Commit 95fa2f04 authored by Michael Fürmann's avatar Michael Fürmann

Host setup compliant for Conversations

parent 23216f74
#!/bin/bash
IFS=":"
AUTH_OK=1
AUTH_FAILED=0
LOGFILE="/var/log/prosody/auth.log"
USELOG=true
while read ACTION USER HOST PASS ; do
[ $USELOG == true ] && { echo "Date: $(date) Action: $ACTION User: $USER Host: $HOST" >> $LOGFILE; }
case $ACTION in
"auth")
if [ `/usr/bin/php /usr/local/lib/prosody/auth/db_auth.php $USER $HOST $PASS 2>/dev/null` == 1 ] ; then
echo $AUTH_OK
[ $USELOG == true ] && { echo "AUTH OK" >> $LOGFILE; }
else
echo $AUTH_FAILED
[ $USELOG == true ] && { echo "AUTH FAILED" >> $LOGFILE; }
fi
;;
"isuser")
if [ `/usr/bin/php /usr/local/lib/prosody/auth/db_isuser.php $USER $HOST 2>/dev/null` == 1 ] ; then
echo $AUTH_OK
[ $USELOG == true ] && { echo "ISUSER OK" >> $LOGFILE; }
else
echo $AUTH_FAILED
[ $USELOG == true ] && { echo "ISUSER FAILED" >> $LOGFILE; }
fi
;;
*)
echo $AUTH_FAILED
[ $USELOG == true ] && { echo "UNKNOWN ACTION GIVEN: $ACTION" >> $LOGFILE; }
;;
esac
done
<?php
ini_set('display_errors', false);
require_once('db_conf.inc.php');
try{
// Connect database
$db = new mysqli($db_host, $db_user, $db_pass, $db_name);
result_false(mysqli_connect_errno());
// Get arguments
$arg_email = '';
$arg_password = '';
result_false(count($argv) != 4);
$arg_email = $argv[1].'@'.$argv[2];
$arg_password = $argv[3];
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$query = $db->prepare("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
$query->bind_param('si', $arg_email, $isp_server_id);
$query->execute();
$query->bind_result($jid, $password);
$query->fetch();
$query->close();
result_false(is_null($jid));
checkAuth($arg_password, $password);
}catch(Exception $ex){
echo 0;
exit();
}
function result_false($cond = true){
if(!$cond) return;
echo 0;
exit();
}
function result_true(){
echo 1;
exit();
}
function checkAuth($pw_arg, $pw_db){
if(crypt($pw_arg, $pw_db) == $pw_db)
result_true();
result_false();
}
?>
\ No newline at end of file
<?php
$db_user = '{mysql_server_ispconfig_user}';
$db_pass = '{mysql_server_ispconfig_password}';
$db_name = '{mysql_server_database}';
$db_host = '{mysql_server_ip}';
$isp_server_id = '{server_id}';
\ No newline at end of file
<?php
ini_set('display_errors', false);
require_once('db_conf.inc.php');
try{
// Connect database
$db = new mysqli($db_host, $db_user, $db_pass, $db_name);
result_false(mysqli_connect_errno());
// Get arguments
$arg_email = '';
result_false(count($argv) != 3);
$arg_email = $argv[1].'@'.$argv[2];
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$query = $db->prepare("SELECT count(*) AS usercount FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?");
$query->bind_param('si', $arg_email, $isp_server_id);
$query->execute();
$query->bind_result($usercount);
$query->fetch();
$query->close();
result_false($usercount != 1);
result_true();
}catch(Exception $ex){
echo 0;
exit();
}
function result_false($cond = true){
if(!$cond) return;
echo 0;
exit();
}
function result_true(){
echo 1;
exit();
}
?>
......@@ -237,7 +237,7 @@ $conf['prosody']['init_script'] = 'prosody';
$conf['prosody']['storage_database'] = 'prosody';
$conf['prosody']['storage_user'] = 'prosody';
$conf['prosody']['storage_password'] = md5(uniqid(rand()));
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence';
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, compression, vard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, websocket, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access';
?>
......@@ -237,6 +237,6 @@ $conf['prosody']['init_script'] = 'prosody';
$conf['prosody']['storage_database'] = 'prosody';
$conf['prosody']['storage_user'] = 'prosody';
$conf['prosody']['storage_password'] = md5(uniqid(rand()));
