prosody/core/portmanager.lua

local config = require "core.configmanager";
local certmanager = require "core.certmanager";
local server = require "net.server";
local socket = require "socket";

local log = require "util.logger".init("portmanager");
local multitable = require "util.multitable";
local set = require "util.set";

local table = table;
local setmetatable, rawset, rawget = setmetatable, rawset, rawget;
local type, tonumber, tostring, ipairs, pairs = type, tonumber, tostring, ipairs, pairs;

local prosody = prosody;
local fire_event = prosody.events.fire_event;

module "portmanager";

--- Config

local default_interfaces = { };
local default_local_interfaces = { };
if config.get("*", "use_ipv4") ~= false then
	table.insert(default_interfaces, "*");
	table.insert(default_local_interfaces, "127.0.0.1");
end
if socket.tcp6 and config.get("*", "use_ipv6") ~= false then
	table.insert(default_interfaces, "::");
	table.insert(default_local_interfaces, "::1");
end

local default_mode = config.get("*", "network_default_read_size") or 4096;

--- Private state

-- service_name -> { service_info, ... }
local services = setmetatable({}, { __index = function (t, k) rawset(t, k, {}); return rawget(t, k); end });

-- service_name, interface (string), port (number)
local active_services = multitable.new();

--- Private helpers

local function error_to_friendly_message(service_name, port, err)
	local friendly_message = err;
	if err:match(" in use") then
		-- FIXME: Use service_name here
		if port == 5222 or port == 5223 or port == 5269 then
			friendly_message = "check that Prosody or another XMPP server is "
				.."not already running and using this port";
		elseif port == 80 or port == 81 then
			friendly_message = "check that a HTTP server is not already using "
				.."this port";
		elseif port == 5280 then
			friendly_message = "check that Prosody or a BOSH connection manager "
				.."is not already running";
		else
			friendly_message = "this port is in use by another application";
		end
	elseif err:match("permission") then
		friendly_message = "Prosody does not have sufficient privileges to use this port";
	end
	return friendly_message;
end

prosody.events.add_handler("item-added/net-provider", function (event)
	local item = event.item;
	register_service(item.name, item);
end);
prosody.events.add_handler("item-removed/net-provider", function (event)
	local item = event.item;
	unregister_service(item.name, item);
end);

local function duplicate_ssl_config(ssl_config)
	local ssl_config = type(ssl_config) == "table" and ssl_config or {};

	local _config = {};
	for k, v in pairs(ssl_config) do
		_config[k] = v;
	end
	return _config;
end

--- Public API

function activate(service_name)
	local service_info = services[service_name][1];
	if not service_info then
		return nil, "Unknown service: "..service_name;
	end
	
	local listener = service_info.listener;

	local config_prefix = (service_info.config_prefix or service_name).."_";
	if config_prefix == "_" then
		config_prefix = "";
	end

	local bind_interfaces = config.get("*", config_prefix.."interfaces")
		or config.get("*", config_prefix.."interface") -- COMPAT w/pre-0.9
		or (service_info.private and (config.get("*", "local_interfaces") or default_local_interfaces))
		or config.get("*", "interfaces")
		or config.get("*", "interface") -- COMPAT w/pre-0.9
		or listener.default_interface -- COMPAT w/pre0.9
		or default_interfaces
	bind_interfaces = set.new(type(bind_interfaces)~="table" and {bind_interfaces} or bind_interfaces);
	
	local bind_ports = config.get("*", config_prefix.."ports")
		or service_info.default_ports
		or {service_info.default_port
		    or listener.default_port -- COMPAT w/pre-0.9
		   }
	bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports );

	local mode, ssl = listener.default_mode or default_mode;
	local hooked_ports = {};
	
	for interface in bind_interfaces do
		for port in bind_ports do
			local port_number = tonumber(port);
			if not port_number then
				log("error", "Invalid port number specified for service '%s': %s", service_info.name, tostring(port));
			elseif #active_services:search(nil, interface, port_number) > 0 then
				log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");
			else
				local err;
				-- Create SSL context for this service/port
				if service_info.encryption == "ssl" then
					local ssl_config = duplicate_ssl_config((config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[interface])
								or (config.get("*", config_prefix.."ssl") and config.get("*", config_prefix.."ssl")[port])
								or config.get("*", config_prefix.."ssl")
								or (config.get("*", "ssl") and config.get("*", "ssl")[interface])
								or (config.get("*", "ssl") and config.get("*", "ssl")[port])
								or config.get("*", "ssl"));
					-- add default entries for, or override ssl configuration
					if ssl_config and service_info.ssl_config then
						for key, value in pairs(service_info.ssl_config) do
							if not service_info.ssl_config_override and not ssl_config[key] then
								ssl_config[key] = value;
							elseif service_info.ssl_config_override then
								ssl_config[key] = value;
							end
						end
					end

					ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config);
					if not ssl then
						log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port_number, err) or "unknown error");
					end
				end
				if not err then
					-- Start listening on interface+port
					local handler, err = server.addserver(interface, port_number, listener, mode, ssl);
					if not handler then
						log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err));
					else
						table.insert(hooked_ports, "["..interface.."]:"..port_number);
						log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port_number);
						active_services:add(service_name, interface, port_number, {
							server = handler;
							service = service_info;
						});
					end
				end
			end
		end
	end
	log("info", "Activated service '%s' on %s", service_name, #hooked_ports == 0 and "no ports" or table.concat(hooked_ports, ", "));
	return true;
end

function deactivate(service_name, service_info)
	for name, interface, port, n, active_service
		in active_services:iter(service_name or service_info and service_info.name, nil, nil, nil) do
		if service_info == nil or active_service.service == service_info then
			close(interface, port);
		end
	end
	log("info", "Deactivated service '%s'", service_name or service_info.name);
end

function register_service(service_name, service_info)
	table.insert(services[service_name], service_info);

	if not active_services:get(service_name) then
		log("debug", "No active service for %s, activating...", service_name);
		local ok, err = activate(service_name);
		if not ok then
			log("error", "Failed to activate service '%s': %s", service_name, err or "unknown error");
		end
	end
	
	fire_event("service-added", { name = service_name, service = service_info });
	return true;
end

function unregister_service(service_name, service_info)
	log("debug", "Unregistering service: %s", service_name);
	local service_info_list = services[service_name];
	for i, service in ipairs(service_info_list) do
		if service == service_info then
			table.remove(service_info_list, i);
		end
	end
	deactivate(nil, service_info);
	if #service_info_list > 0 then -- Other services registered with this name
		activate(service_name); -- Re-activate with the next available one
	end
	fire_event("service-removed", { name = service_name, service = service_info });
end

function close(interface, port)
	local service, server = get_service_at(interface, port);
	if not service then
		return false, "port-not-open";
	end
	server:close();
	active_services:remove(service.name, interface, port);
	log("debug", "Removed listening service %s from [%s]:%d", service.name, interface, port);
	return true;
end

function get_service_at(interface, port)
	local data = active_services:search(nil, interface, port)[1][1];
	return data.service, data.server;
end

function get_service(service_name)
	return (services[service_name] or {})[1];
end

function get_active_services(...)
	return active_services;
end

function get_registered_services()
	return services;
end

return _M;
portmanager: Explicitly import some libraries 14 years ago			`local config = require "core.configmanager";`
portmanager: Support for per-port SSL certificates 14 years ago			`local certmanager = require "core.certmanager";`
portmanager: Explicitly import some libraries 14 years ago			`local server = require "net.server";`
portmanager: use_ipv6 defaults to true if luasocket has ipv6 support 13 years ago			`local socket = require "socket";`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Explicitly import some libraries 14 years ago			`local log = require "util.logger".init("portmanager");`
portmanager: One manager to, in the darkness, bind them 14 years ago			`local multitable = require "util.multitable";`
portmanager: Explicitly import some libraries 14 years ago			`local set = require "util.set";`

portmanager: Remove unused import of 'package' 14 years ago			`local table = table;`
portmanager: Fix breakage (import ALL the functions) 14 years ago			`local setmetatable, rawset, rawget = setmetatable, rawset, rawget;`
portmanager: import pairs() (thanks Maranda) 13 years ago			`local type, tonumber, tostring, ipairs, pairs = type, tonumber, tostring, ipairs, pairs;`
portmanager: Fix breakage (import ALL the functions) 14 years ago
portmanager: Explicitly import some libraries 14 years ago			`local prosody = prosody;`
portmanager: One manager to, in the darkness, bind them 14 years ago			`local fire_event = prosody.events.fire_event;`

portmanager: Add module() definition 14 years ago			`module "portmanager";`

portmanager: One manager to, in the darkness, bind them 14 years ago			`--- Config`

portmanager: Add use_ipv4 option, default to true. 13 years ago			`local default_interfaces = { };`
			`local default_local_interfaces = { };`
			`if config.get("*", "use_ipv4") ~= false then`
			`table.insert(default_interfaces, "*");`
			`table.insert(default_local_interfaces, "127.0.0.1");`
			`end`
portmanager: use_ipv6 defaults to true if luasocket has ipv6 support 13 years ago			`if socket.tcp6 and config.get("*", "use_ipv6") ~= false then`
portmanager: One manager to, in the darkness, bind them 14 years ago			`table.insert(default_interfaces, "::");`
			`table.insert(default_local_interfaces, "::1");`
			`end`

portmanager: Make maximum read size configurable, and default to 4KB 12 years ago			`local default_mode = config.get("*", "network_default_read_size") or 4096;`

portmanager: One manager to, in the darkness, bind them 14 years ago			`--- Private state`

portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`-- service_name -> { service_info, ... }`
			`local services = setmetatable({}, { __index = function (t, k) rawset(t, k, {}); return rawget(t, k); end });`
portmanager: One manager to, in the darkness, bind them 14 years ago
			`-- service_name, interface (string), port (number)`
			`local active_services = multitable.new();`

			`--- Private helpers`

portmanager: Pass port to friendly_error_message() 14 years ago			`local function error_to_friendly_message(service_name, port, err)`
portmanager: One manager to, in the darkness, bind them 14 years ago			`local friendly_message = err;`
			`if err:match(" in use") then`
			`-- FIXME: Use service_name here`
			`if port == 5222 or port == 5223 or port == 5269 then`
			`friendly_message = "check that Prosody or another XMPP server is "`
			`.."not already running and using this port";`
			`elseif port == 80 or port == 81 then`
			`friendly_message = "check that a HTTP server is not already using "`
			`.."this port";`
			`elseif port == 5280 then`
			`friendly_message = "check that Prosody or a BOSH connection manager "`
			`.."is not already running";`
			`else`
			`friendly_message = "this port is in use by another application";`
			`end`
			`elseif err:match("permission") then`
			`friendly_message = "Prosody does not have sufficient privileges to use this port";`
			`end`
			`return friendly_message;`
			`end`

portmanager: Support item-added/net-provider (global and shared modules only!) 14 years ago			`prosody.events.add_handler("item-added/net-provider", function (event)`
			`local item = event.item;`
			`register_service(item.name, item);`
			`end);`
			`prosody.events.add_handler("item-removed/net-provider", function (event)`
			`local item = event.item;`
			`unregister_service(item.name, item);`
			`end);`

portmanager: add logic to allow specification of service default values for ssl config and / or overrides. 13 years ago			`local function duplicate_ssl_config(ssl_config)`
			`local ssl_config = type(ssl_config) == "table" and ssl_config or {};`

			`local _config = {};`
			`for k, v in pairs(ssl_config) do`
			`_config[k] = v;`
			`end`
			`return _config;`
			`end`

portmanager: One manager to, in the darkness, bind them 14 years ago			`--- Public API`

portmanager: Rename activate_service() to activate() (to match deactivate()) 14 years ago			`function activate(service_name)`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`local service_info = services[service_name][1];`
portmanager: One manager to, in the darkness, bind them 14 years ago			`if not service_info then`
			`return nil, "Unknown service: "..service_name;`
			`end`
portmanager: Allow services to specify their config option prefix 14 years ago
portmanager: Fix pre-0.9 compatibility by taking default_interface and default_port from the listener instead of service table 14 years ago			`local listener = service_info.listener;`

