Server initialization and domain management (without ssl for now)

Author: qroac

install/apps/metronome-init

@@ -0,0 +1,62 @@
+#! /bin/sh
+#
+# metronome        Start/stop metronome server
+#
+
+### BEGIN INIT INFO
+# Provides:          metronome
+# Required-Start:    $remote_fs $network $named $time
+# Required-Stop:     $remote_fs $network $named $time
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Starts metronome server
+# Description:       Starts metronome server, an XMPP server written in Lua.
+### END INIT INFO
+
+METRONOME=/usr/bin/metronomectl
+PIDDIR=/var/run/metronome
+NAME=metronome
+
+test -e $METRONOME || exit 0
+
+start()
+{
+        mkdir $PIDDIR -p
+        chown metronome:metronome $PIDDIR
+        chmod 750 $PIDDIR
+
+    $METRONOME start >> /dev/null
+}
+
+stop()
+{
+    $METRONOME stop >> /dev/null
+}
+
+case "$1" in
+    start)
+        echo -n "Starting Metronome..."
+        start &
+    ;;
+    stop)
+        echo -n "Stopping Metronome..."
+        stop &
+    ;;
+    restart)
+        echo -n "Restarting Metronome..."
+        stop &
+        start &
+    ;;
+    *)
+        echo "Usage: $0 {start|stop|restart}" >&2
+        exit 1
+    ;;
+esac
+
+if [ $? -eq 0 ]; then
+    echo .
+else
+    echo " failed!"
+fi
+
+exit 0

install/apps/metronome_libs/mod_auth_external/authenticate_isp.php

@@ -0,0 +1,65 @@
+<?php
+ini_set('display_errors', false);
+$username = 'prosody';
+$password = '23fm%4ks0';
+/*
+$soap_location = 'http://localhost:8080/ispconfig3/interface/web/remote/index.php';
+$soap_uri = 'http://localhost:8080/ispconfig3/interface/web/remote/';
+*/
+$soap_location = 'https://tepin.spicyweb.de:8080/remote/index.php';
+$soap_uri = 'https://tepin.spicyweb.de:8080/remote/';
+
+$auth_keys = array(
+    'iplay-esports.de' => 'f47kmm5Yh5hJzSws2KTS',
+    'weirdempire.de' => 'scNDcU37gQ7MCMeBgaJX'
+);
+
+$arg_email = '';
+$arg_password = '';
+
+if(count($argv) == 4){
+    $arg_email = $argv[1].'@'.$argv[2];
+    $arg_password = $argv[3];
+}
+$client = new SoapClient(null, array('location' => $soap_location, 'uri' => $soap_uri));
+try {
+    //* Login to the remote server
+    if($session_id = $client->login($username,$password)) {
+        //var_dump($client->mail_alias_get($session_id, array('source' => 'blablubb@divepage.net', 'type' => 'alias', 'active' => 'y')));
+        // Is Mail Alias?
+        $alias = $client->mail_alias_get($session_id, array('source' => $arg_email, 'type' => 'alias', 'active' => 'y'));
+        if(count($alias))
+            $arg_email = $alias[0]['destination'];
+        $mailbox = $client->mail_user_get($session_id, array('email' => $arg_email));
+        if(count($mailbox)){
+            $password = $mailbox[0]['password'];
+            echo checkAuth($argv[1], $argv[2], $arg_password, $password);//intval(crypt($arg_password, $password) == $password);
+        }
+        else
+            echo 0;
+        //* Logout
+        $client->logout($session_id);
+    }
+    else
+        echo 0;
+} catch (SoapFault $e) {
+    echo 0;
+}
+
+function checkAuth($user, $domain, $pw, $pw_mailbox){
+    global $auth_keys;
+    if(crypt($pw, $pw_mailbox) == $pw_mailbox)
+        return intval(1);
+
+    if(array_key_exists($domain, $auth_keys)){
+        $datetime = new DateTime();
+        $datetime->setTimezone(new DateTimeZone("UTC"));
+        for($t = $datetime->getTimestamp(); $t >= $datetime->getTimestamp()-30; $t--){
+            $pw_api = md5($domain.'@'.$auth_keys[$domain].'@'.$user.'@'.$t);
+            if($pw_api == $pw)
+                return intval(1);
+        }
+    }
+    return intval(0);
+}
+?>

install/apps/metronome_libs/mod_auth_external/authenticate_isp.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+IFS=":"
+AUTH_OK=1
+AUTH_FAILED=0
+LOGFILE="/var/log/metronome/auth.log"
+USELOG=true
+
+while read ACTION USER HOST PASS ; do
+
+    [ $USELOG == true ] && { echo "Date: $(date) Action: $ACTION User: $USER Host: $HOST" >> $LOGFILE; }
+
+    case $ACTION in
+        "auth")
+            if [ `/usr/bin/php /usr/lib/metronome/spicy-modules/mod_auth_external/authenticate_isp.php $USER $HOST $PASS` == 1 ] ; then
+                echo $AUTH_OK
+                [ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
+            else
+                echo $AUTH_FAILED
+                [ $USELOG == true ] && { echo "AUTH FAILED" >> $LOGFILE; }
+            fi
+        ;;
+        "isuser")
+             if [ `/usr/bin/php /usr/lib/metronome/spicy-modules/mod_auth_external/isuser_isp.php $USER $HOST` == 1 ] ; then
+                echo $AUTH_OK
+                [ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
+            else
+                echo $AUTH_FAILED
+                [ $USELOG == true ] && { echo "AUTH FAILED" >> $LOGFILE; }
+            fi
+        ;;
+        *)
+            echo $AUTH_FAILED
+            [ $USELOG == true ] && { echo "NO ACTION GIVEN" >> $LOGFILE; }
+        ;;
+    esac
+
+done

install/apps/metronome_libs/mod_auth_external/isuser_isp.php

@@ -0,0 +1,44 @@
+<?php
+ini_set('display_errors', false);
+$username = 'prosody';
+$password = '23fm%4ks0';
+/*
+$soap_location = 'http://localhost:8080/ispconfig3/interface/web/remote/index.php';
+$soap_uri = 'http://localhost:8080/ispconfig3/interface/web/remote/';
+*/
+$soap_location = 'https://tepin.spicyweb.de:8080/remote/index.php';
+$soap_uri = 'https://tepin.spicyweb.de:8080/remote/';
+
+
+$arg_email = '';
+
+if(count($argv) == 3){
+    $arg_email = $argv[1].'@'.$argv[2];
+}
+
+$client = new SoapClient(null, array('location' => $soap_location, 'uri' => $soap_uri));
+try {
+    //* Login to the remote server
+    if($session_id = $client->login($username,$password)) {
+        //var_dump($client->mail_alias_get($session_id, array('source' => 'blablubb@divepage.net', 'type' => 'alias', 'active' => 'y')));
+        // Is Mail Alias?
+        $alias = $client->mail_alias_get($session_id, array('source' => $arg_email, 'type' => 'alias', 'active' => 'y'));
+        if(count($alias))
+            $arg_email = $alias[0]['destination'];
+        $mailbox = $client->mail_user_get($session_id, array('email' => $arg_email));
+        if(count($mailbox)){
+            echo 1;
+            //$password = $mailbox[0]['password'];
+            //echo intval(crypt($arg_password, $password) == $password);
+        }
+        else
+            echo 0;
+        //* Logout
+        $client->logout($session_id);
+    }
+    else
+        echo 0;
+} catch (SoapFault $e) {
+    echo 0;
+}
+?>

