Merge remote-tracking branch 'ispc/master'

Author: Marius Cramer

helper_scripts/recreate_webalizer_stats.php

@@ -5,8 +5,8 @@
 //######################################################################################################
 
 
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
 foreach($records as $rec) {
 	$domain = escapeshellcmd($rec["domain"]);
 	$logdir = escapeshellcmd($rec["document_root"].'/log');

install/apps/metronome-init

@@ -0,0 +1,75 @@
+#! /bin/sh
+#
+# metronome        Start/stop metronome server
+#
+
+### BEGIN INIT INFO
+# Provides:          metronome
+# Required-Start:    $remote_fs $network $named $time
+# Required-Stop:     $remote_fs $network $named $time
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Starts metronome server
+# Description:       Starts metronome server, an XMPP server written in Lua.
+### END INIT INFO
+
+METRONOME=/usr/bin/metronomectl
+PIDDIR=/var/run/metronome
+NAME=metronome
+
+test -e $METRONOME || exit 0
+
+start()
+{
+        mkdir $PIDDIR -p
+        chown metronome:metronome $PIDDIR
+        chmod 750 $PIDDIR
+
+    $METRONOME start >> /dev/null
+}
+
+stop()
+{
+    $METRONOME stop >> /dev/null
+}
+
+reload()
+{
+    &METRONOME reload >> /dev/null
+}
+
+restart()
+{
+    &METRONOME restart >> /dev/null
+}
+
+case "$1" in
+    start)
+        echo -n "Starting Metronome..."
+        start &
+    ;;
+    stop)
+        echo -n "Stopping Metronome..."
+        stop &
+    ;;
+    reload)
+        echo -n "Reloading Metronome config..."
+        reload &
+    ;;
+    restart)
+        echo -n "Restarting Metronome..."
+        restart &
+    ;;
+    *)
+        echo "Usage: $0 {start|stop|reload|restart}" >&2
+        exit 1
+    ;;
+esac
+
+if [ $? -eq 0 ]; then
+    echo .
+else
+    echo " failed!"
+fi
+
+exit 0

install/apps/metronome_libs/mod_auth_external/authenticate_isp.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+IFS=":"
+AUTH_OK=1
+AUTH_FAILED=0
+LOGFILE="/var/log/metronome/auth.log"
+USELOG=true
+
+while read ACTION USER HOST PASS ; do
+
+    [ $USELOG == true ] && { echo "Date: $(date) Action: $ACTION User: $USER Host: $HOST" >> $LOGFILE; }
+
+    case $ACTION in
+        "auth")
+            if [ `/usr/bin/php /usr/lib/metronome/isp-modules/mod_auth_external/db_auth.php $USER $HOST $PASS 2>/dev/null` == 1 ] ; then
+                echo $AUTH_OK
+                [ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
+            else
+                echo $AUTH_FAILED
+                [ $USELOG == true ] && { echo "AUTH FAILED" >> $LOGFILE; }
+            fi
+        ;;
+        "isuser")
+             if [ `/usr/bin/php /usr/lib/metronome/isp-modules/mod_auth_external/db_isuser.php $USER $HOST 2>/dev/null` == 1 ] ; then
+                echo $AUTH_OK
+                [ $USELOG == true ] && { echo "ISUSER OK" >> $LOGFILE; }
+            else
+                echo $AUTH_FAILED
+                [ $USELOG == true ] && { echo "ISUSER FAILED" >> $LOGFILE; }
+            fi
+        ;;
+        *)
+            echo $AUTH_FAILED
+            [ $USELOG == true ] && { echo "UNKNOWN ACTION GIVEN: $ACTION" >> $LOGFILE; }
+        ;;
+    esac
+
+done

install/apps/metronome_libs/mod_auth_external/db_auth.php

@@ -0,0 +1,58 @@
+<?php
+ini_set('display_errors', false);
+require_once('db_conf.inc.php');
+
+try{
+    // Connect database
+    $db = new mysqli($db_host, $db_user, $db_pass, $db_name);
+    result_false(mysqli_connect_errno());
+
+    // Get arguments
+    $arg_email = '';
+    $arg_password = '';
+
+    result_false(count($argv) != 4);
+    $arg_email = $argv[1].'@'.$argv[2];
+    $arg_password = $argv[3];
+
+    // check for existing user
+    $dbmail = $db->real_escape_string($arg_email);
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
+    result_false($result->num_rows != 1);
+
+    $user = $result->fetch_object();
+
+    // check for domain autologin api key
+    $domain_key = 'f47kmm5Yh5hJzSws2KTS';
+
+    checkAuth($argv[1], $argv[2], $arg_password, $user->password, $domain_key);
+}catch(Exception $ex){
+    echo 0;
+    exit();
+}
+
+function result_false($cond = true){
+    if(!$cond) return;
+    echo 0;
+    exit();
+}
+function result_true(){
+    echo 1;
+    exit();
+}
+function checkAuth($user, $domain, $pw_arg, $pw_db, $domain_key){
+    if(crypt($pw_arg, $pw_db) == $pw_db)
+        result_true();
+
+    if($domain_key){
+        $datetime = new DateTime();
+        $datetime->setTimezone(new DateTimeZone("UTC"));
+        for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
+            $pw_api = md5($domain.'@'.$domain_key.'@'.$user.'@'.$t);
+            if($pw_api == $pw_arg)
+                result_true();
+        }
+    }
+    result_false();
+}
+?>

install/apps/metronome_libs/mod_auth_external/db_conf.inc.php

@@ -0,0 +1,6 @@
+<?php
+$db_user = '{mysql_server_ispconfig_user}';
+$db_pass = '{mysql_server_ispconfig_password}';
+$db_name = '{mysql_server_database}';
+$db_host = '{mysql_server_ip}';
+$isp_server_id = '{server_id}';

