAULT_POLLING = tonumber(module:get_option("bosh_max_polling")) or 5; local BOSH_DEFAULT_REQUESTS = tonumber(module:get_option("bosh_max_requests")) or 2; -local BOSH_DEFAULT_MAXPAUSE = tonumber(module:get_option("bosh_max_pause")) or 300; local consider_bosh_secure = module:get_option_boolean("consider_bosh_secure"); @@ -283,9 +282,17 @@ fire_event("stream-features", session, features); --xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh' local response = st.stanza("body", { xmlns = xmlns_bosh, - inactivity = tostring(BOSH_DEFAULT_INACTIVITY), polling = tostring(BOSH_DEFAULT_POLLING), requests = tostring(BOSH_DEFAULT_REQUESTS), hold = tostring(session.bosh_hold), maxpause = "120", - sid = sid, authid = sid, ver = '1.6', from = session.host, secure = 'true', ["xmpp:version"] = "1.0", - ["xmlns:xmpp"] = "urn:xmpp:xbosh", ["xmlns:stream"] = "http://etherx.jabber.org/streams" }):add_child(features); + wait = attr.wait, + inactivity = tostring(BOSH_DEFAULT_INACTIVITY), + polling = tostring(BOSH_DEFAULT_POLLING), + requests = tostring(BOSH_DEFAULT_REQUESTS), + hold = tostring(session.bosh_hold), + sid = sid, authid = sid, + ver = '1.6', from = session.host, + secure = 'true', ["xmpp:version"] = "1.0", + ["xmlns:xmpp"] = "urn:xmpp:xbosh", + ["xmlns:stream"] = "http://etherx.jabber.org/streams" + }):add_child(features); request:send{ headers = default_headers, body = tostring(response) }; request.sid = sid;
--- a/plugins/mod_console.lua Tue Dec 14 18:54:55 2010 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,759 +0,0 @@ --- Prosody IM --- Copyright (C) 2008-2010 Matthew Wild --- Copyright (C) 2008-2010 Waqas Hussain --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - -module.host = "*"; - -local _G = _G; - -local prosody = _G.prosody; -local hosts = prosody.hosts; -local connlisteners_register = require "net.connlisteners".register; - -local console_listener = { default_port = 5582; default_mode = "*l"; default_interface = "127.0.0.1" }; - -require "util.iterators"; -local jid_bare = require "util.jid".bare; -local set, array = require "util.set", require "util.array"; -local cert_verify_identity = require "util.certverification".verify_identity; - -local commands = {}; -local def_env = {}; -local default_env_mt = { __index = def_env }; - -prosody.console = { commands = commands, env = def_env }; - -local function redirect_output(_G, session) - local env = setmetatable({ print = session.print }, { __index = function (t, k) return rawget(_G, k); end }); - env.dofile = function(name) - local f, err = loadfile(name); - if not f then return f, err; end - return setfenv(f, env)(); - end; - return env; -end - -console = {}; - -function console:new_session(conn) - local w = function(s) conn:write(s:gsub("\n", "\r\n")); end; - local session = { conn = conn; - send = function (t) w(tostring(t)); end; - print = function (...) - local t = {}; - for i=1,select("#", ...) do - t[i] = tostring(select(i, ...)); - end - w("| "..table.concat(t, "\t").."\n"); - end; - disconnect = function () conn:close(); end; - }; - session.env = setmetatable({}, default_env_mt); - - -- Load up environment with helper objects - for name, t in pairs(def_env) do - if type(t) == "table" then - session.env[name] = setmetatable({ session = session }, { __index = t }); - end - end - - return session; -end - -local sessions = {}; - -function console_listener.onconnect(conn) - -- Handle new connection - local session = console:new_session(conn); - sessions[conn] = session; - printbanner(session); - session.send(string.char(0)); -end - -function console_listener.onincoming(conn, data) - local session = sessions[conn]; - - -- Handle data - (function(session, data) - local useglobalenv; - - if data:match("^>") then - data = data:gsub("^>", ""); - useglobalenv = true; - elseif data == "\004" then - commands["bye"](session, data); - return; - else - local command = data:lower(); - command = data:match("^%w+") or data:match("%p"); - if commands[command] then - commands[command](session, data); - return; - end - end - - session.env._ = data; - - local chunkname = "=console"; - local chunk, err = loadstring("return "..data, chunkname); - if not chunk then - chunk, err = loadstring(data, chunkname); - if not chunk then - err = err:gsub("^%[string .-%]:%d+: ", ""); - err = err:gsub("^:%d+: ", ""); - err = err:gsub("'<eof>'", "the end of the line"); - session.print("Sorry, I couldn't understand that... "..err); - return; - end - end - - setfenv(chunk, (useglobalenv and redirect_output(_G, session)) or session.env or nil); - - local ranok, taskok, message = pcall(chunk); - - if not (ranok or message or useglobalenv) and commands[data:lower()] then - commands[data:lower()](session, data); - return; - end - - if not ranok then - session.print("Fatal error while running command, it did not complete"); - session.print("Error: "..taskok); - return; - end - - if not message then - session.print("Result: "..tostring(taskok)); - return; - elseif (not taskok) and message then - session.print("Command completed with a problem"); - session.print("Message: "..tostring(message)); - return; - end - - session.print("OK: "..tostring(message)); - end)(session, data); - - session.send(string.char(0)); -end - -function console_listener.ondisconnect(conn, err) - local session = sessions[conn]; - if session then - session.disconnect(); - sessions[conn] = nil; - end -end - -connlisteners_register('console', console_listener); - --- Console commands -- --- These are simple commands, not valid standalone in Lua - -function commands.bye(session) - session.print("See you! :)"); - session.disconnect(); -end -commands.quit, commands.exit = commands.bye, commands.bye; - -commands["!"] = function (session, data) - if data:match("^!!") and session.env._ then - session.print("!> "..session.env._); - return console_listener.onincoming(session.conn, session.env._); - end - local old, new = data:match("^!(.-[^\\])!(.-)!$"); - if old and new then - local ok, res = pcall(string.gsub, session.env._, old, new); - if not ok then - session.print(res) - return; - end - session.print("!