install/apps/metronome_libs/mod_auth_external/mod_auth_external.lua

@@ -0,0 +1,118 @@
+local nodeprep = require "util.encodings".stringprep.nodeprep;
+local lpc = require "lpc";
+
+local config = require "core.configmanager";
+local log = module._log;
+local host = module.host;
+local script_type = config.get(host, "external_auth_protocol") or "generic";
+assert(script_type == "ejabberd" or script_type == "generic");
+local command = config.get(host, "external_auth_command") or "";
+assert(type(command) == "string");
+assert(not host:find(":"));
+local usermanager = require "core.usermanager";
+local jid_bare = require "util.jid".bare;
+local new_sasl = require "util.sasl".new;
+
+local pid;
+local readfile;
+local writefile;
+
+local function send_query(text)
+        if pid and lpc.wait(pid,1) ~= nil then
+            log("debug","error, process died, force reopen");
+            pid=nil;
+        end
+        if not pid then
+                log("debug", "Opening process " .. command);
+                pid, writefile, readfile = lpc.run(command);
+        end
+        if not pid then
+                log("debug", "Process failed to open");
+                return nil;
+        end
+
+        writefile:write(text);
+        writefile:flush();
+        if script_type == "ejabberd" then
+                return readfile:read(4);
+        elseif script_type == "generic" then
+                return readfile:read();
+        end
+end
+
+function do_query(kind, username, password)
+        if not username then return nil, "not-acceptable"; end
+        username = nodeprep(username);
+        if not username then return nil, "jid-malformed"; end
+
+        local query = (password and "%s:%s:%s:%s" or "%s:%s:%s"):format(kind, username, host, password);
+        local len = #query
+        if len > 1000 then return nil, "policy-violation"; end
+
+        if script_type == "ejabberd" then
+                local lo = len % 256;
+                local hi = (len - lo) / 256;
+                query = string.char(hi, lo)..query;
+        end
+        if script_type == "generic" then
+                query = query..'\n';
+        end
+
+        local response = send_query(query);
+        if (script_type == "ejabberd" and response == "\0\2\0\0") or
+                (script_type == "generic" and response == "0") then
+                        return nil, "not-authorized";
+        elseif (script_type == "ejabberd" and response == "\0\2\0\1") or
+                (script_type == "generic" and response == "1") then
+                        return true;
+        else
+                log("debug", "Nonsense back");
+                return nil, "internal-server-error";
+        end
+end
+
+function new_external_provider(host)
+        local provider = { name = "external" };
+
+        function provider.test_password(username, password)
+                return do_query("auth", username, password);
+        end
+
+        function provider.set_password(username, password)
+                return do_query("setpass", username, password);
+        end
+
+        function provider.user_exists(username)
+                return do_query("isuser", username);
+        end
+
+        function provider.create_user(username, password) return nil, "Account creation/modification not available."; end
+
+        function provider.get_sasl_handler()
+                local testpass_authentication_profile = {
+                        plain_test = function(sasl, username, password, realm)
+                                return usermanager.test_password(username, realm, password), true;
+                        end,
+                };
+                return new_sasl(module.host, testpass_authentication_profile);
+        end
+
+        function provider.is_admin(jid)
+                local admins = config.get(host, "admins");
+                if admins ~= config.get("*", "admins") then
+                        if type(admins) == "table" then
+                                jid = jid_bare(jid);
+                                for _,admin in ipairs(admins) do
+                                        if admin == jid then return true; end
+                                end
+                        elseif admins then
+                                log("error", "Option 'admins' for host '%s' is not a table", host);
+                        end
+                end
+                return usermanager.is_admin(jid);
+        end
+
+        return provider;
+end
+
+module:add_item("auth-provider", new_external_provider(host));

install/apps/metronome_libs/mod_discoitems.lua

@@ -0,0 +1,24 @@
+-- * Metronome IM *
+--
+-- This file is part of the Metronome XMPP server and is released under the
+-- ISC License, please see the LICENSE file in this source package for more
+-- information about copyright and licensing.
+--
+-- As per the sublicensing clause, this file is also MIT/X11 Licensed.
+-- ** Copyright (c) 2009, Waqas Hussain
+
+local st = require "util.stanza";
+
+local result_query = st.stanza("query", {xmlns = "http://jabber.org/protocol/disco#items"});
+for _, item in ipairs(module:get_option("disco_items") or {}) do
+    result_query:tag("item", {jid = item[1], name = item[2]}):up();
+end
+
+module:hook("iq/host/http://jabber.org/protocol/disco#items:query", function(event)
+    local stanza = event.stanza;
+    local query = stanza.tags[1];
+    if stanza.attr.type == "get" and not query.attr.node then
+        event.origin.send(st.reply(stanza):add_child(result_query));
+        return true;
+    end
+end, 100);