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence';
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, compression, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, websocket, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access';
?>
......@@ -237,7 +237,7 @@ $conf['prosody']['init_script'] = 'prosody';
$conf['prosody']['storage_database'] = 'prosody';
$conf['prosody']['storage_user'] = 'prosody';
$conf['prosody']['storage_password'] = md5(uniqid(rand()));
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence';
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, compression, vard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, websocket, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access';
?>
......@@ -237,7 +237,7 @@ $conf['prosody']['init_script'] = 'prosody';
$conf['prosody']['storage_database'] = 'prosody';
$conf['prosody']['storage_user'] = 'prosody';
$conf['prosody']['storage_password'] = md5(uniqid(rand()));
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence';
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, compression, vard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, websocket, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access';
?>
......@@ -233,7 +233,7 @@ $conf['prosody']['init_script'] = 'prosody';
$conf['prosody']['storage_database'] = 'prosody';
$conf['prosody']['storage_user'] = 'prosody';
$conf['prosody']['storage_password'] = md5(uniqid(rand()));
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, vcard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, webpresence';
$conf['prosody']['initial_modules'] = 'roster, saslauth, tls, dialback, disco, carbons, pep, private, blocklist, compression, vard, version, uptime, time, ping, admin_adhoc, mam, bosh, websocket, http_files, announce, proxy65, offline, posix, websocket, webpresence, smacks, csi_battery_saver, pep_vcard_avatar, omemo_all_access';
?>
......@@ -1862,9 +1862,8 @@ class installer_base {
// Copy isp libs
if(!@is_dir('/usr/local/lib/prosody/auth')) mkdir('/usr/local/lib/prosody/auth', 0755, true);
caselog('cp -rf apps/xmpp_libs/mod_auth_external/db_* /usr/local/lib/prosody/auth/', __FILE__, __LINE__);
caselog('cp -rf apps/xmpp_libs/mod_auth_external/authenticate_isp.sh /usr/local/lib/prosody/auth/', __FILE__, __LINE__);
caselog('chmod 755 /usr/local/lib/prosody/auth/authenticate_isp.sh', __FILE__, __LINE__);
caselog('cp -rf apps/xmpp_libs/auth_prosody/* /usr/local/lib/prosody/auth/', __FILE__, __LINE__);
caselog('chmod 755 /usr/local/lib/prosody/auth/authenticate_isp.sh', __FILE__, __LINE__);
// Process db config
$full_file_name = '/usr/local/lib/prosody/auth/db_conf.inc.php';
......
......@@ -34,6 +34,7 @@ modules_enabled = {
"pep",
"private",
"blocklist",
"compression",
"vcard",
"version",
"uptime",
......@@ -48,16 +49,14 @@ modules_enabled = {
"proxy65",
"offline",
"posix",
"websocket",
-- community modules
"webpresence",
"smacks",
"csi_battery_saver",
"pep_vcard_avatar",
"omemo_all_access",
-- ??
-- "discoitems",
-- "admin_telnet",
--
-- "stream_management",
-- "message_carbons"
};
modules_disabled = {
};
......@@ -82,6 +81,7 @@ certificates = "certs";
bosh_max_inactivity = 60;
consider_bosh_secure = true;
cross_domain_bosh = true;
consider_websocket_secure = true;
ssl = {
key = "/etc/prosody/certs/localhost.key",
......
......@@ -253,8 +253,8 @@ if($muc_available)
'muc_restrict_room_creation' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
'default' => '1',
'value' => array(0 => 'Everyone', 1 => 'Members', 2 => 'Admins')
'default' => 'm',
'value' => array('n' => 'Everyone', 'm' => 'Members', 'y' => 'Admins')
),
'muc_admins' => array(
'datatype' => 'VARCHAR',
......