install/apps/metronome_libs/mod_auth_external/db_isuser.php

@@ -0,0 +1,37 @@
+<?php
+ini_set('display_errors', false);
+require_once('db_conf.inc.php');
+
+try{
+    // Connect database
+    $db = new mysqli($db_host, $db_user, $db_pass, $db_name);
+    result_false(mysqli_connect_errno());
+
+    // Get arguments
+    $arg_email = '';
+
+    result_false(count($argv) != 3);
+    $arg_email = $argv[1].'@'.$argv[2];
+
+    // check for existing user
+    $dbmail = $db->real_escape_string($arg_email);
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
+    result_false($result->num_rows != 1);
+    result_true();
+
+}catch(Exception $ex){
+    echo 0;
+    exit();
+}
+
+function result_false($cond = true){
+    if(!$cond) return;
+    echo 0;
+    exit();
+}
+function result_true(){
+    echo 1;
+    exit();
+}
+
+?>

install/apps/metronome_libs/mod_auth_external/mod_auth_external.lua

@@ -0,0 +1,118 @@
+local nodeprep = require "util.encodings".stringprep.nodeprep;
+local lpc = require "lpc";
+
+local config = require "core.configmanager";
+local log = module._log;
+local host = module.host;
+local script_type = config.get(host, "external_auth_protocol") or "generic";
+assert(script_type == "ejabberd" or script_type == "generic");
+local command = config.get(host, "external_auth_command") or "";
+assert(type(command) == "string");
+assert(not host:find(":"));
+local usermanager = require "core.usermanager";
+local jid_bare = require "util.jid".bare;
+local new_sasl = require "util.sasl".new;
+
+local pid;
+local readfile;
+local writefile;
+
+local function send_query(text)
+        if pid and lpc.wait(pid,1) ~= nil then
+            log("debug","error, process died, force reopen");
+            pid=nil;
+        end
+        if not pid then
+                log("debug", "Opening process " .. command);
+                pid, writefile, readfile = lpc.run(command);
+        end
+        if not pid then
+                log("debug", "Process failed to open");
+                return nil;
+        end
+
+        writefile:write(text);
+        writefile:flush();
+        if script_type == "ejabberd" then
+                return readfile:read(4);
+        elseif script_type == "generic" then
+                return readfile:read();
+        end
+end
+
+function do_query(kind, username, password)
+        if not username then return nil, "not-acceptable"; end
+        username = nodeprep(username);
+        if not username then return nil, "jid-malformed"; end
+
+        local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password);
+        local len = #query
+        if len > 1000 then return nil, "policy-violation"; end
+
+        if script_type == "ejabberd" then
+                local lo = len % 256;
+                local hi = (len - lo) / 256;
+                query = string.char(hi, lo)..query;
+        end
+        if script_type == "generic" then
+                query = query..'\n';
+        end
+
+        local response = send_query(query);
+        if (script_type == "ejabberd" and response == "\0\2\0\0") or
+                (script_type == "generic" and response == "0") then
+                        return nil, "not-authorized";
+        elseif (script_type == "ejabberd" and response == "\0\2\0\1") or
+                (script_type == "generic" and response == "1") then
+                        return true;
+        else
+                log("debug", "Nonsense back");
+                return nil, "internal-server-error";
+        end
+end
+
+function new_external_provider(host)
+        local provider = { name = "external" };
+
+        function provider.test_password(username, password)
+                return do_query("auth", username, password);
+        end
+
+        function provider.set_password(username, password)
+                return do_query("setpass", username, password);
+        end
+
+        function provider.user_exists(username)
+                return do_query("isuser", username);
+        end
+
+        function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
+
+        function provider.get_sasl_handler()
+                local testpass_authentication_profile = {
+                        plain_test = function(sasl, username, password, realm)
+                                return usermanager.test_password(username, realm, password), true;
+                        end,
+                };
+                return new_sasl(module.host, testpass_authentication_profile);
+        end
+
+        function provider.is_admin(jid)
+                local admins = config.get(host, "admins");
+                if admins ~= config.get("*", "admins") then
+                        if type(admins) == "table" then
+                                jid = jid_bare(jid);
+                                for _,admin in ipairs(admins) do
+                                        if admin == jid then return true; end
+                                end
+                        elseif admins then
+                                log("error", "Option 'admins' for host '%s' is not a table", host);
+                        end
+                end
+                return usermanager.is_admin(jid);
+        end
+
+        return provider;
+end
+
+module:add_item("auth-provider", new_external_provider(host));

install/apps/metronome_libs/mod_discoitems.lua

@@ -0,0 +1,24 @@
+-- * Metronome IM *
+--
+-- This file is part of the Metronome XMPP server and is released under the
+-- ISC License, please see the LICENSE file in this source package for more
+-- information about copyright and licensing.
+--
+-- As per the sublicensing clause, this file is also MIT/X11 Licensed.
+-- ** Copyright (c) 2009, Waqas Hussain
+
+local st = require "util.stanza";
+
+local result_query = st.stanza("query", {xmlns = "http://jabber.org/protocol/disco#items"});
+for _, item in ipairs(module:get_option("disco_items") or {}) do
+    result_query:tag("item", {jid = item[1], name = item[2]}):up();
+end
+
+module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function(event)
+    local stanza = event.stanza;
+    local query = stanza.tags[1];
+    if stanza.attr.type == "get" and not query.attr.node then
+        event.origin.send(st.reply(stanza):add_child(result_query));
+        return true;
+    end
+end, 100);