portmanager: Allow services to specify their config option prefix 14 years ago			`local config_prefix = (service_info.config_prefix or service_name).."_";`
			`if config_prefix == "_" then`
			`config_prefix = "";`
			`end`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Fix selecting bind_interfaces from pre-0.9 config options. 14 years ago			`local bind_interfaces = config.get("*", config_prefix.."interfaces")`
portmanager: Allow services to specify their config option prefix 14 years ago			`or config.get("*", config_prefix.."interface") -- COMPAT w/pre-0.9`
portmanager: Support 'local_interfaces' config option (default for private listeners like components, telnet, etc.) (thanks mva) 14 years ago			`or (service_info.private and (config.get("*", "local_interfaces") or default_local_interfaces))`
portmanager: One manager to, in the darkness, bind them 14 years ago			`or config.get("*", "interfaces")`
			`or config.get("*", "interface") -- COMPAT w/pre-0.9`
portmanager: Fix pre-0.9 compatibility by taking default_interface and default_port from the listener instead of service table 14 years ago			`or listener.default_interface -- COMPAT w/pre0.9`
portmanager: Fix selecting bind_interfaces from pre-0.9 config options. 14 years ago			`or default_interfaces`
			`bind_interfaces = set.new(type(bind_interfaces)~="table" and {bind_interfaces} or bind_interfaces);`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Make sure foo_ports is a table 13 years ago			`local bind_ports = config.get("*", config_prefix.."ports")`
portmanager: Fix pre-0.9 compatibility by taking default_interface and default_port from the listener instead of service table 14 years ago			`or service_info.default_ports`
portmanager: Support 'default_port' in service options 14 years ago			`or {service_info.default_port`
			`or listener.default_port -- COMPAT w/pre-0.9`
portmanager: Make sure foo_ports is a table 13 years ago			`}`
			`bind_ports = set.new(type(bind_ports) ~= "table" and { bind_ports } or bind_ports );`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Make maximum read size configurable, and default to 4KB 12 years ago			`local mode, ssl = listener.default_mode or default_mode;`
portmanager: Include port numbers the service is listening on in the info logs. 13 years ago			`local hooked_ports = {};`
portmanager: One manager to, in the darkness, bind them 14 years ago
			`for interface in bind_interfaces do`
			`for port in bind_ports do`
portmanager: Log error and fail to bind when port is invalid (not a number) 13 years ago			`local port_number = tonumber(port);`
			`if not port_number then`
			`log("error", "Invalid port number specified for service '%s': %s", service_info.name, tostring(port));`
			`elseif #active_services:search(nil, interface, port_number) > 0 then`
portmanager: Fix log message when multiple services are configured to use the same port 14 years ago			`log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");`
portmanager: One manager to, in the darkness, bind them 14 years ago			`else`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`local err;`
portmanager: Support for per-port SSL certificates 14 years ago			`-- Create SSL context for this service/port`
			`if service_info.encryption == "ssl" then`
portmanager: add logic to allow specification of service default values for ssl config and / or overrides. 13 years ago			`local ssl_config = duplicate_ssl_config((config.get("", config_prefix.."ssl") and config.get("", config_prefix.."ssl")[interface])`
			`or (config.get("", config_prefix.."ssl") and config.get("", config_prefix.."ssl")[port])`
			`or config.get("*", config_prefix.."ssl")`
			`or (config.get("", "ssl") and config.get("", "ssl")[interface])`
			`or (config.get("", "ssl") and config.get("", "ssl")[port])`
			`or config.get("*", "ssl"));`
			`-- add default entries for, or override ssl configuration`
			`if ssl_config and service_info.ssl_config then`
			`for key, value in pairs(service_info.ssl_config) do`
			`if not service_info.ssl_config_override and not ssl_config[key] then`
			`ssl_config[key] = value;`
			`elseif service_info.ssl_config_override then`
			`ssl_config[key] = value;`
			`end`
			`end`
			`end`

			`ssl, err = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config);`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`if not ssl then`
portmanager: Log error and fail to bind when port is invalid (not a number) 13 years ago			`log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port_number, err) or "unknown error");`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`end`
portmanager: Support for per-port SSL certificates 14 years ago			`end`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`if not err then`
			`-- Start listening on interface+port`
portmanager: Log error and fail to bind when port is invalid (not a number) 13 years ago			`local handler, err = server.addserver(interface, port_number, listener, mode, ssl);`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`if not handler then`
portmanager: Log error and fail to bind when port is invalid (not a number) 13 years ago			`log("error", "Failed to open server port %d on %s, %s", port_number, interface, error_to_friendly_message(service_name, port_number, err));`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`else`
portmanager: Also include the interface the service is listening on 13 years ago			`table.insert(hooked_ports, "["..interface.."]:"..port_number);`
portmanager: Log error and fail to bind when port is invalid (not a number) 13 years ago			`log("debug", "Added listening service %s to [%s]:%d", service_name, interface, port_number);`
			`active_services:add(service_name, interface, port_number, {`
portmanager: Show a friendly error message when initializing SSL fails (thanks MattJ for the entire patch that I fixed one line in) 14 years ago			`server = handler;`
			`service = service_info;`
			`});`
			`end`
portmanager: One manager to, in the darkness, bind them 14 years ago			`end`
			`end`
			`end`
			`end`
portmanager: Include port numbers the service is listening on in the info logs. 13 years ago			`log("info", "Activated service '%s' on %s", service_name, #hooked_ports == 0 and "no ports" or table.concat(hooked_ports, ", "));`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`return true;`
portmanager: One manager to, in the darkness, bind them 14 years ago			`end`

portmanager: Fix to deactivate services when they are unregistered (metatable:iter() wins) 14 years ago			`function deactivate(service_name, service_info)`
portmanager: Match service against service_info (:iter() doesn't match values) 14 years ago			`for name, interface, port, n, active_service`
			`in active_services:iter(service_name or service_info and service_info.name, nil, nil, nil) do`
			`if service_info == nil or active_service.service == service_info then`
			`close(interface, port);`
			`end`
portmanager: One manager to, in the darkness, bind them 14 years ago			`end`
portmanager: Fix to deactivate services when they are unregistered (metatable:iter() wins) 14 years ago			`log("info", "Deactivated service '%s'", service_name or service_info.name);`
portmanager: One manager to, in the darkness, bind them 14 years ago			`end`

			`function register_service(service_name, service_info)`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`table.insert(services[service_name], service_info);`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`if not active_services:get(service_name) then`
			`log("debug", "No active service for %s, activating...", service_name);`
portmanager: Rename activate_service() to activate() (to match deactivate()) 14 years ago			`local ok, err = activate(service_name);`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`if not ok then`
			`log("error", "Failed to activate service '%s': %s", service_name, err or "unknown error");`
			`end`
portmanager: One manager to, in the darkness, bind them 14 years ago			`end`

			`fire_event("service-added", { name = service_name, service = service_info });`
			`return true;`
			`end`

portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`function unregister_service(service_name, service_info)`
portmanager: Fix to deactivate services when they are unregistered (metatable:iter() wins) 14 years ago			`log("debug", "Unregistering service: %s", service_name);`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`local service_info_list = services[service_name];`
			`for i, service in ipairs(service_info_list) do`
			`if service == service_info then`
			`table.remove(service_info_list, i);`
			`end`
			`end`
portmanager: Fix to deactivate services when they are unregistered (metatable:iter() wins) 14 years ago			`deactivate(nil, service_info);`
			`if #service_info_list > 0 then -- Other services registered with this name`
			`activate(service_name); -- Re-activate with the next available one`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`end`
portmanager: Fire service-removed on unregister 14 years ago			`fire_event("service-removed", { name = service_name, service = service_info });`
portmanager: Add unregister_service(), and allow multiple services with the same name (they get queued) 14 years ago			`end`

portmanager: Add get_service_at(interface, port) and close(interface, port) 14 years ago			`function close(interface, port)`
			`local service, server = get_service_at(interface, port);`
			`if not service then`
			`return false, "port-not-open";`
			`end`
			`server:close();`
			`active_services:remove(service.name, interface, port);`
			`log("debug", "Removed listening service %s from [%s]:%d", service.name, interface, port);`
			`return true;`
			`end`

			`function get_service_at(interface, port)`
			`local data = active_services:search(nil, interface, port)[1][1];`
			`return data.service, data.server;`
			`end`

portmanager: Add get_service() 14 years ago			`function get_service(service_name)`
portmanager: Return first service with the specified name from get_service() (instead of the array of possible services) (thanks xnyhps) 13 years ago			`return (services[service_name] or {})[1];`
portmanager: Add get_service() 14 years ago			`end`
portmanager: One manager to, in the darkness, bind them 14 years ago
portmanager: Add get_active_services() 14 years ago			`function get_active_services(...)`
			`return active_services;`
			`end`

portmanager: Add get_registered_services() to the public API 14 years ago			`function get_registered_services()`
			`return services;`
			`end`

portmanager: One manager to, in the darkness, bind them 14 years ago			`return _M;`