......@@ -294,19 +294,6 @@ class page_action extends tform_actions {
// vjud opt mode
if(isset($this->dataRecord["vjud_opt_mode"]))
$this->dataRecord["vjud_opt_mode"] = $this->dataRecord["vjud_opt_mode"] == 0 ? 'in' : 'out';
if(isset($this->dataRecord["muc_restrict_room_creation"])){
switch($this->dataRecord["muc_restrict_room_creation"]){
case 0:
$this->dataRecord["muc_restrict_room_creation"] = 'false';
break;
case 1:
$this->dataRecord["muc_restrict_room_creation"] = 'member';
break;
case 2:
$this->dataRecord["muc_restrict_room_creation"] = 'true';
break;
}
}
// Reset public registration to 'n', is not yet supported
$this->dataRecord["public_registration"] = 'n';
......@@ -429,6 +416,7 @@ class page_action extends tform_actions {
$required_hosts[] = 'vjud';
if($rec['use_muc_host']=='y')
$required_hosts[] = 'muc';
$required_hosts[] = 'upload';
// purge old rr-record
$sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV') AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";
......
Include "/etc/metronome/global.cfg.lua"
Include "/etc/metronome/hosts/*.lua"
Include "/etc/metronome/status.cfg.lua"
plugin_paths = {
"/usr/local/lib/prosody/modules",
};
use_libevent = true;
log = {
-- debug = "/var/log/prosody/prosody.dbg",
info = "/var/log/prosody/prosody.log",
error = "/var/log/prosody/prosody.err",
"syslog",
};
use_ipv6 = {tmpl_var name='ipv6'};
http_ports = {
{tmpl_var name='port_http'},
};
https_ports = {
{tmpl_var name='port_https'},
};
pastebin_ports = {
{tmpl_var name='port_pastebin'},
};
bosh_ports = {
{tmpl_var name='port_bosh'},
};
admins = {
{tmpl_var name='server_admins'}
};
modules_enabled = {
{tmpl_var name='modules_enabled'}
};
modules_disabled = {
};
allow_registration = false;
c2s_require_encryption = false;
s2s_require_encryption = true;
s2s_secure_auth = false;
s2s_insecure_domains = {
"gmail.com",
};
pidfile = "/var/run/prosody/prosody.pid";
authentication = "external";
archive_expires_after = "2w";
statistics = "internal";
certificates = "certs";
bosh_max_inactivity = {tmpl_var name='bosh_timeout'};
consider_bosh_secure = true;
cross_domain_bosh = true;
consider_websocket_secure = true;
ssl = {
key = "/etc/prosody/certs/localhost.key",
certificate = "/etc/prosody/certs/localhost.crt",
};
VirtualHost "{tmpl_var main_host}"
certificate = "/etc/prosody/certs/localhost.crt"
VirtualHost "{tmpl_var name='domain'}"
enabled = {tmpl_var name='active'};
authentication = "external";
external_auth_command = "/usr/local/lib/prosody/auth/authenticate_isp.sh";
allow_registration = {tmpl_var name='public_registration'};
<tmpl_if name='registration_url' op='!=' value=''>
registration_url = "{tmpl_var name='registration_url'}";
registration_text = "{tmpl_var name='registration_message'}";
</tmpl_if>
no_registration_whitelist = true;
modules_enabled = {
"roster",
"private",
"vcard",
"blocklist",
"pep",
<tmpl_if name='public_registration' op='==' value='true'>
"register",
<tmpl_elseif name='registration_url' op='!=' value=''>
"register_redirect",
</tmpl_if>
"admin_adhoc",
};
disco_items = {
<tmpl_if name='use_muc' op='==' value='true'>
{
"muc.{tmpl_var name='domain'}",
"{tmpl_var name='muc_name'}",
},
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
{
"pubsub.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Publish/Subscribe",
},
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
{
"proxy.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} Bytestream Proxy",
},
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
{
"vjud.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} User Directory",
},
</tmpl_if>
{