> "..res); - return console_listener.onincoming(session.conn, res); - end - session.print("Sorry, not sure what you want"); -end - - -function commands.help(session, data) - local print = session.print; - local section = data:match("^help (%w+)"); - if not section then - print [[Commands are divided into multiple sections. For help on a particular section, ]] - print [[type: help SECTION (for example, 'help c2s'). Sections are: ]] - print [[]] - print [[c2s - Commands to manage local client-to-server sessions]] - print [[s2s - Commands to manage sessions between this server and others]] - print [[module - Commands to load/reload/unload modules/plugins]] - print [[host - Commands to activate, deactivate and list virtual hosts]] - print [[server - Uptime, version, shutting down, etc.]] - print [[config - Reloading the configuration, etc.]] - print [[console - Help regarding the console itself]] - elseif section == "c2s" then - print [[c2s:show(jid) - Show all client sessions with the specified JID (or all if no JID given)]] - print [[c2s:show_insecure() - Show all unencrypted client connections]] - print [[c2s:show_secure() - Show all encrypted client connections]] - print [[c2s:close(jid) - Close all sessions for the specified JID]] - elseif section == "s2s" then - print [[s2s:show(domain) - Show all s2s connections for the given domain (or all if no domain given)]] - print [[s2s:close(from, to) - Close a connection from one domain to another]] - elseif section == "module" then - print [[module:load(module, host) - Load the specified module on the specified host (or all hosts if none given)]] - print [[module:reload(module, host) - The same, but unloads and loads the module (saving state if the module supports it)]] - print [[module:unload(module, host) - The same, but just unloads the module from memory]] - print [[module:list(host) - List the modules loaded on the specified host]] - elseif section == "host" then - print [[host:activate(hostname) - Activates the specified host]] - print [[host:deactivate(hostname) - Disconnects all clients on this host and deactivates]] - print [[host:list() - List the currently-activated hosts]] - elseif section == "server" then - print [[server:version() - Show the server's version number]] - print [[server:uptime() - Show how long the server has been running]] - print [[server:shutdown(reason) - Shut down the server, with an optional reason to be broadcast to all connections]] - elseif section == "config" then - print [[config:reload() - Reload the server configuration. Modules may need to be reloaded for changes to take effect.]] - elseif section == "console" then - print [[Hey! Welcome to Prosody's admin console.]] - print [[First thing, if you're ever wondering how to get out, simply type 'quit'.]] - print [[Secondly, note that we don't support the full telnet protocol yet (it's coming)]] - print [[so you may have trouble using the arrow keys, etc. depending on your system.]] - print [[]] - print [[For now we offer a couple of handy shortcuts:]] - print [[!! - Repeat the last command]] - print [[!old!new! - repeat the last command, but with 'old' replaced by 'new']] - print [[]] - print [[For those well-versed in Prosody's internals, or taking instruction from those who are,]] - print [[you can prefix a command with > to escape the console sandbox, and access everything in]] - print [[the running server. Great fun, but be careful not to break anything :)]] - end - print [[]] -end - --- Session environment -- --- Anything in def_env will be accessible within the session as a global variable - -def_env.server = {}; - -function def_env.server:insane_reload() - prosody.unlock_globals(); - dofile "prosody" - prosody = _G.prosody; - return true, "Server reloaded"; -end - -function def_env.server:version() - return true, tostring(prosody.version or "unknown"); -end - -function def_env.server:uptime() - local t = os.time()-prosody.start_time; - local seconds = t%60; - t = (t - seconds)/60; - local minutes = t%60; - t = (t - minutes)/60; - local hours = t%24; - t = (t - hours)/24; - local days = t; - return true, string.format("This server has been running for %d day%s, %d hour%s and %d minute%s (since %s)", - days, (days ~= 1 and "s") or "", hours, (hours ~= 1 and "s") or "", - minutes, (minutes ~= 1 and "s") or "", os.date("%c", prosody.start_time)); -end - -function def_env.server:shutdown(reason) - prosody.shutdown(reason); - return true, "Shutdown initiated"; -end - -def_env.module = {}; - -local function get_hosts_set(hosts, module) - if type(hosts) == "table" then - if hosts[1] then - return set.new(hosts); - elseif hosts._items then - return hosts; - end - elseif type(hosts) == "string" then - return set.new { hosts }; - elseif hosts == nil then - local mm = require "modulemanager"; - return set.new(array.collect(keys(prosody.hosts))) - / function (host) return prosody.hosts[host].type == "local" or module and mm.is_loaded(host, module); end; - end -end - -function def_env.module:load(name, hosts, config) - local mm = require "modulemanager"; - - hosts = get_hosts_set(hosts); - - -- Load the module for each host - local ok, err, count = true, nil, 0; - for host in hosts do - if (not mm.is_loaded(host, name)) then - ok, err = mm.load(host, name, config); - if not ok then - ok = false; - self.session.print(err or "Unknown error loading module"); - else - count = count + 1; - self.session.print("Loaded for "..host); - end - end - end - - return ok, (ok and "Module loaded onto "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -function def_env.module:unload(name, hosts) - local mm = require "modulemanager"; - - hosts = get_hosts_set(hosts, name); - - -- Unload the module for each host - local ok, err, count = true, nil, 0; - for host in hosts do - if mm.is_loaded(host, name) then - ok, err = mm.unload(host, name); - if not ok then - ok = false; - self.session.print(err or "Unknown error unloading module"); - else - count = count + 1; - self.session.print("Unloaded from "..host); - end - end - end - return ok, (ok and "Module unloaded from "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -function def_env.module:reload(name, hosts) - local mm = require "modulemanager"; - - hosts = get_hosts_set(hosts, name); - - -- Reload the module for each host - local ok, err, count = true, nil, 0; - for host in hosts do - if mm.is_loaded(host, name) then - ok, err = mm.reload(host, name); - if not ok then - ok = false; - self.session.print(err or "Unknown error reloading module"); - else - count = count + 1; - if ok == nil then - ok = true; - end - self.session.print("Reloaded on "..host); - end - end - end - return ok, (ok and "Module reloaded on "..count.." host"..(count ~= 1 and "s" or "")) or ("Last error: "..tostring(err)); -end - -function def_env.module:list(hosts) - if hosts == nil then - hosts = array.collect(keys(prosody.hosts)); - end - if type(hosts) == "string" then - hosts = { hosts }; - end - if type(hosts) ~= "table" then - return false, "Please supply a host or a list of hosts you would like to see"; - end - - local print = self.session.print; - for _, host in ipairs(hosts) do - print(host..":"); - local modules = array.collect(keys(prosody.hosts[host] and prosody.hosts[host].modules or {})):sort(); - if #modules == 0 then - if prosody.hosts[host] then - print(" No modules loaded"); - else - print(" Host not found"); - end - else - for _, name in ipairs(modules) do - print(" "..name); - end - end - end -end - -def_env.config = {}; -function def_env.config:load(filename, format) - local config_load = require "core.configmanager".load; - local ok, err = config_load(filename, format); - if not ok then - return false, err or "Unknown error loading config"; - end - return true, "Config loaded"; -end - -function def_env.config:get(host, section, key) - local config_get = require "core.configmanager".get - return true, tostring(config_get(host, section, key)); -end - -function def_env.config:reload() - local ok, err = prosody.reload_config(); - return ok, (ok and "Config reloaded (you may need to reload modules to take effect)") or tostring(err); -end - -def_env.hosts = {}; -function def_env.hosts:list() - for host, host_session in pairs(hosts) do - self.session.print(host); - end - return true, "Done"; -end - -function def_env.hosts:add(name) -end - -def_env.c2s = {}; - -local function show_c2s(callback) - for hostname, host in pairs(hosts) do - for username, user in pairs(host.sessions or {}) do - for resource, session in pairs(user.sessions or {}) do - local jid = username.."@"..hostname.."/"..resource; - callback(jid, session); - end - end - end -end - -function def_env.c2s:show(match_jid) - local print, count = self.session.print, 0; - local curr_host; - show_c2s(function (jid, session) - if curr_host ~= session.host then - curr_host = session.host; - print(curr_host); - end - if (not match_jid) or jid:match(match_jid) then - count = count + 1; - local status, priority = "unavailable", tostring(session.priority or "-"); - if session.presence then - status = session.presence:child_with_name("show"); - if status then - status = status:get_text() or "[invalid!]"; - else - status = "available"; - end - end - print(" "..jid.." - "..status.."("..priority..")"); - end - end); - return true, "Total: "..count.." clients"; -end - -function def_env.c2s:show_insecure(match_jid) - local print, count = self.session.print, 0; - show_c2s(function (jid, session) - if ((not match_jid) or jid:match(match_jid)) and not session.secure then - count = count + 1; - print(jid); - end - end); - return true, "Total: "..count.." insecure client connections"; -end - -function def_env.c2s:show_secure(match_jid) - local print, count = self.session.print, 0; - show_c2s(function (jid, session) - if ((not match_jid) or jid:match(match_jid)) and session.secure then - count = count + 1; - print(jid); - end - end); - return true, "Total: "..count.." secure client connections"; -end - -function def_env.c2s:close(match_jid) - local print, count = self.session.print, 0; - show_c2s(function (jid, session) - if jid == match_jid or jid_bare(jid) == match_jid then - count = count + 1; - session:close(); - end - end); - return true, "Total: "..count.." sessions closed"; -end - -def_env.s2s = {}; -function def_env.s2s:show(match_jid) - local _print = self.session.print; - local print = self.session.print; - - local count_in, count_out = 0,0; - - for host, host_session in pairs(hosts) do - print = function (...) _print(host); _print(...); print = _print; end - for remotehost, session in pairs(host_session.s2sout) do - if (not match_jid) or remotehost:match(match_jid) or host:match(match_jid) then - count_out = count_out + 1; - print(" "..host.." -> "..remotehost..(session.cert_identity_status == "valid" and " (secure)" or "")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); - if session.sendq then - print(" There are "..#session.sendq.." queued outgoing stanzas for this connection"); - end - if session.type == "s2sout_unauthed" then - if session.connecting then - print(" Connection not yet established"); - if not session.srv_hosts then - if not session.conn then - print(" We do not yet have a DNS answer for this host's SRV records"); - else - print(" This host has no SRV records, using A record instead"); - end - elseif session.srv_choice then - print(" We are on SRV record "..session.srv_choice.." of "..#session.srv_hosts); - local srv_choice = session.srv_hosts[session.srv_choice]; - print(" Using "..(srv_choice.target or ".")..":"..(srv_choice.port or 5269)); - end - elseif session.notopen then - print(" The <stream> has not yet been opened"); - elseif not session.dialback_key then - print(" Dialback has not been initiated yet"); - elseif session.dialback_key then - print(" Dialback has been requested, but no result received"); - end - end - end - end - local subhost_filter = function (h) - return (match_jid and h:match(match_jid)); - end - for session in pairs(incoming_s2s) do - if session.to_host == host and ((not match_jid) or host:match(match_jid) - or (session.from_host and session.from_host:match(match_jid)) - -- Pft! is what I say to list comprehensions - or (session.hosts and #array.collect(keys(session.hosts)):filter(subhost_filter)>0)) then - count_in = count_in + 1; - print(" "..host.." <- "..(session.from_host or "(unknown)")..(session.cert_identity_status == "valid" and " (secure)" or "")..(session.secure and " (encrypted)" or "")..(session.compressed and " (compressed)" or "")); - if session.type == "s2sin_unauthed" then - print(" Connection not yet authenticated"); - end - for name in pairs(session.hosts) do - if name ~= session.from_host then - print(" also hosts "..tostring(name)); - end - end - end - end - - print = _print; - end - - for session in pairs(incoming_s2s) do - if not session.to_host and ((not match_jid) or session.from_host and session.from_host:match(match_jid)) then - count_in = count_in + 1; - print("Other incoming s2s connections"); - print(" (unknown) <- "..(session.from_host or "(unknown)")); - end - end - - return true, "Total: "..count_out.." outgoing, "..count_in.." incoming connections"; -end - -local function print_subject(print, subject) - for _, entry in ipairs(subject) do - print( - (" %s: %q"):format( - entry.name or entry.oid, - entry.value:gsub("[\r\n%z%c]", " ") - ) - ); - end -end - -function def_env.s2s:showcert(domain) - local ser = require "util.serialization".serialize; - local print = self.session.print; - local domain_sessions = set.new(array.collect(keys(incoming_s2s))) - /function(session) return session.from_host == domain; end; - for local_host in values(prosody.hosts) do - local s2sout = local_host.s2sout; - if s2sout and s2sout[domain] then - domain_sessions:add(s2sout[domain]); - end - end - local cert_set = {}; - for session in domain_sessions do - local conn = session.conn; - conn = conn and conn:socket(); - if not conn.getpeercertificate then - if conn.dohandshake then - error("This version of LuaSec does not support certificate viewing"); - end - else - local cert = conn:getpeercertificate(); - if cert then - local digest = cert:digest("sha1"); - if not cert_set[digest] then - local chain_valid, chain_err = conn:getpeerchainvalid(); - cert_set[digest] = { - { - from = session.from_host, - to = session.to_host, - direction = session.direction - }; - chain_valid = chain_valid; - chain_err = chain_err; - cert = cert; - }; - else - table.insert(cert_set[digest], { - from = session.from_host, - to = session.to_host, - direction = session.direction - }); - end - end - end - end - local domain_certs = array.collect(values(cert_set)); - -- Phew. We now have a array of unique certificates presented by domain. - local print = self.session.print; - local n_certs = #domain_certs; - - if n_certs == 0 then - return "No certificates found for "..domain; - end - - local function _capitalize_and_colon(byte) - return string.upper(byte)..":"; - end - local function pretty_fingerprint(hash) - return hash:gsub("..", _capitalize_and_colon):sub(1, -2); - end - - for cert_info in values(domain_certs) do - local cert = cert_info.cert; - print("---") - print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); - print(""); - local n_streams = #cert_info; - print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); - for _, stream in ipairs(cert_info) do - if stream.direction == "incoming" then - print(" "..stream.to.." <- "..stream.from); - else - print(" "..stream.from.." -> "..stream.to); - end - end - print(""); - local chain_valid, err = cert_info.chain_valid, cert_info.chain_err; - local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); - print("Trusted certificate: "..(chain_valid and "Yes" or ("No ("..err..")"))); - print("Issuer: "); - print_subject(print, cert:issuer()); - print(""); - print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); - print("Subject:"); - print_subject(print, cert:subject()); - end - print("---"); - return ("Showing "..n_certs.." certificate" - ..(n_certs==1 and "" or "s") - .." presented by "..domain.."."); -end - -function def_env.s2s:close(from, to) - local print, count = self.session.print, 0; - - if not (from and to) then - return false, "Syntax: s2s:close('from', 'to') - Closes all s2s sessions from 'from' to 'to'"; - elseif from == to then - return false, "Both from and to are the same... you can't do that :)"; - end - - if hosts[from] and not hosts[to] then - -- Is an outgoing connection - local session = hosts[from].s2sout[to]; - if not session then - print("No outgoing connection from "..from.." to "..to) - else - (session.close or s2smanager.destroy_session)(session); - count = count + 1; - print("Closed outgoing session from "..from.." to "..to); - end - elseif hosts[to] and not hosts[from] then - -- Is an incoming connection - for session in pairs(incoming_s2s) do - if session.to_host == to and session.from_host == from then - (session.close or s2smanager.destroy_session)(session); - count = count + 1; - end - end - - if count == 0 then - print("No incoming connections from "..from.." to "..to); - else - print("Closed "..count.." incoming session"..((count == 1 and "") or "s").." from "..from.." to "..to); - end - elseif hosts[to] and hosts[from] then - return false, "Both of the hostnames you specified are local, there are no s2s sessions to close"; - else - return false, "Neither of the hostnames you specified are being used on this server"; - end - - return true, "Closed "..count.." s2s session"..((count == 1 and "") or "s"); -end - -def_env.host = {}; def_env.hosts = def_env.host; - -function def_env.host:activate(hostname, config) - return hostmanager.activate(hostname, config); -end -function def_env.host:deactivate(hostname, reason) - return hostmanager.deactivate(hostname, reason); -end - -function def_env.host:list() - local print = self.session.print; - local i = 0; - for host in values(array.collect(keys(prosody.hosts)):sort()) do - i = i + 1; - print(host); - end - return true, i.." hosts"; -end - -------------- - -function printbanner(session) - local option = config.get("*", "core", "console_banner"); -if option == nil or option == "full" or option == "graphic" then -session.print [[ - ____ \ / _ - | _ \ _ __ ___ ___ _-_ __| |_ _ - | |_) | '__/ _ \/ __|/ _ \ / _` | | | | - | __/| | | (_) \__ \ |_| | (_| | |_| | - |_| |_| \___/|___/\___/ \__,_|\__, | - A study in simplicity |___/ - -]] -end -if option == nil or option == "short" or option == "full" then -session.print("Welcome to the Prosody administration console. For a list of commands, type: help"); -session.print("You may find more help on using this console in our online documentation at "); -session.print("http://prosody.im/doc/console\n"); -end -if option and option ~= "short" and option ~= "full" and option ~= "graphic" then - if type(option) == "string" then - session.print(option) - elseif type(option) == "function" then - setfenv(option, redirect_output(_G, session)); - pcall(option, session); - end -end -end - -prosody.net_activate_ports("console", "console", {5582}, "tcp");
--- a/plugins/mod_pep.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/plugins/mod_pep.lua Fri Dec 17 13:50:33 2010 +0000 @@ -134,7 +134,8 @@ publish_all(user, recipient, origin); else recipients[user][recipient] = hash; - if self or origin.type ~= "c2s" then + local from_bare = origin.type == "c2s" and origin.username.."@"..origin.host; + if self or origin.type ~= "c2s" or (recipients[from_bare] and recipients[from_bare][origin.full_jid]) ~= hash then origin.send( st.stanza("iq", {from=stanza.attr.to, to=stanza.attr.from, id="disco", type="get"}) :query("http://jabber.org/protocol/disco#info")
--- a/plugins/mod_pubsub.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/plugins/mod_pubsub.lua Fri Dec 17 13:50:33 2010 +0000 @@ -166,8 +166,40 @@ module:hook("iq/host/http://jabber.org/protocol/pubsub:pubsub", handle_pubsub_iq); +local disco_info = st.stanza("query", { xmlns = "http://jabber.org/protocol/disco#info" }) + :tag("identity", { category = "pubsub", type = "service" }):up() + :tag("feature", { var = "http://jabber.org/protocol/pubsub" }):up(); + +module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function (event) + event.origin.send(st.reply(event.stanza):add_child(disco_info)); + return true; +end); + +module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function (event) + local ok, ret = service:get_nodes(event.stanza.attr.from); + if not ok then + event.origin.send(pubsub_error_reply(stanza, ret)); + else + local reply = st.reply(event.stanza) + :tag("query", { xmlns = "http://jabber.org/protocol/disco#items" }); + for node, node_obj in pairs(ret) do + reply:tag("item", { jid = module.host, node = node, name = node_obj.config.name }):up(); + end + event.origin.send(reply); + end + return true; +end); + service = pubsub.new({ broadcaster = simple_broadcast }); module.environment.service = service; +function module.save() + return { service = service }; +end + +function module.restore(data) + service = data.service; + module.environment.service = service; +end
--- a/plugins/mod_saslauth.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/plugins/mod_saslauth.lua Fri Dec 17 13:50:33 2010 +0000 @@ -14,7 +14,7 @@ local s2s_make_authenticated = require "core.s2smanager".make_authenticated; local base64 = require "util.encodings".base64; -local cert_verify_identity = require "util.certverification".verify_identity; +local cert_verify_identity = require "util.x509".verify_identity; local nodeprep = require "util.encodings".stringprep.nodeprep; local usermanager_get_sasl_handler = require "core.usermanager".get_sasl_handler;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/mod_storage_sql.lua Fri Dec 17 13:50:33 2010 +0000 @@ -0,0 +1,239 @@ + +--[[ + +DB Tables: + Prosody - key-value, map + | host | user | store | key | subkey | type | value | + ProsodyArchive - list + | host | user | store | key | time | stanzatype | jsonvalue | + +Mapping: + Roster - Prosody + | host | user | "roster" | "contactjid" | item-subkey | type | value | + | host | user | "roster" | NULL | NULL | "json" | roster[false] data | + Account - Prosody + | host | user | "accounts" | "username" | NULL | type | value | + + Offline - ProsodyArchive + | host | user | "offline" | "contactjid" | time | "message" | json|XML | + +]] + +local type = type; +local tostring = tostring; +local tonumber = tonumber; +local pairs = pairs; +local next = next; +local setmetatable = setmetatable; +local json = { stringify = function(s) return require"util.serialization".serialize(s) end, parse = require"util.serialization".deserialze }; + +local connection = ...; +local host,user,store = module.host; + +do -- process options to get a db connection + local DBI = require "DBI"; + + local params = module:get_option("sql") or { driver = "SQLite3", database = "prosody.sqlite" }; + assert(params and params.driver and params.database, "invalid params"); + + prosody.unlock_globals(); + local dbh, err = DBI.Connect( + params.driver, params.database, + params.username, params.password, + params.host, params.port + ); + prosody.lock_globals(); + assert(dbh, err); + + dbh:autocommit(false); -- don't commit automatically + connection = dbh; + + if params.driver == "SQLite3" then -- auto initialize + local stmt = assert(connection:prepare("SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='Prosody';")); + local ok = assert(stmt:execute()); + local count = stmt:fetch()[1]; + if count == 0 then + local stmt = assert(connection:prepare("CREATE TABLE Prosody (host TEXT, user TEXT, store TEXT, key TEXT, subkey TEXT, type TEXT, value TEXT);")); + assert(stmt:execute()); + assert(connection:commit()); + module:log("debug", "Initialized new SQLite3 database"); + end + --print("===", json.stringify()) + end +end + +local function serialize(value) + local t = type(value); + if t == "string" or t == "boolean" or t == "number" then + return t, tostring(value); + elseif t == "table" then + local value,err = json.stringify(value); + if value then return "json", value; end + return nil, err; + end + return nil, "Unhandled value type: "..t; +end +local function deserialize(t, value) + if t == "string" then return value; + elseif t == "boolean" then + if value == "true" then return true; + elseif value == "false" then return false; end + elseif t == "number" then return tonumber(value); + elseif value == "json" then + return json.parse(value); + end +end + +local function getsql(sql, ...) + -- do prepared statement stuff + local stmt, err = connection:prepare(sql); + if not stmt then return nil, err; end + -- run query + local ok, err = stmt:execute(host, user, store, ...); + if not ok then return nil, err; end + + return stmt; +end +local function setsql(sql, ...) + local stmt, err = getsql(sql, ...); + if not stmt then return stmt, err; end + return stmt:affected(); +end +local function transact(...) + -- ... +end +local function rollback(...) + connection:rollback(); -- FIXME check for rollback error? + return ...; +end +local function commit(...) + if not connection:commit() then return nil, "SQL commit failed"; end + return ...; +end + +local keyval_store = {}; +keyval_store.__index = keyval_store; +function keyval_store:get(username) + user,store = username,self.store; + local stmt, err = getsql("SELECT * FROM Prosody WHERE host IS ? AND user IS ? AND store IS ? AND subkey IS NULL"); + if not stmt then return nil, err; end + + local haveany; + local result = {}; + for row in stmt:rows(true) do + haveany = true; + local k = row.key; + local v = deserialize(row.type, row.value); + if v then + if k then result[k] = v; elseif type(v) == "table" then + for a,b in pairs(v) do + result[a] = b; + end + end + end + end + return haveany and result or nil; +end +function keyval_store:set(username, data) + user,store = username,self.store; + -- start transaction + local affected, err = setsql("DELETE FROM Prosody WHERE host IS ? AND user IS ? AND store IS ? AND subkey IS NULL"); + + if data and next(data) ~= nil then + local extradata = {}; + for key, value in pairs(data) do + if type(key) == "string" then + local t, value = serialize(value); + if not t then return rollback(t, value); end + local ok, err = setsql("INSERT INTO Prosody (host,user,store,key,type,value) VALUES (?,?,?,?,?,?)", key, t, value); + if not ok then return rollback(ok, err); end + else + extradata[key] = value; + end + end + if next(extradata) ~= nil then + local t, extradata = serialize(extradata); + if not t then return rollback(t, extradata); end + local ok, err = setsql("INSERT INTO Prosody (host,user,store,key,type,value) VALUES (?,?,?,?,?,?)", nil, t, extradata); + if not ok then return rollback(ok, err); end + end + end + return commit(true); +end + +local map_store = {}; +map_store.__index = map_store; +function map_store:get(username, key) + user,store = username,self.store; + local stmt, err = getsql("SELECT * FROM Prosody WHERE host IS ? AND user IS ? AND store IS ? AND key IS ?", key); + if not stmt then return nil, err; end + + local haveany; + local result = {}; + for row in stmt:rows(true) do + haveany = true; + local k = row.subkey; + local v = deserialize(row.type, row.value); + if v then + if k then result[k] = v; elseif type(v) == "table" then + for a,b in pairs(v) do + result[a] = b; + end + end + end + end + return haveany and result or nil; +end +function map_store:set(username, key, data) + user,store = username,self.store; + -- start transaction + local affected, err = setsql("DELETE FROM Prosody WHERE host IS ? AND user IS ? AND store IS ? AND key IS ?", key); + + if data and next(data) ~= nil then + local extradata = {}; + for subkey, value in pairs(data) do + if type(subkey) == "string" then + local t, value = serialize(value); + if not t then return rollback(t, value); end + local ok, err = setsql("INSERT INTO Prosody (host,user,store,key,subkey,type,value) VALUES (?,?,?,?,?,?)", key, subkey, t, value); + if not ok then return rollback(ok, err); end + else + extradata[subkey] = value; + end + end + if next(extradata) ~= nil then + local t, extradata = serialize(extradata); + if not t then return rollback(t, extradata); end + local ok, err = setsql("INSERT INTO Prosody (host,user,store,key,subkey,type,value) VALUES (?,?,?,?,?,?)", key, nil, t, extradata); + if not ok then return rollback(ok, err); end + end + end + return commit(true); +end + +local list_store = {}; +list_store.__index = list_store; +function list_store:scan(username, from, to, jid, typ) + user,store = username,self.store; + + local cols = {"from", "to", "jid", "typ"}; + local vals = { from , to , jid , typ }; + local stmt, err; + local query = "SELECT * FROM ProsodyArchive WHERE host IS ? AND user IS ? AND store IS ?"; + + query = query.." ORDER BY time"; + --local stmt, err = getsql("SELECT * FROM Prosody WHERE host IS ? AND user IS ? AND store IS ? AND key IS ?", key); + + return nil, "not-implemented" +end + +local driver = { name = "sql" }; + +function driver:open(store, typ) + if not typ then -- default key-value store + return setmetatable({ store = store }, keyval_store); + end + return nil, "unsupported-store"; +end + +module:add_item("data-driver", driver);
--- a/prosody Tue Dec 14 18:54:55 2010 +0100 +++ b/prosody Fri Dec 17 13:50:33 2010 +0000 @@ -7,6 +7,8 @@ -- COPYING file in the source package for more information. -- +-- prosody - main executable for Prosody XMPP server + -- Will be modified by configure script if run -- CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
--- a/prosodyctl Tue Dec 14 18:54:55 2010 +0100 +++ b/prosodyctl Fri Dec 17 13:50:33 2010 +0000 @@ -1,7 +1,7 @@ #!/usr/bin/env lua -- Prosody IM --- Copyright (C) 2008-2009 Matthew Wild --- Copyright (C) 2008-2009 Waqas Hussain +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. @@ -11,18 +11,20 @@ -- Will be modified by configure script if run -- -CFG_SOURCEDIR=nil; +CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR"); CFG_CONFIGDIR=os.getenv("PROSODY_CFGDIR"); -CFG_PLUGINDIR=nil; +CFG_PLUGINDIR=os.getenv("PROSODY_PLUGINDIR"); CFG_DATADIR=os.getenv("PROSODY_DATADIR"); --- -- -- -- -- -- -- ---- -- -- -- -- -- -- -- -- +-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +-- Tell Lua where to find our libraries if CFG_SOURCEDIR then - package.path = CFG_SOURCEDIR.."/?.lua;"..package.path - package.cpath = CFG_SOURCEDIR.."/?.so;"..package.cpath + package.path = CFG_SOURCEDIR.."/?.lua;"..package.path; + package.cpath = CFG_SOURCEDIR.."/?.so;"..package.cpath; end +-- Substitute ~ with path to home directory in data path if CFG_DATADIR then if os.getenv("HOME") then CFG_DATADIR = CFG_DATADIR:gsub("^~", os.getenv("HOME")); @@ -40,9 +42,30 @@ config = require "core.configmanager" do - -- TODO: Check for other formats when we add support for them - -- Use lfs? Make a new conf/ dir? - local ok, level, err = config.load((CFG_CONFIGDIR or ".").."/prosody.cfg.lua"); + local filenames = {}; + + local filename; + if arg[1] == "--config" and arg[2] then + table.insert(filenames, arg[2]); + table.remove(arg, 1); table.remove(arg, 1); + if CFG_CONFIGDIR then + table.insert(filenames, CFG_CONFIGDIR.."/"..arg[2]); + end + else + for _, format in ipairs(config.parsers()) do + table.insert(filenames, (CFG_CONFIGDIR or ".").."/prosody.cfg."..format); + end + end + for _,_filename in ipairs(filenames) do + filename = _filename; + local file = io.open(filename); + if file then + file:close(); + CFG_CONFIGDIR = filename:match("^(.*)[\\/][^\\/]*$"); + break; + end + end + local ok, level, err = config.load(filename); if not ok then print("\n"); print("**************************"); @@ -509,11 +532,8 @@ return 1; end - local ret = commands.stop(arg); - if ret == 0 then - ret = commands.start(arg); - end - return ret; + commands.stop(arg); + return commands.start(arg); end -- ejabberdctl compatibility
--- a/util-src/windows.c Tue Dec 14 18:54:55 2010 +0100 +++ b/util-src/windows.c Fri Dec 17 13:50:33 2010 +0000 @@ -43,9 +43,38 @@ } } +static void lassert(lua_State *L, BOOL test, char* string) { + if (!test) { + luaL_error(L, "%s: %d", string, GetLastError()); + } +} + +static int Lget_consolecolor(lua_State *L) { + HWND console = GetStdHandle(STD_OUTPUT_HANDLE); + WORD color; DWORD read_len; + + CONSOLE_SCREEN_BUFFER_INFO info; + + lassert(L, console != INVALID_HANDLE_VALUE, "GetStdHandle"); + lassert(L, GetConsoleScreenBufferInfo(console, &info), "GetConsoleScreenBufferInfo"); + lassert(L, ReadConsoleOutputAttribute(console, &color, sizeof(WORD), info.dwCursorPosition, &read_len), "ReadConsoleOutputAttribute"); + + lua_pushnumber(L, color); + return 1; +} +static int Lset_consolecolor(lua_State *L) { + int color = luaL_checkint(L, 1); + HWND console = GetStdHandle(STD_OUTPUT_HANDLE); + lassert(L, console != INVALID_HANDLE_VALUE, "GetStdHandle"); + lassert(L, SetConsoleTextAttribute(console, color), "SetConsoleTextAttribute"); + return 0; +} + static const luaL_Reg Reg[] = { { "get_nameservers", Lget_nameservers }, + { "get_consolecolor", Lget_consolecolor }, + { "set_consolecolor", Lset_consolecolor }, { NULL, NULL } };
--- a/util/certverification.lua Tue Dec 14 18:54:55 2010 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,211 +0,0 @@ --- Prosody IM --- Copyright (C) 2010 Matthew Wild --- Copyright (C) 2010 Paul Aurich --- --- This project is MIT/X11 licensed. Please see the --- COPYING file in the source package for more information. --- - --- TODO: I feel a fair amount of this logic should be integrated into Luasec, --- so that everyone isn't re-inventing the wheel. Dependencies on --- IDN libraries complicate that. - - --- [TLS-CERTS] - http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-10 --- [XMPP-CORE] - http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-18 --- [SRV-ID] - http://tools.ietf.org/html/rfc4985 --- [IDNA] - http://tools.ietf.org/html/rfc5890 --- [LDAP] - http://tools.ietf.org/html/rfc4519 --- [PKIX] - http://tools.ietf.org/html/rfc5280 - -local nameprep = require "util.encodings".stringprep.nameprep; -local idna_to_ascii = require "util.encodings".idna.to_ascii; -local log = require "util.logger".init("certverification"); - -module "certverification" - -local oid_commonname = "2.5.4.3"; -- [LDAP] 2.3 -local oid_subjectaltname = "2.5.29.17"; -- [PKIX] 4.2.1.6 -local oid_xmppaddr = "1.3.6.1.5.5.7.8.5"; -- [XMPP-CORE] -local oid_dnssrv = "1.3.6.1.5.5.7.8.7"; -- [SRV-ID] - --- Compare a hostname (possibly international) with asserted names --- extracted from a certificate. --- This function follows the rules laid out in --- sections 4.4.1 and 4.4.2 of [TLS-CERTS] --- --- A wildcard ("*") all by itself is allowed only as the left-most label -local function compare_dnsname(host, asserted_names) - -- TODO: Sufficient normalization? Review relevant specs. - local norm_host = idna_to_ascii(host) - if norm_host == nil then - log("info", "Host %s failed IDNA ToASCII operation", host) - return false - end - - norm_host = norm_host:lower() - - local host_chopped = norm_host:gsub("^[^.]+%.", "") -- everything after the first label - - for i=1,#asserted_names do - local name = asserted_names[i] - if norm_host == name:lower() then - log("debug", "Cert dNSName %s matched hostname", name); - return true - end - - -- Allow the left most label to be a "*" - if name:match("^%*%.") then - local rest_name = name:gsub("^[^.]+%.", "") - if host_chopped == rest_name:lower() then - log("debug", "Cert dNSName %s matched hostname", name); - return true - end - end - end - - return false -end - --- Compare an XMPP domain name with the asserted id-on-xmppAddr --- identities extracted from a certificate. Both are UTF8 strings. --- --- Per [XMPP-CORE], matches against asserted identities don't include --- wildcards, so we just do a normalize on both and then a string comparison --- --- TODO: Support for full JIDs? -local function compare_xmppaddr(host, asserted_names) - local norm_host = nameprep(host) - - for i=1,#asserted_names do - local name = asserted_names[i] - - -- We only want to match against bare domains right now, not - -- those crazy full-er JIDs. - if name:match("[@/]") then - log("debug", "Ignoring xmppAddr %s because it's not a bare domain", name) - else - local norm_name = nameprep(name) - if norm_name == nil then - log("info", "Ignoring xmppAddr %s, failed nameprep!", name) - else - if norm_host == norm_name then - log("debug", "Cert xmppAddr %s matched hostname", name) - return true - end - end - end - end - - return false -end - --- Compare a host + service against the asserted id-on-dnsSRV (SRV-ID) --- identities extracted from a certificate. --- --- Per [SRV-ID], the asserted identities will be encoded in ASCII via ToASCII. --- Comparison is done case-insensitively, and a wildcard ("*") all by itself --- is allowed only as the left-most non-service label. -local function compare_srvname(host, service, asserted_names) - local norm_host = idna_to_ascii(host) - if norm_host == nil then - log("info", "Host %s failed IDNA ToASCII operation", host); - return false - end - - -- Service names start with a "_" - if service:match("^_") == nil then service = "_"..service end - - norm_host = norm_host:lower(); - local host_chopped = norm_host:gsub("^[^.]+%.", "") -- everything after the first label - - for i=1,#asserted_names do - local asserted_service, name = asserted_names[i]:match("^(_[^.]+)%.(.*)"); - if service == asserted_service then - if norm_host == name:lower() then - log("debug", "Cert SRVName %s matched hostname", name); - return true; - end - - -- Allow the left most label to be a "*" - if name:match("^%*%.") then - local rest_name = name:gsub("^[^.]+%.", "") - if host_chopped == rest_name:lower() then - log("debug", "Cert SRVName %s matched hostname", name) - return true - end - end - if norm_host == name:lower() then - log("debug", "Cert SRVName %s matched hostname", name); - return true - end - end - end - - return false -end - -function verify_identity(host, service, cert) - local ext = cert:extensions() - if ext[oid_subjectaltname] then - local sans = ext[oid_subjectaltname]; - - -- Per [TLS-CERTS] 4.3, 4.4.4, "a client MUST NOT seek a match for a - -- reference identifier if the presented identifiers include a DNS-ID - -- SRV-ID, URI-ID, or any application-specific identifier types" - local had_supported_altnames = false - - if sans[oid_xmppaddr] then - had_supported_altnames = true - if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end - end - - if sans[oid_dnssrv] then - had_supported_altnames = true - -- Only check srvNames if the caller specified a service - if service and compare_srvname(host, service, sans[oid_dnssrv]) then return true end - end - - if sans["dNSName"] then - had_supported_altnames = true - if compare_dnsname(host, sans["dNSName"]) then return true end - end - - -- We don't need URIs, but [TLS-CERTS] is clear. - if sans["uniformResourceIdentifier"] then - had_supported_altnames = true - end - - if had_supported_altnames then return false end - end - - -- Extract a common name from the certificate, and check it as if it were - -- a dNSName subjectAltName (wildcards may apply for, and receive, - -- cat treats) - -- - -- Per [TLS-CERTS] 1.5, a CN-ID is the Common Name from a cert subject - -- which has one and only one Common Name - local subject = cert:subject() - local cn = nil - for i=1,#subject do - local dn = subject[i] - if dn["oid"] == oid_commonname then - if cn then - log("info", "Certificate has multiple common names") - return false - end - - cn = dn["value"]; - end - end - - if cn then - -- Per [TLS-CERTS] 4.4.4, follow the comparison rules for dNSName SANs. - return compare_dnsname(host, { cn }) - end - - -- If all else fails, well, why should we be any different? - return false -end - -return _M;
--- a/util/pubsub.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/util/pubsub.lua Fri Dec 17 13:50:33 2010 +0000 @@ -77,4 +77,8 @@ end end +function service:get_nodes(actor) + return true, self.nodes; +end + return _M;
--- a/util/serialization.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/util/serialization.lua Fri Dec 17 13:50:33 2010 +0000 @@ -15,6 +15,10 @@ local pairs = pairs; local next = next; +local loadstring = loadstring; +local setfenv = setfenv; +local pcall = pcall; + local debug_traceback = debug.traceback; local log = require "util.logger".init("serialization"); module "serialization" @@ -24,14 +28,20 @@ end local function basicSerialize (o) if type(o) == "number" or type(o) == "boolean" then - return tostring(o); + -- no need to check for NaN, as that's not a valid table index + if o == 1/0 then return "(1/0)"; + elseif o == -1/0 then return "(-1/0)"; + else return tostring(o); end else -- assume it is a string -- FIXME make sure it's a string. throw an error otherwise. return (("%q"):format(tostring(o)):gsub("\\\n", "\\n")); end end local function _simplesave(o, ind, t, func) if type(o) == "number" then - func(t, tostring(o)); + if o ~= o then func(t, "(0/0)"); + elseif o == 1/0 then func(t, "(1/0)"); + elseif o == -1/0 then func(t, "(-1/0)"); + else func(t, tostring(o)); end elseif type(o) == "string" then func(t, (("%q"):format(o):gsub("\\\n", "\\n"))); elseif type(o) == "table" then @@ -72,7 +82,14 @@ end function deserialize(str) - error("Not implemented"); + if type(str) ~= "string" then return nil; end + str = "return "..str; + local f, err = loadstring(str, "@data"); + if not f then return nil, err; end + setfenv(f, {}); + local success, ret = pcall(f); + if not success then return nil, ret; end + return ret; end return _M;
--- a/util/stanza.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/util/stanza.lua Fri Dec 17 13:50:33 2010 +0000 @@ -254,7 +254,7 @@ end end end - return type, condition or "undefined-condition", text or ""; + return type, condition or "undefined-condition", text; end function stanza_mt.__add(s1, s2)
--- a/util/termcolours.lua Tue Dec 14 18:54:55 2010 +0100 +++ b/util/termcolours.lua Fri Dec 17 13:50:33 2010 +0000 @@ -10,6 +10,14 @@ local t_concat, t_insert = table.concat, table.insert; local char, format = string.char, string.format; local ipairs = ipairs; +local io_write = io.write; + +local windows; +if os.getenv("WINDIR") then + windows = require "util.windows"; +end +local orig_color = windows and windows.get_consolecolor and windows.get_consolecolor(); + module "termcolours" local stylemap = { @@ -19,6 +27,13 @@ bold = 1, dark = 2, underline = 4, underlined = 4, normal = 0; } +local winstylemap = { + ["0"] = orig_color, -- reset + ["1"] = 7+8, -- bold + ["1;33"] = 2+4+8, -- bold yellow + ["1;31"] = 4+8 -- bold red +} + local fmt_string = char(0x1B).."[%sm%s"..char(0x1B).."[0m"; function getstring(style, text) if style then @@ -39,4 +54,26 @@ return t_concat(result, ";"); end +local last = "0"; +function setstyle(style) + style = style or "0"; + if style ~= last then + io_write("\27["..style.."m"); + last = style; + end +end + +if windows then + function setstyle(style) + style = style or "0"; + if style ~= last then + windows.set_consolecolor(winstylemap[style] or orig_color); + last = style; + end + end + if not orig_color then + function setstyle(style) end + end +end + return _M;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/util/x509.lua Fri Dec 17 13:50:33 2010 +0000 @@ -0,0 +1,211 @@ +-- Prosody IM +-- Copyright (C) 2010 Matthew Wild +-- Copyright (C) 2010 Paul Aurich +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + +-- TODO: I feel a fair amount of this logic should be integrated into Luasec, +-- so that everyone isn't re-inventing the wheel. Dependencies on +-- IDN libraries complicate that. + + +-- [TLS-CERTS] - http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-10 +-- [XMPP-CORE] - http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-18 +-- [SRV-ID] - http://tools.ietf.org/html/rfc4985 +-- [IDNA] - http://tools.ietf.org/html/rfc5890 +-- [LDAP] - http://tools.ietf.org/html/rfc4519 +-- [PKIX] - http://tools.ietf.org/html/rfc5280 + +local nameprep = require "util.encodings".stringprep.nameprep; +local idna_to_ascii = require "util.encodings".idna.to_ascii; +local log = require "util.logger".init("x509"); + +module "x509" + +local oid_commonname = "2.5.4.3"; -- [LDAP] 2.3 +local oid_subjectaltname = "2.5.29.17"; -- [PKIX] 4.2.1.6 +local oid_xmppaddr = "1.3.6.1.5.5.7.8.5"; -- [XMPP-CORE] +local oid_dnssrv = "1.3.6.1.5.5.7.8.7"; -- [SRV-ID] + +-- Compare a hostname (possibly international) with asserted names +-- extracted from a certificate. +-- This function follows the rules laid out in +-- sections 4.4.1 and 4.4.2 of [TLS-CERTS] +-- +-- A wildcard ("*") all by itself is allowed only as the left-most label +local function compare_dnsname(host, asserted_names) + -- TODO: Sufficient normalization? Review relevant specs. + local norm_host = idna_to_ascii(host) + if norm_host == nil then + log("info", "Host %s failed IDNA ToASCII operation", host) + return false + end + + norm_host = norm_host:lower() + + local host_chopped = norm_host:gsub("^[^.]+%.", "") -- everything after the first label + + for i=1,#asserted_names do + local name = asserted_names[i] + if norm_host == name:lower() then + log("debug", "Cert dNSName %s matched hostname", name); + return true + end + + -- Allow the left most label to be a "*" + if name:match("^%*%.") then + local rest_name = name:gsub("^[^.]+%.", "") + if host_chopped == rest_name:lower() then + log("debug", "Cert dNSName %s matched hostname", name); + return true + end + end + end + + return false +end + +-- Compare an XMPP domain name with the asserted id-on-xmppAddr +-- identities extracted from a certificate. Both are UTF8 strings. +-- +-- Per [XMPP-CORE], matches against asserted identities don't include +-- wildcards, so we just do a normalize on both and then a string comparison +-- +-- TODO: Support for full JIDs? +local function compare_xmppaddr(host, asserted_names) + local norm_host = nameprep(host) + + for i=1,#asserted_names do + local name = asserted_names[i] + + -- We only want to match against bare domains right now, not + -- those crazy full-er JIDs. + if name:match("[@/]") then + log("debug", "Ignoring xmppAddr %s because it's not a bare domain", name) + else + local norm_name = nameprep(name) + if norm_name == nil then + log("info", "Ignoring xmppAddr %s, failed nameprep!", name) + else + if norm_host == norm_name then + log("debug", "Cert xmppAddr %s matched hostname", name) + return true + end + end + end + end + + return false +end + +-- Compare a host + service against the asserted id-on-dnsSRV (SRV-ID) +-- identities extracted from a certificate. +-- +-- Per [SRV-ID], the asserted identities will be encoded in ASCII via ToASCII. +-- Comparison is done case-insensitively, and a wildcard ("*") all by itself +-- is allowed only as the left-most non-service label. +local function compare_srvname(host, service, asserted_names) + local norm_host = idna_to_ascii(host) + if norm_host == nil then + log("info", "Host %s failed IDNA ToASCII operation", host); + return false + end + + -- Service names start with a "_" + if service:match("^_") == nil then service = "_"..service end + + norm_host = norm_host:lower(); + local host_chopped = norm_host:gsub("^[^.]+%.", "") -- everything after the first label + + for i=1,#asserted_names do + local asserted_service, name = asserted_names[i]:match("^(_[^.]+)%.(.*)"); + if service == asserted_service then + if norm_host == name:lower() then + log("debug", "Cert SRVName %s matched hostname", name); + return true; + end + + -- Allow the left most label to be a "*" + if name:match("^%*%.") then + local rest_name = name:gsub("^[^.]+%.", "") + if host_chopped == rest_name:lower() then + log("debug", "Cert SRVName %s matched hostname", name) + return true + end + end + if norm_host == name:lower() then + log("debug", "Cert SRVName %s matched hostname", name); + return true + end + end + end + + return false +end + +function verify_identity(host, service, cert) + local ext = cert:extensions() + if ext[oid_subjectaltname] then + local sans = ext[oid_subjectaltname]; + + -- Per [TLS-CERTS] 4.3, 4.4.4, "a client MUST NOT seek a match for a + -- reference identifier if the presented identifiers include a DNS-ID + -- SRV-ID, URI-ID, or any application-specific identifier types" + local had_supported_altnames = false + + if sans[oid_xmppaddr] then + had_supported_altnames = true + if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end + end + + if sans[oid_dnssrv] then + had_supported_altnames = true + -- Only check srvNames if the caller specified a service + if service and compare_srvname(host, service, sans[oid_dnssrv]) then return true end + end + + if sans["dNSName"] then + had_supported_altnames = true + if compare_dnsname(host, sans["dNSName"]) then return true end + end + + -- We don't need URIs, but [TLS-CERTS] is clear. + if sans["uniformResourceIdentifier"] then + had_supported_altnames = true + end + + if had_supported_altnames then return false end + end + + -- Extract a common name from the certificate, and check it as if it were + -- a dNSName subjectAltName (wildcards may apply for, and receive, + -- cat treats) + -- + -- Per [TLS-CERTS] 1.5, a CN-ID is the Common Name from a cert subject + -- which has one and only one Common Name + local subject = cert:subject() + local cn = nil + for i=1,#subject do + local dn = subject[i] + if dn["oid"] == oid_commonname then + if cn then + log("info", "Certificate has multiple common names") + return false + end + + cn = dn["value"]; + end + end + + if cn then + -- Per [TLS-CERTS] 4.4.4, follow the comparison rules for dNSName SANs. + return compare_dnsname(host, { cn }) + end + + -- If all else fails, well, why should we be any different? + return false +end + +return _M;