"upload.{tmpl_var name='domain'}",
"{tmpl_var name='domain'} HTTP File Upload",
}
};
admins = {
{tmpl_var name='domain_admins'}
};
<tmpl_if name='ssl_cert' op='==' value='true'>
ssl = {
key = "/etc/prosody/certs/{tmpl_var name='domain'}.key",
certificate = "/etc/prosody/certs/{tmpl_var name='domain'}.crt",
};
</tmpl_if>
<tmpl_if name='use_anon_host' op='==' value='true'>
VirtualHost "anon.{tmpl_var name='domain'}"
enabled = true;
authentication = "anonymous";
allow_anonymous_multiresourcing = true;
anonymous_jid_gentoken = "{tmpl_var name='domain'} Anonymous User";
admins = {
};
</tmpl_if>
<tmpl_if name='use_muc' op='==' value='true'>
Component "muc.{tmpl_var name='domain'}" "muc"
modules_enabled = {
"muc_limits",
"muc_log",
<tmpl_if name='use_archive' op='==' value='true'>
"muc_log_http",
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
"pastebin",
</tmpl_if>
};
muc_event_rate = 0.5;
muc_burst_factor = 8;
muc_log_presences = false;
<tmpl_if name='use_archive' op='==' value='true'>
muc_log_http = {
show_join = {tmpl_var name='archive_join'},
show_presence = {tmpl_var name='archive_join'},
show_status = {tmpl_var name='archive_status'},
theme = "prosody",
url_base = "logs",
};
</tmpl_if>
<tmpl_if name='use_pastebin' op='==' value='true'>
pastebin_threshold = 500;
pastebin_line_threshold = 4;
pastebin_expire_after = {tmpl_var name='pastebin_expire'};
pastebin_trigger = "{tmpl_var name='pastebin_trigger'}";
</tmpl_if>
name = "{tmpl_var name='muc_name'}";
restrict_room_creation = "{tmpl_var name='muc_restrict_room_creation'}";
max_history_messages = 20;
admins = {
{tmpl_var name='muc_admins'}
};
</tmpl_if>
<tmpl_if name='use_pubsub' op='==' value='true'>
Component "pubsub.{tmpl_var name='domain'}" "pubsub"
name = "{tmpl_var name='domain'} Publish/Subscribe";
</tmpl_if>
<tmpl_if name='use_proxy' op='==' value='true'>
Component "proxy.{tmpl_var name='domain'}" "proxy65"
proxy65_acl = {
"{tmpl_var name='domain'}",
};
</tmpl_if>
<tmpl_if name='use_vjud' op='==' value='true'>
Component "vjud.{tmpl_var name='domain'}" "vjud"
ud_disco_name = "{tmpl_var name='domain'} User Directory";
vjud_mode = "{tmpl_var name='vjud_opt_mode'}";
</tmpl_if>
Component "upload.{tmpl_var name='domain'}" "http_upload"
ud_disco_name = "{tmpl_var name='domain'} HTTP File Upload";
http_upload_file_size_limit = 1024 * 1024 * 10 -- 10MB, maximum
http_upload_quota = 1024 * 1024 * 10 -- 10MB quota per user
http_upload_expire_after = 60 * 60 * 24 * 2 -- 2 days in seconds
Component "xmpp.{tmpl_var name='domain'}" "http"
modules_enabled = {
"server_status",
"webpresence"
};
server_status_basepath = "/xmppd/";
server_status_json = true;
server_status_show_hosts = {
{tmpl_var name='status_hosts'}
};
server_status_show_comps = {
{tmpl_var name='status_comps'}
};
\ No newline at end of file
......@@ -79,8 +79,8 @@ class xmpp_module {
*/
$app->modules->registerTableHook('xmpp_domain', 'xmpp_module', 'process');
$app->services->registerService('metronome', 'xmpp_module', 'reloadXMPP');
$app->services->registerService('metronome', 'xmpp_module', 'restartXMPP');
$app->services->registerService('xmpp', 'xmpp_module', 'reloadXMPP');
$app->services->registerService('xmpp', 'xmpp_module', 'restartXMPP');
}
......@@ -113,7 +113,8 @@ class xmpp_module {
// load the server configuration options
$app->uses('getconf,system');
$daemon = 'metronome';
$xmpp_config = $app->getconf->get_server_config($conf['server_id'], 'xmpp');
$daemon = $xmpp_config['xmpp_daemon'];
$retval = array('output' => '', 'retval' => 0);
if($action == 'restart') {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment