Allow generation of oauth tokens from command line

Oauth tokens can be generated for commands (scopes) having admin|user|open policy. Restricted commands are not available as those are only usable from ejabberdctl command line. Four new commands are available: $ejabberdctl oauth_issue_token "stats;get_roster" Generates a token authorized to call both stats and get_roster commands. Note scopes must be separated by semicolon. $ejabberdctl oauth_list_tokens List tokens generated from the command line, with their scope and expirity time. $ejabberdctl oauth_list_scopes List scopes available $ejabberdctl oauth_revoke_token "Lbs7qdJfdKXOWzVrArgyckY055tE1xnt" Revokes the given token
Include correct version in stream:stream when reporting errors
2016-06-29 00:22:28 -03:00 · 2016-06-27 16:40:57 +02:00 · 2016-06-24 15:12:58 +02:00 · 2016-06-24 15:09:51 +02:00 · 2016-06-24 11:12:18 +02:00 · 2016-06-23 17:31:32 +02:00
232 changed files with 18149 additions and 10142 deletions
@@ -0,0 +1,15 @@
+> What version of ejabberd are you using?
+
+
+
+> What operating system (version) are you using?
+
+
+
+> How did you install ejabberd (source, package, distribution)?
+
+
+
+> What did not work as expected? Are there error messages in the log? What
+> was the unexpected behavior? What was the expected result?
+
@@ -0,0 +1,20 @@
+We are open to contributions for ejabberd, as GitHub pull requests (PR).
+Here are a few points to consider before submitting your PR. (You can
+remove the whole text after reading.)
+
+1. Does this PR address an issue? Please reference it in the PR
+   description.
+
+2. Have you properly described the proposed change?
+
+3. Please make sure the change is atomic and does only touch the needed
+   modules. If you have other changes/fixes to provide, please submit
+   them as separate PRs.
+
+4. If your change or new feature involves storage backends, did you make
+   sure your change works with all backends?
+
+5. Do you provide tests? How can we check the behavior of the code?
+
+6. Did you consider documentation changes in the
+   processone/docs.ejabberd.im repository?
@@ -1,9 +1,8 @@
 language: erlang

 otp_release:
-  - 17.1
  - 17.5
-  - 18.0
+  - 18.3

 services:
  - riak
@@ -18,19 +17,26 @@ before_install:
  # See: https://github.com/travis-ci/travis-ci/issues/1986
  #
  - sudo sed -i -e s/table_cache/table_open_cache/ -e /log_slow_queries/d /etc/mysql/my.cnf
-  - sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5
+  - sudo apt-key adv --import .travis/mysql_repo_key.asc
  - sudo add-apt-repository 'deb http://repo.mysql.com/apt/ubuntu/ precise mysql-5.6'
  - sudo apt-get -qq update
  - sudo apt-get -qq -o Dpkg::Options::=--force-confold install mysql-server-5.6
+  # /END MYSQL 5.6
+  - pip install --user coveralls-merge

 install:
  - sudo apt-get -qq install libexpat1-dev libyaml-dev libpam0g-dev libsqlite3-dev

 before_script:
+  # Ulimit: See Travis-CI issue report: https://github.com/travis-ci/travis-ci/issues/3328
+  - echo 'ulimit -n 4096' > riak
+  - sudo mv riak /etc/default/riak
  - mkdir "$PWD/ebin"
  - echo "[{riak_kv, [{add_paths, [\"$PWD/ebin/\"]}]}]." > advanced.config
  - sudo mv advanced.config /etc/riak/advanced.config
  - sudo service riak restart
+  - sudo riak-admin wait-for-service riak_kv 'riak@127.0.0.1'
+  - sudo riak-admin test
  - mysql -u root -e "CREATE USER 'ejabberd_test'@'localhost' IDENTIFIED BY 'ejabberd_test';"
  - mysql -u root -e "CREATE DATABASE ejabberd_test;"
  - mysql -u root -e "GRANT ALL ON ejabberd_test.* TO 'ejabberd_test'@'localhost';"
@@ -40,18 +46,26 @@ before_script:

 script:
  - ./autogen.sh
-  - ./configure --prefix=/tmp/ejabberd --enable-all --disable-odbc --disable-elixir
+  - ./configure --prefix=/tmp/ejabberd --enable-all --disable-odbc
  - make
  - make install
  - make xref
-  - make test
+  - sed -i -e 's/ct:pal/ct:log/' test/suite.erl
+  - ln -sf ../sql priv/
+  - escript ./rebar skip_deps=true ct -v
  - grep -q 'TEST COMPLETE, \([[:digit:]]*\) ok, .* of \1 ' logs/raw.log

 after_script:
  - find logs -name suite.log -exec cat '{}' ';'

 after_failure:
+  - find logs -name exunit.log -exec cat '{}' ';'
+  # Try checking Riak database logs
+  - tail -n 100000 /var/log/riak/*.log
  - find logs -name ejabberd.log -exec cat '{}' ';'

+after_success:
+  - coveralls-merge erlang.json
+
 notifications:
  email: false
@@ -0,0 +1,96 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.9 (SunOS)
+
+mQGiBD4+owwRBAC14GIfUfCyEDSIePvEW3SAFUdJBtoQHH/nJKZyQT7h9bPlUWC3
+RODjQReyCITRrdwyrKUGku2FmeVGwn2u2WmDMNABLnpprWPkBdCk96+OmSLN9brZ
+fw2vOUgCmYv2hW0hyDHuvYlQA/BThQoADgj8AW6/0Lo7V1W9/8VuHP0gQwCgvzV3
+BqOxRznNCRCRxAuAuVztHRcEAJooQK1+iSiunZMYD1WufeXfshc57S/+yeJkegNW
+hxwR9pRWVArNYJdDRT+rf2RUe3vpquKNQU/hnEIUHJRQqYHo8gTxvxXNQc7fJYLV
+K2HtkrPbP72vwsEKMYhhr0eKCbtLGfls9krjJ6sBgACyP/Vb7hiPwxh6rDZ7ITnE
+kYpXBACmWpP8NJTkamEnPCia2ZoOHODANwpUkP43I7jsDmgtobZX9qnrAXw+uNDI
+QJEXM6FSbi0LLtZciNlYsafwAPEOMDKpMqAK6IyisNtPvaLd8lH0bPAnWqcyefep
+rv0sxxqUEMcM3o7wwgfN83POkDasDbs3pjwPhxvhz6//62zQJ7Q2TXlTUUwgUmVs
+ZWFzZSBFbmdpbmVlcmluZyA8bXlzcWwtYnVpbGRAb3NzLm9yYWNsZS5jb20+iGkE
+ExECACkCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAIZAQUCUwHUZgUJGmbLywAK
+CRCMcY07UHLh9V+DAKCjS1gGwgVI/eut+5L+l2v3ybl+ZgCcD7ZoA341HtoroV3U
+6xRD09fUgeq0O015U1FMIFBhY2thZ2Ugc2lnbmluZyBrZXkgKHd3dy5teXNxbC5j
+b20pIDxidWlsZEBteXNxbC5jb20+iG8EMBECAC8FAk53Pa0oHSBidWlsZEBteXNx
+bC5jb20gd2lsbCBzdG9wIHdvcmtpbmcgc29vbgAKCRCMcY07UHLh9bU9AJ9xDK0o
+xJFL9vTl9OSZC4lX0K9AzwCcCrS9cnJyz79eaRjL0s2r/CcljdyIZQQTEQIAHQUC
+R6yUtAUJDTBYqAULBwoDBAMVAwIDFgIBAheAABIJEIxxjTtQcuH1B2VHUEcAAQGu
+kgCffz4GUEjzXkOi71VcwgCxASTgbe0An34LPr1j9fCbrXWXO14msIADfb5piEwE
+ExECAAwFAj4+o9EFgwlmALsACgkQSVDhKrJykfIk4QCfWbEeKN+3TRspe+5xKj+k
+QJSammIAnjUz0xFWPlVx0f8o38qNG1bq0cU9iEwEExECAAwFAj5CggMFgwliIokA
+CgkQtvXNTca6JD+WkQCgiGmnoGjMojynp5ppvMXkyUkfnykAoK79E6h8rwkSDZou
+iz7nMRisH8uyiEYEEBECAAYFAj+s468ACgkQr8UjSHiDdA/2lgCg21IhIMMABTYd
+p/IBiUsP/JQLiEoAnRzMywEtujQz/E9ono7H1DkebDa4iEYEEBECAAYFAj+0Q3cA
+CgkQhZavqzBzTmbGwwCdFqD1frViC7WRt8GKoOS7hzNN32kAnirlbwpnT7a6NOsQ
+83nk11a2dePhiEYEEBECAAYFAkNbs+oACgkQi9gubzC5S1x/dACdELKoXQKkwJN0
+gZztsM7kjsIgyFMAnRRMbHQ7V39XC90OIpaPjk3a01tgiEYEExECAAYFAkTxMyYA
+CgkQ9knE9GCTUwwKcQCgibak/SwhxWH1ijRhgYCo5GtM4vcAnAhtzL57wcw1Kg1X
+m7nVGetUqJ7fiEwEEBECAAwFAkGBywEFgwYi2YsACgkQGFnQH2d7oexCjQCcD8sJ
+NDc/mS8m8OGDUOx9VMWcnGkAnj1YWOD+Qhxo3mI/Ul9oEAhNkjcfiEwEEBECAAwF
+AkGByzQFgwYi2VgACgkQgcL36+ITtpIiIwCdFVNVUB8xe8mFXoPm4d9Z54PTjpMA
+niSPA/ZsfJ3oOMLKar4F0QPPrdrGiEwEEBECAAwFAkGBy2IFgwYi2SoACgkQa3Ds
+2V3D9HMJqgCbBYzr5GPXOXgP88jKzmdbjweqXeEAnRss4G2G/3qD7uhTL1SPT1SH
+jWUXiEwEEBECAAwFAkHQkyQFgwXUEWgACgkQfSXKCsEpp8JiVQCghvWvkPqowsw8
+w7WSseTcw1tflvkAni+vLHl/DqIly0LkZYn5jzK1dpvfiEwEEBECAAwFAkIrW7oF
+gwV5SNIACgkQ5hukiRXruavzEwCgkzL5QkLSypcw9LGHcFSx1ya0VL4An35nXkum
+g6cCJ1NP8r2I4NcZWIrqiEwEEhECAAwFAkAqWToFgwd6S1IACgkQPKEfNJT6+GEm
+XACcD+A53A5OGM7w750W11ukq4iZ9ckAnRMvndAqn3YTOxxlLPj2UPZiSgSqiEwE
+EhECAAwFAkA9+roFgwdmqdIACgkQ8tdcY+OcZZyy3wCgtDcwlaq20w0cNuXFLLNe
+EUaFFTwAni6RHN80moSVAdDTRkzZacJU3M5QiEwEEhECAAwFAkEOCoQFgwaWmggA
+CgkQOcor9D1qil/83QCeITZ9wIo7XAMjC6y4ZWUL4m+edZsAoMOhRIRi42fmrNFu
+vNZbnMGej81viEwEEhECAAwFAkKApTQFgwUj/1gACgkQBA3AhXyDn6jjJACcD1A4
+UtXk84J13JQyoH9+dy24714Aniwlsso/9ndICJOkqs2j5dlHFq6oiEwEExECAAwF
+Aj5NTYQFgwlXVwgACgkQLbt2v63UyTMFDACglT5G5NVKf5Mj65bFSlPzb92zk2QA
+n1uc2h19/IwwrsbIyK/9POJ+JMP7iEwEExECAAwFAkHXgHYFgwXNJBYACgkQZu/b
+yM2C/T4/vACfXe67xiSHB80wkmFZ2krb+oz/gBAAnjR2ucpbaonkQQgnC3GnBqmC
+vNaJiEwEExECAAwFAkIYgQ4FgwWMI34ACgkQdsEDHKIxbqGg7gCfQi2HcrHn+yLF
+uNlH1oSOh48ZM0oAn3hKV0uIRJphonHaUYiUP1ttWgdBiGUEExECAB0FCwcKAwQD
+FQMCAxYCAQIXgAUCS3AvygUJEPPzpwASB2VHUEcAAQEJEIxxjTtQcuH1sNsAniYp
+YBGqy/HhMnw3WE8kXahOOR5KAJ4xUmWPGYP4l3hKxyNK9OAUbpDVYIh7BDARAgA7
+BQJCdzX1NB0AT29wcy4uLiBzaG91bGQgaGF2ZSBiZWVuIGxvY2FsISBJJ20gKnNv
+KiBzdHVwaWQuLi4ACgkQOcor9D1qil/vRwCdFo08f66oKLiuEAqzlf9iDlPozEEA
+n2EgvCYLCCHjfGosrkrU3WK5NFVgiI8EMBECAE8FAkVvAL9IHQBTaG91bGQgaGF2
+ZSBiZWVuIGEgbG9jYWwgc2lnbmF0dXJlLCBvciBzb21ldGhpbmcgLSBXVEYgd2Fz
+IEkgdGhpbmtpbmc/AAoJEDnKK/Q9aopfoPsAn3BVqKOalJeF0xPSvLR90PsRlnmG
+AJ44oisY7Tl3NJbPgZal8W32fbqgbIkCIgQQAQIADAUCQYHLhQWDBiLZBwAKCRCq
+4+bOZqFEaKgvEACCErnaHGyUYa0wETjj6DLEXsqeOiXad4i9aBQxnD35GUgcFofC
+/nCY4XcnCMMEnmdQ9ofUuU3OBJ6BNJIbEusAabgLooebP/3KEaiCIiyhHYU5jarp
+ZAh+Zopgs3Oc11mQ1tIaS69iJxrGTLodkAsAJAeEUwTPq9fHFFzC1eGBysoyFWg4
+bIjz/zClI+qyTbFA5g6tRoiXTo8ko7QhY2AA5UGEg+83Hdb6akC04Z2QRErxKAqr
+phHzj8XpjVOsQAdAi/qVKQeNKROlJ+iq6+YesmcWGfzeb87dGNweVFDJIGA0qY27
+pTb2lExYjsRFN4Cb13NfodAbMTOxcAWZ7jAPCxAPlHUG++mHMrhQXEToZnBFE4nb
+nC7vOBNgWdjUgXcpkUCkop4b17BFpR+k8ZtYLSS8p2LLz4uAeCcSm2/msJxT7rC/
+FvoH8428oHincqs2ICo9zO/Ud4HmmO0O+SsZdVKIIjinGyOVWb4OOzkAlnnhEZ3o
+6hAHcREIsBgPwEYVTj/9ZdC0AO44Nj9cU7awaqgtrnwwfr/o4V2gl8bLSkltZU27
+/29HeuOeFGjlFe0YrDd/aRNsxbyb2O28H4sG1CVZmC5uK1iQBDiSyA7Q0bbdofCW
+oQzm5twlpKWnY8Oe0ub9XP5p/sVfck4FceWFHwv+/PC9RzSl33lQ6vM2wIkCIgQT
+AQIADAUCQp8KHAWDBQWacAAKCRDYwgoJWiRXzyE+D/9uc7z6fIsalfOYoLN60ajA
+bQbI/uRKBFugyZ5RoaItusn9Z2rAtn61WrFhu4uCSJtFN1ny2RERg40f56pTghKr
+D+YEt+Nze6+FKQ5AbGIdFsR/2bUk+ZZRSt83e14Lcb6ii/fJfzkoIox9ltkifQxq
+Y7Tvk4noKu4oLSc8O1Wsfc/y0B9sYUUCmUfcnq58DEmGie9ovUslmyt5NPnveXxp
+5UeaRc5Rqt9tK2B4A+7/cqENrdZJbAMSunt2+2fkYiRunAFPKPBdJBsY1sxeL/A9
+aKe0viKEXQdAWqdNZKNCi8rd/oOP99/9lMbFudAbX6nL2DSb1OG2Z7NWEqgIAzjm
+pwYYPCKeVz5Q8R+if9/fe5+STY/55OaI33fJ2H3v+U435VjYqbrerWe36xJItcJe
+qUzW71fQtXi1CTEl3w2ch7VF5oj/QyjabLnAlHgSlkSi6p7By5C2MnbCHlCfPnIi
+nPhFoRcRGPjJe9nFwGs+QblvS/Chzc2WX3s/2SWm4gEUKRX4zsAJ5ocyfa/vkxCk
+SxK/erWlCPf/J1T70+i5waXDN/E3enSet/WL7h94pQKpjz8OdGL4JSBHuAVGA+a+
+dknqnPF0KMKLhjrgV+L7O84FhbmAP7PXm3xmiMPriXf+el5fZZequQoIagf8rdRH
+HhRJxQgI0HNknkaOqs8dtrkCDQQ+PqMdEAgA7+GJfxbMdY4wslPnjH9rF4N2qfWs
+EN/lxaZoJYc3a6M02WCnHl6ahT2/tBK2w1QI4YFteR47gCvtgb6O1JHffOo2HfLm
+RDRiRjd1DTCHqeyX7CHhcghj/dNRlW2Z0l5QFEcmV9U0Vhp3aFfWC4Ujfs3LU+hk
+AWzE7zaD5cH9J7yv/6xuZVw411x0h4UqsTcWMu0iM1BzELqX1DY7LwoPEb/O9Rkb
+f4fmLe11EzIaCa4PqARXQZc4dhSinMt6K3X4BrRsKTfozBu74F47D8Ilbf5vSYHb
+uE5p/1oIDznkg/p8kW+3FxuWrycciqFTcNz215yyX39LXFnlLzKUb/F5GwADBQf+
+Lwqqa8CGrRfsOAJxim63CHfty5mUc5rUSnTslGYEIOCR1BeQauyPZbPDsDD9MZ1Z
+aSafanFvwFG6Llx9xkU7tzq+vKLoWkm4u5xf3vn55VjnSd1aQ9eQnUcXiL4cnBGo
+TbOWI39EcyzgslzBdC++MPjcQTcA7p6JUVsP6oAB3FQWg54tuUo0Ec8bsM8b3Ev4
+2LmuQT5NdKHGwHsXTPtl0klk4bQk4OajHsiy1BMahpT27jWjJlMiJc+IWJ0mghkK
+Ht926s/ymfdf5HkdQ1cyvsz5tryVI3Fx78XeSYfQvuuwqp2H139pXGEkg0n6KdUO
+etdZWhe70YGNPw1yjWJT1IhUBBgRAgAMBQJOdz3tBQkT+wG4ABIHZUdQRwABAQkQ
+jHGNO1By4fUUmwCbBYr2+bBEn/L2BOcnw9Z/QFWuhRMAoKVgCFm5fadQ3Afi+UQl
+AcOphrnJ
+=443I
+-----END PGP PUBLIC KEY BLOCK-----
@@ -184,7 +184,8 @@ install: all copy-files
 		-e "s*{{sysconfdir}}*@sysconfdir@*" \
 		-e "s*{{localstatedir}}*@localstatedir@*" \
 		-e "s*{{docdir}}*@docdir@*" \
-		-e "s*{{erl}}*@ERL@*" ejabberdctl.template \
+		-e "s*{{erl}}*@ERL@*" \
+		-e "s*{{epmd}}*@EPMD@*" ejabberdctl.template \
 		> ejabberdctl.example
 	[ -f $(ETCDIR)/ejabberdctl.cfg ] \
 		&& $(INSTALL) -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
@@ -30,6 +30,7 @@ fi

 AC_PATH_TOOL(ERL, erl, , [${extra_erl_path}$PATH])
 AC_PATH_TOOL(ERLC, erlc, , [${extra_erl_path}$PATH])
+AC_PATH_TOOL(EPMD, epmd, , [${extra_erl_path}$PATH])

 AC_ERLANG_NEED_ERL
 AC_ERLANG_NEED_ERLC
@@ -242,9 +242,7 @@ print_usage() ->
 print_po_header(File) ->
    MsgProps = get_msg_header_props(File),
    {Language, [LastT | AddT]} = prepare_props(MsgProps),
-    application:load(ejabberd),
-    {ok, Version} = application:get_key(ejabberd, vsn),
-    print_po_header(Version, Language, LastT, AddT).
+    print_po_header(Language, LastT, AddT).

 get_msg_header_props(File) ->
    {ok, F} = file:open(File, [read]),
@@ -274,12 +272,11 @@ prepare_props(MsgProps) ->
    Authors = proplists:get_all_values("Author:", MsgProps),
    {Language, Authors}.

-print_po_header(Version, Language, LastTranslator, AdditionalTranslatorsList) ->
+print_po_header(Language, LastTranslator, AdditionalTranslatorsList) ->
    AdditionalTranslatorsString = build_additional_translators(AdditionalTranslatorsList),
    HeaderString =
 	"msgid \"\"\n"
 	"msgstr \"\"\n"
-	"\"Project-Id-Version: " ++ Version ++ "\\n\"\n"
 	++ "\"X-Language: " ++ Language ++ "\\n\"\n"
 	"\"Last-Translator: " ++ LastTranslator ++ "\\n\"\n"
 	++ AdditionalTranslatorsString ++
@@ -157,7 +157,7 @@ extract_lang_srcmsg2po ()
 	echo $MSGS_PATH

 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $PO_PATH.1 > $PO_PATH.2
 	msguniq --sort-by-file $PO_PATH.2 --output-file=$PO_PATH
 	
@@ -176,7 +176,7 @@ extract_lang_src2pot ()
 	echo "" >>$MSGS_PATH

 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $POT_PATH.1 > $POT_PATH.2

 	#msguniq --sort-by-file $POT_PATH.2 $EJA_MSGS_DIR --output-file=$POT_PATH
@@ -0,0 +1,5 @@
+{level, details}.
+{incl_dirs, ["src", "ebin"]}.
+{excl_mods, [eldap, 'ELDAPv3']}.
+{export, "logs/all.coverdata"}.
+
@@ -7,7 +7,7 @@ User=ejabberd
 Group=ejabberd
 LimitNOFILE=16000
 RestartSec=5
-ExecStart=/bin/sh @ctlscriptpath@/ejabberdctl start
+ExecStart=@ctlscriptpath@/ejabberdctl start
 ExecStop=@ctlscriptpath@/ejabberdctl stop
 ExecReload=@ctlscriptpath@/ejabberdctl reload_config
 Type=oneshot
@@ -254,10 +254,10 @@ auth_method: internal
 ## extauth_program: "/path/to/authentication/script"

 ##
-## Authentication using ODBC
+## Authentication using SQL
 ## Remember to setup a database in the next section.
 ##
-## auth_method: odbc
+## auth_method: sql

 ##
 ## Authentication using PAM
@@ -330,26 +330,26 @@ auth_method: internal
 ##
 ## MySQL server:
 ##
-## odbc_type: mysql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: mysql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234

 ##
 ## PostgreSQL server:
 ##
-## odbc_type: pgsql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: pgsql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234
 ##
 ## If you use PostgreSQL, have a large database, and need a
 ## faster but inexact replacement for "select count(*) from users"
@@ -359,25 +359,25 @@ auth_method: internal
 ##
 ## SQLite:
 ##
-## odbc_type: sqlite
-## odbc_database: "/path/to/database.db"
+## sql_type: sqlite
+## sql_database: "/path/to/database.db"

 ##
 ## ODBC compatible or MSSQL server:
 ##
-## odbc_type: odbc
-## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
+## sql_type: odbc
+## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"

 ##
 ## Number of connections to open to the database for each virtual host
 ##
-## odbc_pool_size: 10
+## sql_pool_size: 10

 ##
 ## Interval to make a dummy SQL request to keep the connections to the
 ## database alive. Specify in seconds: for example 28800 means 8 hours
 ##
-## odbc_keepalive_interval: undefined
+## sql_keepalive_interval: undefined

 ###.  ===============
 ###'  TRAFFIC SHAPERS
@@ -408,14 +408,14 @@ acl:
  ##
  ## admin:
  ##   user:
-  ##     - "aleksey": "localhost"
-  ##     - "ermine": "example.org"
+  ##     - "aleksey@localhost"
+  ##     - "ermine@example.org"
  ##
  ## Blocked users
  ##
  ## blocked:
  ##   user:
-  ##     - "baduser": "example.org"
+  ##     - "baduser@example.org"
  ##     - "test"

  ## Local users: don't modify this.
@@ -431,7 +431,7 @@ acl:
  ##     - "jabber.org"
  ## aleksey:
  ##   user:
-  ##     - "aleksey": "jabber.ru"
+  ##     - "aleksey@jabber.ru"
  ## test:
  ##   user_regexp: "^test"
  ##   user_glob: "test*"
@@ -459,61 +459,61 @@ acl:
 ##     acl:
 ##       admin:
 ##         user:
-##           - "bob-local": "localhost"
+##           - "bob-local@localhost"
+
+###.  ============
+###'  SHAPER RULES
+
+shaper_rules:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    - none: admin
+    - normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper: fast

 ###.  ============
 ###'  ACCESS RULES
-access:
-  ## Maximum number of simultaneous sessions allowed for a single user:
-  max_user_sessions: 
-    all: 10
-  ## Maximum number of offline messages that users can have:
-  max_user_offline_messages: 
-    admin: 5000
-    all: 100
+access_rules:
  ## This rule allows access only for local users:
-  local: 
-    local: allow
+  local:
+    - allow: local
  ## Only non-blocked users can use c2s connections:
-  c2s: 
-    blocked: deny
-    all: allow
-  ## For C2S connections, all users except admins use the "normal" shaper
-  c2s_shaper: 
-    admin: none
-    all: normal
-  ## All S2S connections use the "fast" shaper
-  s2s_shaper: 
-    all: fast
+  c2s:
+    - deny: blocked
+    - allow
  ## Only admins can send announcement messages:
-  announce: 
-    admin: allow
+  announce:
+    - allow: admin
  ## Only admins can use the configuration interface:
  configure: 
-    admin: allow
-  ## Admins of this server are also admins of the MUC service:
-  muc_admin: 
-    admin: allow
+    - allow: admin
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create: 
-    local: allow
-  ## All users are allowed to use the MUC service:
-  muc: 
-    all: allow
+    - allow: local
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode: 
-    local: allow
+    - allow: local
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register: 
-    all: allow
+    - allow
  ## Only allow to register from localhost
  trusted_network: 
-    loopback: allow
+    - allow: loopback
  ## Do not establish S2S connections with bad servers
  ## s2s: 
-  ##   bad_servers: deny
-  ##   all: allow
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - allow

 ## By default the frequency of account registrations from the same IP
 ## is limited to 1 account every 10 minutes. To disable, specify: infinity
@@ -526,10 +526,10 @@ access:
 ##   "localhost":
 ##     access:
 ##       c2s:
-##         admin: allow
-##         all: deny
+##         - allow: admin
+##         - deny
 ##       register:
-##         all: deny
+##         - deny

 ###.  ================
 ###'  DEFAULT LANGUAGE
@@ -590,10 +590,12 @@ modules:
  mod_last: {}
  mod_muc: 
    ## host: "conference.@HOST@"
-    access: muc
+    access:
+      - allow
+    access_admin:
+      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
-    access_admin: muc_admin
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline: 
@@ -616,45 +618,39 @@ modules:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
-  mod_register: 
+  ## mod_register:
    ##
    ## Protect In-Band account registrations with CAPTCHA.
    ##
-    ## captcha_protected: true
-
+    ##   captcha_protected: true
    ##
    ## Set the minimum informational entropy for passwords.
    ##
-    ## password_strength: 32
-
+    ##   password_strength: 32
    ##
    ## After successful registration, the user receives
    ## a message with this subject and body.
    ##
-    welcome_message: 
-      subject: "Welcome!"
-      body: |-
-        Hi.
-        Welcome to this XMPP server.
-
+    ##   welcome_message:
+    ##     subject: "Welcome!"
+    ##     body: |-
+    ##       Hi.
+    ##       Welcome to this XMPP server.
    ##
    ## When a user registers, send a notification to
    ## these XMPP accounts.
    ##
-    ## registration_watchers:
-    ##   - "admin1@example.org"
-
+    ##   registration_watchers:
+    ##     - "admin1@example.org"
    ##
    ## Only clients in the server machine can register accounts
    ##
-    ip_access: trusted_network
-
+    ##   ip_access: trusted_network
    ##
    ## Local c2s or remote s2s users cannot register accounts
    ##
-    ## access_from: deny
-
-    access: register
+    ##   access_from: deny
+    ##   access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_stats: {}
@@ -13,7 +13,7 @@ ERLANG_NODE=ejabberd@localhost
 SCRIPT_DIR=`cd ${0%/*} && pwd`
 ERL={{erl}}
 IEX={{bindir}}/iex
-EPMD={{bindir}}/epmd
+EPMD={{epmd}}
 INSTALLUSER={{installuser}}
 ERL_LIBS={{libdir}}

@@ -83,18 +83,9 @@ if [ "$EJABBERD_DOC_PATH" = "" ] ; then
 fi
 if [ "$ERLANG_NODE_ARG" != "" ] ; then
    ERLANG_NODE=$ERLANG_NODE_ARG
-    NODE=${ERLANG_NODE%@*}
 fi
-if [ "{{release}}" != "true" ] ; then
-    if [ "$EJABBERDDIR" = "" ] ; then
-        EJABBERDDIR={{libdir}}/ejabberd
-    fi
-    if [ "$EJABBERD_PRIV_PATH" = "" ] ; then
-        EJABBERD_PRIV_PATH=$EJABBERDDIR/priv
-    fi
-    if [ "$EJABBERD_BIN_PATH" = "" ] ; then
-        EJABBERD_BIN_PATH=$EJABBERD_PRIV_PATH/bin
-    fi
+if [ "{{release}}" != "true" -a "$EJABBERD_BIN_PATH" = "" ] ; then
+    EJABBERD_BIN_PATH={{libdir}}/ejabberd/priv/bin
 fi
 EJABBERD_LOG_PATH=$LOGS_DIR/ejabberd.log
 DATETIME=`date "+%Y%m%d-%H%M%S"`
@@ -141,8 +132,8 @@ fi
 [ -z "$date" ] || EJABBERD_OPTS="${EJABBERD_OPTS} log_rotate_date '$date'"
 [ -z "$EJABBERD_OPTS" ] || EJABBERD_OPTS="-ejabberd ${EJABBERD_OPTS}"

-[ -d $SPOOL_DIR ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
-cd $SPOOL_DIR
+[ -d "$SPOOL_DIR" ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
+cd "$SPOOL_DIR"

 # export global variables
 export EJABBERD_CONFIG_PATH
@@ -159,6 +150,15 @@ export CONTRIB_MODULES_PATH
 export CONTRIB_MODULES_CONF_DIR
 export ERL_LIBS

+shell_escape_str()
+{
+    if test $# -eq 0; then
+        printf '"" '
+    else
+        shell_escape "$@"
+    fi
+}
+
 shell_escape()
 {
    local RES=()
@@ -190,8 +190,8 @@ start()
 debug()
 {
    debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
         -remsh $ERLANG_NODE \
         -hidden \
         $KERNEL_OPTS \
@@ -204,15 +204,15 @@ debug()
 iexdebug()
 {
    debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
    # Elixir shell is hidden as default
-    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"$NID\"` \
         -remsh $ERLANG_NODE \
-         --erl \"`shell_escape \"$KERNEL_OPTS\"\" \
-         --erl \"`shell_escape \"$ERLANG_OPTS\"\" \
-         --erl \"`shell_escape \"${ARGS[@]}\"\" \
-         --erl \"`shell_escape \"$@\"\""
-    $EXEC_CMD "$CMD"
+         --erl `shell_escape \"$KERNEL_OPTS\"` \
+         --erl `shell_escape \"$ERLANG_OPTS\"` \
+         --erl `shell_escape \"${ARGS[@]}\"` \
+         --erl `shell_escape_str \"$@\"`"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }

 # start interactive server
@@ -233,15 +233,16 @@ live()
 iexlive()
 {
    livewarning
+    echo $@
    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"${ERLANG_NODE}\"` \
         --erl \"-mnesia dir \\\"$SPOOL_DIR\\\"\" \
         --erl \"`shell_escape \"$KERNEL_OPTS\"`\" \
         --erl \"`shell_escape \"$EJABBERD_OPTS\"`\" \
         --app ejabberd \
-         --erl \"`shell_escape \"$ERLANG_OPTS\"`\" \
-         --erl \"`shell_escape \"${ARGS[@]}\"`\" \
-         --erl \"`shell_escape \"$@\"`\""
-    $EXEC_CMD "$CMD"
+         --erl `shell_escape \"$ERLANG_OPTS\"` \
+         --erl `shell_escape \"${ARGS[@]}\"` \
+         --erl `shell_escape_str \"$@\"`"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }

 # start server in the foreground
@@ -309,20 +310,27 @@ livewarning()

 etop()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
+    NID=$(uid top)
    $EXEC_CMD "$ERL \
-      $NAME debug-${TTY}-${ERLANG_NODE} \
+      $NAME $NID \
      -hidden -s etop -s erlang halt -output text -node $ERLANG_NODE"
 }

 ping()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
+    [ -z "$1" ] && PEER=${ERLANG_NODE} || PEER=$1
+    if [ "$PEER" = "${PEER%.*}" ] ; then
+        PING_NAME="-sname"
+        PING_NODE=$(hostname -s)
+    else
+        PING_NAME="-name"
+        PING_NODE=$(hostname)
+    fi
+    NID=$(uid ping ${PING_NODE})
    $EXEC_CMD "$ERL \
-      $NAME ping-${TTY}-${ERLANG_NODE} \
-      -hidden \
-      $KERNEL_OPTS $ERLANG_OPTS \
-      -eval 'io:format(\"~p~n\",[net_adm:ping($1)])' \
+      $PING_NAME $NID \
+      -hidden $KERNEL_OPTS $ERLANG_OPTS \
+      -eval 'io:format(\"~p~n\",[net_adm:ping('\"'\"'$PEER'\"'\"')])' \
      -s erlang halt -output text -noinput"
 }

@@ -350,97 +358,42 @@ help()
 # common control function
 ctl()
 {
-    # Control number of connections identifiers
-    # using flock if available. Expects a linux-style
-    # flock that can lock a file descriptor.
-    MAXCONNID=100
-    CONNLOCKDIR={{localstatedir}}/lock/ejabberdctl
-    FLOCK=/usr/bin/flock
-    if [ ! -x "$FLOCK" ] || [ ! -d "$CONNLOCKDIR" ] ; then
-        JOT=/usr/bin/jot
-        if [ ! -x "$JOT" ] ; then
-            # no flock or jot, simply invoke ctlexec()
-            CTL_CONN="ctl-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        else
-            # no flock, but at least there is jot
-            RAND=`jot -r 1 0 $MAXCONNID`
-            CTL_CONN="ctl-${RAND}-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        fi
-    else
-        # we have flock so we get a lock
-        # on one of a limited number of
-        # conn names -- this allows
-        # concurrent invocations using a bound
-        # number of atoms
-        for N in `seq 1 $MAXCONNID`; do
-            CTL_CONN="ejabberdctl-$N"
-            CTL_LOCKFILE="$CONNLOCKDIR/$CTL_CONN"
-            (
-                exec 8>"$CTL_LOCKFILE"
-                if flock --nb 8; then
-                    ctlexec $CTL_CONN "$@"
-                    ssresult=$?
-                    # segregate from possible flock exit(1)
-                    ssresult=`expr $ssresult \* 10`
-                    exit $ssresult
-                else
-                    exit 1
-                fi
-            )
-            result=$?
-            if [ $result -eq 1 ] ; then
-                # means we errored out in flock
-                # rather than in the exec - stay in the loop
-                # trying other conn names...
-                badlock=1
-            else
-                badlock=""
-                break;
-            fi
-        done
-        result=`expr $result / 10`
-    fi
-
-    if [ "$badlock" ] ;then
-        echo "Ran out of connections to try. Your ejabberd processes" >&2
-        echo "may be stuck or this is a very busy server. For very"   >&2
-        echo "busy servers, consider raising MAXCONNID in ejabberdctl">&2
-        exit 1;
-    fi
-
-    case $result in
-        0) :;;
-        1) :;;
-        2) help;;
-        3) help;;
-    esac
-    return $result
-}
-
-ctlexec()
-{
-    CONN_NAME=$1; shift
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$CONN_NAME\"` \
+    NID=$(uid ctl)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
         -noinput -hidden $KERNEL_OPTS -s ejabberd_ctl \
         -extra `shell_escape \"$ERLANG_NODE\"` $EJABBERD_NO_TIMEOUT \
         `shell_escape \"$@\"`"
    $EXEC_CMD "$CMD"
+    result=$?
+    case $result in
+        2) help;;
+        3) help;;
+        *) :;;
+    esac
+    return $result
+}
+
+uid()
+{
+    uuid=$(uuidgen 2>/dev/null)
+    [ -z "$uuid" -a -f /proc/sys/kernel/random/uuid ] && uuid=$(</proc/sys/kernel/random/uuid)
+    [ -z "$uuid" ] && uuid=$(printf "%X" $RANDOM$(date +%M%S)$$)
+    uuid=${uuid%%-*}
+    [ $# -eq 0 ] && echo ${uuid}-${ERLANG_NODE}
+    [ $# -eq 1 ] && echo ${uuid}-${1}-${ERLANG_NODE}
+    [ $# -eq 2 ] && echo ${uuid}-${1}@${2}
 }

 # stop epmd if there is no other running node
 stop_epmd()
 {
-    $EPMD -names 2>/dev/null | grep -q name || $EPMD -kill >/dev/null
+    "$EPMD" -names 2>/dev/null | grep -q name || "$EPMD" -kill >/dev/null
 }

 # make sure node not already running and node name unregistered
 check_start()
 {
-    $EPMD -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
+    "$EPMD" -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
        ps ux | grep -v grep | grep -q " $ERLANG_NODE " && {
            echo "ERROR: The ejabberd node '$ERLANG_NODE' is already running."
            exit 4
@@ -451,7 +404,7 @@ check_start()
                echo "Shutdown all other erlang nodes, and call 'epmd -kill'."
                exit 5
            } || {
-                $EPMD -kill >/dev/null
+                "$EPMD" -kill >/dev/null
            }
        }
    }
@@ -485,9 +438,9 @@ case "${ARGS[0]}" in
    'live') live;;
    'iexlive') iexlive;;
    'foreground') foreground;;
-    'ping'*) ping ${ARGS# ping};;
+    'ping'*) ping ${ARGS[1]};;
    'etop') etop;;
    'started') wait_for_status 0 30 2;; # wait 30x2s before timeout
-    'stopped') wait_for_status 3 15 2 && stop_epmd;; # wait 15x2s before timeout
+    'stopped') wait_for_status 3 30 2 && stop_epmd;; # wait 30x2s before timeout
    *) ctl "${ARGS[@]}";;
 esac
@@ -31,8 +31,9 @@
         tags = []               :: [atom()] | '_' | '$2',
         desc = ""               :: string() | '_' | '$3',
         longdesc = ""           :: string() | '_',
-	 module                  :: atom(),
-         function                :: atom(),
+	 version = 0             :: integer(),
+	 module                  :: atom() | '_',
+         function                :: atom() | '_',
         args = []               :: [aterm()] | '_' | '$1' | '$2',
         policy = restricted     :: open | restricted | admin | user,
         result = {res, rescode} :: rterm() | '_' | '$2',
@@ -23,8 +23,7 @@
 	 path = []         :: [binary()],
 	 q = []            :: [{binary() | nokey, binary()}],
 	 us = {<<>>, <<>>} :: {binary(), binary()},
-	 auth              :: {binary(), binary()} |
-	 {auth_jid, {binary(), binary()}, jlib:jid()},
+	 auth              :: {binary(), binary()} | {oauth, binary(), []} | undefined,
 	 lang = <<"">>     :: binary(),
 	 data = <<"">>     :: binary(),
 	 ip                :: {inet:ip_address(), inet:port_number()},
@@ -3,10 +3,11 @@

 -record(session, {sid, usr, us, priority, info}).
 -record(session_counter, {vhost, count}).
-type sid() :: {erlang:timestamp(), pid()}.
+-type sid() :: {erlang:timestamp(), pid()} | {erlang:timestamp(), undefined}.
 -type ip() :: {inet:ip_address(), inet:port_number()} | undefined.
 -type info() :: [{conn, atom()} | {ip, ip()} | {node, atom()}
-                 | {oor, boolean()} | {auth_module, atom()}].
+                 | {oor, boolean()} | {auth_module, atom()}
+                 | {num_stanzas_in, non_neg_integer()}].
 -type prio() :: undefined | integer().

 -endif.
@@ -0,0 +1,33 @@
+%%%----------------------------------------------------------------------
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-define(SQL_MARK, sql__mark_).
+-define(SQL(SQL), ?SQL_MARK(SQL)).
+
+-define(SQL_UPSERT_MARK, sql_upsert__mark_).
+-define(SQL_UPSERT(Host, Table, Fields),
+        ejabberd_sql:sql_query(Host, ?SQL_UPSERT_MARK(Table, Fields))).
+-define(SQL_UPSERT_T(Table, Fields),
+        ejabberd_sql:sql_query_t(?SQL_UPSERT_MARK(Table, Fields))).
+
+-record(sql_query, {hash, format_query, format_res, args, loc}).
+
+-record(sql_escape, {string, integer, boolean}).
+
@@ -34,3 +34,10 @@

 -define(CRITICAL_MSG(Format, Args),
 	lager:critical(Format, Args)).
+
+%% Use only when trying to troubleshoot test problem with ExUnit
+-define(EXUNIT_LOG(Format, Args),
+        case lists:keyfind(logger, 1, application:loaded_applications()) of
+            false -> ok;
+            _ -> 'Elixir.Logger':bare_log(error, io_lib:format(Format, Args), [?MODULE])
+        end).
@@ -0,0 +1,5 @@
+-record(motd, {server = <<"">> :: binary(),
+               packet = #xmlel{} :: xmlel()}).
+
+-record(motd_users, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
+                     dummy = [] :: [] | '_'}).
@@ -0,0 +1,4 @@
+-record(caps_features,
+	{node_pair = {<<"">>, <<"">>} :: {binary(), binary()},
+	 features  = []               :: [binary()] | pos_integer()
+	}).
@@ -0,0 +1,4 @@
+-type matchspec_atom() :: '_' | '$1' | '$2' | '$3'.
+-record(carboncopy, {us       :: {binary(), binary()} | matchspec_atom(), 
+		     resource :: binary() | matchspec_atom(),
+		     version  :: binary() | matchspec_atom()}).
@@ -0,0 +1,15 @@
+-type conn_param() :: {binary(), binary(), inet:port_number(), binary()} |
+                      {binary(), binary(), inet:port_number()} |
+                      {binary(), binary()} |
+                      {binary()}.
+
+-type irc_data() :: [{username, binary()} | {connections_params, [conn_param()]}].
+
+-record(irc_connection,
+        {jid_server_host = {#jid{}, <<"">>, <<"">>} :: {jid(), binary(), binary()},
+         pid = self()                               :: pid()}).
+
+-record(irc_custom,
+        {us_host = {{<<"">>, <<"">>}, <<"">>} :: {{binary(), binary()},
+                                                  binary()},
+         data = [] :: irc_data()}).
@@ -0,0 +1,3 @@
+-record(last_activity, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                        timestamp = 0 :: non_neg_integer(),
+                        status = <<"">> :: binary()}).
@@ -0,0 +1,15 @@
+-record(archive_msg,
+	{us = {<<"">>, <<"">>}                :: {binary(), binary()} | '$2',
+	 id = <<>>                            :: binary() | '_',
+	 timestamp = p1_time_compat:timestamp() :: erlang:timestamp() | '_' | '$1',
+	 peer = {<<"">>, <<"">>, <<"">>}      :: ljid() | '_' | '$3' | undefined,
+	 bare_peer = {<<"">>, <<"">>, <<"">>} :: ljid() | '_' | '$3',
+	 packet = #xmlel{}                    :: xmlel() | '_',
+	 nick = <<"">>                        :: binary(),
+	 type = chat                          :: chat | groupchat}).
+
+-record(archive_prefs,
+	{us = {<<"">>, <<"">>} :: {binary(), binary()},
+	 default = never       :: never | always | roster,
+	 always = []           :: [ljid()],
+	 never = []            :: [ljid()]}).
@@ -0,0 +1,4 @@
+-record(private_storage,
+        {usns = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary() |
+                                             '$1' | '_'},
+         xml = #xmlel{} :: xmlel() | '_' | '$1'}).
@@ -0,0 +1,5 @@
+-record(sr_group, {group_host = {<<"">>, <<"">>} :: {'$1' | binary(), '$2' | binary()},
+                   opts = [] :: list() | '_' | '$2'}).
+
+-record(sr_user, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                  group_host = {<<"">>, <<"">>} :: {binary(), binary()}}).
@@ -0,0 +1,8 @@
+-record(vcard_search,
+	{us, user, luser, fn, lfn, family, lfamily, given,
+	 lgiven, middle, lmiddle, nickname, lnickname, bday,
+	 lbday, ctry, lctry, locality, llocality, email, lemail,
+	 orgname, lorgname, orgunit, lorgunit}).
+
+-record(vcard, {us = {<<"">>, <<"">>} :: {binary(), binary()} | binary(),
+                vcard = #xmlel{} :: xmlel()}).
@@ -0,0 +1,2 @@
+-record(vcard_xupdate, {us = {<<>>, <<>>} :: {binary(), binary()},
+                        hash = <<>>       :: binary()}).
@@ -157,3 +157,10 @@
 -define(NS_HTTP_UPLOAD_OLD, <<"eu:siacs:conversations:http:upload">>).
 -define(NS_THUMBS_1, <<"urn:xmpp:thumbs:1">>).
 -define(NS_NICK,  <<"http://jabber.org/protocol/nick">>).
+-define(NS_MIX_0, <<"urn:xmpp:mix:0">>).
+-define(NS_MIX_SERVICEINFO_0, <<"urn:xmpp:mix:0#serviceinfo">>).
+-define(NS_MIX_NODES_MESSAGES, <<"urn:xmpp:mix:nodes:messages">>).
+-define(NS_MIX_NODES_PRESENCE, <<"urn:xmpp:mix:nodes:presence">>).
+-define(NS_MIX_NODES_PARTICIPANTS, <<"urn:xmpp:mix:nodes:participants">>).
+-define(NS_MIX_NODES_SUBJECT, <<"urn:xmpp:mix:nodes:subject">>).
+-define(NS_MIX_NODES_CONFIG, <<"urn:xmpp:mix:nodes:config">>).
@@ -65,7 +65,7 @@
 %% note: pos_integer() should always be used, but we allow anything else coded
 %% as binary, so one can have a custom implementation of nodetree with custom
 %% indexing (see nodetree_virtual). this also allows to use any kind of key for
-%% indexing nodes, as this can be usefull with external backends such as odbc.
+%% indexing nodes, as this can be usefull with external backends such as sql.

 -type(itemId() :: binary()).
 %% @type itemId() = string().
@@ -93,7 +93,12 @@

 -type(subOptions() :: [mod_pubsub:subOption(),...]).

+-type(pubOption() ::
+    {Option::binary(),
+     Values::[binary()]
+}).

+-type(pubOptions() :: [mod_pubsub:pubOption()]).

 -type(affiliation() :: 'none'
                     | 'owner'
@@ -0,0 +1,130 @@
+defmodule ExUnit.CTFormatter do
+  @moduledoc false
+
+  use GenEvent
+
+  import ExUnit.Formatter, only: [format_time: 2, format_filters: 2, format_test_failure: 5,
+                                  format_test_case_failure: 5]
+
+  def init(opts) do
+    file = File.open! "exunit.log", [:append]
+    # We do not print filter in log file as exclusion of test with tag
+    # pending: true is always done
+    config = %{
+      file: file,
+      seed: opts[:seed],
+      trace: opts[:trace],
+      colors: Keyword.put_new(opts[:colors], :enabled, false),
+      width: 80,
+      tests_counter: 0,
+      failures_counter: 0,
+      skipped_counter: 0,
+      invalids_counter: 0
+    }
+    {:ok, config}
+  end
+
+  def handle_event({:suite_started, _opts}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:suite_finished, run_us, load_us}, config) do
+    print_suite(config, run_us, load_us)
+    File.close config[:file]
+    :remove_handler
+  end
+
+  def handle_event({:test_started, %ExUnit.Test{} = test}, config) do
+    if config.tests_counter == 0, do: IO.binwrite config[:file], "== Running #{test.case} ==\n\n"
+    {:ok, config}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: nil} = _test}, config) do
+    IO.binwrite config[:file], "."
+    {:ok, %{config | tests_counter: config.tests_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:skip, _}} = _test}, config) do
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     skipped_counter: config.skipped_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:invalid, _}} = _test}, config) do
+    IO.binwrite config[:file], "?"
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     invalids_counter: config.invalids_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:failed, failures}} = test}, config) do
+    formatted = format_test_failure(test, failures, config.failures_counter + 1,
+                                    config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    print_logs(test.logs)
+
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     failures_counter: config.failures_counter + 1}}
+  end
+
+  def handle_event({:case_started, %ExUnit.TestCase{}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: nil}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: {:failed, failures}} = test_case}, config) do
+    formatted = format_test_case_failure(test_case, failures, config.failures_counter + 1,
+                                         config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    {:ok, %{config | failures_counter: config.failures_counter + 1}}
+  end
+
+  ## Printing
+
+  defp print_suite(config, run_us, load_us) do
+    IO.binwrite config[:file], "\n\n"
+    IO.binwrite config[:file], format_time(run_us, load_us)
+    IO.binwrite config[:file], "\n\n"
+
+    # singular/plural
+    test_pl = pluralize(config.tests_counter, "test", "tests")
+    failure_pl = pluralize(config.failures_counter, "failure", "failures")
+
+    message =
+      "#{config.tests_counter} #{test_pl}, #{config.failures_counter} #{failure_pl}"
+      |> if_true(config.skipped_counter > 0, & &1 <> ", #{config.skipped_counter} skipped")
+      |> if_true(config.invalids_counter > 0, & &1 <> ", #{config.invalids_counter} invalid")
+
+    cond do
+      config.failures_counter > 0 -> IO.binwrite config[:file], message
+      config.invalids_counter > 0 -> IO.binwrite config[:file], message
+      true                        -> IO.binwrite config[:file], message
+    end
+
+    IO.binwrite config[:file], "\nRandomized with seed #{config.seed}\n\n\n\n"
+  end
+
+  defp if_true(value, false, _fun), do: value
+  defp if_true(value, true, fun), do: fun.(value)
+
+  defp print_failure(formatted, config) do
+    IO.binwrite config[:file], "\n"
+    IO.binwrite config[:file], formatted
+    IO.binwrite config[:file], "\n"
+  end
+
+  defp formatter(_,  msg, _config),
+    do: msg
+
+  defp pluralize(1, singular, _plural), do: singular
+  defp pluralize(_, _singular, plural), do: plural
+
+  defp print_logs(""), do: nil
+
+  defp print_logs(output) do
+    indent = "\n     "
+    output = String.replace(output, "\n", indent)
+    IO.puts(["     The following output was logged:", indent | output])
+  end
+end
@@ -1,2 +0,0 @@
-defmodule Ejabberd do
-end
@@ -3,9 +3,9 @@ defmodule Ejabberd.Mixfile do

  def project do
    [app: :ejabberd,
-     version: "16.01.0-beta1",
+     version: "16.06.0",
     description: description,
-     elixir: "~> 1.1",
+     elixir: "~> 1.2",
     elixirc_paths: ["lib"],
     compile_path: ".",
     compilers: [:asn1] ++ Mix.compilers,
@@ -38,7 +38,7 @@ defmodule Ejabberd.Mixfile do
  end

  defp deps do
-    [{:lager, "~> 3.0"},
+    [{:lager, "~> 3.0.0"},
     {:p1_utils, "~> 1.0"},
     {:cache_tab, "~> 1.0"},
     {:stringprep, "~> 1.0"},
@@ -51,7 +51,7 @@ defmodule Ejabberd.Mixfile do
     {:p1_oauth2, "~> 0.6.1"},
     {:p1_xmlrpc, "~> 1.15"},
     {:p1_mysql, "~> 1.0"},
-     {:p1_pgsql, "~> 1.0"},
+     {:p1_pgsql, "~> 1.1"},
     {:sqlite3, "~> 1.1"},
     {:ezlib, "~> 1.0"},
     {:iconv, "~> 1.0"},
@@ -1,25 +1,26 @@
-%{"bbmustache": {:hex, :bbmustache, "1.0.3"},
-  "cache_tab": {:hex, :cache_tab, "1.0.2"},
-  "eredis": {:hex, :eredis, "1.0.8"},
-  "erlware_commons": {:hex, :erlware_commons, "0.15.0"},
-  "esip": {:hex, :esip, "1.0.2"},
-  "exrm": {:hex, :exrm, "1.0.0-rc7"},
-  "ezlib": {:hex, :ezlib, "1.0.1"},
-  "fast_tls": {:hex, :fast_tls, "1.0.1"},
-  "fast_xml": {:hex, :fast_xml, "1.1.3"},
-  "fast_yaml": {:hex, :fast_yaml, "1.0.2"},
-  "getopt": {:hex, :getopt, "0.8.2"},
-  "goldrush": {:hex, :goldrush, "0.1.7"},
-  "iconv": {:hex, :iconv, "1.0.0"},
-  "jiffy": {:hex, :jiffy, "0.14.7"},
-  "lager": {:hex, :lager, "3.0.2"},
-  "p1_mysql": {:hex, :p1_mysql, "1.0.1"},
-  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1"},
-  "p1_pgsql": {:hex, :p1_pgsql, "1.0.1"},
-  "p1_utils": {:hex, :p1_utils, "1.0.3"},
-  "p1_xmlrpc": {:hex, :p1_xmlrpc, "1.15.1"},
-  "providers": {:hex, :providers, "1.4.1"},
-  "relx": {:hex, :relx, "3.5.0"},
-  "sqlite3": {:hex, :sqlite3, "1.1.5"},
-  "stringprep": {:hex, :stringprep, "1.0.2"},
-  "stun": {:hex, :stun, "1.0.1"}}
+%{"bbmustache": {:hex, :bbmustache, "1.0.4", "7ba94f971c5afd7b6617918a4bb74705e36cab36eb84b19b6a1b7ee06427aa38", [:rebar], []},
+  "cache_tab": {:hex, :cache_tab, "1.0.2", "c12099fff8b0f7011e7656844f5f67b958b7033a521c69595dbf2a5d7c8bb34f", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}]},
+  "cf": {:hex, :cf, "0.2.1", "69d0b1349fd4d7d4dc55b7f407d29d7a840bf9a1ef5af529f1ebe0ce153fc2ab", [:rebar3], []},
+  "eredis": {:hex, :eredis, "1.0.8", "ab4fda1c4ba7fbe6c19c26c249dc13da916d762502c4b4fa2df401a8d51c5364", [:rebar], []},
+  "erlware_commons": {:hex, :erlware_commons, "0.19.0", "7b43caf2c91950c5f60dc20451e3c3afba44d3d4f7f27bcdc52469285a5a3e70", [:rebar3], [{:cf, "0.2.1", [hex: :cf, optional: false]}]},
+  "esip": {:hex, :esip, "1.0.4", "47426c264f6ea5a2a74b53ecf825593b689b47ed3eab873ff8a595ea35aa8507", [:rebar3], [{:stun, "1.0.3", [hex: :stun, optional: false]}, {:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}, {:fast_tls, "1.0.3", [hex: :fast_tls, optional: false]}]},
+  "exrm": {:hex, :exrm, "1.0.5", "53ecb20da2f4e5b4c82ea6776824fbc677c8d287bf20efc9fc29cacc2cca124f", [:mix], [{:relx, "~> 3.5", [hex: :relx, optional: false]}]},
+  "ezlib": {:hex, :ezlib, "1.0.1", "add8b2770a1a70c174aaea082b4a8668c0c7fdb03ee6cc81c6c68d3a6c3d767d", [:rebar3], []},
+  "fast_tls": {:hex, :fast_tls, "1.0.3", "7ccd02ffcba24f8792dd88bd71fa543ea438c58bd0f132576031533083ede578", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}]},
+  "fast_xml": {:hex, :fast_xml, "1.1.11", "1d9aedbe367a3d42ba2c6d9d4ee5808c0846e06a28e366e262e41d3ce462cbdf", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}]},
+  "fast_yaml": {:hex, :fast_yaml, "1.0.3", "862e3f89d52aa6a72eef3121edf303aac2f3c559cbaba2d2a1fd0c09d5f15f9a", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}]},
+  "getopt": {:hex, :getopt, "0.8.2", "b17556db683000ba50370b16c0619df1337e7af7ecbf7d64fbf8d1d6bce3109b", [:rebar], []},
+  "goldrush": {:hex, :goldrush, "0.1.7", "349a351d17c71c2fdaa18a6c2697562abe136fec945f147b381f0cf313160228", [:rebar3], []},
+  "iconv": {:hex, :iconv, "1.0.0", "5ff1c54e5b3b9a8235de872632e9612c7952acdf89bc21db2f2efae0e72647be", [:rebar3], []},
+  "jiffy": {:hex, :jiffy, "0.14.7", "9f33b893edd6041ceae03bc1e50b412e858cc80b46f3d7535a7a9940a79a1c37", [:rebar, :make], []},
+  "lager": {:hex, :lager, "3.0.2", "25dc81bc3659b62f5ab9bd073e97ddd894fc4c242019fccef96f3889d7366c97", [:rebar3], [{:goldrush, "0.1.7", [hex: :goldrush, optional: false]}]},
+  "p1_mysql": {:hex, :p1_mysql, "1.0.1", "d2be1cfc71bb4f1391090b62b74c3f5cb8e7a45b0076b8cb290cd6b2856c581b", [:rebar3], []},
+  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1", "4e021250cc198c538b097393671a41e7cebf463c248980320e038fe0316eb56b", [:rebar3], []},
+  "p1_pgsql": {:hex, :p1_pgsql, "1.1.0", "ca525c42878eac095e5feb19563acc9915c845648f48fdec7ba6266c625d4ac7", [:rebar3], []},
+  "p1_utils": {:hex, :p1_utils, "1.0.3", "8d469a34e8fe3898dda9dfda545fdb69cabfee144ebe31732d2c7905420603ec", [:rebar3], []},
+  "p1_xmlrpc": {:hex, :p1_xmlrpc, "1.15.1", "a382b62dc21bb372281c2488f99294d84f2b4020ed0908a1c4ad710ace3cf35a", [:rebar3], []},
+  "providers": {:hex, :providers, "1.6.0", "db0e2f9043ae60c0155205fcd238d68516331d0e5146155e33d1e79dc452964a", [:rebar3], [{:getopt, "0.8.2", [hex: :getopt, optional: false]}]},
+  "relx": {:hex, :relx, "3.19.0", "286dd5244b4786f56aac75d5c8e2d1fb4cfd306810d4ec8548f3ae1b3aadb8f7", [:rebar3], [{:providers, "1.6.0", [hex: :providers, optional: false]}, {:getopt, "0.8.2", [hex: :getopt, optional: false]}, {:erlware_commons, "0.19.0", [hex: :erlware_commons, optional: false]}, {:cf, "0.2.1", [hex: :cf, optional: false]}, {:bbmustache, "1.0.4", [hex: :bbmustache, optional: false]}]},
+  "sqlite3": {:hex, :sqlite3, "1.1.5", "794738b6d07b6d36ec6d42492cb9d629bad9cf3761617b8b8d728e765db19840", [:rebar3], []},
+  "stringprep": {:hex, :stringprep, "1.0.3", "0fc697484a83c868817c5c6d74c310a1f821b3cf8b6c0eb105335421d0b94d99", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}]},
+  "stun": {:hex, :stun, "1.0.3", "d8dcf8beb38939f3fcded73e89e5753cb5a2fed2e74fa5b658124849a9e97fe9", [:rebar3], [{:p1_utils, "1.0.3", [hex: :p1_utils, optional: false]}, {:fast_tls, "1.0.3", [hex: :fast_tls, optional: false]}]}}
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: 2.1.0-alpha\n"
-"Last-Translator: Carlos E. Lopez - suso AT jabber-hispano.org\n"
+"Project-Id-Version: 16.02\n"
+"Last-Translator: Carlos E. Lopez - carlos AT suchat.org\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -9,7 +9,7 @@ msgstr ""

 #: ejabberd_c2s.erl:505 ejabberd_c2s.erl:853
 msgid "Use of STARTTLS required"
-msgstr "É obrigatorio usar STARTTLS"
+msgstr "Requírese o uso de STARTTLS"

 #: ejabberd_c2s.erl:604
 msgid "No resource provided"
@@ -26,11 +26,11 @@ msgstr "foi expulsado"

 #: ejabberd_c2s.erl:2114
 msgid "Your active privacy list has denied the routing of this stanza."
-msgstr ""
+msgstr "A súa lista de privacidade activa negou o encaminamiento desta estrofa."

 #: ejabberd_c2s.erl:2429
 msgid "Too many unacked stanzas"
-msgstr ""
+msgstr "Demasiadas mensaxes sen recoñecer recibilos"

 #: ejabberd_captcha.erl:122 ejabberd_captcha.erl:245 ejabberd_captcha.erl:284
 msgid "Enter the text you see"
@@ -43,11 +43,11 @@ msgstr ""

 #: ejabberd_captcha.erl:192
 msgid "If you don't see the CAPTCHA image here, visit the web page."
-msgstr ""
+msgstr "Si non ves a imaxe CAPTCHA aquí, visita a páxina web."

 #: ejabberd_captcha.erl:227
 msgid "CAPTCHA web page"
-msgstr ""
+msgstr "CAPTCHA páxina Web"

 #: ejabberd_captcha.erl:381
 msgid "The CAPTCHA is valid."
@@ -59,9 +59,8 @@ msgid "User"
 msgstr "Usuario"

 #: ejabberd_oauth.erl:256
-#, fuzzy
 msgid "Server"
-msgstr "Servidor ~b"
+msgstr "Servidor"

 #: ejabberd_oauth.erl:259 ejabberd_web_admin.erl:1408 mod_configure.erl:1398
 #: mod_configure.erl:1485 mod_configure.erl:1889 mod_configure.erl:2123
@@ -71,7 +70,7 @@ msgstr "Contrasinal"

 #: ejabberd_oauth.erl:267
 msgid "Accept"
-msgstr ""
+msgstr "Aceptar"

 #: ejabberd_web_admin.erl:202 ejabberd_web_admin.erl:214
 #: ejabberd_web_admin.erl:234 ejabberd_web_admin.erl:246
@@ -238,7 +237,6 @@ msgid "Outgoing s2s Connections:"
 msgstr "Conexións S2S saíntes:"

 #: ejabberd_web_admin.erl:1559
-#, fuzzy
 msgid "Incoming s2s Connections:"
 msgstr "Conexións S2S saíntes:"

@@ -253,9 +251,8 @@ msgid "Change Password"
 msgstr "Cambiar contrasinal"

 #: ejabberd_web_admin.erl:1673
-#, fuzzy
 msgid "User ~s"
-msgstr "Usuario "
+msgstr "Usuario ~s"

 #: ejabberd_web_admin.erl:1684
 msgid "Connected Resources:"
@@ -287,9 +284,8 @@ msgid "Stopped Nodes"
 msgstr "Nodos detidos"

 #: ejabberd_web_admin.erl:1833 ejabberd_web_admin.erl:1858
-#, fuzzy
 msgid "Node ~p"
-msgstr "Nodo "
+msgstr "Nodo ~p"

 #: ejabberd_web_admin.erl:1842 mod_configure.erl:150 mod_configure.erl:611
 msgid "Database"
@@ -297,7 +293,7 @@ msgstr "Base de datos"

 #: ejabberd_web_admin.erl:1843 mod_configure.erl:159 mod_configure.erl:648
 msgid "Backup"
-msgstr "Gardar copia de seguridade"
+msgstr "Copia de seguridade"

 #: ejabberd_web_admin.erl:1845
 msgid "Listened Ports"
@@ -326,9 +322,8 @@ msgid "RPC Call Error"
 msgstr "Erro na chamada RPC"

 #: ejabberd_web_admin.erl:1917
-#, fuzzy
 msgid "Database Tables at ~p"
-msgstr "Táboas da base de datos en "
+msgstr "Táboas da base de datos en ~p"

 #: ejabberd_web_admin.erl:1927 mod_vcard.erl:490 mod_vcard.erl:616
 msgid "Name"
@@ -336,7 +331,7 @@ msgstr "Nome"

 #: ejabberd_web_admin.erl:1928
 msgid "Storage Type"
-msgstr "Tipo de almacenamiento"
+msgstr "Tipo de almacenamento"

 #: ejabberd_web_admin.erl:1929
 msgid "Elements"
@@ -351,9 +346,8 @@ msgid "Error"
 msgstr "Erro"

 #: ejabberd_web_admin.erl:1955
-#, fuzzy
 msgid "Backup of ~p"
-msgstr "Copia de seguridade de "
+msgstr "Copia de seguridade de ~p"

 #: ejabberd_web_admin.erl:1959
 msgid ""
@@ -387,7 +381,7 @@ msgid ""
 "Restore binary backup after next ejabberd restart (requires less memory):"
 msgstr ""
 "Restaurar copia de seguridade binaria no seguinte reinicio de ejabberd "
-"(require menos memoria que se instantánea):"
+"(require menos memoria):"

 #: ejabberd_web_admin.erl:1999
 msgid "Store plain text backup:"
@@ -399,7 +393,7 @@ msgstr "Restaurar copias de seguridade de texto plano inmediatamente:"

 #: ejabberd_web_admin.erl:2019
 msgid "Import users data from a PIEFXIS file (XEP-0227):"
-msgstr "Importar usuarios desde un fichero PIEFXIS"
+msgstr "Importar usuarios en un fichero PIEFXIS (XEP-0227):"

 #: ejabberd_web_admin.erl:2032
 msgid "Export data of all users in the server to PIEFXIS files (XEP-0227):"
@@ -409,17 +403,15 @@ msgstr ""

 #: ejabberd_web_admin.erl:2044
 msgid "Export data of users in a host to PIEFXIS files (XEP-0227):"
-msgstr ""
-"Exportar datos de todos os usuarios do servidor a ficheros PIEFXIS "
-"(XEP-0227):"
+msgstr "Exportar datos dos usuarios dun dominio a ficheiros PIEFXIS (XEP-0227):"

 #: ejabberd_web_admin.erl:2060
 msgid "Export all tables as SQL queries to a file:"
-msgstr ""
+msgstr "Exportar todas as táboas a un ficheiro SQL:"

 #: ejabberd_web_admin.erl:2076
 msgid "Import user data from jabberd14 spool file:"
-msgstr "Importar usuario de fichero spool de jabberd14:"
+msgstr "Importar usuario de ficheiro spool de jabberd14:"

 #: ejabberd_web_admin.erl:2087
 msgid "Import users data from jabberd14 spool directory:"
@@ -430,9 +422,8 @@ msgid "Listened Ports at "
 msgstr "Portos de escoita en "

 #: ejabberd_web_admin.erl:2144
-#, fuzzy
 msgid "Modules at ~p"
-msgstr "Módulos en "
+msgstr "Módulos en ~p"

 #: ejabberd_web_admin.erl:2175
 msgid "Statistics of ~p"
@@ -463,9 +454,8 @@ msgid "Transactions Logged:"
 msgstr "Transaccións rexistradas:"

 #: ejabberd_web_admin.erl:2243
-#, fuzzy
 msgid "Update ~p"
-msgstr "Actualizar"
+msgstr "Actualizar ~p"

 #: ejabberd_web_admin.erl:2254
 msgid "Update plan"
@@ -525,7 +515,7 @@ msgstr "Pong"

 #: mod_announce.erl:523
 msgid "Really delete message of the day?"
-msgstr "Está seguro de quere borrar a mensaxe do dia?"
+msgstr "¿Está seguro que quere borrar a mensaxe do dia?"

 #: mod_announce.erl:536 mod_configure.erl:1238 mod_configure.erl:1298
 msgid "Subject"
@@ -553,7 +543,7 @@ msgstr "Enviar anuncio a todos os usuarios en todos os dominios"

 #: mod_announce.erl:668
 msgid "Send announcement to all online users"
-msgstr "Enviar anuncio a todos los usuarios conectados"
+msgstr "Enviar anuncio a todos os usuarios conectados"

 #: mod_announce.erl:670 mod_configure.erl:1231 mod_configure.erl:1291
 msgid "Send announcement to all online users on all hosts"
@@ -595,7 +585,7 @@ msgstr "Iniciar módulos"

 #: mod_configure.erl:156 mod_configure.erl:638
 msgid "Stop Modules"
-msgstr "Detener módulos"
+msgstr "Deter módulos"

 #: mod_configure.erl:162 mod_configure.erl:650
 msgid "Restore"
@@ -844,18 +834,20 @@ msgid ""
 "Too many (~p) failed authentications from this IP address (~s). The address "
 "will be unblocked at ~s UTC"
 msgstr ""
+"Demasiados (~p) fallou autenticaciones desde esta dirección IP (~s). A dirección "
+"será desbloqueada as ~s UTC"

 #: mod_http_upload.erl:586
 msgid "Please specify file size."
-msgstr ""
+msgstr "Por favor, especifica o tamaño do arquivo"

 #: mod_http_upload.erl:590
 msgid "Please specify file name."
-msgstr ""
+msgstr "Por favor, indique o nome do arquivo."

 #: mod_ip_blacklist.erl:121
 msgid "This IP address is blacklisted in ~s"
-msgstr ""
+msgstr "Esta dirección IP está na lista negra en ~s"

 #: mod_irc.erl:220 mod_muc.erl:467
 msgid "Access denied by service policy"
@@ -884,8 +876,8 @@ msgid ""
 "Enter username, encodings, ports and passwords you wish to use for "
 "connecting to IRC servers"
 msgstr ""
-"Introduza o nome de usuario, codificaciones de carácter, portos e "
-"contrasinal que pretende utilizar a conectar a servidores de IRC"
+"Introduce o nome de usuario, codificaciones de carácteres, portos e "
+"contrasinai que queiras usar ao conectar nos servidores de IRC"

 #: mod_irc.erl:667
 msgid "IRC Username"
@@ -970,9 +962,8 @@ msgid "Server ~b"
 msgstr "Servidor ~b"

 #: mod_mam.erl:541
-#, fuzzy
 msgid "Only members may query archives of this room"
-msgstr "Só os moderadores están autorizados a cambiar o tema nesta sala"
+msgstr "Só membros poden consultar o arquivo de mensaxes da sala"

 #: mod_muc.erl:585
 msgid "Only service administrators are allowed to send service messages"
@@ -994,10 +985,9 @@ msgstr "Salas de charla"

 #: mod_muc.erl:781
 msgid "Empty Rooms"
-msgstr ""
+msgstr "Salas baleiras"

 #: mod_muc.erl:933
-#, fuzzy
 msgid "You need a client that supports x:data to register the nickname"
 msgstr ""
 "Necesitas un cliente con soporte de x:data para poder rexistrar o alcume"
@@ -1030,34 +1020,31 @@ msgstr "Módulo de MUC para ejabberd"
 #: mod_muc_admin.erl:231 mod_muc_admin.erl:234 mod_muc_admin.erl:246
 #: mod_muc_admin.erl:320
 msgid "Multi-User Chat"
-msgstr ""
+msgstr "Salas de Charla"

 #: mod_muc_admin.erl:249
-#, fuzzy
 msgid "Total rooms"
-msgstr "Salas de charla"
+msgstr "Salas totais"

 #: mod_muc_admin.erl:250
-#, fuzzy
 msgid "Permanent rooms"
-msgstr "sae da sala"
+msgstr "Salas permanentes"

 #: mod_muc_admin.erl:251
-#, fuzzy
 msgid "Registered nicknames"
-msgstr "Usuarios rexistrados"
+msgstr "Alcumes rexistrados"

 #: mod_muc_admin.erl:254
 msgid "List of rooms"
-msgstr ""
+msgstr "Lista de salas"

 #: mod_muc_log.erl:398 mod_muc_log.erl:407
 msgid "Chatroom configuration modified"
-msgstr "Configuración de la sala modificada"
+msgstr "Configuración da sala modificada"

 #: mod_muc_log.erl:410
 msgid "joins the room"
-msgstr "entra en la sala"
+msgstr "entra na sala"

 #: mod_muc_log.erl:413 mod_muc_log.erl:416
 msgid "leaves the room"
@@ -1077,7 +1064,7 @@ msgstr "foi expulsado, porque a sala cambiouse a só-membros"

 #: mod_muc_log.erl:445
 msgid "has been kicked because of a system shutdown"
-msgstr "foi expulsado por mor dun sistema de peche"
+msgstr "foi expulsado porque o sistema vaise a deter"

 #: mod_muc_log.erl:450
 msgid "is now known as"
@@ -1088,24 +1075,20 @@ msgid " has set the subject to: "
 msgstr " puxo o asunto: "

 #: mod_muc_log.erl:493
-#, fuzzy
 msgid "Chatroom is created"
-msgstr "Salas de charla"
+msgstr "Creouse a sala"

 #: mod_muc_log.erl:495
-#, fuzzy
 msgid "Chatroom is destroyed"
-msgstr "Salas de charla"
+msgstr "Destruíuse a sala"

 #: mod_muc_log.erl:497
-#, fuzzy
 msgid "Chatroom is started"
-msgstr "Salas de charla"
+msgstr "Iniciouse a sala"

 #: mod_muc_log.erl:499
-#, fuzzy
 msgid "Chatroom is stopped"
-msgstr "Salas de charla"
+msgstr "Detívose a sala"

 #: mod_muc_log.erl:503
 msgid "Monday"
@@ -1200,6 +1183,8 @@ msgid ""
 "It is not allowed to send error messages to the room. The participant (~s) "
 "has sent an error message (~s) and got kicked from the room"
 msgstr ""
+"Non está permitido enviar mensaxes de erro á sala. Este participante (~s) "
+"enviou unha mensaxe de erro (~s) e foi expulsado da sala"

 #: mod_muc_room.erl:241
 msgid "It is not allowed to send private messages to the conference"
@@ -1207,20 +1192,19 @@ msgstr "Impedir o envio de mensaxes privadas á sala"

 #: mod_muc_room.erl:316
 msgid "Please, wait for a while before sending new voice request"
-msgstr ""
+msgstr "Por favor, espera un pouco antes de enviar outra petición de voz"

 #: mod_muc_room.erl:329
 msgid "Voice requests are disabled in this conference"
-msgstr ""
+msgstr "As peticións de voz están desactivadas nesta sala"

 #: mod_muc_room.erl:347
 msgid "Failed to extract JID from your voice request approval"
-msgstr ""
+msgstr "Fallo ao extraer o Jabber ID da túa aprobación de petición de voz"

 #: mod_muc_room.erl:377
-#, fuzzy
 msgid "Only moderators can approve voice requests"
-msgstr "Permitir aos usuarios enviar invitacións"
+msgstr "Só os moderadores poden aprobar peticións de voz"

 #: mod_muc_room.erl:389
 msgid "Improper message type"
@@ -1269,11 +1253,11 @@ msgstr "Os visitantes non poden enviar mensaxes a todos os ocupantes"
 #: mod_muc_room.erl:1080
 msgid "Visitors are not allowed to change their nicknames in this room"
 msgstr ""
-"Os visitantes non están autorizados a cambiar os seus That alcumes nesta sala"
+"Os visitantes non teñen permitido cambiar os seus alcumes nesta sala"

 #: mod_muc_room.erl:1093 mod_muc_room.erl:1835
 msgid "That nickname is already in use by another occupant"
-msgstr "Ese alcume que xa está en uso por outro ocupante"
+msgstr "Ese alcume xa está a ser usado por outro ocupante"

 #: mod_muc_room.erl:1822
 msgid "You have been banned from this room"
@@ -1289,12 +1273,11 @@ msgstr "Necesítase contrasinal para entrar nesta sala"

 #: mod_muc_room.erl:1898 mod_register.erl:295
 msgid "Too many CAPTCHA requests"
-msgstr ""
+msgstr "Demasiadas peticións de CAPTCHA"

 #: mod_muc_room.erl:1908 mod_register.erl:301
-#, fuzzy
 msgid "Unable to generate a CAPTCHA"
-msgstr "Non se pode xerar un CAPTCHA"
+msgstr "No se pudo generar un CAPTCHA"

 #: mod_muc_room.erl:1919
 msgid "Incorrect password"
@@ -1378,20 +1361,19 @@ msgstr "calquera"

 #: mod_muc_room.erl:3471
 msgid "Roles for which Presence is Broadcasted"
-msgstr ""
+msgstr "Roles para os que si se difunde a súa Presenza"

 #: mod_muc_room.erl:3486
-#, fuzzy
 msgid "Moderator"
-msgstr "só moderadores"
+msgstr "Moderator"

 #: mod_muc_room.erl:3496
 msgid "Participant"
-msgstr ""
+msgstr "Participante"

 #: mod_muc_room.erl:3506
 msgid "Visitor"
-msgstr ""
+msgstr "Visitante"

 #: mod_muc_room.erl:3513
 msgid "Make room members-only"
@@ -1414,13 +1396,12 @@ msgid "Allow users to send private messages"
 msgstr "Permitir aos usuarios enviar mensaxes privadas"

 #: mod_muc_room.erl:3533
-#, fuzzy
 msgid "Allow visitors to send private messages to"
-msgstr "Permitir aos usuarios enviar mensaxes privadas"
+msgstr "Permitir aos visitantes enviar mensaxes privadas a"

 #: mod_muc_room.erl:3551
 msgid "nobody"
-msgstr ""
+msgstr "ninguén"

 #: mod_muc_room.erl:3576
 msgid "Allow users to query other users"
@@ -1440,13 +1421,12 @@ msgid "Allow visitors to change nickname"
 msgstr "Permitir aos visitantes cambiarse o alcume"

 #: mod_muc_room.erl:3589
-#, fuzzy
 msgid "Allow visitors to send voice requests"
-msgstr "Permitir aos usuarios enviar invitacións"
+msgstr "Permitir aos visitantes enviar peticións de voz"

 #: mod_muc_room.erl:3592
 msgid "Minimum interval between voice requests (in seconds)"
-msgstr ""
+msgstr "Intervalo mínimo entre peticións de voz (en segundos)"

 #: mod_muc_room.erl:3599
 msgid "Make room CAPTCHA protected"
@@ -1454,11 +1434,11 @@ msgstr "Protexer a sala con CAPTCHA"

 #: mod_muc_room.erl:3606
 msgid "Enable message archiving"
-msgstr ""
+msgstr "Activar o almacenamento de mensaxes"

 #: mod_muc_room.erl:3612
 msgid "Exclude Jabber IDs from CAPTCHA challenge"
-msgstr ""
+msgstr "Excluír Jabber IDs das probas de CAPTCHA"

 #: mod_muc_room.erl:3621
 msgid "Enable logging"
@@ -1478,20 +1458,19 @@ msgstr "privado"

 #: mod_muc_room.erl:4326
 msgid "Voice request"
-msgstr ""
+msgstr "Petición de voz"

 #: mod_muc_room.erl:4331
 msgid "Either approve or decline the voice request."
-msgstr ""
+msgstr "Aproba ou rexeita a petición de voz."

 #: mod_muc_room.erl:4351
-#, fuzzy
 msgid "User JID"
-msgstr "Usuario "
+msgstr "Jabber ID do usuario"

 #: mod_muc_room.erl:4355
 msgid "Grant voice to this person?"
-msgstr ""
+msgstr "¿Conceder voz a esta persoa?"

 #: mod_muc_room.erl:4498
 msgid "~s invites you to the room ~s"
@@ -1503,11 +1482,11 @@ msgstr "a contrasinal é"

 #: mod_multicast.erl:291
 msgid "Multicast"
-msgstr ""
+msgstr "Multicast"

 #: mod_multicast.erl:306
 msgid "ejabberd Multicast service"
-msgstr ""
+msgstr "Servizo Multicast de ejabberd"

 #: mod_offline.erl:647
 msgid ""
@@ -1546,7 +1525,7 @@ msgstr "Borrar Todas as Mensaxes Sen conexión"

 #: mod_proxy65_service.erl:248
 msgid "ejabberd SOCKS5 Bytestreams module"
-msgstr "ejabberd SOCKS5 Bytestreams module"
+msgstr "Módulo SOCKS5 Bytestreams para ejabberd"

 #: mod_pubsub.erl:1102
 msgid "Publish-Subscribe"
@@ -1566,7 +1545,7 @@ msgstr "Decidir se aprobar a subscripción desta entidade."

 #: mod_pubsub.erl:1559
 msgid "Node ID"
-msgstr "Nodo IDE"
+msgstr "Nodo ID"

 #: mod_pubsub.erl:1571
 msgid "Subscriber Address"
@@ -1602,7 +1581,7 @@ msgstr "Persistir elementos ao almacenar"

 #: mod_pubsub.erl:3757
 msgid "A friendly name for the node"
-msgstr "Un nome para o nodo"
+msgstr "Un nome sinxelo para o nodo"

 #: mod_pubsub.erl:3759
 msgid "Max # of items to persist"
@@ -1626,12 +1605,11 @@ msgstr "Especificar o modelo do publicante"

 #: mod_pubsub.erl:3769
 msgid "Purge all items when the relevant publisher goes offline"
-msgstr ""
+msgstr "Purgar todos os elementos cando o editor correspondente desconéctase"

 #: mod_pubsub.erl:3771
-#, fuzzy
 msgid "Specify the event message type"
-msgstr "Especifica o modelo de acceso"
+msgstr "Especifica o tipo da mensaxe de evento"

 #: mod_pubsub.erl:3773
 msgid "Max payload size in bytes"
@@ -1650,15 +1628,13 @@ msgid "The collections with which a node is affiliated"
 msgstr "As coleccións coas que un nodo está afiliado"

 #: mod_register.erl:209
-#, fuzzy
 msgid "The CAPTCHA verification has failed"
-msgstr "O CAPTCHA é válido."
+msgstr "A verificación de CAPTCHA fallou"

 #: mod_register.erl:253
-#, fuzzy
 msgid "You need a client that supports x:data and CAPTCHA to register"
 msgstr ""
-"Necesitas un cliente con soporte de x:data para poder rexistrar o alcume"
+"Necesitas un cliente con soporte de x:data e CAPTCHA para rexistrarche"

 #: mod_register.erl:259 mod_register.erl:320
 msgid "Choose a username and password to register with this server"
@@ -1666,9 +1642,8 @@ msgstr ""
 "Escolle un nome de usuario e contrasinal para rexistrarche neste servidor"

 #: mod_register.erl:373 mod_register.erl:421
-#, fuzzy
 msgid "The password is too weak"
-msgstr "a contrasinal é"
+msgstr "O contrasinal é demasiado débil"

 #: mod_register.erl:426
 msgid "Users are not allowed to register accounts so quickly"
@@ -1676,39 +1651,39 @@ msgstr "Os usuarios non están autorizados a rexistrar contas con tanta rapidez"

 #: mod_register_web.erl:105
 msgid "Your Jabber account was successfully created."
-msgstr ""
+msgstr "A súa conta Jabber creouse correctamente."

 #: mod_register_web.erl:110
 msgid "There was an error creating the account: "
-msgstr ""
+msgstr "Produciuse un erro ao crear a conta: "

 #: mod_register_web.erl:119
 msgid "Your Jabber account was successfully deleted."
-msgstr ""
+msgstr "A súa conta Jabber eliminouse correctamente."

 #: mod_register_web.erl:124
 msgid "There was an error deleting the account: "
-msgstr ""
+msgstr "Produciuse un erro ao eliminar a conta: "

 #: mod_register_web.erl:135
 msgid "The password of your Jabber account was successfully changed."
-msgstr ""
+msgstr "O contrasinal da súa conta Jabber cambiouse correctamente."

 #: mod_register_web.erl:140
 msgid "There was an error changing the password: "
-msgstr ""
+msgstr "Produciuse un erro ao cambiar o contrasinal: "

 #: mod_register_web.erl:175 mod_register_web.erl:183
 msgid "Jabber Account Registration"
-msgstr ""
+msgstr "Rexistro de conta Jabber"

 #: mod_register_web.erl:186 mod_register_web.erl:204 mod_register_web.erl:212
 msgid "Register a Jabber account"
-msgstr ""
+msgstr "Rexistrar unha conta Jabber"

 #: mod_register_web.erl:191 mod_register_web.erl:453 mod_register_web.erl:461
 msgid "Unregister a Jabber account"
-msgstr ""
+msgstr "Eliminar o rexistro dunha conta Jabber"

 #: mod_register_web.erl:214
 msgid ""
@@ -1716,40 +1691,45 @@ msgid ""
 "(Jabber IDentifier) will be of the form: username@server. Please read "
 "carefully the instructions to fill correctly the fields."
 msgstr ""
+"Esta páxina permite crear unha conta Jabber neste servidor Jabber. o seu JID "
+"(Jabber IDentificador) será da forma: nomeusuario@servidor. Por favor le "
+"coidadosamente as instrucións para encher correctamente os campos."

 #: mod_register_web.erl:224 mod_register_web.erl:360 mod_register_web.erl:469
-#, fuzzy
 msgid "Username:"
-msgstr "Nome de usuario en IRC"
+msgstr "Nome de usuario:"

 #: mod_register_web.erl:230
 msgid "This is case insensitive: macbeth is the same that MacBeth and Macbeth."
-msgstr ""
+msgstr "Esta é insensible: Macbeth é o mesmo que MacBeth e Macbeth."

 #: mod_register_web.erl:233
 msgid "Characters not allowed:"
-msgstr ""
+msgstr "Caracteres non permitidos:"

 #: mod_register_web.erl:236 mod_register_web.erl:364 mod_register_web.erl:473
-#, fuzzy
 msgid "Server:"
-msgstr "Servidor ~b"
+msgstr "Servidor:"

 #: mod_register_web.erl:245
 msgid ""
 "Don't tell your password to anybody, not even the administrators of the "
-"Jabber server."
+"Jabber Server."
 msgstr ""
+"Non lle diga o seu contrasinal a ninguén, nin sequera os administradores do "
+"Servidor Jabber."

 #: mod_register_web.erl:249
 msgid "You can later change your password using a Jabber client."
-msgstr ""
+msgstr "Máis tarde, pode cambiar o seu contrasinal utilizando un cliente Jabber."

 #: mod_register_web.erl:252
 msgid ""
 "Some Jabber clients can store your password in the computer, but you should "
 "do this only in your personal computer for safety reasons."
 msgstr ""
+"Algúns clientes Jabber pode almacenar o contrasinal no computador, pero debe "
+"facer isto só no seu computador persoal por razóns de seguridade."

 #: mod_register_web.erl:256
 msgid ""
@@ -1757,34 +1737,33 @@ msgid ""
 "Jabber there isn't an automated way to recover your password if you forget "
 "it."
 msgstr ""
+"Memorice o seu contrasinal ou escribilo nun papel colocado nun lugar seguro. En "
+"Jabber non hai unha forma automatizada para recuperar o seu contrasinal si "
+"a esquece"

 #: mod_register_web.erl:262 mod_register_web.erl:374
-#, fuzzy
 msgid "Password Verification:"
 msgstr "Verificación da contrasinal"

 #: mod_register_web.erl:269
-#, fuzzy
 msgid "Register"
-msgstr "Lista de contactos"
+msgstr "Rexistrar"

 #: mod_register_web.erl:366
-#, fuzzy
 msgid "Old Password:"
-msgstr "Contrasinal:"
+msgstr "Contrasinal anterior:"

 #: mod_register_web.erl:370
-#, fuzzy
 msgid "New Password:"
-msgstr "Contrasinal:"
+msgstr "Novo contrasinal:"

 #: mod_register_web.erl:463
 msgid "This page allows to unregister a Jabber account in this Jabber server."
-msgstr ""
+msgstr "Esta páxina permite anular o rexistro dunha conta Jabber neste servidor Jabber."

 #: mod_register_web.erl:480
 msgid "Unregister"
-msgstr ""
+msgstr "Eliminar rexistro"

 #: mod_roster.erl:1436
 msgid "Subscription"
@@ -1872,8 +1851,8 @@ msgid ""
 "Fill in the form to search for any matching Jabber User (Add * to the end of "
 "field to match substring)"
 msgstr ""
-"Enche o formulario para buscar usuarios Jabber. Engade * ao final dun campo "
-"para buscar subcadenas."
+"Enche o formulario para buscar usuarios Jabber (Engade * ao final dun campo "
+"para buscar subcadenas)"

 #: mod_vcard.erl:490 mod_vcard.erl:615
 msgid "Full Name"
@@ -1901,7 +1880,7 @@ msgstr "Necesitas un cliente con soporte de x:data para poder buscar"

 #: mod_vcard.erl:519 mod_vcard_ldap.erl:531
 msgid "vCard User Search"
-msgstr "Procura de usuario en vCard"
+msgstr "vCard busqueda de usuario"

 #: mod_vcard.erl:580 mod_vcard_ldap.erl:586
 msgid "ejabberd vCard module"
@@ -1942,7 +1921,6 @@ msgstr "Rechea campos para buscar usuarios Jabber que concuerden"
 #~ "Este participante é expulsado da sala, porque el enviou un erro de "
 #~ "presenza"

-#, fuzzy
 #~ msgid "CAPTCHA test failed"
 #~ msgstr "O CAPTCHA é válido."

@@ -8,44 +8,49 @@
 %%%-------------------------------------------------------------------

 {deps, [{lager, ".*", {git, "https://github.com/basho/lager", {tag, "3.0.2"}}},
-        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.3"}}},
+        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.4"}}},
        {cache_tab, ".*", {git, "https://github.com/processone/cache_tab", {tag, "1.0.2"}}},
-        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.1"}}},
-        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.2"}}},
-        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.3"}}},
-        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.1"}}},
-        {esip, ".*", {git, "https://github.com/processone/esip", "1.0.2"}},
-        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.2"}}},
+        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.4"}}},
+        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.3"}}},
+        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.12"}}},
+        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.4"}}},
+        {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.5"}}},
+        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.3"}}},
        {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.7"}}},
-        {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2.git", {tag, "0.6.1"}}},
+        {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.1"}}},
        {p1_xmlrpc, ".*", {git, "https://github.com/processone/p1_xmlrpc", {tag, "1.15.1"}}},
-	{luerl, ".*", {git, "https://github.com/rvirding/luerl",
-		       "9524d0309a88b7c62ae93da0b632b185de3ba9db"}},
+        {luerl, ".*", {git, "https://github.com/rvirding/luerl", {tag, "v0.2"}}},
        {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
-					       {tag, "1.0.1"}}}},
+                                               {tag, "1.0.1"}}}},
        {if_var_true, pgsql, {p1_pgsql, ".*", {git, "https://github.com/processone/p1_pgsql",
-					       {tag, "1.0.1"}}}},
+                                               {tag, "1.1.0"}}}},
        {if_var_true, sqlite, {sqlite3, ".*", {git, "https://github.com/processone/erlang-sqlite3",
-					       {tag, "1.1.5"}}}},
+                                               {tag, "1.1.5"}}}},
        {if_var_true, pam, {p1_pam, ".*", {git, "https://github.com/processone/epam",
-					   {tag, "1.0.0"}}}},
+                                           {tag, "1.0.0"}}}},
        {if_var_true, zlib, {ezlib, ".*", {git, "https://github.com/processone/ezlib",
-					   {tag, "1.0.1"}}}},
-        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
-					      "908a24fda4a46776a5135db60ca071e3d783f9f6"}}},  % for riak_pb-2.1.0.7
+                                           {tag, "1.0.1"}}}},
        {if_var_true, riak, {riakc, ".*", {git, "https://github.com/basho/riak-erlang-client",
-					   "527722d12d0433b837cdb92a60900c2cb5df8942"}}},
+                                           "527722d12d0433b837cdb92a60900c2cb5df8942"}}},
+        %% Forces correct dependency for riakc and allow using newer meck version)
+        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
+                                              "908a24fda4a46776a5135db60ca071e3d783f9f6"}}},  % for riak_pb-2.1.0.7
+        {if_var_true, riak, {protobuffs, ".*", {git, "https://github.com/basho/erlang_protobuffs",
+                                                "6e7fc924506e2dc166a6170e580ce1d95ebbd5bd"}}},  % for riak_pb-2.1.0.7 with correct meck dependency
+        %% Elixir support, needed to run tests
        {if_var_true, elixir, {elixir, ".*", {git, "https://github.com/elixir-lang/elixir",
-					      {tag, "v1.1.0"}}}},
+                                              {tag, "v1.1.1"}}}},
        %% TODO: When modules are fully migrated to new structure and mix, we will not need anymore rebar_elixir_plugin
        {if_var_true, elixir, {rebar_elixir_plugin, ".*",
-			       {git, "https://github.com/processone/rebar_elixir_plugin", "0.1.0"}}},
+                               {git, "https://github.com/processone/rebar_elixir_plugin", "0.1.0"}}},
        {if_var_true, iconv, {iconv, ".*", {git, "https://github.com/processone/iconv",
-					    {tag, "1.0.0"}}}},
-        {if_var_true, tools, {meck, "0.8.2", {git, "https://github.com/eproxus/meck",
-					      {tag, "0.8.2"}}}},
+                                            {tag, "1.0.0"}}}},
+        {if_var_true, tools, {meck, "0.8.*", {git, "https://github.com/eproxus/meck",
+                                              {tag, "0.8.4"}}}},
+        {if_var_true, tools, {moka, ".*", {git, "https://github.com/processone/moka.git",
+                                           {tag, "1.0.5b"}}}},
        {if_var_true, redis, {eredis, ".*", {git, "https://github.com/wooga/eredis",
-					     {tag, "v1.0.8"}}}}]}.
+                                             {tag, "v1.0.8"}}}}]}.

 {if_var_true, latest_deps,
 {floating_deps, [cache_tab,
@@ -53,7 +58,7 @@
                  stringprep,
                  fast_xml,
                  esip,
-		  luerl,
+                  luerl,
                  stun,
                  fast_yaml,
                  p1_utils,
@@ -63,8 +68,11 @@
                  ezlib,
                  iconv]}}.

+{erl_first_files, ["src/ejabberd_config.erl", "src/gen_mod.erl"]}.
+
 {erl_opts, [nowarn_deprecated_function,
            {if_var_false, debug, no_debug_info},
+            {if_var_true, debug, debug_info},
            {if_var_true, roster_gateway_workaround, {d, 'ROSTER_GATWAY_WORKAROUND'}},
            {if_var_match, db_type, mssql, {d, 'mssql'}},
            {if_var_true, erlang_deprecated_types, {d, 'ERL_DEPRECATED_TYPES'}},
@@ -90,7 +98,7 @@

 {xref_warnings, false}.

-{xref_checks, [deprecated_function_calls, undefined_function_calls]}.
+{xref_checks, [deprecated_function_calls]}.

 {xref_exclusions, [
                   "(\"gen_transport\":_/_)",
@@ -105,10 +113,14 @@
                   {if_var_false, iconv, "(\"iconv\":_/_)"},
                   {if_var_false, odbc, "(\"odbc\":_/_)"},
                   {if_var_false, sqlite, "(\"sqlite3\":_/_)"},
+                   {if_var_false, elixir, "(\"Elixir.Logger.*\":_/_)"},
                   {if_var_false, redis, "(\"eredis\":_/_)"}]}.

 {eunit_compile_opts, [{i, "tools"}]}.

+{if_version_above, "17", {cover_enabled, true}}.
+{cover_export_enabled, true}.
+
 {post_hook_configure, [{"fast_tls", []},
                       {"stringprep", []},
                       {"fast_yaml", []},
@@ -7,6 +7,20 @@
 %%% Created :  1 May 2013 by Evgeniy Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------

+ModCfg0 = fun(F, Cfg, [Key|Tail], Op, Default) ->
+                 {OldVal,PartCfg} = case lists:keytake(Key, 1, Cfg) of
+                                        {value, {_, V1}, V2} -> {V1, V2};
+                                        false -> {if Tail == [] -> Default; true -> [] end, Cfg}
+                                    end,
+                 case Tail of
+                     [] ->
+                         [{Key, Op(OldVal)} | PartCfg];
+                     _ ->
+                         [{Key, F(F, OldVal, Tail, Op, Default)} | PartCfg]
+                 end
+         end,
+ModCfg = fun(Cfg, Keys, Op, Default) -> ModCfg0(ModCfg0, Cfg, Keys, Op, Default) end.
+
 Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config")) of
          {ok, Terms} ->
              Terms;
@@ -16,6 +30,20 @@ Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config"))

 ProcessVars = fun(_F, [], Acc) ->
                      lists:reverse(Acc);
+                 (F, [{Type, Ver, Value} | Tail], Acc) when
+                        Type == if_version_above orelse
+                        Type == if_version_below ->
+		      SysVer = erlang:system_info(otp_release),
+		      Include = if Type == if_version_above ->
+					SysVer > Ver;
+				   true ->
+					SysVer < Ver
+				end,
+		      if Include ->
+                              F(F, Tail, [Value | Acc]);
+			 true ->
+                              F(F, Tail, Acc)
+		      end;
                 (F, [{Type, Var, Value} | Tail], Acc) when
                        Type == if_var_true orelse
                        Type == if_var_false ->
@@ -107,9 +135,20 @@ Conf5 = case lists:keytake(floating_deps, 1, Conf3) of
                Conf3
        end,

+%% When running Travis test, upload test coverage result to coveralls:
+Conf6 = case {lists:keyfind(cover_enabled, 1, Conf5), os:getenv("TRAVIS")} of
+            {{cover_enabled, true}, "true"} ->
+                JobId = os:getenv("TRAVIS_JOB_ID"),
+                CfgTemp = ModCfg(Conf5, [deps], fun(V) -> [{coveralls, ".*", {git, "https://github.com/markusn/coveralls-erl.git", "master"}}|V] end, []),
+                ModCfg(CfgTemp, [post_hooks], fun(V) -> V ++ [{ct, "echo '\n%%! -pa ebin/ deps/coveralls/ebin\nmain(_)->{ok,F}=file:open(\"erlang.json\",[write]),io:fwrite(F,\"~s\",[coveralls:convert_file(\"logs/all.coverdata\", \""++JobId++"\", \"travis-ci\")]).' > getcover.erl"},
+                                                              {ct, "escript ./getcover.erl"}] end, []);
+            _ ->
+                Conf5
+        end,
+
 %io:format("ejabberd configuration:~n  ~p~n", [Conf5]),

-Conf5.
+Conf6.

 %% Local Variables:
 %% mode: erlang
@@ -19,6 +19,9 @@
 CREATE TABLE users (
    username text PRIMARY KEY,
    password text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
 );

@@ -19,12 +19,15 @@
 CREATE TABLE users (
    username varchar(191) PRIMARY KEY,
    password text NOT NULL,
+    serverkey varchar(64) NOT NULL DEFAULT '',
+    salt varchar(64) NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

-- To support SCRAM auth:
-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
+-- ALTER TABLE users ADD COLUMN serverkey varchar(64) NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN salt varchar(64) NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;

 CREATE TABLE last (
@@ -272,7 +275,7 @@ CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt(subid(3
 CREATE TABLE muc_room (
    name text NOT NULL,
    host text NOT NULL,
-    opts text NOT NULL,
+    opts mediumtext NOT NULL,
    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

@@ -19,10 +19,13 @@
 CREATE TABLE users (
    username text PRIMARY KEY,
    "password" text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at TIMESTAMP NOT NULL DEFAULT now()
 );

-- To support SCRAM auth:
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
 -- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
@@ -29,10 +29,13 @@

 -author('alexey@process-one.net').

-export([start/0, to_record/3, add/3, add_list/3,
-	 add_local/3, add_list_local/3, load_from_config/0,
-	 match_rule/3, match_acl/3, transform_options/1,
-	 opt_type/1]).
+-export([add_access/3, clear/0]).
+-export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
+	 load_from_config/0, match_rule/3,
+	 transform_options/1, opt_type/1, acl_rule_matches/3,
+	 acl_rule_verify/1, access_matches/3,
+	 transform_access_rules_config/1,
+	 access_rules_validator/1, shaper_rules_validator/1]).

 -include("ejabberd.hrl").
 -include("logger.hrl").
@@ -43,6 +46,7 @@
                 rules = [] :: [access_rule()]}).

 -type regexp() :: binary().
+-type iprange() :: {inet:ip_address(), integer()} | binary().
 -type glob() :: binary().
 -type access_name() :: atom().
 -type access_rule() :: {atom(), any()}.
@@ -61,7 +65,7 @@
                   {user_glob, {glob(), host()} | glob()} |
                   {server_glob, glob()} |
                   {resource_glob, glob()} |
-                   {ip, {inet:ip_address(), integer()}} |
+                   {ip, iprange()} |
                   {node_glob, {glob(), glob()}}.

 -type acl() :: #acl{aclname :: aclname(),
@@ -89,12 +93,6 @@ start() ->
    load_from_config(),
    ok.

-spec to_record(binary(), atom(), aclspec()) -> acl().
-
-to_record(Host, ACLName, ACLSpec) ->
-    #acl{aclname = {ACLName, Host},
-	 aclspec = normalize_spec(ACLSpec)}.
-
 -spec add(binary(), aclname(), aclspec()) -> ok | {error, any()}.

 add(Host, ACLName, ACLSpec) ->
@@ -185,6 +183,10 @@ load_from_config() ->
                       {acl, Host}, fun(V) -> V end, []),
              AccessRules = ejabberd_config:get_option(
                              {access, Host}, fun(V) -> V end, []),
+              AccessRulesNew = ejabberd_config:get_option(
+				 {access_rules, Host}, fun(V) -> V end, []),
+              ShaperRules = ejabberd_config:get_option(
+				 {shaper_rules, Host}, fun(V) -> V end, []),
              lists:foreach(
                fun({ACLName, SpecList}) ->
                        lists:foreach(
@@ -198,12 +200,29 @@ load_from_config() ->
                                  add(Host, ACLName, {ACLType, ACLSpecs})
                          end, lists:flatten(SpecList))
                end, ACLs),
+              lists:foreach(
+                fun({Access, Rules}) ->
+			NRules = lists:map(fun({ACL, Type}) ->
+					     {Type, [{acl, ACL}]}
+				     end, Rules),
+                        add_access(Host, Access, NRules ++ [{deny, [all]}])
+                end, AccessRules),
              lists:foreach(
                fun({Access, Rules}) ->
                        add_access(Host, Access, Rules)
-                end, AccessRules)
+                end, AccessRulesNew),
+              lists:foreach(
+                fun({Access, Rules}) ->
+                        add_access(Host, Access, Rules)
+                end, ShaperRules)
      end, Hosts).

+%% Delete all previous set ACLs and Access rules
+clear() ->
+    mnesia:clear_table(acl),
+    mnesia:clear_table(access),
+    ok.
+
 b(S) ->
    iolist_to_binary(S).

@@ -216,19 +235,28 @@ nameprep(S) ->
 resourceprep(S) ->
    jid:resourceprep(b(S)).

+split_user_server(Str, NormFunUsr, NormFunSrv) ->
+    case binary:split(Str, <<"@">>) of
+	[U, S] ->
+	    {NormFunUsr(U), NormFunSrv(S)};
+	_ ->
+	    NormFunUsr(Str)
+    end.
+
 normalize_spec(Spec) ->
    case Spec of
        all -> all;
        none -> none;
+        {acl, N} -> {acl, N};
        {user, {U, S}} -> {user, {nodeprep(U), nameprep(S)}};
-        {user, U} -> {user, nodeprep(U)};
+        {user, U} -> {user, split_user_server(U, fun nodeprep/1, fun nameprep/1)};
        {shared_group, {G, H}} -> {shared_group, {b(G), nameprep(H)}};
-        {shared_group, G} -> {shared_group, b(G)};
+        {shared_group, G} -> {shared_group, split_user_server(G, fun b/1, fun nameprep/1)};
        {user_regexp, {UR, S}} -> {user_regexp, {b(UR), nameprep(S)}};
-        {user_regexp, UR} -> {user_regexp, b(UR)};
+        {user_regexp, UR} -> {user_regexp, split_user_server(UR, fun b/1, fun nameprep/1)};
        {node_regexp, {UR, SR}} -> {node_regexp, {b(UR), b(SR)}};
        {user_glob, {UR, S}} -> {user_glob, {b(UR), nameprep(S)}};
-        {user_glob, UR} -> {user_glob, b(UR)};
+        {user_glob, UR} -> {user_glob, split_user_server(UR, fun b/1, fun nameprep/1)};
        {node_glob, {UR, SR}} -> {node_glob, {b(UR), b(SR)}};
        {server, S} -> {server, nameprep(S)};
        {resource, R} -> {resource, resourceprep(R)};
@@ -249,104 +277,203 @@ normalize_spec(Spec) ->
 -spec match_rule(global | binary(), access_name(),
                 jid() | ljid() | inet:ip_address()) -> any().

-match_rule(_Host, all, _JID) ->
-    allow;
-match_rule(_Host, none, _JID) ->
-    deny;
+match_rule(Host, Access, IP) when tuple_size(IP) == 4;
+    tuple_size(IP) == 8 ->
+    access_matches(Access, #{ip => IP}, Host);
 match_rule(Host, Access, JID) ->
-    GAccess = ets:lookup(access, {Access, global}),
-    LAccess = if Host /= global ->
-                      ets:lookup(access, {Access, Host});
-                 true ->
-                      []
-              end,
-    case GAccess ++ LAccess of
-        [] ->
-            deny;
-        AccessList ->
-            Rules = lists:flatmap(
-                      fun(#access{rules = Rs}) ->
-                              Rs
-                      end, AccessList),
-            match_acls(Rules, JID, Host)
-    end.
+    access_matches(Access, #{usr => jid:tolower(JID)}, Host).

-match_acls([], _, _Host) -> deny;
-match_acls([{ACL, Access} | ACLs], JID, Host) ->
-    case match_acl(ACL, JID, Host) of
-      true -> Access;
-      _ -> match_acls(ACLs, JID, Host)
-    end.
+-spec acl_rule_verify(aclspec()) -> boolean().

-spec match_acl(atom(),
-                jid() | ljid() | inet:ip_address(),
-                binary()) -> boolean().
-
-match_acl(all, _JID, _Host) ->
+acl_rule_verify(all) ->
    true;
-match_acl(none, _JID, _Host) ->
+acl_rule_verify(none) ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D}, Mask}})
+    when is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    A >= 0, A =< 255, B >= 0, B =< 255, C >= 0, C =< 255, D >= 0, D =< 255,
+    is_integer(Mask), Mask >= 0, Mask =< 32 ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D,E,F,G,H}, Mask}}) when
+    is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    is_integer(E), is_integer(F), is_integer(G), is_integer(H),
+    A >= 0, A =< 65535, B >= 0, B =< 65535, C >= 0, C =< 65535, D >= 0, D =< 65535,
+    E >= 0, E =< 65535, F >= 0, F =< 65535, G >= 0, G =< 65535, H >= 0, H =< 65535,
+    is_integer(Mask), Mask >= 0, Mask =< 64 ->
+    true;
+acl_rule_verify({user, {U, S}}) when is_binary(U), is_binary(S) ->
+    true;
+acl_rule_verify({user, U}) when is_binary(U) ->
+    true;
+acl_rule_verify({server, S}) when is_binary(S) ->
+    true;
+acl_rule_verify({resource, R}) when is_binary(R) ->
+    true;
+acl_rule_verify({shared_group, {G, H}}) when is_binary(G), is_binary(H) ->
+    true;
+acl_rule_verify({shared_group, G}) when is_binary(G) ->
+    true;
+acl_rule_verify({user_regexp, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_regexp, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_regexp, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_regexp, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_regexp, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify({user_glob, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_glob, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_glob, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_glob, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_glob, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify(_Spec) ->
+    false.
+invalid_syntax(Msg, Data) ->
+    throw({invalid_syntax, iolist_to_binary(io_lib:format(Msg, Data))}).
+
+acl_rules_verify([{acl, Name} | Rest], true) when is_atom(Name) ->
+    acl_rules_verify(Rest, true);
+acl_rules_verify([{acl, Name} = Rule | _Rest], false) when is_atom(Name) ->
+    invalid_syntax(<<"Using acl: rules not allowed: ~p">>, [Rule]);
+acl_rules_verify([Rule | Rest], AllowAcl) ->
+    case acl_rule_verify(Rule) of
+	false ->
+	    invalid_syntax(<<"Invalid rule: ~p">>, [Rule]);
+	true ->
+	    acl_rules_verify(Rest, AllowAcl)
+    end;
+acl_rules_verify([], _AllowAcl) ->
+    true;
+acl_rules_verify(Rules, _AllowAcl) ->
+    invalid_syntax(<<"Not a acl rules list: ~p">>, [Rules]).
+
+
+
+all_acl_rules_matches([], _Data, _Host) ->
    false;
-match_acl(ACL, IP, Host) when tuple_size(IP) == 4;
-                              tuple_size(IP) == 8 ->
-    lists:any(
-      fun(#acl{aclspec = {ip, {Net, Mask}}}) ->
-              is_ip_match(IP, Net, Mask);
-         (_) ->
-              false
-      end, get_aclspecs(ACL, Host));
-match_acl(ACL, JID, Host) ->
-    {User, Server, Resource} = jid:tolower(JID),
-    lists:any(
-      fun(#acl{aclspec = Spec}) ->
-              case Spec of
-                  all -> true;
-                  {user, {U, S}} -> U == User andalso S == Server;
-                  {user, U} ->
-                      U == User andalso
-                          lists:member(Server, ?MYHOSTS);
-                  {server, S} -> S == Server;
-                  {resource, R} -> R == Resource;
-                  {shared_group, {G, H}} ->
-                      Mod = loaded_shared_roster_module(H),
-                      Mod:is_user_in_group({User, Server}, G, H);
-                  {shared_group, G} ->
-                      Mod = loaded_shared_roster_module(Host),
-                      Mod:is_user_in_group({User, Server}, G, Host);
-                  {user_regexp, {UR, S}} ->
-                      S == Server andalso is_regexp_match(User, UR);
-                  {user_regexp, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_regexp_match(User, UR);
-                  {server_regexp, SR} ->
-                      is_regexp_match(Server, SR);
-                  {resource_regexp, RR} ->
-                      is_regexp_match(Resource, RR);
-                  {node_regexp, {UR, SR}} ->
-                      is_regexp_match(Server, SR) andalso
-                          is_regexp_match(User, UR);
-                  {user_glob, {UR, S}} ->
-                      S == Server andalso is_glob_match(User, UR);
-                  {user_glob, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_glob_match(User, UR);
-                  {server_glob, SR} -> is_glob_match(Server, SR);
-                  {resource_glob, RR} ->
-                      is_glob_match(Resource, RR);
-                  {node_glob, {UR, SR}} ->
-                      is_glob_match(Server, SR) andalso
-                          is_glob_match(User, UR);
-                  WrongSpec ->
-                      ?ERROR_MSG("Wrong ACL expression: ~p~nCheck your "
-                                 "config file and reload it with the override_a"
-                                 "cls option enabled",
-                                 [WrongSpec]),
-                      false
-              end
-      end,
-      get_aclspecs(ACL, Host)).
+all_acl_rules_matches(Rules, Data, Host) ->
+    all_acl_rules_matches2(Rules, Data, Host).
+
+all_acl_rules_matches2([Rule | Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    all_acl_rules_matches2(Tail, Data, Host);
+	false ->
+	    false
+    end;
+all_acl_rules_matches2([], _Data, _Host) ->
+    true.
+
+any_acl_rules_matches([], _Data, _Host) ->
+    false;
+any_acl_rules_matches([Rule|Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    true;
+	false ->
+	    any_acl_rules_matches(Tail, Data, Host)
+    end.
+
+-spec acl_rule_matches(aclspec(), any(), global|binary()) -> boolean().
+
+acl_rule_matches(all, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, all}, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, Name}, Data, Host) ->
+    ACLs = get_aclspecs(Name, Host),
+    RawACLs = lists:map(fun(#acl{aclspec = R}) -> R end, ACLs),
+    any_acl_rules_matches(RawACLs, Data, Host);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := {IP, _Port}}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := IP}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({user, {U, S}}, #{usr := {U, S, _}}, _Host) ->
+    true;
+acl_rule_matches({user, U}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS);
+acl_rule_matches({server, S}, #{usr := {_, S, _}}, _Host) ->
+    true;
+acl_rule_matches({resource, R}, #{usr := {_, _, R}}, _Host) ->
+    true;
+acl_rule_matches({shared_group, {G, H}}, #{usr := {U, S, _}}, _Host) ->
+    Mod = loaded_shared_roster_module(H),
+    Mod:is_user_in_group({U, S}, G, H);
+acl_rule_matches({shared_group, G}, #{usr := {U, S, _}}, Host) ->
+    Mod = loaded_shared_roster_module(Host),
+    Mod:is_user_in_group({U, S}, G, Host);
+acl_rule_matches({user_regexp, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR);
+acl_rule_matches({user_regexp, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_regexp_match(U, UR);
+acl_rule_matches({server_regexp, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_regexp_match(S, SR);
+acl_rule_matches({resource_regexp, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_regexp_match(R, RR);
+acl_rule_matches({node_regexp, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR) andalso is_regexp_match(S, SR);
+acl_rule_matches({user_glob, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR);
+acl_rule_matches({user_glob, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_glob_match(U, UR);
+acl_rule_matches({server_glob, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_glob_match(S, SR);
+acl_rule_matches({resource_glob, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_glob_match(R, RR);
+acl_rule_matches({node_glob, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR) andalso is_glob_match(S, SR);
+acl_rule_matches(_ACL, _Data, _Host) ->
+    false.
+
+-spec access_matches(atom()|list(), any(), global|binary()) -> any().
+access_matches(all, _Data, _Host) ->
+    allow;
+access_matches(none, _Data, _Host) ->
+    deny;
+access_matches(Name, Data, Host) when is_atom(Name) ->
+    GAccess = ets:lookup(access, {Name, global}),
+    LAccess =
+	if Host /= global -> ets:lookup(access, {Name, Host});
+	    true -> []
+	end,
+    case GAccess ++ LAccess of
+	[] ->
+	    deny;
+	AccessList ->
+	    Rules = lists:flatmap(
+		fun(#access{rules = Rs}) ->
+		    Rs
+		end, AccessList),
+	    access_rules_matches(Rules, Data, Host)
+    end;
+access_matches(Rules, Data, Host) when is_list(Rules) ->
+    access_rules_matches(Rules, Data, Host).
+
+
+-spec access_rules_matches(list(), any(), global|binary()) -> any().
+
+access_rules_matches(AR, Data, Host) ->
+    access_rules_matches(AR, Data, Host, deny).
+
+access_rules_matches([{Type, Acls} | Rest], Data, Host, Default) ->
+    case all_acl_rules_matches(Acls, Data, Host) of
+	false ->
+	    access_rules_matches(Rest, Data, Host, Default);
+	true ->
+	    Type
+    end;
+access_rules_matches([], _Data, _Host, Default) ->
+    Default.

 get_aclspecs(ACL, Host) ->
-      ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).
+    ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).

 is_regexp_match(String, RegExp) ->
    case ejabberd_regexp:run(String, RegExp) of
@@ -418,6 +545,63 @@ parse_ip_netmask(S) ->
      _ -> error
    end.

+transform_access_rules_config(Config) when is_list(Config) ->
+    lists:map(fun transform_access_rules_config2/1, lists:flatten(Config));
+transform_access_rules_config(Config) ->
+    transform_access_rules_config([Config]).
+
+transform_access_rules_config2(Type) when is_integer(Type); is_atom(Type) ->
+    {Type, [all]};
+transform_access_rules_config2({Type, ACL}) when is_atom(ACL) ->
+    {Type, [{acl, ACL}]};
+transform_access_rules_config2({Res, Rules}) when is_list(Rules) ->
+    T = lists:map(fun({Type, Args}) when is_list(Args) ->
+			  normalize_spec({Type, hd(lists:flatten(Args))});
+		     (V) -> normalize_spec(V)
+		  end, lists:flatten(Rules)),
+    {Res, T};
+transform_access_rules_config2({Res, Rule}) ->
+    {Res, [Rule]}.
+
+access_rules_validator(Name) when is_atom(Name) ->
+    Name;
+access_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(allow) -> true;
+					  (deny) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+
+shaper_rules_validator(Name) when is_atom(Name) ->
+    Name;
+shaper_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(V) when is_atom(V) -> true;
+					  (V2) when is_integer(V2) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+access_shaper_rules_validator([{Type, Acls} = Rule | Rest], RuleTypeCheck) ->
+    case RuleTypeCheck(Type) of
+	true ->
+	    case acl_rules_verify(Acls, true) of
+		true ->
+		    access_shaper_rules_validator(Rest, RuleTypeCheck);
+		Err ->
+		    Err
+	    end;
+	false ->
+	    invalid_syntax(<<"Invalid rule type: ~p in rule ~p">>, [Type, Rule])
+    end;
+access_shaper_rules_validator([], _RuleTypeCheck) ->
+    true;
+access_shaper_rules_validator(Value, _RuleTypeCheck) ->
+    invalid_syntax(<<"Not a rule definition: ~p">>, [Value]).
+
+
 transform_options(Opts) ->
    Opts1 = lists:foldl(fun transform_options/2, [], Opts),
    {ACLOpts, Opts2} = lists:mapfoldl(
@@ -432,6 +616,18 @@ transform_options(Opts) ->
                               (O, Acc) ->
                                    {[], [O|Acc]}
                            end, [], Opts2),
+    {NewAccessOpts, Opts4} = lists:mapfoldl(
+                            fun({access_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts3),
+    {ShaperOpts, Opts5} = lists:mapfoldl(
+                            fun({shaper_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts4),
    ACLOpts1 = ejabberd_config:collect_options(lists:flatten(ACLOpts)),
    AccessOpts1 = case ejabberd_config:collect_options(
                         lists:flatten(AccessOpts)) of
@@ -445,7 +641,21 @@ transform_options(Opts) ->
                   [] -> [];
                   L2 -> [{acl, L2}]
               end,
-    ACLOpts2 ++ AccessOpts1 ++ Opts3.
+    NewAccessOpts1 = case lists:map(
+			    fun({NAName, Os}) ->
+				    {NAName, transform_access_rules_config(Os)}
+			    end, lists:flatten(NewAccessOpts)) of
+			 [] -> [];
+			 L3 -> [{access_rules, L3}]
+		     end,
+    ShaperOpts1 = case lists:map(
+			    fun({SName, Ss}) ->
+				    {SName, transform_access_rules_config(Ss)}
+			    end, lists:flatten(ShaperOpts)) of
+			 [] -> [];
+			 L4 -> [{shaper_rules, L4}]
+		     end,
+    ACLOpts2 ++ AccessOpts1 ++ NewAccessOpts1 ++ ShaperOpts1 ++ Opts5.

 transform_options({acl, Name, Type}, Opts) ->
    T = case Type of
@@ -476,5 +686,7 @@ transform_options(Opt, Opts) ->
    [Opt|Opts].

 opt_type(access) -> fun (V) -> V end;
+opt_type(access_rules) -> fun (V) -> V end;
+opt_type(shaper_rules) -> fun (V) -> V end;
 opt_type(acl) -> fun (V) -> V end;
-opt_type(_) -> [access, acl].
+opt_type(_) -> [access, acl, access_rules, shaper_rules].
@@ -68,7 +68,9 @@ parse_request(#iq{type = set, lang = Lang, sub_el = SubEl, xmlns = ?NS_COMMANDS}
        xdata     = XData,
        others    = Others
    };
-parse_request(_) -> {error, ?ERR_BAD_REQUEST}.
+parse_request(#iq{lang = Lang}) ->
+    Text = <<"Failed to parse ad-hoc command request">>,
+    {error, ?ERRT_BAD_REQUEST(Lang, Text)}.

 %% Borrowed from mod_vcard.erl
 find_xdata_el(#xmlel{children = SubEls}) ->
@@ -132,7 +132,7 @@ register_mechanism(Mechanism, Module, PasswordType) ->
 %%    end.

 check_credentials(_State, Props) ->
-    User = proplists:get_value(username, Props, <<>>),
+    User = proplists:get_value(authzid, Props, <<>>),
    case jid:nodeprep(User) of
      error -> {error, <<"not-authorized">>};
      <<"">> -> {error, <<"not-authorized">>};
@@ -45,9 +45,8 @@ mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) ->

 mech_step(#state{server = Server} = S, ClientIn) ->
    User = iolist_to_binary([randoms:get_string(),
-                             randoms:get_string(),
-                             randoms:get_string()]),
+                             jlib:integer_to_binary(p1_time_compat:unique_integer([positive]))]),
    case ejabberd_auth:is_user_exists(User, Server) of
        true  -> mech_step(S, ClientIn);
-        false -> {ok, [{username, User}, {auth_module, ejabberd_auth_anonymous}]}
+        false -> {ok, [{username, User}, {authzid, User}, {auth_module, ejabberd_auth_anonymous}]}
    end.
@@ -50,14 +50,14 @@
                username = <<"">> :: binary(),
                authzid = <<"">> :: binary(),
                get_password = fun(_) -> {false, <<>>} end :: get_password_fun(),
-                check_password = fun(_, _, _, _) -> false end :: check_password_fun(),
+                check_password = fun(_, _, _, _, _) -> false end :: check_password_fun(),
                auth_module :: atom(),
                host = <<"">> :: binary(),
-                hostfqdn = <<"">> :: binary()}).
+                hostfqdn = <<"">> :: binary() | [binary()]}).

 start(_Opts) ->
    Fqdn = get_local_fqdn(),
-    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~s",
+    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~p",
 	      [Fqdn]),
    cyrsasl:register_mechanism(<<"DIGEST-MD5">>, ?MODULE,
 			       digest).
@@ -83,9 +83,7 @@ mech_step(#state{step = 3, nonce = Nonce} = State,
      bad -> {error, <<"bad-protocol">>};
      KeyVals ->
 	  DigestURI = proplists:get_value(<<"digest-uri">>, KeyVals, <<>>),
-	  %DigestURI = fxml:get_attr_s(<<"digest-uri">>, KeyVals),
 	  UserName = proplists:get_value(<<"username">>, KeyVals, <<>>),
-	  %UserName = fxml:get_attr_s(<<"username">>, KeyVals),
 	  case is_digesturi_valid(DigestURI, State#state.host,
 				  State#state.hostfqdn)
 	      of
@@ -97,13 +95,11 @@ mech_step(#state{step = 3, nonce = Nonce} = State,
 		{error, <<"not-authorized">>, UserName};
 	    true ->
 		AuthzId = proplists:get_value(<<"authzid">>, KeyVals, <<>>),
-		%AuthzId = fxml:get_attr_s(<<"authzid">>, KeyVals),
 		case (State#state.get_password)(UserName) of
 		  {false, _} -> {error, <<"not-authorized">>, UserName};
 		  {Passwd, AuthModule} ->
-		      case (State#state.check_password)(UserName, <<"">>,
+		      case (State#state.check_password)(UserName, UserName, <<"">>,
 		                    proplists:get_value(<<"response">>, KeyVals, <<>>),
-							%fxml:get_attr_s(<<"response">>, KeyVals),
 							fun (PW) ->
 								response(KeyVals,
 									 UserName,
@@ -130,7 +126,11 @@ mech_step(#state{step = 5, auth_module = AuthModule,
 		 username = UserName, authzid = AuthzId},
 	  <<"">>) ->
    {ok,
-     [{username, UserName}, {authzid, AuthzId},
+     [{username, UserName}, {authzid, case AuthzId of
+        <<"">> -> UserName;
+        _ -> AuthzId
+      end
+    },
      {auth_module, AuthModule}]};
 mech_step(A, B) ->
    ?DEBUG("SASL DIGEST: A ~p B ~p", [A, B]),
@@ -183,16 +183,16 @@ is_digesturi_valid(DigestURICase, JabberDomain,
    DigestURI = stringprep:tolower(DigestURICase),
    case catch str:tokens(DigestURI, <<"/">>) of
 	[<<"xmpp">>, Host] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (Host == JabberDomain) or IsHostFqdn;
 	[<<"xmpp">>, Host, ServName] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (ServName == JabberDomain) and IsHostFqdn;
 	_ ->
 	    false
    end.

-is_host_fqdn(Host, [Letter | _Tail] = Fqdn) when not is_list(Letter) ->
+is_host_fqdn(Host, Fqdn) when is_binary(Fqdn) ->
    Host == Fqdn;
 is_host_fqdn(_Host, []) ->
    false;
@@ -204,6 +204,7 @@ is_host_fqdn(Host, [Fqdn | FqdnTail]) when Host /= Fqdn ->
 get_local_fqdn() ->
    case catch get_local_fqdn2() of
      Str when is_binary(Str) -> Str;
+      List when is_list(List) -> List;
      _ ->
 	  <<"unknown-fqdn, please configure fqdn "
 	    "option in ejabberd.yml!">>
@@ -211,9 +212,11 @@ get_local_fqdn() ->

 get_local_fqdn2() ->
    case ejabberd_config:get_option(
-           fqdn, fun iolist_to_binary/1) of
+           fqdn, fun(X) -> X end) of
        ConfiguredFqdn when is_binary(ConfiguredFqdn) ->
            ConfiguredFqdn;
+        [A | _] = ConfiguredFqdns when is_binary(A) ->
+            ConfiguredFqdns;
        undefined ->
            {ok, Hostname} = inet:gethostname(),
            {ok, {hostent, Fqdn, _, _, _, _}} =
@@ -45,7 +45,7 @@ mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) ->
 mech_step(State, ClientIn) ->
    case prepare(ClientIn) of
      [AuthzId, User, Password] ->
-	  case (State#state.check_password)(User, Password) of
+	  case (State#state.check_password)(User, AuthzId, Password) of
 	    {true, AuthModule} ->
 		{ok,
 		 [{username, User}, {authzid, AuthzId},
@@ -60,12 +60,17 @@ prepare(ClientIn) ->
      [<<"">>, UserMaybeDomain, Password] ->
 	  case parse_domain(UserMaybeDomain) of
 	    %% <NUL>login@domain<NUL>pwd
-	    [User, _Domain] -> [UserMaybeDomain, User, Password];
+	    [User, _Domain] -> [User, User, Password];
 	    %% <NUL>login<NUL>pwd
-	    [User] -> [<<"">>, User, Password]
+	    [User] -> [User, User, Password]
 	  end;
+      [AuthzId, User, Password] ->
+      case parse_domain(AuthzId) of
      %% login@domain<NUL>login<NUL>pwd
-      [AuthzId, User, Password] -> [AuthzId, User, Password];
+        [AuthzUser, _Domain] -> [AuthzUser, User, Password];
+        %% login<NUL>login<NUL>pwd
+        [AuthzUser] -> [AuthzUser, User, Password]
+      end;
      _ -> error
    end.

@@ -159,7 +159,8 @@ mech_step(#state{step = 4} = State, ClientIn) ->
 					 ServerSignature =
 					     scram:server_signature(State#state.server_key,
 								    AuthMessage),
-					 {ok, [{username, State#state.username}],
+					 {ok, [{username, State#state.username},
+					       {authzid, State#state.username}],
 					  <<"v=",
 					    (jlib:encode_base64(ServerSignature))/binary>>};
 				     true -> {error, <<"bad-auth">>, State#state.username}
@@ -79,7 +79,7 @@ is_loaded() ->
 start_app(App, Type, StartFlag) when not is_list(App) ->
    start_app([App], Type, StartFlag);
 start_app([App|Apps], Type, StartFlag) ->
-    case application:start(App) of
+    case application:start(App,Type) of
        ok ->
            spawn(fun() -> check_app_modules(App, StartFlag) end),
            start_app(Apps, Type, StartFlag);
@@ -192,16 +192,16 @@ get_commands_spec() ->
 			module = ejabberd_piefxis, function = export_host,
 			args = [{dir, string}, {host, string}], result = {res, rescode}},

-     #ejabberd_commands{name = export_odbc, tags = [mnesia, odbc],
+     #ejabberd_commands{name = delete_mnesia, tags = [mnesia, sql],
                        desc = "Export all tables as SQL queries to a file",
-                        module = ejd2odbc, function = export,
-                        args = [{host, string}, {file, string}], result = {res, rescode}},
-     #ejabberd_commands{name = convert_to_scram, tags = [odbc],
+                        module = ejd2sql, function = delete,
+                        args = [{host, string}], result = {res, rescode}},
+     #ejabberd_commands{name = convert_to_scram, tags = [sql],
 			desc = "Convert the passwords in 'users' ODBC table to SCRAM",
-			module = ejabberd_auth_odbc, function = convert_to_scram,
+			module = ejabberd_auth_sql, function = convert_to_scram,
 			args = [{host, binary}], result = {res, rescode}},

-     #ejabberd_commands{name = import_prosody, tags = [mnesia, odbc, riak],
+     #ejabberd_commands{name = import_prosody, tags = [mnesia, sql, riak],
 			desc = "Import data from Prosody",
 			module = prosody2ejabberd, function = from_dir,
 			args = [{dir, string}], result = {res, rescode}},
@@ -221,10 +221,10 @@ get_commands_spec() ->
 			module = ?MODULE, function = delete_old_messages,
 			args = [{days, integer}], result = {res, rescode}},
 	 
-     #ejabberd_commands{name = export2odbc, tags = [mnesia],
+     #ejabberd_commands{name = export2sql, tags = [mnesia],
 			desc = "Export virtual host information from Mnesia tables to SQL files",
-			module = ejd2odbc, function = export,
-			args = [{host, string}, {directory, string}],
+			module = ejd2sql, function = export,
+			args = [{host, string}, {file, string}],
 			result = {res, rescode}},
     #ejabberd_commands{name = set_master, tags = [mnesia],
 			desc = "Set master node of the clustered Mnesia tables",
@@ -30,7 +30,7 @@

 -behaviour(application).

-export([start_modules/0, start/2, prep_stop/1, stop/1,
+-export([start/2, prep_stop/1, stop/1,
 	 init/0, opt_type/1]).

 -include("ejabberd.hrl").
@@ -63,6 +63,7 @@ start(normal, _Args) ->
    Sup = ejabberd_sup:start_link(),
    ejabberd_rdbms:start(),
    ejabberd_riak_sup:start(),
+    ejabberd_redis:start(),
    ejabberd_sm:start(),
    cyrsasl:start(),
    % Profiling
@@ -71,7 +72,7 @@ start(normal, _Args) ->
    maybe_add_nameservers(),
    ejabberd_auth:start(),
    ejabberd_oauth:start(),
-    start_modules(),
+    gen_mod:start_modules(),
    ejabberd_listener:start_listeners(),
    ?INFO_MSG("ejabberd ~s is started in the node ~p", [?VERSION, node()]),
    Sup;
@@ -83,9 +84,9 @@ start(_, _) ->
 %% before shutting down the processes of the application.
 prep_stop(State) ->
    ejabberd_listener:stop_listeners(),
-    stop_modules(),
    ejabberd_admin:stop(),
    broadcast_c2s_shutdown(),
+    gen_mod:stop_modules(),
    timer:sleep(5000),
    State.

@@ -137,42 +138,6 @@ db_init() ->
    ejabberd:start_app(mnesia, permanent),
    mnesia:wait_for_tables(mnesia:system_info(local_tables), infinity).

-%% Start all the modules in all the hosts
-start_modules() ->
-    lists:foreach(
-      fun(Host) ->
-              Modules = ejabberd_config:get_option(
-                          {modules, Host},
-                          fun(Mods) ->
-                                  lists:map(
-                                    fun({M, A}) when is_atom(M), is_list(A) ->
-                                            {M, A}
-                                    end, Mods)
-                          end, []),
-              lists:foreach(
-                fun({Module, Args}) ->
-                        gen_mod:start_module(Host, Module, Args)
-                end, Modules)
-      end, ?MYHOSTS).
-
-%% Stop all the modules in all the hosts
-stop_modules() ->
-    lists:foreach(
-      fun(Host) ->
-              Modules = ejabberd_config:get_option(
-                          {modules, Host},
-                          fun(Mods) ->
-                                  lists:map(
-                                    fun({M, A}) when is_atom(M), is_list(A) ->
-                                            {M, A}
-                                    end, Mods)
-                          end, []),
-              lists:foreach(
-                fun({Module, _Args}) ->
-                        gen_mod:stop_module_keep_config(Host, Module)
-                end, Modules)
-      end, ?MYHOSTS).
-
 connect_nodes() ->
    Nodes = ejabberd_config:get_option(
              cluster_nodes,
@@ -256,7 +221,6 @@ start_apps() ->
    ejabberd:start_app(fast_tls),
    ejabberd:start_app(fast_xml),
    ejabberd:start_app(stringprep),
-    ejabberd:start_app(ezlib),
    ejabberd:start_app(cache_tab).

 opt_type(net_ticktime) ->
@@ -32,9 +32,9 @@
 -author('alexey@process-one.net').

 %% External exports
-export([start/0, set_password/3, check_password/3,
-	 check_password/5, check_password_with_authmodule/3,
-	 check_password_with_authmodule/5, try_register/3,
+-export([start/0, set_password/3, check_password/4,
+	 check_password/6, check_password_with_authmodule/4,
+	 check_password_with_authmodule/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2, export/1, import/1,
 	 get_vh_registered_users_number/1, import/3,
@@ -63,8 +63,8 @@
 -callback remove_user(binary(), binary()) -> any().
 -callback remove_user(binary(), binary(), binary()) -> any().
 -callback is_user_exists(binary(), binary()) -> boolean() | {error, atom()}.
-callback check_password(binary(), binary(), binary()) -> boolean().
-callback check_password(binary(), binary(), binary(), binary(),
+-callback check_password(binary(), binary(), binary(), binary()) -> boolean().
+-callback check_password(binary(), binary(), binary(), binary(), binary(),
                         fun((binary()) -> binary())) -> boolean().
 -callback try_register(binary(), binary(), binary()) -> {atomic, atom()} |
                                                        {error, atom()}.
@@ -102,10 +102,10 @@ store_type(Server) ->
 		end,
 		plain, auth_modules(Server)).

-spec check_password(binary(), binary(), binary()) -> boolean().
+-spec check_password(binary(), binary(), binary(), binary()) -> boolean().

-check_password(User, Server, Password) ->
-    case check_password_with_authmodule(User, Server,
+check_password(User, AuthzId, Server, Password) ->
+    case check_password_with_authmodule(User, AuthzId, Server,
 					Password)
 	of
      {true, _AuthModule} -> true;
@@ -113,15 +113,15 @@ check_password(User, Server, Password) ->
    end.

 %% @doc Check if the user and password can login in server.
-%% @spec (User::string(), Server::string(), Password::string(),
+%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string(),
 %%        Digest::string(), DigestGen::function()) ->
 %%     true | false
-spec check_password(binary(), binary(), binary(), binary(),
+-spec check_password(binary(), binary(), binary(), binary(), binary(),
                     fun((binary()) -> binary())) -> boolean().
                                 
-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    case check_password_with_authmodule(User, Server,
+    case check_password_with_authmodule(User, AuthzId, Server,
 					Password, Digest, DigestGen)
 	of
      {true, _AuthModule} -> true;
@@ -132,28 +132,28 @@ check_password(User, Server, Password, Digest,
 %% The user can login if at least an authentication method accepts the user
 %% and the password.
 %% The first authentication method that accepts the credentials is returned.
-%% @spec (User::string(), Server::string(), Password::string()) ->
+%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string()) ->
 %%     {true, AuthModule} | false
 %% where
 %%   AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
-%%                 | ejabberd_auth_internal | ejabberd_auth_ldap
-%%                 | ejabberd_auth_odbc | ejabberd_auth_pam
-spec check_password_with_authmodule(binary(), binary(), binary()) -> false |
+%%                 | ejabberd_auth_mnesia | ejabberd_auth_ldap
+%%                 | ejabberd_auth_sql | ejabberd_auth_pam | ejabberd_auth_riak
+-spec check_password_with_authmodule(binary(), binary(), binary(), binary()) -> false |
                                                                      {true, atom()}.

-check_password_with_authmodule(User, Server,
+check_password_with_authmodule(User, AuthzId, Server,
 			       Password) ->
    check_password_loop(auth_modules(Server),
-			[User, Server, Password]).
+			[User, AuthzId, Server, Password]).

-spec check_password_with_authmodule(binary(), binary(), binary(), binary(),
+-spec check_password_with_authmodule(binary(), binary(), binary(), binary(), binary(),
                                     fun((binary()) -> binary())) -> false |
                                                                     {true, atom()}.

-check_password_with_authmodule(User, Server, Password,
+check_password_with_authmodule(User, AuthzId, Server, Password,
 			       Digest, DigestGen) ->
    check_password_loop(auth_modules(Server),
-			[User, Server, Password, Digest, DigestGen]).
+			[User, AuthzId, Server, Password, Digest, DigestGen]).

 check_password_loop([], _Args) -> false;
 check_password_loop([AuthModule | AuthModules], Args) ->
@@ -428,30 +428,21 @@ auth_modules() ->
 %% Return the list of authenticated modules for a given host
 auth_modules(Server) ->
    LServer = jid:nameprep(Server),
-    Default = case gen_mod:default_db(LServer) of
-		  mnesia -> internal;
-		  DBType -> DBType
-	      end,
+    Default = ejabberd_config:default_db(LServer, ?MODULE),
    Methods = ejabberd_config:get_option(
-                {auth_method, LServer},
-                fun(V) when is_list(V) ->
-                        true = lists:all(fun is_atom/1, V),
-                        V;
-                   (V) when is_atom(V) ->
-                        [V]
-                end, [Default]),
+                {auth_method, LServer}, opt_type(auth_method), [Default]),
    [jlib:binary_to_atom(<<"ejabberd_auth_",
                           (jlib:atom_to_binary(M))/binary>>)
     || M <- Methods].

 export(Server) ->
-    ejabberd_auth_internal:export(Server).
+    ejabberd_auth_mnesia:export(Server).

 import(Server) ->
-    ejabberd_auth_internal:import(Server).
+    ejabberd_auth_mnesia:import(Server).

 import(Server, mnesia, Passwd) ->
-    ejabberd_auth_internal:import(Server, mnesia, Passwd);
+    ejabberd_auth_mnesia:import(Server, mnesia, Passwd);
 import(Server, riak, Passwd) ->
    ejabberd_auth_riak:import(Server, riak, Passwd);
 import(_, _, _) ->
@@ -459,7 +450,7 @@ import(_, _, _) ->

 opt_type(auth_method) ->
    fun (V) when is_list(V) ->
-	    true = lists:all(fun is_atom/1, V), V;
-	(V) when is_atom(V) -> [V]
+	    lists:map(fun(M) -> ejabberd_config:v_db(?MODULE, M) end, V);
+	(V) -> [ejabberd_config:v_db(?MODULE, V)]
    end;
 opt_type(_) -> [auth_method].
@@ -38,8 +38,8 @@
 	 unregister_connection/3
 	]).

-export([login/2, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([login/2, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -56,7 +56,7 @@
 %% Create the anonymous table if at least one virtual host has anonymous features enabled
 %% Register to login / logout events
 -record(anonymous, {us = {<<"">>, <<"">>} :: {binary(), binary()},
-                    sid = {p1_time_compat:timestamp(), self()} :: ejabberd_sm:sid()}).
+                    sid = ejabberd_sm:make_sid() :: ejabberd_sm:sid()}).

 start(Host) ->
    %% TODO: Check cluster mode
@@ -175,11 +175,11 @@ purge_hook(true, LUser, LServer) ->

 %% When anonymous login is enabled, check the password for permenant users
 %% before allowing access
-check_password(User, Server, Password) ->
-    check_password(User, Server, Password, undefined,
+check_password(User, AuthzId, Server, Password) ->
+    check_password(User, AuthzId, Server, Password, undefined,
 		   undefined).

-check_password(User, Server, _Password, _Digest,
+check_password(User, _AuthzId, Server, _Password, _Digest,
 	       _DigestGen) ->
    case
      ejabberd_auth:is_user_exists_in_other_modules(?MODULE,
@@ -31,8 +31,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -56,7 +56,7 @@ start(Host) ->
            "extauth"),
    extauth:start(Host, Cmd),
    check_cache_last_options(Host),
-    ejabberd_auth_internal:start(Host).
+    ejabberd_auth_mnesia:start(Host).

 check_cache_last_options(Server) ->
    case get_cache_option(Server) of
@@ -76,21 +76,27 @@ plain_password_required() -> true.

 store_type() -> external.

-check_password(User, Server, Password) ->
-    case get_cache_option(Server) of
-      false -> check_password_extauth(User, Server, Password);
-      {true, CacheTime} ->
-	  check_password_cache(User, Server, Password, CacheTime)
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    case get_cache_option(Server) of
+	      false ->
+		  check_password_extauth(User, AuthzId, Server, Password);
+	      {true, CacheTime} ->
+		  check_password_cache(User, AuthzId, Server, Password,
+				       CacheTime)
+	    end
    end.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

 set_password(User, Server, Password) ->
    case extauth:set_password(User, Server, Password) of
      true ->
-	  set_password_internal(User, Server, Password), ok;
+	  set_password_mnesia(User, Server, Password), ok;
      _ -> {error, unknown_problem}
    end.

@@ -102,20 +108,20 @@ try_register(User, Server, Password) ->
    end.

 dirty_get_registered_users() ->
-    ejabberd_auth_internal:dirty_get_registered_users().
+    ejabberd_auth_mnesia:dirty_get_registered_users().

 get_vh_registered_users(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users(Server).

 get_vh_registered_users(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users(Server,
 						   Data).

 get_vh_registered_users_number(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server).

 get_vh_registered_users_number(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server,
 							  Data).

 %% The password can only be returned if cache is enabled, cached info exists and is fresh enough.
@@ -147,7 +153,7 @@ remove_user(User, Server) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server)
+		ejabberd_auth_mnesia:remove_user(User, Server)
 	  end
    end.

@@ -158,7 +164,7 @@ remove_user(User, Server, Password) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server,
+		ejabberd_auth_mnesia:remove_user(User, Server,
 						   Password)
 	  end
    end.
@@ -178,8 +184,8 @@ get_cache_option(Host) ->
        CacheTime -> {true, CacheTime}
    end.

-%% @spec (User, Server, Password) -> true | false
-check_password_extauth(User, Server, Password) ->
+%% @spec (User, AuthzId, Server, Password) -> true | false
+check_password_extauth(User, _AuthzId, Server, Password) ->
    extauth:check_password(User, Server, Password) andalso
      Password /= <<"">>.

@@ -187,45 +193,45 @@ check_password_extauth(User, Server, Password) ->
 try_register_extauth(User, Server, Password) ->
    extauth:try_register(User, Server, Password).

-check_password_cache(User, Server, Password, 0) ->
-    check_password_external_cache(User, Server, Password);
-check_password_cache(User, Server, Password,
+check_password_cache(User, AuthzId, Server, Password, 0) ->
+    check_password_external_cache(User, AuthzId, Server, Password);
+check_password_cache(User, AuthzId, Server, Password,
 		     CacheTime) ->
    case get_last_access(User, Server) of
      online ->
-	  check_password_internal(User, Server, Password);
+	  check_password_mnesia(User, AuthzId, Server, Password);
      never ->
-	  check_password_external_cache(User, Server, Password);
+	  check_password_external_cache(User, AuthzId, Server, Password);
      mod_last_required ->
 	  ?ERROR_MSG("extauth is used, extauth_cache is enabled "
 		     "but mod_last is not enabled in that "
 		     "host",
 		     []),
-	  check_password_external_cache(User, Server, Password);
+	  check_password_external_cache(User, AuthzId, Server, Password);
      TimeStamp ->
 	  case is_fresh_enough(TimeStamp, CacheTime) of
 	    %% If no need to refresh, check password against Mnesia
 	    true ->
-		case check_password_internal(User, Server, Password) of
+		case check_password_mnesia(User, AuthzId, Server, Password) of
 		  %% If password valid in Mnesia, accept it
 		  true -> true;
 		  %% Else (password nonvalid in Mnesia), check in extauth and cache result
 		  false ->
-		      check_password_external_cache(User, Server, Password)
+		      check_password_external_cache(User, AuthzId, Server, Password)
 		end;
 	    %% Else (need to refresh), check in extauth and cache result
 	    false ->
-		check_password_external_cache(User, Server, Password)
+		check_password_external_cache(User, AuthzId, Server, Password)
 	  end
    end.

-get_password_internal(User, Server) ->
-    ejabberd_auth_internal:get_password(User, Server).
+get_password_mnesia(User, Server) ->
+    ejabberd_auth_mnesia:get_password(User, Server).

-%% @spec (User, Server, CacheTime) -> false | Password::string()
+-spec get_password_cache(User::binary(), Server::binary(), CacheTime::integer()) -> Password::string() | false.
 get_password_cache(User, Server, CacheTime) ->
    case get_last_access(User, Server) of
-      online -> get_password_internal(User, Server);
+      online -> get_password_mnesia(User, Server);
      never -> false;
      mod_last_required ->
 	  ?ERROR_MSG("extauth is used, extauth_cache is enabled "
@@ -235,16 +241,16 @@ get_password_cache(User, Server, CacheTime) ->
 	  false;
      TimeStamp ->
 	  case is_fresh_enough(TimeStamp, CacheTime) of
-	    true -> get_password_internal(User, Server);
+	    true -> get_password_mnesia(User, Server);
 	    false -> false
 	  end
    end.

 %% Check the password using extauth; if success then cache it
-check_password_external_cache(User, Server, Password) ->
-    case check_password_extauth(User, Server, Password) of
+check_password_external_cache(User, AuthzId, Server, Password) ->
+    case check_password_extauth(User, AuthzId, Server, Password) of
      true ->
-	  set_password_internal(User, Server, Password), true;
+	  set_password_mnesia(User, Server, Password), true;
      false -> false
    end.

@@ -252,31 +258,31 @@ check_password_external_cache(User, Server, Password) ->
 try_register_external_cache(User, Server, Password) ->
    case try_register_extauth(User, Server, Password) of
      {atomic, ok} = R ->
-	  set_password_internal(User, Server, Password), R;
+	  set_password_mnesia(User, Server, Password), R;
      _ -> {error, not_allowed}
    end.

-%% @spec (User, Server, Password) -> true | false
-check_password_internal(User, Server, Password) ->
-    ejabberd_auth_internal:check_password(User, Server,
+%% @spec (User, AuthzId, Server, Password) -> true | false
+check_password_mnesia(User, AuthzId, Server, Password) ->
+    ejabberd_auth_mnesia:check_password(User, AuthzId, Server,
 					  Password).

 %% @spec (User, Server, Password) -> ok | {error, invalid_jid}
-set_password_internal(User, Server, Password) ->
+set_password_mnesia(User, Server, Password) ->
 %% @spec (TimeLast, CacheTime) -> true | false
 %%       TimeLast = online | never | integer()
 %%       CacheTime = integer() | false
-    ejabberd_auth_internal:set_password(User, Server,
+    ejabberd_auth_mnesia:set_password(User, Server,
 					Password).

 is_fresh_enough(TimeStampLast, CacheTime) ->
    Now = p1_time_compat:system_time(seconds),
    TimeStampLast + CacheTime > Now.

-%% @spec (User, Server) -> online | never | mod_last_required | TimeStamp::integer()
 %% Code copied from mod_configure.erl
 %% Code copied from web/ejabberd_web_admin.erl
 %% TODO: Update time format to XEP-0202: Entity Time
+-spec(get_last_access(User::binary(), Server::binary()) -> (online | never | mod_last_required | integer())).
 get_last_access(User, Server) ->
    case ejabberd_sm:get_user_resources(User, Server) of
      [] ->
@@ -37,7 +37,7 @@
 	 handle_cast/2, terminate/2, code_change/3]).

 -export([start/1, stop/1, start_link/1, set_password/3,
-	 check_password/3, check_password/5, try_register/3,
+	 check_password/4, check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -116,19 +116,22 @@ plain_password_required() -> true.

 store_type() -> external.

-check_password(User, Server, Password) ->
-    if Password == <<"">> -> false;
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
       true ->
-	   case catch check_password_ldap(User, Server, Password)
-	       of
-	     {'EXIT', _} -> false;
-	     Result -> Result
-	   end
+	    if Password == <<"">> -> false;
+	       true ->
+		    case catch check_password_ldap(User, Server, Password) of
+		      {'EXIT', _} -> false;
+		      Result -> Result
+		    end
+	    end
    end.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

 set_password(User, Server, Password) ->
    {ok, State} = eldap_utils:get_state(Server, ?MODULE),
@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_internal.erl
+%%% File    : ejabberd_auth_mnesia.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via mnesia
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_auth_internal).
+-module(ejabberd_auth_mnesia).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).

 -behaviour(ejabberd_config).

@@ -31,8 +33,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -43,6 +45,7 @@

 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                 password = <<"">> :: binary() | scram() | '_'}).
@@ -86,45 +89,50 @@ store_type() ->
      true -> scram %% allows: PLAIN SCRAM
    end.

-check_password(User, Server, Password) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Password}]
-	  when is_binary(Password) ->
-	  Password /= <<"">>;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  is_password_scram_valid(Password, Scram);
-      _ -> false
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Password}] when is_binary(Password) ->
+		  Password /= <<"">>;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  is_password_scram_valid(Password, Scram);
+	      _ -> false
+	    end
    end.

-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Passwd}] when is_binary(Passwd) ->
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  Passwd = jlib:decode_base64(Scram#scram.storedkey),
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      _ -> false
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Passwd}] when is_binary(Passwd) ->
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  Passwd = jlib:decode_base64(Scram#scram.storedkey),
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      _ -> false
+	    end
    end.

 %% @spec (User::string(), Server::string(), Password::string()) ->
@@ -465,12 +473,22 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
    [{passwd,
      fun(Host, #passwd{us = {LUser, LServer}, password = Password})
+            when LServer == Host,
+                 is_binary(Password) ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
+         (Host, #passwd{us = {LUser, LServer}, password = #scram{} = Scram})
            when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+              StoredKey = Scram#scram.storedkey,
+              ServerKey = Scram#scram.serverkey,
+              Salt = Scram#scram.salt,
+              IterationCount = Scram#scram.iterationcount,
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password, serverkey, salt, "
+                    "iterationcount) "
+                    "values (%(LUser)s, %(StoredKey)s, %(ServerKey)s,"
+                    " %(Salt)s, %(IterationCount)d);")];
         (_Host, _R) ->
              []
      end}].
@@ -30,8 +30,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -46,11 +46,14 @@ start(_Host) ->
 set_password(_User, _Server, _Password) ->
    {error, not_allowed}.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

-check_password(User, Host, Password) ->
+check_password(User, AuthzId, Host, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
    Service = get_pam_service(Host),
    UserInfo = case get_pam_userinfotype(Host) of
 		 username -> User;
@@ -61,6 +64,7 @@ check_password(User, Host, Password) ->
 	of
      true -> true;
      _ -> false
+        end
    end.

 try_register(_User, _Server, _Password) ->
@@ -25,13 +25,15 @@

 -module(ejabberd_auth_riak).

+-compile([{parse_transform, ejabberd_sql_pt}]).
+
 -author('alexey@process-one.net').

 -behaviour(ejabberd_auth).

 %% External exports
-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -42,6 +44,7 @@
 -export([passwd_schema/0]).

 -include("ejabberd.hrl").
+-include("ejabberd_sql_pt.hrl").

 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                 password = <<"">> :: binary() | scram() | '_'}).
@@ -66,9 +69,12 @@ store_type() ->
 passwd_schema() ->
    {record_info(fields, passwd), #passwd{}}.

-check_password(User, Server, Password) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LUser = jid:nodeprep(User),
+        LServer = jid:nameprep(Server),
    case ejabberd_riak:get(passwd, passwd_schema(), {LUser, LServer}) of
        {ok, #passwd{password = Password}} when is_binary(Password) ->
            Password /= <<"">>;
@@ -76,12 +82,16 @@ check_password(User, Server, Password) ->
            is_password_scram_valid(Password, Scram);
        _ ->
            false
+        end
    end.

-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LUser = jid:nodeprep(User),
+        LServer = jid:nameprep(Server),
    case ejabberd_riak:get(passwd, passwd_schema(), {LUser, LServer}) of
      {ok, #passwd{password = Passwd}} when is_binary(Passwd) ->
 	  DigRes = if Digest /= <<"">> ->
@@ -102,6 +112,7 @@ check_password(User, Server, Password, Digest,
 	     true -> (Passwd == Password) and (Password /= <<"">>)
 	  end;
      _ -> false
+        end
    end.

 set_password(User, Server, Password) ->
@@ -282,12 +293,10 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
    [{passwd,
      fun(Host, #passwd{us = {LUser, LServer}, password = Password})
-            when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+         when LServer == Host ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
         (_Host, _R) ->
              []
      end}].
@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_odbc.erl
+%%% File    : ejabberd_auth_sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via ODBC
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_auth_odbc).
+-module(ejabberd_auth_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).

 -behaviour(ejabberd_config).

@@ -31,8 +33,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -43,6 +45,7 @@

 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -define(SALT_LENGTH, 16).

@@ -63,31 +66,30 @@ store_type() ->
      true -> scram %% allows: PLAIN SCRAM
    end.

-%% @spec (User, Server, Password) -> true | false | {error, Error}
-check_password(User, Server, Password) ->
-    LServer = jid:nameprep(Server),
-    LUser = jid:nodeprep(User),
+%% @spec (User, AuthzId, Server, Password) -> true | false | {error, Error}
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LServer = jid:nameprep(Server),
+        LUser = jid:nodeprep(User),
    if (LUser == error) or (LServer == error) ->
            false;
       (LUser == <<>>) or (LServer == <<>>) ->
            false;
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
-                    try odbc_queries:get_password_scram(LServer, Username) of
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>],
-                         [[StoredKey, ServerKey, Salt, IterationCount]]} ->
+                    try sql_queries:get_password_scram(LServer, LUser) of
+                        {selected,
+                         [{StoredKey, ServerKey, Salt, IterationCount}]} ->
                            Scram =
                                #scram{storedkey = StoredKey,
                                       serverkey = ServerKey,
                                       salt = Salt,
-                                       iterationcount = binary_to_integer(
-                                                          IterationCount)},
-                            is_password_scram_valid(Password, Scram);
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>], []} ->
+                                       iterationcount = IterationCount},
+                            is_password_scram_valid_stored(Password, Scram, LUser, LServer);
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -96,12 +98,12 @@ check_password(User, Server, Password) ->
                            false %% Typical error is database not accessible
                    end;
                false ->
-                    try odbc_queries:get_password(LServer, Username) of
-                        {selected, [<<"password">>], [[Password]]} ->
+                    try sql_queries:get_password(LServer, LUser) of
+                        {selected, [{Password}]} ->
                            Password /= <<"">>;
-                        {selected, [<<"password">>], [[_Password2]]} ->
+                        {selected, [{_Password2}]} ->
                            false; %% Password is not correct
-                        {selected, [<<"password">>], []} ->
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -110,13 +112,17 @@ check_password(User, Server, Password) ->
                            false %% Typical error is database not accessible
                    end
            end
+        end
    end.

-%% @spec (User, Server, Password, Digest, DigestGen) -> true | false | {error, Error}
-check_password(User, Server, Password, Digest,
+%% @spec (User, AuthzId, Server, Password, Digest, DigestGen) -> true | false | {error, Error}
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LServer = jid:nameprep(Server),
-    LUser = jid:nodeprep(User),
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LServer = jid:nameprep(Server),
+        LUser = jid:nodeprep(User),
    if (LUser == error) or (LServer == error) ->
            false;
       (LUser == <<>>) or (LServer == <<>>) ->
@@ -124,10 +130,9 @@ check_password(User, Server, Password, Digest,
       true ->
            case is_scrammed() of
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    try odbc_queries:get_password(LServer, Username) of
+                    try sql_queries:get_password(LServer, LUser) of
                        %% Account exists, check if password is valid
-                        {selected, [<<"password">>], [[Passwd]]} ->
+                        {selected, [{Passwd}]} ->
                            DigRes = if Digest /= <<"">> ->
                                             Digest == DigestGen(Passwd);
                                        true -> false
@@ -135,7 +140,7 @@ check_password(User, Server, Password, Digest,
                            if DigRes -> true;
                               true -> (Passwd == Password) and (Password /= <<"">>)
                            end;
-                        {selected, [<<"password">>], []} ->
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -146,6 +151,7 @@ check_password(User, Server, Password, Digest,
                true ->
                    false
            end
+        end
    end.

 %% @spec (User::string(), Server::string(), Password::string()) ->
@@ -158,26 +164,24 @@ set_password(User, Server, Password) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            {error, invalid_jid};
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
                    Scram = password_to_scram(Password),
-                    case catch odbc_queries:set_password_scram_t(
+                    case catch sql_queries:set_password_scram_t(
                                 LServer,
-                                 Username,
-                                 ejabberd_odbc:escape(Scram#scram.storedkey),
-                                 ejabberd_odbc:escape(Scram#scram.serverkey),
-                                 ejabberd_odbc:escape(Scram#scram.salt),
-                                 integer_to_binary(Scram#scram.iterationcount)
+                                 LUser,
+                                 Scram#scram.storedkey,
+                                 Scram#scram.serverkey,
+                                 Scram#scram.salt,
+                                 Scram#scram.iterationcount
                                )
                        of
                        {atomic, ok} -> ok;
                        Other -> {error, Other}
                    end;
                false ->
-                    Pass = ejabberd_odbc:escape(Password),
-                    case catch odbc_queries:set_password_t(LServer,
-                                                           Username, Pass)
+                    case catch sql_queries:set_password_t(LServer,
+                                                           LUser, Password)
                        of
                        {atomic, ok} -> ok;
                        Other -> {error, Other}
@@ -194,26 +198,23 @@ try_register(User, Server, Password) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            {error, invalid_jid};
       true ->
-	  Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
                    Scram = password_to_scram(Password),
-                    case catch odbc_queries:add_user_scram(
+                    case catch sql_queries:add_user_scram(
                                 LServer,
-                                 Username,
-                                 ejabberd_odbc:escape(Scram#scram.storedkey),
-                                 ejabberd_odbc:escape(Scram#scram.serverkey),
-                                 ejabberd_odbc:escape(Scram#scram.salt),
-                                 integer_to_binary(Scram#scram.iterationcount)
+                                 LUser,
+                                 Scram#scram.storedkey,
+                                 Scram#scram.serverkey,
+                                 Scram#scram.salt,
+                                 Scram#scram.iterationcount
                                ) of
                        {updated, 1} -> {atomic, ok};
                        _ -> {atomic, exists}
                    end;
                false ->
-                    Pass = ejabberd_odbc:escape(Password),
-                    case catch odbc_queries:add_user(LServer, Username,
-                                                     Pass)
-                        of
+                    case catch sql_queries:add_user(LServer, LUser,
+                                                     Password) of
                        {updated, 1} -> {atomic, ok};
                        _ -> {atomic, exists}
                    end
@@ -221,42 +222,58 @@ try_register(User, Server, Password) ->
    end.

 dirty_get_registered_users() ->
-    Servers = ejabberd_config:get_vh_by_auth_method(odbc),
+    Servers = ejabberd_config:get_vh_by_auth_method(sql),
    lists:flatmap(fun (Server) ->
 			  get_vh_registered_users(Server)
 		  end,
 		  Servers).

 get_vh_registered_users(Server) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:list_users(LServer) of
-      {selected, [<<"username">>], Res} ->
-	  [{U, LServer} || [U] <- Res];
-      _ -> []
+    case jid:nameprep(Server) of
+        error -> [];
+        <<>> -> [];
+        LServer ->
+            case catch sql_queries:list_users(LServer) of
+                {selected, Res} ->
+                    [{U, LServer} || {U} <- Res];
+                _ -> []
+            end
    end.

 get_vh_registered_users(Server, Opts) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:list_users(LServer, Opts) of
-      {selected, [<<"username">>], Res} ->
-	  [{U, LServer} || [U] <- Res];
-      _ -> []
+    case jid:nameprep(Server) of
+        error -> [];
+        <<>> -> [];
+        LServer ->
+            case catch sql_queries:list_users(LServer, Opts) of
+                {selected, Res} ->
+                    [{U, LServer} || {U} <- Res];
+                _ -> []
+            end
    end.

 get_vh_registered_users_number(Server) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:users_number(LServer) of
-      {selected, [_], [[Res]]} ->
-	  jlib:binary_to_integer(Res);
-      _ -> 0
+    case jid:nameprep(Server) of
+        error -> 0;
+        <<>> -> 0;
+        LServer ->
+            case catch sql_queries:users_number(LServer) of
+                {selected, [{Res}]} ->
+                    Res;
+                _ -> 0
+            end
    end.

 get_vh_registered_users_number(Server, Opts) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:users_number(LServer, Opts) of
-      {selected, [_], [[Res]]} ->
-	  jlib:binary_to_integer(Res);
-      _Other -> 0
+    case jid:nameprep(Server) of
+        error -> 0;
+        <<>> -> 0;
+        LServer ->
+            case catch sql_queries:users_number(LServer, Opts) of
+                {selected, [{Res}]} ->
+                    Res;
+                _Other -> 0
+            end
    end.

 get_password(User, Server) ->
@@ -267,24 +284,22 @@ get_password(User, Server) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            false;
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
-                    case catch odbc_queries:get_password_scram(
-                                 LServer, Username) of
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>],
-                         [[StoredKey, ServerKey, Salt, IterationCount]]} ->
+                    case catch sql_queries:get_password_scram(
+                                 LServer, LUser) of
+                        {selected,
+                         [{StoredKey, ServerKey, Salt, IterationCount}]} ->
                            {jlib:decode_base64(StoredKey),
                             jlib:decode_base64(ServerKey),
                             jlib:decode_base64(Salt),
-                             binary_to_integer(IterationCount)};
+                             IterationCount};
                        _ -> false
                    end;
                false ->
-                    case catch odbc_queries:get_password(LServer, Username)
+                    case catch sql_queries:get_password(LServer, LUser)
                        of
-                        {selected, [<<"password">>], [[Password]]} -> Password;
+                        {selected, [{Password}]} -> Password;
                        _ -> false
                    end
            end
@@ -300,9 +315,8 @@ get_password_s(User, Server) ->
       true ->
            case is_scrammed() of
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    case catch odbc_queries:get_password(LServer, Username) of
-                        {selected, [<<"password">>], [[Password]]} -> Password;
+                    case catch sql_queries:get_password(LServer, LUser) of
+                        {selected, [{Password}]} -> Password;
                        _ -> <<"">>
                    end;
                true -> <<"">>
@@ -311,15 +325,17 @@ get_password_s(User, Server) ->

 %% @spec (User, Server) -> true | false | {error, Error}
 is_user_exists(User, Server) ->
-    case jid:nodeprep(User) of
-      error -> false;
-      LUser ->
-	  Username = ejabberd_odbc:escape(LUser),
-	  LServer = jid:nameprep(Server),
-	  try odbc_queries:get_password(LServer, Username) of
-	    {selected, [<<"password">>], [[_Password]]} ->
+    LServer = jid:nameprep(Server),
+    LUser = jid:nodeprep(User),
+    if (LUser == error) or (LServer == error) ->
+            false;
+       (LUser == <<>>) or (LServer == <<>>) ->
+            false;
+       true ->
+	  try sql_queries:get_password(LServer, LUser) of
+	    {selected, [{_Password}]} ->
 		true; %% Account exists
-	    {selected, [<<"password">>], []} ->
+	    {selected, []} ->
 		false; %% Account does not exist
 	    {error, Error} -> {error, Error}
 	  catch
@@ -331,12 +347,14 @@ is_user_exists(User, Server) ->
 %% @doc Remove user.
 %% Note: it may return ok even if there was some problem removing the user.
 remove_user(User, Server) ->
-    case jid:nodeprep(User) of
-      error -> error;
-      LUser ->
-	  Username = ejabberd_odbc:escape(LUser),
-	  LServer = jid:nameprep(Server),
-	  catch odbc_queries:del_user(LServer, Username),
+    LServer = jid:nameprep(Server),
+    LUser = jid:nodeprep(User),
+    if (LUser == error) or (LServer == error) ->
+            error;
+       (LUser == <<>>) or (LServer == <<>>) ->
+            error;
+       true ->
+	  catch sql_queries:del_user(LServer, LUser),
 	  ok
    end.

@@ -352,27 +370,23 @@ remove_user(User, Server, Password) ->
       true ->
            case is_scrammed() of
                true ->
-                    case check_password(User, Server, Password) of
+                    case check_password(User, <<"">>, Server, Password) of
                        true ->
                            remove_user(User, Server),
                            ok;
                        false -> not_allowed
                    end;
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    Pass = ejabberd_odbc:escape(Password),
                    F = fun () ->
-                                Result = odbc_queries:del_user_return_password(
-                                           LServer, Username, Pass),
+                                Result = sql_queries:del_user_return_password(
+                                           LServer, LUser, Password),
                                case Result of
-                                    {selected, [<<"password">>],
-                                     [[Password]]} -> ok;
-                                    {selected, [<<"password">>],
-                                     []} -> not_exists;
+                                    {selected, [{Password}]} -> ok;
+                                    {selected, []} -> not_exists;
                                    _ -> not_allowed
                                end
                        end,
-                    {atomic, Result} = odbc_queries:sql_transaction(
+                    {atomic, Result} = sql_queries:sql_transaction(
                                         LServer, F),
                    Result
            end
@@ -403,6 +417,15 @@ password_to_scram(Password, IterationCount) ->
 	   salt = jlib:encode_base64(Salt),
 	   iterationcount = IterationCount}.

+is_password_scram_valid_stored(Pass, {scram,Pass,<<>>,<<>>,0}, LUser, LServer) ->
+    ?INFO_MSG("Apparently, SQL auth method and scram password formatting are "
+	"enabled, but the password of user '~s' in the 'users' table is not "
+	"scrammed. You may want to execute this command: "
+	"ejabberdctl convert_to_scram ~s", [LUser, LServer]),
+    false;
+is_password_scram_valid_stored(Password, Scram, _, _) ->
+    is_password_scram_valid(Password, Scram).
+
 is_password_scram_valid(Password, Scram) ->
    IterationCount = Scram#scram.iterationcount,
    Salt = jlib:decode_base64(Scram#scram.salt),
@@ -414,19 +437,15 @@ is_password_scram_valid(Password, Scram) ->

 -define(BATCH_SIZE, 1000).

-set_password_scram_t(Username,
+set_password_scram_t(LUser,
                     StoredKey, ServerKey, Salt, IterationCount) ->
-    odbc_queries:update_t(<<"users">>,
-                          [<<"username">>,
-                           <<"password">>,
-                           <<"serverkey">>,
-                           <<"salt">>,
-                           <<"iterationcount">>],
-                          [Username, StoredKey,
-                           ServerKey, Salt,
-                           IterationCount],
-                          [<<"username='">>, Username,
-                           <<"'">>]).
+    ?SQL_UPSERT_T(
+       "users",
+       ["!username=%(LUser)s",
+        "password=%(StoredKey)s",
+        "serverkey=%(ServerKey)s",
+        "salt=%(Salt)s",
+        "iterationcount=%(IterationCount)d"]).

 convert_to_scram(Server) ->
    LServer = jid:nameprep(Server),
@@ -436,31 +455,31 @@ convert_to_scram(Server) ->
            {error, {incorrect_server_name, Server}};
        true ->
            F = fun () ->
-                        case ejabberd_odbc:sql_query_t(
-                               [<<"select username, password from users where "
-                                 "iterationcount=0 limit ">>,
-                                integer_to_binary(?BATCH_SIZE),
-                                <<";">>]) of
-                            {selected, [<<"username">>, <<"password">>], []} ->
+                        BatchSize = ?BATCH_SIZE,
+                        case ejabberd_sql:sql_query_t(
+                               ?SQL("select @(username)s, @(password)s"
+                                    " from users"
+                                    " where iterationcount=0"
+                                    " limit %(BatchSize)d")) of
+                            {selected, []} ->
                                ok;
-                            {selected, [<<"username">>, <<"password">>], Rs} ->
+                            {selected, Rs} ->
                                lists:foreach(
-                                  fun([LUser, Password]) ->
-                                          Username = ejabberd_odbc:escape(LUser),
+                                  fun({LUser, Password}) ->
                                          Scram = password_to_scram(Password),
                                          set_password_scram_t(
-                                            Username,
-                                            ejabberd_odbc:escape(Scram#scram.storedkey),
-                                            ejabberd_odbc:escape(Scram#scram.serverkey),
-                                            ejabberd_odbc:escape(Scram#scram.salt),
-                                            integer_to_binary(Scram#scram.iterationcount)
+                                            LUser,
+                                            Scram#scram.storedkey,
+                                            Scram#scram.serverkey,
+                                            Scram#scram.salt,
+                                            Scram#scram.iterationcount
                                           )
                                  end, Rs),
                                continue;
                            Err -> {bad_reply, Err}
                        end
                end,
-            case odbc_queries:sql_transaction(LServer, F) of
+            case sql_queries:sql_transaction(LServer, F) of
                {atomic, ok} -> ok;
                {atomic, continue} -> convert_to_scram(Server);
                {atomic, Error} -> {error, Error};
@@ -104,7 +104,6 @@
 		ip,
 		aux_fields = [],
 		csi_state = active,
-		csi_queue = [],
 		mgmt_state,
 		mgmt_xmlns,
 		mgmt_queue,
@@ -139,8 +138,8 @@
 -define(STREAM_HEADER,
 	<<"<?xml version='1.0'?><stream:stream "
 	  "xmlns='jabber:client' xmlns:stream='http://et"
-	  "herx.jabber.org/streams' id='~s' from='~s'~s~"
-	  "s>">>).
+	  "herx.jabber.org/streams' id='~s' from='~s'~s"
+	  "~s>">>).

 -define(STREAM_TRAILER, <<"</stream:stream>">>).

@@ -167,27 +166,32 @@
 	(Xmlns == ?NS_STREAM_MGMT_2) or
 	(Xmlns == ?NS_STREAM_MGMT_3)).

-define(MGMT_FAILED(Condition, Xmlns),
+-define(MGMT_FAILED(Condition, Attrs),
 	#xmlel{name = <<"failed">>,
-	       attrs = [{<<"xmlns">>, Xmlns}],
+	       attrs = Attrs,
 	       children = [#xmlel{name = Condition,
 				  attrs = [{<<"xmlns">>, ?NS_STANZAS}],
 				  children = []}]}).

 -define(MGMT_BAD_REQUEST(Xmlns),
-	?MGMT_FAILED(<<"bad-request">>, Xmlns)).
-
-define(MGMT_ITEM_NOT_FOUND(Xmlns),
-	?MGMT_FAILED(<<"item-not-found">>, Xmlns)).
+	?MGMT_FAILED(<<"bad-request">>, [{<<"xmlns">>, Xmlns}])).

 -define(MGMT_SERVICE_UNAVAILABLE(Xmlns),
-	?MGMT_FAILED(<<"service-unavailable">>, Xmlns)).
+	?MGMT_FAILED(<<"service-unavailable">>, [{<<"xmlns">>, Xmlns}])).

 -define(MGMT_UNEXPECTED_REQUEST(Xmlns),
-	?MGMT_FAILED(<<"unexpected-request">>, Xmlns)).
+	?MGMT_FAILED(<<"unexpected-request">>, [{<<"xmlns">>, Xmlns}])).

 -define(MGMT_UNSUPPORTED_VERSION(Xmlns),
-	?MGMT_FAILED(<<"unsupported-version">>, Xmlns)).
+	?MGMT_FAILED(<<"unsupported-version">>, [{<<"xmlns">>, Xmlns}])).
+
+-define(MGMT_ITEM_NOT_FOUND(Xmlns),
+	?MGMT_FAILED(<<"item-not-found">>, [{<<"xmlns">>, Xmlns}])).
+
+-define(MGMT_ITEM_NOT_FOUND_H(Xmlns, NumStanzasIn),
+	?MGMT_FAILED(<<"item-not-found">>,
+		     [{<<"xmlns">>, Xmlns},
+		      {<<"h">>, jlib:integer_to_binary(NumStanzasIn)}])).

 %%%----------------------------------------------------------------------
 %%% API
@@ -255,14 +259,10 @@ close(FsmRef) -> (?GEN_FSM):send_event(FsmRef, closed).
 %%%----------------------------------------------------------------------

 init([{SockMod, Socket}, Opts]) ->
-    Access = case lists:keysearch(access, 1, Opts) of
-	       {value, {_, A}} -> A;
-	       _ -> all
-	     end,
-    Shaper = case lists:keysearch(shaper, 1, Opts) of
-	       {value, {_, S}} -> S;
-	       _ -> none
-	     end,
+    Access = gen_mod:get_opt(access, Opts,
+			     fun acl:access_rules_validator/1, all),
+    Shaper = gen_mod:get_opt(shaper, Opts,
+			     fun acl:shaper_rules_validator/1, none),
    XMLSocket = case lists:keysearch(xml_socket, 1, Opts) of
 		  {value, {_, XS}} -> XS;
 		  _ -> false
@@ -327,7 +327,7 @@ init([{SockMod, Socket}, Opts]) ->
 		       xml_socket = XMLSocket, zlib = Zlib, tls = TLS,
 		       tls_required = StartTLSRequired,
 		       tls_enabled = TLSEnabled, tls_options = TLSOpts,
-		       sid = {p1_time_compat:timestamp(), self()}, streamid = new_id(),
+		       sid = ejabberd_sm:make_sid(), streamid = new_id(),
 		       access = Access, shaper = Shaper, ip = IP,
 		       mgmt_state = StreamMgmtState,
 		       mgmt_max_queue = MaxAckQueue,
@@ -364,11 +364,17 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
 		    %% avoid possible DoS/flood attacks
 		    <<"">>
 	    end,
+	    StreamVersion = case fxml:get_attr_s(<<"version">>, Attrs) of
+			      <<"1.0">> ->
+				  <<"1.0">>;
+			      _ ->
+				  <<"">>
+			  end,
 	    IsBlacklistedIP = is_ip_blacklisted(StateData#state.ip, Lang),
 	    case lists:member(Server, ?MYHOSTS) of
 		true when IsBlacklistedIP == false ->
 		    change_shaper(StateData, jid:make(<<"">>, Server, <<"">>)),
-		    case fxml:get_attr_s(<<"version">>, Attrs) of
+		    case StreamVersion of
 			<<"1.0">> ->
 			    send_header(StateData, Server, <<"1.0">>, DefaultLang),
 			    case StateData#state.authenticated of
@@ -382,13 +388,13 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
 						    ejabberd_auth:get_password_with_authmodule(
 							U, Server)
 					    end,
-					    fun (U, P) ->
+					  fun(U, AuthzId, P) ->
 						    ejabberd_auth:check_password_with_authmodule(
-							U, Server, P)
+						    U, AuthzId, Server, P)
 					    end,
-					    fun (U, P, D, DG) ->
+					  fun(U, AuthzId, P, D, DG) ->
 						    ejabberd_auth:check_password_with_authmodule(
-							U, Server, P, D, DG)
+						    U, AuthzId, Server, P, D, DG)
 					    end),
 				    Mechs =
 					case TLSEnabled or not TLSRequired of
@@ -522,7 +528,6 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
 				    send_element(StateData,
 					?POLICY_VIOLATION_ERR(Lang,
 					    <<"Use of STARTTLS required">>)),
-				    send_trailer(StateData),
 				    {stop, normal, StateData};
 				true ->
 				    fsm_next_state(wait_for_auth,
@@ -535,36 +540,30 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
 		    {true, LogReason, ReasonT} = IsBlacklistedIP,
 		    ?INFO_MSG("Connection attempt from blacklisted IP ~s: ~s",
 			[jlib:ip_to_list(IP), LogReason]),
-		    send_header(StateData, Server, <<"">>, DefaultLang),
+		    send_header(StateData, Server, StreamVersion, DefaultLang),
 		    send_element(StateData, ?POLICY_VIOLATION_ERR(Lang, ReasonT)),
-		    send_trailer(StateData),
 		    {stop, normal, StateData};
 		_ ->
-		    send_header(StateData, ?MYNAME, <<"">>, DefaultLang),
+		    send_header(StateData, ?MYNAME, StreamVersion, DefaultLang),
 		    send_element(StateData, ?HOST_UNKNOWN_ERR),
-		    send_trailer(StateData),
 		    {stop, normal, StateData}
 	    end;
 	_ ->
 	    send_header(StateData, ?MYNAME, <<"">>, DefaultLang),
 	    send_element(StateData, ?INVALID_NS_ERR),
-	    send_trailer(StateData),
 	    {stop, normal, StateData}
    end;
 wait_for_stream(timeout, StateData) ->
    {stop, normal, StateData};
 wait_for_stream({xmlstreamelement, _}, StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_stream({xmlstreamend, _}, StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_stream({xmlstreamerror, _}, StateData) ->
    send_header(StateData, ?MYNAME, <<"1.0">>, <<"">>),
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_stream(closed, StateData) ->
    {stop, normal, StateData};
@@ -619,22 +618,23 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 	    send_element(StateData, Res),
 	    fsm_next_state(wait_for_auth, StateData);
 	{auth, _ID, set, {_U, _P, _D, <<"">>}} ->
-	    Err = jlib:make_error_reply(El,
-		    ?ERR_AUTH_NO_RESOURCE_PROVIDED((StateData#state.lang))),
+	    Lang = StateData#state.lang,
+	    Txt = <<"No resource provided">>,
+	    Err = jlib:make_error_reply(El, ?ERRT_NOT_ACCEPTABLE(Lang, Txt)),
 	    send_element(StateData, Err),
 	    fsm_next_state(wait_for_auth, StateData);
 	{auth, _ID, set, {U, P, D, R}} ->
 	    JID = jid:make(U, StateData#state.server, R),
 	    case JID /= error andalso
-		acl:match_rule(StateData#state.server,
-		    StateData#state.access, JID)
-		== allow
+		acl:access_matches(StateData#state.access,
+				   #{usr => jid:split(JID), ip => StateData#state.ip},
+				   StateData#state.server) == allow
 	    of
 		true ->
 		    DGen = fun (PW) ->
 			    p1_sha:sha(<<(StateData#state.streamid)/binary, PW/binary>>)
 		    end,
-		    case ejabberd_auth:check_password_with_authmodule(U,
+		case ejabberd_auth:check_password_with_authmodule(U, U,
 			    StateData#state.server,
 			    P, D, DGen)
 		    of
@@ -685,7 +685,10 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 			    ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				[false, U, StateData#state.server,
 				    StateData#state.ip]),
-			    Err = jlib:make_error_reply(El, ?ERR_NOT_AUTHORIZED),
+			    Lang = StateData#state.lang,
+			    Txt = <<"Legacy authentication failed">>,
+			    Err = jlib:make_error_reply(
+				    El, ?ERRT_NOT_AUTHORIZED(Lang, Txt)),
 			    send_element(StateData, Err),
 			    fsm_next_state(wait_for_auth, StateData)
 		    end;
@@ -706,7 +709,9 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 			    ejabberd_hooks:run(c2s_auth_result, StateData#state.server,
 				[false, U, StateData#state.server,
 				    StateData#state.ip]),
-			    Err = jlib:make_error_reply(El, ?ERR_NOT_ALLOWED),
+			    Lang = StateData#state.lang,
+			    Txt = <<"Legacy authentication forbidden">>,
+			    Err = jlib:make_error_reply(El, ?ERRT_NOT_ALLOWED(Lang, Txt)),
 			    send_element(StateData, Err),
 			    fsm_next_state(wait_for_auth, StateData)
 		    end
@@ -718,10 +723,9 @@ wait_for_auth({xmlstreamelement, El}, StateData) ->
 wait_for_auth(timeout, StateData) ->
    {stop, normal, StateData};
 wait_for_auth({xmlstreamend, _Name}, StateData) ->
-    send_trailer(StateData), {stop, normal, StateData};
+    {stop, normal, StateData};
 wait_for_auth({xmlstreamerror, _}, StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_auth(closed, StateData) ->
    {stop, normal, StateData};
@@ -752,9 +756,7 @@ wait_for_feature_request({xmlstreamelement, El},
 	      of
 	    {ok, Props} ->
 		(StateData#state.sockmod):reset_stream(StateData#state.socket),
-		%U = fxml:get_attr_s(username, Props),
-		U = proplists:get_value(username, Props, <<>>),
-		%AuthModule = fxml:get_attr_s(auth_module, Props),
+		U = identity(Props),
 		AuthModule = proplists:get_value(auth_module, Props, undefined),
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
@@ -839,7 +841,6 @@ wait_for_feature_request({xmlstreamelement, El},
 		 send_element(StateData,
 			      ?POLICY_VIOLATION_ERR(Lang,
 						    <<"Use of STARTTLS required">>)),
-		 send_trailer(StateData),
 		 {stop, normal, StateData};
 	     true ->
 		 process_unauthenticated_stanza(StateData, El),
@@ -850,11 +851,10 @@ wait_for_feature_request(timeout, StateData) ->
    {stop, normal, StateData};
 wait_for_feature_request({xmlstreamend, _Name},
 			 StateData) ->
-    send_trailer(StateData), {stop, normal, StateData};
+    {stop, normal, StateData};
 wait_for_feature_request({xmlstreamerror, _},
 			 StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_feature_request(closed, StateData) ->
    {stop, normal, StateData};
@@ -876,9 +876,7 @@ wait_for_sasl_response({xmlstreamelement, El},
 	    {ok, Props} ->
 		catch
 		  (StateData#state.sockmod):reset_stream(StateData#state.socket),
-%		U = fxml:get_attr_s(username, Props),
-		U = proplists:get_value(username, Props, <<>>),
-%		AuthModule = fxml:get_attr_s(auth_module, Props),
+		U = identity(Props),
 		AuthModule = proplists:get_value(auth_module, Props, <<>>),
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
@@ -899,9 +897,7 @@ wait_for_sasl_response({xmlstreamelement, El},
 						user = U});
 	    {ok, Props, ServerOut} ->
 		(StateData#state.sockmod):reset_stream(StateData#state.socket),
-%		U = fxml:get_attr_s(username, Props),
-		U = proplists:get_value(username, Props, <<>>),
-%		AuthModule = fxml:get_attr_s(auth_module, Props),
+		U = identity(Props),
 		AuthModule = proplists:get_value(auth_module, Props, undefined),
 		?INFO_MSG("(~w) Accepted authentication for ~s "
 			  "by ~p from ~s",
@@ -963,11 +959,10 @@ wait_for_sasl_response(timeout, StateData) ->
    {stop, normal, StateData};
 wait_for_sasl_response({xmlstreamend, _Name},
 		       StateData) ->
-    send_trailer(StateData), {stop, normal, StateData};
+    {stop, normal, StateData};
 wait_for_sasl_response({xmlstreamerror, _},
 		       StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_sasl_response(closed, StateData) ->
    {stop, normal, StateData};
@@ -999,7 +994,7 @@ resource_conflict_action(U, S, R) ->
      acceptnew -> {accept_resource, R};
      closenew -> closenew;
      setresource ->
-	  Rnew = iolist_to_binary([randoms:get_string(),randoms:get_string(),randoms:get_string()]),
+	  Rnew = new_uniq_id(),
 	  {accept_resource, Rnew}
    end.

@@ -1019,20 +1014,20 @@ wait_for_bind({xmlstreamelement, #xmlel{name = Name, attrs = Attrs} = El},
    end;
 wait_for_bind({xmlstreamelement, El}, StateData) ->
    case jlib:iq_query_info(El) of
-      #iq{type = set, xmlns = ?NS_BIND, sub_el = SubEl} =
+      #iq{type = set, lang = Lang, xmlns = ?NS_BIND, sub_el = SubEl} =
 	  IQ ->
 	  U = StateData#state.user,
 	  R1 = fxml:get_path_s(SubEl,
 			      [{elem, <<"resource">>}, cdata]),
 	  R = case jid:resourceprep(R1) of
 		error -> error;
-		<<"">> ->
-                      iolist_to_binary([randoms:get_string(),randoms:get_string(),randoms:get_string()]);
+		<<"">> -> new_uniq_id();
 		Resource -> Resource
 	      end,
 	  case R of
 	    error ->
-		Err = jlib:make_error_reply(El, ?ERR_BAD_REQUEST),
+		Txt = <<"Malformed resource">>,
+		Err = jlib:make_error_reply(El, ?ERRT_BAD_REQUEST(Lang, Txt)),
 		send_element(StateData, Err),
 		fsm_next_state(wait_for_bind, StateData);
 	    _ ->
@@ -1064,7 +1059,11 @@ wait_for_bind({xmlstreamelement, El}, StateData) ->
                                                      children =
                                                      [{xmlcdata,
                                                        jid:to_string(JID)}]}]}]},
-                                send_element(StateData3, jlib:iq_to_xml(Res)),
+				try
+				    send_element(StateData3, jlib:iq_to_xml(Res))
+				catch exit:normal ->
+					close(self())
+				end,
                                fsm_next_state_pack(
                                  session_established,
                                  StateData3);
@@ -1092,10 +1091,9 @@ wait_for_bind({xmlstreamelement, El}, StateData) ->
 wait_for_bind(timeout, StateData) ->
    {stop, normal, StateData};
 wait_for_bind({xmlstreamend, _Name}, StateData) ->
-    send_trailer(StateData), {stop, normal, StateData};
+    {stop, normal, StateData};
 wait_for_bind({xmlstreamerror, _}, StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 wait_for_bind(closed, StateData) ->
    {stop, normal, StateData};
@@ -1106,8 +1104,11 @@ open_session(StateData) ->
    U = StateData#state.user,
    R = StateData#state.resource,
    JID = StateData#state.jid,
-    case acl:match_rule(StateData#state.server,
-                        StateData#state.access, JID) of
+    Lang = StateData#state.lang,
+    IP = StateData#state.ip,
+    case acl:access_matches(StateData#state.access,
+			    #{usr => jid:split(JID), ip => IP},
+			    StateData#state.server) of
        allow ->
            ?INFO_MSG("(~w) Opened session for ~s",
                      [StateData#state.socket, jid:to_string(JID)]),
@@ -1143,7 +1144,8 @@ open_session(StateData) ->
                               StateData#state.server, [JID]),
            ?INFO_MSG("(~w) Forbidden session for ~s",
                      [StateData#state.socket, jid:to_string(JID)]),
-            {error, ?ERR_NOT_ALLOWED}
+	    Txt = <<"Denied by ACL">>,
+            {error, ?ERRT_NOT_ALLOWED(Lang, Txt)}
    end.

 session_established({xmlstreamelement, #xmlel{name = Name} = El}, StateData)
@@ -1153,7 +1155,7 @@ session_established({xmlstreamelement,
 		     #xmlel{name = <<"active">>,
 			    attrs = [{<<"xmlns">>, ?NS_CLIENT_STATE}]}},
 		    StateData) ->
-    NewStateData = csi_queue_flush(StateData),
+    NewStateData = csi_flush_queue(StateData),
    fsm_next_state(session_established, NewStateData#state{csi_state = active});
 session_established({xmlstreamelement,
 		     #xmlel{name = <<"inactive">>,
@@ -1166,7 +1168,6 @@ session_established({xmlstreamelement, El},
    case check_from(El, FromJID) of
 	'invalid-from' ->
 	    send_element(StateData, ?INVALID_FROM),
-	    send_trailer(StateData),
 	    {stop, normal, StateData};
 	_NewEl ->
 	    session_established2(El, StateData)
@@ -1179,17 +1180,15 @@ session_established(timeout, StateData) ->
 		       [?MODULE, Options, session_established, StateData]),
    fsm_next_state(session_established, StateData);
 session_established({xmlstreamend, _Name}, StateData) ->
-    send_trailer(StateData), {stop, normal, StateData};
+    {stop, normal, StateData};
 session_established({xmlstreamerror,
 		     <<"XML stanza is too big">> = E},
 		    StateData) ->
    send_element(StateData,
 		 ?POLICY_VIOLATION_ERR((StateData#state.lang), E)),
-    send_trailer(StateData),
    {stop, normal, StateData};
 session_established({xmlstreamerror, _}, StateData) ->
    send_element(StateData, ?INVALID_XML_ERR),
-    send_trailer(StateData),
    {stop, normal, StateData};
 session_established(closed, #state{mgmt_state = active} = StateData) ->
    catch (StateData#state.sockmod):close(StateData#state.socket),
@@ -1290,7 +1289,7 @@ wait_for_resume({xmlstreamelement, _El} = Event, StateData) ->
 wait_for_resume(timeout, StateData) ->
    ?DEBUG("Timed out waiting for resumption of stream for ~s",
 	   [jid:to_string(StateData#state.jid)]),
-    {stop, normal, StateData};
+    {stop, normal, StateData#state{mgmt_state = timeout}};
 wait_for_resume(Event, StateData) ->
    ?DEBUG("Ignoring event while waiting for resumption: ~p", [Event]),
    fsm_next_state(wait_for_resume, StateData).
@@ -1344,7 +1343,6 @@ handle_info(kick, StateName, StateData) ->
    handle_info({kick, kicked_by_admin, Xmlelement}, StateName, StateData);
 handle_info({kick, Reason, Xmlelement}, _StateName, StateData) ->
    send_element(StateData, Xmlelement),
-    send_trailer(StateData),
    {stop, normal,
     StateData#state{authenticated = Reason}};
 handle_info({route, _From, _To, {broadcast, Data}},
@@ -1357,7 +1355,6 @@ handle_info({route, _From, _To, {broadcast, Data}},
        {exit, Reason} ->
            Lang = StateData#state.lang,
            send_element(StateData, ?SERRT_CONFLICT(Lang, Reason)),
-            catch send_trailer(StateData),
            {stop, normal, StateData};
        {privacy_list, PrivList, PrivListName} ->
            case ejabberd_hooks:run_fold(privacy_updated_list,
@@ -1578,6 +1575,12 @@ handle_info({route, From, To,
 							 {true, Attrs,
 							  StateData};
 						     deny ->
+							 Err =
+							     jlib:make_error_reply(Packet,
+										   ?ERR_SERVICE_UNAVAILABLE),
+							 ejabberd_router:route(To,
+									       From,
+									       Err),
 							 {false, Attrs,
 							  StateData}
 						   end;
@@ -1628,7 +1631,6 @@ handle_info({route, From, To,
                                                   <<"error">> -> ok;
                                                   <<"groupchat">> -> ok;
                                                   <<"headline">> -> ok;
-                                                   <<"result">> -> ok;
                                                   _ ->
                                                       Err =
                                                           jlib:make_error_reply(Packet,
@@ -1671,11 +1673,9 @@ handle_info(system_shutdown, StateName, StateData) ->
      wait_for_stream ->
 	  send_header(StateData, ?MYNAME, <<"1.0">>, <<"en">>),
 	  send_element(StateData, ?SERR_SYSTEM_SHUTDOWN),
-	  send_trailer(StateData),
 	  ok;
      _ ->
 	  send_element(StateData, ?SERR_SYSTEM_SHUTDOWN),
-	  send_trailer(StateData),
 	  ok
    end,
    {stop, normal, StateData};
@@ -1774,8 +1774,7 @@ terminate(_Reason, StateName, StateData) ->
 								StateData#state.resource,
 								<<"Replaced by new connection">>),
 		       presence_broadcast(StateData, From,
-					  StateData#state.pres_a, Packet),
-		       handle_unacked_stanzas(StateData);
+					  StateData#state.pres_a, Packet);
 		   _ ->
 		       ?INFO_MSG("(~w) Close session for ~s",
 				 [StateData#state.socket,
@@ -1800,13 +1799,26 @@ terminate(_Reason, StateName, StateData) ->
 			     presence_broadcast(StateData, From,
 						StateData#state.pres_a, Packet)
 		       end,
-		       handle_unacked_stanzas(StateData)
+		       case StateData#state.mgmt_state of
+			 timeout ->
+			     Info = [{num_stanzas_in,
+				      StateData#state.mgmt_stanzas_in}],
+			     ejabberd_sm:set_offline_info(StateData#state.sid,
+							  StateData#state.user,
+							  StateData#state.server,
+							  StateData#state.resource,
+							  Info);
+			 _ ->
+			    ok
+		       end
 		 end,
+		 handle_unacked_stanzas(StateData),
 		 bounce_messages();
 	     true ->
 		 ok
 	  end
    end,
+    catch send_trailer(StateData),
    (StateData#state.sockmod):close(StateData#state.socket),
    ok.

@@ -1815,8 +1827,9 @@ terminate(_Reason, StateName, StateData) ->
 %%%----------------------------------------------------------------------

 change_shaper(StateData, JID) ->
-    Shaper = acl:match_rule(StateData#state.server,
-			    StateData#state.shaper, JID),
+    Shaper = acl:access_matches(StateData#state.shaper,
+				#{usr => jid:split(JID), ip => StateData#state.ip},
+				StateData#state.server),
    (StateData#state.sockmod):change_shaper(StateData#state.socket,
 					    Shaper).

@@ -1913,6 +1926,10 @@ send_trailer(StateData) ->

 new_id() -> randoms:get_string().

+new_uniq_id() ->
+    iolist_to_binary([randoms:get_string(),
+		      jlib:integer_to_binary(p1_time_compat:unique_integer([positive]))]).
+
 is_auth_packet(El) ->
    case jlib:iq_query_info(El) of
 	#iq{id = ID, type = Type, xmlns = ?NS_AUTH, sub_el = SubEl} ->
@@ -2278,30 +2295,32 @@ get_priority_from_presence(PresencePacket) ->
    end.

 process_privacy_iq(From, To,
-		   #iq{type = Type, sub_el = SubEl} = IQ, StateData) ->
-    {Res, NewStateData} = case Type of
-			    get ->
-				R = ejabberd_hooks:run_fold(privacy_iq_get,
-							    StateData#state.server,
-							    {error,
-							     ?ERR_FEATURE_NOT_IMPLEMENTED},
-							    [From, To, IQ,
-							     StateData#state.privacy_list]),
-				{R, StateData};
-			    set ->
-				case ejabberd_hooks:run_fold(privacy_iq_set,
-							     StateData#state.server,
-							     {error,
-							      ?ERR_FEATURE_NOT_IMPLEMENTED},
-							     [From, To, IQ])
-				    of
-				  {result, R, NewPrivList} ->
-				      {{result, R},
-				       StateData#state{privacy_list =
-							   NewPrivList}};
-				  R -> {R, StateData}
-				end
-			  end,
+		   #iq{type = Type, lang = Lang, sub_el = SubEl} = IQ, StateData) ->
+    Txt = <<"No module is handling this query">>,
+    {Res, NewStateData} =
+	case Type of
+	    get ->
+		R = ejabberd_hooks:run_fold(
+		      privacy_iq_get,
+		      StateData#state.server,
+		      {error, ?ERRT_FEATURE_NOT_IMPLEMENTED(Lang, Txt)},
+		      [From, To, IQ,
+		       StateData#state.privacy_list]),
+		{R, StateData};
+	    set ->
+		case ejabberd_hooks:run_fold(
+		       privacy_iq_set,
+		       StateData#state.server,
+		       {error, ?ERRT_FEATURE_NOT_IMPLEMENTED(Lang, Txt)},
+		       [From, To, IQ])
+		of
+		    {result, R, NewPrivList} ->
+			{{result, R},
+			 StateData#state{privacy_list =
+					     NewPrivList}};
+		    R -> {R, StateData}
+		end
+	end,
    IQRes = case Res of
 	      {result, Result} ->
 		  IQ#iq{type = result, sub_el = Result};
@@ -2368,15 +2387,16 @@ process_unauthenticated_stanza(StateData, El) ->
 	      _ -> El
 	    end,
    case jlib:iq_query_info(NewEl) of
-      #iq{} = IQ ->
+      #iq{lang = L} = IQ ->
 	  Res = ejabberd_hooks:run_fold(c2s_unauthenticated_iq,
 					StateData#state.server, empty,
 					[StateData#state.server, IQ,
 					 StateData#state.ip]),
 	  case Res of
 	    empty ->
+		Txt = <<"Authentication required">>,
 		ResIQ = IQ#iq{type = error,
-			      sub_el = [?ERR_SERVICE_UNAVAILABLE]},
+			      sub_el = [?ERRT_SERVICE_UNAVAILABLE(L, Txt)]},
 		Res1 = jlib:replace_from_to(jid:make(<<"">>,
 							  StateData#state.server,
 							  <<"">>),
@@ -2422,7 +2442,6 @@ fsm_next_state(session_established, #state{mgmt_max_queue = exceeded} =
    Err = ?SERRT_POLICY_VIOLATION(StateData#state.lang,
 				  <<"Too many unacked stanzas">>),
    send_element(StateData, Err),
-    send_trailer(StateData),
    {stop, normal, StateData#state{mgmt_resend = false}};
 fsm_next_state(session_established, #state{mgmt_state = pending} = StateData) ->
    fsm_next_state(wait_for_resume, StateData);
@@ -2595,9 +2614,9 @@ stream_mgmt_enabled(#state{mgmt_state = disabled}) ->
 stream_mgmt_enabled(_StateData) ->
    true.

-dispatch_stream_mgmt(El, StateData)
-    when StateData#state.mgmt_state == active;
-	 StateData#state.mgmt_state == pending ->
+dispatch_stream_mgmt(El, #state{mgmt_state = MgmtState} = StateData)
+    when MgmtState == active;
+	 MgmtState == pending ->
    perform_stream_mgmt(El, StateData);
 dispatch_stream_mgmt(El, StateData) ->
    negotiate_stream_mgmt(El, StateData).
@@ -2728,6 +2747,8 @@ handle_resume(StateData, Attrs) ->
 			  case inherit_session_state(StateData, PrevID) of
 			    {ok, InheritedState} ->
 				{ok, InheritedState, H};
+			    {error, Err, InH} ->
+				{error, ?MGMT_ITEM_NOT_FOUND_H(Xmlns, InH), Err};
 			    {error, Err} ->
 				{error, ?MGMT_ITEM_NOT_FOUND(Xmlns), Err}
 			  end;
@@ -2764,7 +2785,7 @@ handle_resume(StateData, Attrs) ->
 		       #xmlel{name = <<"r">>,
 			      attrs = [{<<"xmlns">>, AttrXmlns}],
 			      children = []}),
-	  FlushedState = csi_queue_flush(NewState),
+	  FlushedState = csi_flush_queue(NewState),
 	  NewStateData = FlushedState#state{csi_state = active},
 	  ?INFO_MSG("Resumed session for ~s",
 		    [jid:to_string(NewStateData#state.jid)]),
@@ -2786,7 +2807,9 @@ check_h_attribute(#state{mgmt_stanzas_out = NumStanzasOut} = StateData, H) ->
 	   [jid:to_string(StateData#state.jid), H, NumStanzasOut]),
    mgmt_queue_drop(StateData, H).

-update_num_stanzas_in(#state{mgmt_state = active} = StateData, El) ->
+update_num_stanzas_in(#state{mgmt_state = MgmtState} = StateData, El)
+    when MgmtState == active;
+	 MgmtState == pending ->
    NewNum = case {is_stanza(El), StateData#state.mgmt_stanzas_in} of
 	       {true, 4294967295} ->
 		   0;
@@ -2841,9 +2864,10 @@ check_queue_length(#state{mgmt_queue = Queue,
 	  StateData
    end.

-handle_unacked_stanzas(StateData, F)
-    when StateData#state.mgmt_state == active;
-	 StateData#state.mgmt_state == pending ->
+handle_unacked_stanzas(#state{mgmt_state = MgmtState} = StateData, F)
+    when MgmtState == active;
+	 MgmtState == pending;
+	 MgmtState == timeout ->
    Queue = StateData#state.mgmt_queue,
    case queue:len(Queue) of
      0 ->
@@ -2863,9 +2887,10 @@ handle_unacked_stanzas(StateData, F)
 handle_unacked_stanzas(_StateData, _F) ->
    ok.

-handle_unacked_stanzas(StateData)
-    when StateData#state.mgmt_state == active;
-	 StateData#state.mgmt_state == pending ->
+handle_unacked_stanzas(#state{mgmt_state = MgmtState} = StateData)
+    when MgmtState == active;
+	 MgmtState == pending;
+	 MgmtState == timeout ->
    ResendOnTimeout =
 	case StateData#state.mgmt_resend of
 	  Resend when is_boolean(Resend) ->
@@ -2882,6 +2907,7 @@ handle_unacked_stanzas(StateData)
 		    false
 	      end
 	end,
+    Lang = StateData#state.lang,
    ReRoute = case ResendOnTimeout of
 		true ->
 		    fun(From, To, El, Time) ->
@@ -2890,9 +2916,11 @@ handle_unacked_stanzas(StateData)
 		    end;
 		false ->
 		    fun(From, To, El, _Time) ->
+			    Txt = <<"User session terminated">>,
 			    Err =
-				jlib:make_error_reply(El,
-						      ?ERR_SERVICE_UNAVAILABLE),
+				jlib:make_error_reply(
+				  El,
+				  ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 			    ejabberd_router:route(To, From, Err)
 		    end
 	      end,
@@ -2900,7 +2928,9 @@ handle_unacked_stanzas(StateData)
 		?DEBUG("Dropping presence stanza from ~s",
 		       [jid:to_string(From)]);
 	   (From, To, #xmlel{name = <<"iq">>} = El, _Time) ->
-		Err = jlib:make_error_reply(El, ?ERR_SERVICE_UNAVAILABLE),
+		Txt = <<"User session terminated">>,
+		Err = jlib:make_error_reply(
+			El, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err);
 	   (From, To, El, Time) ->
 		%% We'll drop the stanza if it was <forwarded/> by some
@@ -2962,7 +2992,17 @@ inherit_session_state(#state{user = U, server = S} = StateData, ResumeID) ->
      {term, {R, Time}} ->
 	  case ejabberd_sm:get_session_pid(U, S, R) of
 	    none ->
-		{error, <<"Previous session PID not found">>};
+		case ejabberd_sm:get_offline_info(Time, U, S, R) of
+		  none ->
+		      {error, <<"Previous session PID not found">>};
+		  Info ->
+		      case proplists:get_value(num_stanzas_in, Info) of
+			undefined ->
+			    {error, <<"Previous session timed out">>};
+			H ->
+			    {error, <<"Previous session timed out">>, H}
+		      end
+		end;
 	    OldPID ->
 		OldSID = {Time, OldPID},
 		case catch resume_session(OldSID) of
@@ -2991,7 +3031,6 @@ inherit_session_state(#state{user = U, server = S} = StateData, ResumeID) ->
 					   privacy_list = OldStateData#state.privacy_list,
 					   aux_fields = OldStateData#state.aux_fields,
 					   csi_state = OldStateData#state.csi_state,
-					   csi_queue = OldStateData#state.csi_queue,
 					   mgmt_xmlns = OldStateData#state.mgmt_xmlns,
 					   mgmt_queue = OldStateData#state.mgmt_queue,
 					   mgmt_timeout = OldStateData#state.mgmt_timeout,
@@ -3024,65 +3063,25 @@ add_resent_delay_info(#state{server = From}, El, Time) ->
 %%% XEP-0352
 %%%----------------------------------------------------------------------

-csi_filter_stanza(#state{csi_state = CsiState, jid = JID} = StateData,
+csi_filter_stanza(#state{csi_state = CsiState, server = Server} = StateData,
 		  Stanza) ->
-    Action = ejabberd_hooks:run_fold(csi_filter_stanza,
-				     StateData#state.server,
-				     send, [Stanza]),
-    ?DEBUG("Going to ~p stanza for inactive client ~p",
-	   [Action, jid:to_string(JID)]),
-    case Action of
-      queue -> csi_queue_add(StateData, Stanza);
-      drop -> StateData;
-      send ->
-	  From = fxml:get_tag_attr_s(<<"from">>, Stanza),
-	  StateData1 = csi_queue_send(StateData, From),
-	  StateData2 = send_stanza(StateData1#state{csi_state = active},
-				   Stanza),
-	  StateData2#state{csi_state = CsiState}
-    end.
+    {StateData1, Stanzas} = ejabberd_hooks:run_fold(csi_filter_stanza, Server,
+						    {StateData, [Stanza]},
+						    [Server, Stanza]),
+    StateData2 = lists:foldl(fun(CurStanza, AccState) ->
+				     send_stanza(AccState, CurStanza)
+			     end, StateData1#state{csi_state = active},
+			     Stanzas),
+    StateData2#state{csi_state = CsiState}.

-csi_queue_add(#state{csi_queue = Queue} = StateData, Stanza) ->
-    case length(StateData#state.csi_queue) >= csi_max_queue(StateData) of
-      true -> csi_queue_add(csi_queue_flush(StateData), Stanza);
-      false ->
-	  From = fxml:get_tag_attr_s(<<"from">>, Stanza),
-	  NewQueue = lists:keystore(From, 1, Queue, {From, p1_time_compat:timestamp(), Stanza}),
-	  StateData#state{csi_queue = NewQueue}
-    end.
-
-csi_queue_send(#state{csi_queue = Queue, csi_state = CsiState, server = Host} =
-	       StateData, From) ->
-    case lists:keytake(From, 1, Queue) of
-      {value, {From, Time, Stanza}, NewQueue} ->
-	  NewStanza = jlib:add_delay_info(Stanza, Host, Time,
-					  <<"Client Inactive">>),
-	  NewStateData = send_stanza(StateData#state{csi_state = active},
-				     NewStanza),
-	  NewStateData#state{csi_queue = NewQueue, csi_state = CsiState};
-      false -> StateData
-    end.
-
-csi_queue_flush(#state{csi_queue = Queue, csi_state = CsiState, jid = JID,
-		       server = Host} = StateData) ->
-    ?DEBUG("Flushing CSI queue for ~s", [jid:to_string(JID)]),
-    NewStateData =
-	lists:foldl(fun({_From, Time, Stanza}, AccState) ->
-			    NewStanza =
-				jlib:add_delay_info(Stanza, Host, Time,
-						    <<"Client Inactive">>),
-			    send_stanza(AccState, NewStanza)
-		    end, StateData#state{csi_state = active}, Queue),
-    NewStateData#state{csi_queue = [], csi_state = CsiState}.
-
-%% Make sure we won't push too many messages to the XEP-0198 queue when the
-%% client becomes 'active' again.  Otherwise, the client might not manage to
-%% acknowledge the message flood in time.  Also, don't let the queue grow to
-%% more than 100 stanzas.
-csi_max_queue(#state{mgmt_max_queue = infinity}) -> 100;
-csi_max_queue(#state{mgmt_max_queue = Max}) when Max > 200 -> 100;
-csi_max_queue(#state{mgmt_max_queue = Max}) when Max < 2 -> 1;
-csi_max_queue(#state{mgmt_max_queue = Max}) -> Max div 2.
+csi_flush_queue(#state{csi_state = CsiState, server = Server} = StateData) ->
+    {StateData1, Stanzas} = ejabberd_hooks:run_fold(csi_flush_queue, Server,
+						    {StateData, []}, [Server]),
+    StateData2 = lists:foldl(fun(CurStanza, AccState) ->
+				     send_stanza(AccState, CurStanza)
+			     end, StateData1#state{csi_state = active},
+			     Stanzas),
+    StateData2#state{csi_state = CsiState}.

 %%%----------------------------------------------------------------------
 %%% JID Set memory footprint reduction code
@@ -3126,6 +3125,12 @@ pack_string(String, Pack) ->
 transform_listen_option(Opt, Opts) ->
    [Opt|Opts].

+identity(Props) ->
+    case proplists:get_value(authzid, Props, <<>>) of
+	<<>> -> proplists:get_value(username, Props, <<>>);
+	AuthzId -> AuthzId
+    end.
+
 opt_type(domain_certfile) -> fun iolist_to_binary/1;
 opt_type(max_fsm_queue) ->
    fun (I) when is_integer(I), I > 0 -> I end;
@@ -90,7 +90,8 @@
 %%%    PowFloat = math:pow(Base, Exponent),
 %%%    round(PowFloat).</pre>
 %%%
-%%% Since this function will be called by ejabberd_commands, it must be exported.
+%%% Since this function will be called by ejabberd_commands, it must
+%%% be exported.
 %%% Add to your module:
 %%% <pre>-export([calc_power/2]).</pre>
 %%%
@@ -201,24 +202,35 @@
 %%% TODO: consider this feature:
 %%% All commands are catched. If an error happens, return the restuple:
 %%%   {error, flattened error string}
-%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc) need to allows this.
-%%% And ejabberd_xmlrpc must be prepared to handle such an unexpected response.
+%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc)
+%%% need to allows this. And ejabberd_xmlrpc must be prepared to
+%%% handle such an unexpected response.


 -module(ejabberd_commands).
 -author('badlop@process-one.net').

+-define(DEFAULT_VERSION, 1000000).
+
 -export([init/0,
 	 list_commands/0,
+	 list_commands/1,
 	 get_command_format/1,
-         get_command_format/2,
+	 get_command_format/2,
+	 get_command_format/3,
+         get_command_policy/1,
 	 get_command_definition/1,
+	 get_command_definition/2,
 	 get_tags_commands/0,
+	 get_tags_commands/1,
         get_commands/0,
 	 register_commands/1,
 	 unregister_commands/1,
 	 execute_command/2,
-         execute_command/4,
+	 execute_command/3,
+	 execute_command/4,
+	 execute_command/5,
+	 execute_command/6,
         opt_type/1,
         get_commands_spec/0
 	]).
@@ -226,6 +238,7 @@
 -include("ejabberd_commands.hrl").
 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include_lib("stdlib/include/ms_transform.hrl").

 -define(POLICY_ACCESS, '$policy').

@@ -260,23 +273,26 @@ get_commands_spec() ->
                           args_example = ["/home/me/docs/api.html", "mod_admin", "java,json"],
                           result_example = ok}].
 init() ->
-    ets:new(ejabberd_commands, [named_table, set, public,
-				{keypos, #ejabberd_commands.name}]),
+    mnesia:delete_table(ejabberd_commands),
+    mnesia:create_table(ejabberd_commands,
+			[{ram_copies, [node()]},
+                         {local_content, true},
+			 {attributes, record_info(fields, ejabberd_commands)},
+			 {type, bag}]),
+    mnesia:add_table_copy(ejabberd_commands, node(), ram_copies),
    register_commands(get_commands_spec()).

 -spec register_commands([ejabberd_commands()]) -> ok.

 %% @doc Register ejabberd commands.
-%% If a command is already registered, a warning is printed and the old command is preserved.
+%% If a command is already registered, a warning is printed and the
+%% old command is preserved.
 register_commands(Commands) ->
    lists:foreach(
      fun(Command) ->
-	      case ets:insert_new(ejabberd_commands, Command) of
-		  true ->
-		      ok;
-		  false ->
-		      ?DEBUG("This command is already defined:~n~p", [Command])
-	      end
+	      % XXX check if command exists
+	      mnesia:dirty_write(Command)
+	      % ?DEBUG("This command is already defined:~n~p", [Command])
      end,
      Commands).

@@ -286,7 +302,7 @@ register_commands(Commands) ->
 unregister_commands(Commands) ->
    lists:foreach(
      fun(Command) ->
-	      ets:delete_object(ejabberd_commands, Command)
+	      mnesia:dirty_delete_object(Command)
      end,
      Commands).

@@ -294,94 +310,197 @@ unregister_commands(Commands) ->

 %% @doc Get a list of all the available commands, arguments and description.
 list_commands() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    _ = '_'}),
-    [{A, B, C} || [A, B, C] <- Commands].
+    list_commands(?DEFAULT_VERSION).

-spec list_commands_policy() -> [{atom(), [aterm()], string(), atom()}].
+-spec list_commands(integer()) -> [{atom(), [aterm()], string()}].

-%% @doc Get a list of all the available commands, arguments, description, and
-%% policy.
-list_commands_policy() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    policy = '$4',
-					    _ = '_'}),
-    [{A, B, C, D} || [A, B, C, D] <- Commands].
+%% @doc Get a list of all the available commands, arguments and
+%% description in a given API verion.
+list_commands(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc} || #ejabberd_commands{name = Name,
+					      args = Args,
+					      desc = Desc} <- Commands].

-spec get_command_format(atom()) -> {[aterm()], rterm()} | {error, command_unknown}.
+
+-spec list_commands_policy(integer()) ->
+				  [{atom(), [aterm()], string(), atom()}].
+
+%% @doc Get a list of all the available commands, arguments,
+%% description, and policy in a given API version.
+list_commands_policy(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc, Policy} ||
+	#ejabberd_commands{name = Name,
+			   args = Args,
+			   desc = Desc,
+			   policy = Policy} <- Commands].
+
+-spec get_command_format(atom()) -> {[aterm()], rterm()}.

 %% @doc Get the format of arguments and result of a command.
 get_command_format(Name) ->
-    get_command_format(Name, noauth).
+    get_command_format(Name, noauth, ?DEFAULT_VERSION).
+get_command_format(Name, Version) when is_integer(Version) ->
+    get_command_format(Name, noauth, Version);
+get_command_format(Name, Auth)  ->
+    get_command_format(Name, Auth, ?DEFAULT_VERSION).

-get_command_format(Name, Auth) ->
-    Admin = is_admin(Name, Auth),
-    Matched = ets:match(ejabberd_commands,
-			#ejabberd_commands{name = Name,
-					   args = '$1',
-					   result = '$2',
-                                           policy = '$3',
-					   _ = '_'}),
-    case Matched of
-	[] ->
-	    {error, command_unknown};
-	[[Args, Result, user]] when Admin;
-                                    Auth == noauth ->
+-spec get_command_format(atom(),
+			 {binary(), binary(), binary(), boolean()} |
+			 noauth | admin,
+			 integer()) ->
+				{[aterm()], rterm()}.
+
+get_command_format(Name, Auth, Version) ->
+    Admin = is_admin(Name, Auth, #{}),
+    #ejabberd_commands{args = Args,
+		       result = Result,
+		       policy = Policy} =
+	get_command_definition(Name, Version),
+    case Policy of
+	user when Admin;
+		  Auth == noauth ->
 	    {[{user, binary}, {server, binary} | Args], Result};
-	[[Args, Result, _]] ->
+	_ ->
 	    {Args, Result}
    end.

-spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
+-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}.
+
+%% @doc return command policy.
+get_command_policy(Name) ->
+    case get_command_definition(Name) of
+        #ejabberd_commands{policy = Policy} ->
+            {ok, Policy};
+        command_not_found ->
+            {error, command_not_found}
+    end.
+
+-spec get_command_definition(atom()) -> ejabberd_commands().

 %% @doc Get the definition record of a command.
 get_command_definition(Name) ->
-    case ets:lookup(ejabberd_commands, Name) of
-	[E] -> E;
-	[] -> command_not_found
+    get_command_definition(Name, ?DEFAULT_VERSION).
+
+-spec get_command_definition(atom(), integer()) -> ejabberd_commands().
+
+%% @doc Get the definition record of a command in a given API version.
+get_command_definition(Name, Version) ->
+    case lists:reverse(
+	   lists:sort(
+	     mnesia:dirty_select(
+	       ejabberd_commands,
+	       ets:fun2ms(
+		 fun(#ejabberd_commands{name = N, version = V} = C)
+		       when N == Name, V =< Version ->
+			 {V, C}
+		 end)))) of
+	[{_, Command} | _ ] -> Command;
+	_E -> throw(unknown_command)
    end.

-%% @spec (Name::atom(), Arguments) -> ResultTerm | {error, command_unknown}
-%% @doc Execute a command.
-execute_command(Name, Arguments) ->
-    execute_command([], noauth, Name, Arguments).
+-spec get_commands_definition(integer()) -> [ejabberd_commands()].

-spec execute_command([{atom(), [atom()], [any()]}],
-                      {binary(), binary(), binary(), boolean()} |
-                      noauth | admin,
-                      atom(),
-                      [any()]
+% @doc Returns all commands for a given API version
+get_commands_definition(Version) ->
+    L = lists:reverse(
+	  lists:sort(
+	    mnesia:dirty_select(
+	      ejabberd_commands,
+	      ets:fun2ms(
+		fun(#ejabberd_commands{name = Name, version = V} = C)
+		      when V =< Version ->
+			{Name, V, C}
+		end)))),
+    F = fun({_Name, _V, Command}, []) ->
+		[Command];
+	   ({Name, _V, _Command}, [#ejabberd_commands{name=Name}|_T] = Acc) ->
+		Acc;
+	   ({_Name, _V, Command}, Acc) -> [Command | Acc]
+	end,
+    lists:foldl(F, [], L).
+
+%% @spec (Name::atom(), Arguments) -> ResultTerm
+%% where
+%%       Arguments = [any()]
+%% @doc Execute a command.
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided
+execute_command(Name, Arguments) ->
+    execute_command(Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command(atom(),
+                      [any()],
+		      integer() |
+		      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin
                     ) -> any().

-%% @spec (AccessCommands, Auth, Name::atom(), Arguments) -> ResultTerm | {error, Error}
+%% @spec (Name::atom(), Arguments, integer() | Auth) -> ResultTerm
 %% where
-%%       AccessCommands = [{Access, CommandNames, Arguments}]
+%%       Auth = {User::string(), Server::string(), Password::string(),
+%%               Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided
+execute_command(Name, Arguments, Version) when is_integer(Version) ->
+    execute_command([], noauth, Name, Arguments, Version);
+execute_command(Name, Arguments, Auth) ->
+    execute_command([], Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments) ->
+%%                                     ResultTerm | {error, Error}
+%% where
+%%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
 %%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
 %%            | noauth
 %%            | admin
-%%       Method = atom()
 %%       Arguments = [any()]
-%%       Error = command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
-execute_command(AccessCommands1, Auth1, Name, Arguments) ->
-    Auth = case is_admin(Name, Auth1) of
+%%
+%% @doc Execute a command
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
+execute_command(AccessCommands, Auth, Name, Arguments) ->
+    execute_command(AccessCommands, Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command([{atom(), [atom()], [any()]}] | undefined,
+                      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin,
+                      atom(),
+                      [any()],
+		      integer()
+                     ) -> any().
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments, integer()) -> ResultTerm
+%% where
+%%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
+%%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version) ->
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version, #{}).
+
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version, CallerInfo) ->
+    Auth = case is_admin(Name, Auth1, CallerInfo) of
               true -> admin;
               false -> Auth1
           end,
-    case ets:lookup(ejabberd_commands, Name) of
-	[Command] ->
-            AccessCommands = get_access_commands(AccessCommands1),
-	    try check_access_commands(AccessCommands, Auth, Name, Command, Arguments) of
-		ok -> execute_command2(Auth, Command, Arguments)
-	    catch
-		{error, Error} -> {error, Error}
-	    end;
-	[] -> {error, command_unknown}
+    Command = get_command_definition(Name, Version),
+    AccessCommands = get_access_commands(AccessCommands1, Version),
+    case check_access_commands(AccessCommands, Auth, Name, Command, Arguments, CallerInfo) of
+	ok -> execute_command2(Auth, Command, Arguments)
    end.

 execute_command2(
@@ -407,26 +526,25 @@ execute_command2(Command, Arguments) ->
    Module = Command#ejabberd_commands.module,
    Function = Command#ejabberd_commands.function,
    ?DEBUG("Executing command ~p:~p with Args=~p", [Module, Function, Arguments]),
-    try apply(Module, Function, Arguments) of
-	Response ->
-	    Response
-    catch
-	Problem ->
-	    {error, Problem}
-    end.
+    apply(Module, Function, Arguments).

 -spec get_tags_commands() -> [{string(), [string()]}].

 %% @spec () -> [{Tag::string(), [CommandName::string()]}]
 %% @doc Get all the tags and associated commands.
 get_tags_commands() ->
-    CommandTags = ets:match(ejabberd_commands,
-			    #ejabberd_commands{
-			      name = '$1',
-			      tags = '$2',
-			      _ = '_'}),
+    get_tags_commands(?DEFAULT_VERSION).
+
+-spec get_tags_commands(integer()) -> [{string(), [string()]}].
+
+%% @spec (integer) -> [{Tag::string(), [CommandName::string()]}]
+%% @doc Get all the tags and associated commands in a given API version
+get_tags_commands(Version) ->
+    CommandTags = [{Name, Tags} ||
+		      #ejabberd_commands{name = Name, tags = Tags}
+			  <- get_commands_definition(Version)],
    Dict = lists:foldl(
-	     fun([CommandNameAtom, CTags], D) ->
+	     fun({CommandNameAtom, CTags}, D) ->
 		     CommandName = atom_to_list(CommandNameAtom),
 		     case CTags of
 			 [] ->
@@ -445,7 +563,6 @@ get_tags_commands() ->
 	     CommandTags),
    orddict:to_list(Dict).

-
 %% -----------------------------
 %% Access verification
 %% -----------------------------
@@ -460,12 +577,12 @@ get_tags_commands() ->
 %% At least one AccessCommand must be satisfied.
 %% It may throw {error, Error} where:
 %% Error = account_unprivileged | invalid_account_data
-check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
+check_access_commands([], _Auth, _Method, _Command, _Arguments, _CallerInfo) ->
    ok;
-check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
+check_access_commands(AccessCommands, Auth, Method, Command1, Arguments, CallerInfo) ->
    Command =
        case {Command1#ejabberd_commands.policy, Auth} of
-            {user, {_, _, _}} ->
+            {user, {_, _, _, _}} ->
                Command1;
            {user, _} ->
                Command1#ejabberd_commands{
@@ -477,18 +594,20 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
    AccessCommandsAllowed =
 	lists:filter(
 	  fun({Access, Commands, ArgumentRestrictions}) ->
-		  case check_access(Command, Access, Auth) of
+		  case check_access(Command, Access, Auth, CallerInfo) of
 		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
+			  check_access_command(Commands, Command,
+					       ArgumentRestrictions,
 					       Method, Arguments);
 		      false ->
 			  false
 		  end;
 	      ({Access, Commands}) ->
 		  ArgumentRestrictions = [],
-		  case check_access(Command, Access, Auth) of
+		  case check_access(Command, Access, Auth, CallerInfo) of
 		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
+			  check_access_command(Commands, Command,
+					       ArgumentRestrictions,
 					       Method, Arguments);
 		      false ->
 			  false
@@ -517,43 +636,52 @@ check_auth(Command, {User, Server, {oauth, Token}, _}) ->
    end;
 check_auth(_Command, {User, Server, Password, _}) when is_binary(Password) ->
    %% Check the account exists and password is valid
-    case ejabberd_auth:check_password(User, Server, Password) of
+    case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
        true -> {ok, User, Server};
        _ -> throw({error, invalid_account_data})
    end.

-check_access(Command, ?POLICY_ACCESS, _)
+check_access(Command, ?POLICY_ACCESS, _, _)
  when Command#ejabberd_commands.policy == open ->
    true;
-check_access(_Command, _Access, admin) ->
+check_access(_Command, _Access, admin, _) ->
    true;
-check_access(_Command, _Access, {_User, _Server, _, true}) ->
+check_access(_Command, _Access, {_User, _Server, _, true}, _) ->
    false;
-check_access(Command, Access, Auth)
+check_access(Command, Access, Auth, CallerInfo)
  when Access =/= ?POLICY_ACCESS;
       Command#ejabberd_commands.policy == open;
       Command#ejabberd_commands.policy == user ->
    case check_auth(Command, Auth) of
 	{ok, User, Server} ->
-	    check_access2(Access, User, Server);
+	    check_access2(Access, CallerInfo#{usr => jid:split(jid:make(User, Server, <<>>))}, Server);
+	no_auth_provided ->
+	    case Command#ejabberd_commands.policy of
+		user ->
+		    false;
+		_ ->
+		    check_access2(Access, CallerInfo, global)
+	    end;
 	_ ->
 	    false
    end;
-check_access(_Command, _Access, _Auth) ->
+check_access(_Command, _Access, _Auth, _CallerInfo) ->
    false.

-check_access2(?POLICY_ACCESS, _User, _Server) ->
+check_access2(?POLICY_ACCESS, _CallerInfo, _Server) ->
    true;
-check_access2(Access, User, Server) ->
+check_access2(Access, AccessInfo, Server) ->
    %% Check this user has access permission
-    case acl:match_rule(Server, Access, jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(Access, AccessInfo, Server) of
 	allow -> true;
 	deny -> false
    end.

-check_access_command(Commands, Command, ArgumentRestrictions, Method, Arguments) ->
+check_access_command(Commands, Command, ArgumentRestrictions,
+		     Method, Arguments) ->
    case Commands==all orelse lists:member(Method, Commands) of
-	true -> check_access_arguments(Command, ArgumentRestrictions, Arguments);
+	true -> check_access_arguments(Command, ArgumentRestrictions,
+				       Arguments);
 	false -> false
    end.

@@ -577,25 +705,28 @@ tag_arguments(ArgsDefs, Args) ->
      Args).


-get_access_commands(undefined) ->
-    Cmds = get_commands(),
+get_access_commands(undefined, Version) ->
+    Cmds = get_commands(Version),
    [{?POLICY_ACCESS, Cmds, []}];
-get_access_commands(AccessCommands) ->
+get_access_commands(AccessCommands, _Version) ->
    AccessCommands.

 get_commands() ->
-    Opts = ejabberd_config:get_option(
+    get_commands(?DEFAULT_VERSION).
+get_commands(Version) ->
+    Opts0 = ejabberd_config:get_option(
             commands,
             fun(V) when is_list(V) -> V end,
             []),
-    CommandsList = list_commands_policy(),
+    Opts = lists:map(fun(V) when is_tuple(V) -> [V]; (V) -> V end, Opts0),
+    CommandsList = list_commands_policy(Version),
    OpenCmds = [N || {N, _, _, open} <- CommandsList],
    RestrictedCmds = [N || {N, _, _, restricted} <- CommandsList],
    AdminCmds = [N || {N, _, _, admin} <- CommandsList],
    UserCmds = [N || {N, _, _, user} <- CommandsList],
    Cmds =
        lists:foldl(
-          fun({add_commands, L}, Acc) ->
+          fun([{add_commands, L}], Acc) ->
                  Cmds = case L of
                             open -> OpenCmds;
                             restricted -> RestrictedCmds;
@@ -604,7 +735,7 @@ get_commands() ->
                             _ when is_list(L) -> L
                         end,
                  lists:usort(Cmds ++ Acc);
-             ({remove_commands, L}, Acc) ->
+             ([{remove_commands, L}], Acc) ->
                  Cmds = case L of
                             open -> OpenCmds;
                             restricted -> RestrictedCmds;
@@ -617,29 +748,32 @@ get_commands() ->
          end, AdminCmds ++ UserCmds, Opts),
    Cmds.

-is_admin(_Name, noauth) ->
-    false;
-is_admin(_Name, admin) ->
+is_admin(_Name, admin, _Extra) ->
    true;
-is_admin(_Name, {_User, _Server, _, false}) ->
+is_admin(_Name, {_User, _Server, _, false}, _Extra) ->
    false;
-is_admin(Name, {User, Server, _, true} = Auth) ->
+is_admin(Name, Auth, Extra) ->
+    {ACLInfo, Server} = case Auth of
+			    {U, S, _, _} ->
+				{Extra#{usr=>jid:split(jid:make(U, S, <<>>))}, S};
+			    _ ->
+				{Extra, global}
+	      end,
    AdminAccess = ejabberd_config:get_option(
                    commands_admin_access,
-                    fun(A) when is_atom(A) -> A end,
+		    fun(V) -> V end,
                    none),
-    case acl:match_rule(Server, AdminAccess,
-                        jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(AdminAccess, ACLInfo, Server) of
        allow ->
            case catch check_auth(get_command_definition(Name), Auth) of
                {ok, _, _} -> true;
+		no_auth_provided -> true;
                _ -> false
            end;
        deny -> false
    end.

-opt_type(commands_admin_access) ->
-    fun(A) when is_atom(A) -> A end;
+opt_type(commands_admin_access) -> fun acl:access_rules_validator/1;
 opt_type(commands) ->
    fun(V) when is_list(V) -> V end;
 opt_type(_) -> [commands, commands_admin_access].
@@ -30,14 +30,16 @@
 	 add_global_option/2, add_local_option/2,
 	 get_global_option/2, get_local_option/2,
         get_global_option/3, get_local_option/3,
-         get_option/2, get_option/3, add_option/2,
+         get_option/2, get_option/3, add_option/2, has_option/1,
         get_vh_by_auth_method/1, is_file_readable/1,
         get_version/0, get_myhosts/0, get_mylang/0,
         prepare_opt_val/4, convert_table_to_binary/5,
-         transform_options/1, collect_options/1,
-         convert_to_yaml/1, convert_to_yaml/2,
+         transform_options/1, collect_options/1, default_db/2,
+         convert_to_yaml/1, convert_to_yaml/2, v_db/2,
         env_binary_to_list/2, opt_type/1, may_hide_data/1]).

+-export([start/2]).
+
 -include("ejabberd.hrl").
 -include("logger.hrl").
 -include("ejabberd_config.hrl").
@@ -52,8 +54,48 @@

 %% @type macro_value() = term().

-
 start() ->
+    mnesia_init(),
+    Config = get_ejabberd_config_path(),
+    State0 = read_file(Config),
+    State1 = hosts_to_start(State0),
+    State2 = validate_opts(State1),
+    %% This start time is used by mod_last:
+    UnixTime = p1_time_compat:system_time(seconds),
+    SharedKey = case erlang:get_cookie() of
+                    nocookie ->
+                        p1_sha:sha(randoms:get_string());
+                    Cookie ->
+                        p1_sha:sha(jlib:atom_to_binary(Cookie))
+                end,
+    State3 = set_option({node_start, global}, UnixTime, State2),
+    State4 = set_option({shared_key, global}, SharedKey, State3),
+    set_opts(State4).
+
+%% When starting ejabberd for testing, we sometimes want to start a
+%% subset of hosts from the one define in the config file.
+%% This function override the host list read from config file by the
+%% one we provide.
+%% Hosts to start are defined in an ejabberd application environment
+%% variable 'hosts' to make it easy to ignore some host in config
+%% file.
+hosts_to_start(State) ->
+    case application:get_env(ejabberd, hosts) of
+        undefined ->
+            %% Start all hosts as defined in config file
+            State;
+        {ok, Hosts} ->
+            set_hosts_in_options(Hosts, State)
+    end.
+
+%% @private
+%% At the moment, these functions are mainly used to setup unit tests.
+-spec(start/2 :: (Hosts :: [binary()], Opts :: [acl:acl() | local_config()]) -> ok).
+start(Hosts, Opts) ->
+    mnesia_init(),
+    set_opts(set_hosts_in_options(Hosts, #state{opts = Opts})).
+
+mnesia_init() ->
    case catch mnesia:table_info(local_config, storage_type) of
        disc_copies ->
            mnesia:delete_table(local_config);
@@ -64,21 +106,7 @@ start() ->
 			[{ram_copies, [node()]},
 			 {local_content, true},
 			 {attributes, record_info(fields, local_config)}]),
-    mnesia:add_table_copy(local_config, node(), ram_copies),
-    Config = get_ejabberd_config_path(),
-    State0 = read_file(Config),
-    State = validate_opts(State0),
-    %% This start time is used by mod_last:
-    UnixTime = p1_time_compat:system_time(seconds),
-    SharedKey = case erlang:get_cookie() of
-                    nocookie ->
-                        p1_sha:sha(randoms:get_string());
-                    Cookie ->
-                        p1_sha:sha(jlib:atom_to_binary(Cookie))
-                end,
-    State1 = set_option({node_start, global}, UnixTime, State),
-    State2 = set_option({shared_key, global}, SharedKey, State1),
-    set_opts(State2).
+    mnesia:add_table_copy(local_config, node(), ram_copies).

 %% @doc Get the filename of the ejabberd configuration file.
 %% The filename can be specified with: erl -config "/path/to/ejabberd.yml".
@@ -112,7 +140,7 @@ get_env_config() ->
 %% @doc Read the ejabberd configuration file.
 %% It also includes additional configuration files and replaces macros.
 %% This function will crash if finds some error in the configuration file.
-%% @spec (File::string()) -> #state{}.
+%% @spec (File::string()) -> #state{}
 read_file(File) ->
    read_file(File, [{replace_macros, true},
                     {include_files, true},
@@ -199,6 +227,7 @@ get_plain_terms_file(File, Opts) when is_binary(File) ->
    get_plain_terms_file(binary_to_list(File), Opts);
 get_plain_terms_file(File1, Opts) ->
    File = get_absolute_path(File1),
+    DontStopOnError = lists:member(dont_halt_on_error, Opts),
    case consult(File) of
 	{ok, Terms} ->
            BinTerms1 = strings_to_binary(Terms),
@@ -218,9 +247,21 @@ get_plain_terms_file(File1, Opts) ->
                false ->
                    BinTerms
            end;
-	{error, Reason} ->
+  {error, enoent, Reason} ->
+      case DontStopOnError of
+          true ->
+              ?WARNING_MSG(Reason, []),
+              [];
+          _ ->
 	    ?ERROR_MSG(Reason, []),
 	    exit_or_halt(Reason)
+      end;
+	{error, Reason} ->
+	    ?ERROR_MSG(Reason, []),
+      case DontStopOnError of
+          true -> [];
+          _ -> exit_or_halt(Reason)
+      end
    end.

 consult(File) ->
@@ -234,17 +275,29 @@ consult(File) ->
                {error, Err} ->
                    Msg1 = "Cannot load " ++ File ++ ": ",
                    Msg2 = fast_yaml:format_error(Err),
+                    case Err of
+                        enoent ->
+                            {error, enoent, Msg1 ++ Msg2};
+                        _ ->
                    {error, Msg1 ++ Msg2}
+                    end
            end;
        _ ->
            case file:consult(File) of
                {ok, Terms} ->
                    {ok, Terms};
+                {error, enoent} ->
+                    {error, enoent};
                {error, {LineNumber, erl_parse, _ParseMessage} = Reason} ->
                    {error, describe_config_problem(File, Reason, LineNumber)};
                {error, Reason} ->
+                    case Reason of
+                        enoent ->
+                            {error, enoent, describe_config_problem(File, Reason)};
+                        _ ->
                    {error, describe_config_problem(File, Reason)}
            end
+            end
    end.

 parserl(<<"> ", Term/binary>>) ->
@@ -277,7 +330,7 @@ search_hosts(Term, State) ->
 	{host, Host} ->
 	    if
 		State#state.hosts == [] ->
-		    add_hosts_to_option([Host], State);
+		    set_hosts_in_options([Host], State);
 		true ->
 		    ?ERROR_MSG("Can't load config file: "
 			       "too many hosts definitions", []),
@@ -286,7 +339,7 @@ search_hosts(Term, State) ->
 	{hosts, Hosts} ->
 	    if
 		State#state.hosts == [] ->
-		    add_hosts_to_option(Hosts, State);
+		    set_hosts_in_options(Hosts, State);
 		true ->
 		    ?ERROR_MSG("Can't load config file: "
 			       "too many hosts definitions", []),
@@ -296,9 +349,12 @@ search_hosts(Term, State) ->
 	    State
    end.

-add_hosts_to_option(Hosts, State) ->
+set_hosts_in_options(Hosts, State) ->
    PrepHosts = normalize_hosts(Hosts),
-    set_option({hosts, global}, PrepHosts, State#state{hosts = PrepHosts}).
+    NewOpts = lists:filter(fun({local_config,{hosts,global},_}) -> false;
+                               (_) -> true
+                            end, State#state.opts),
+    set_option({hosts, global}, PrepHosts, State#state{hosts = PrepHosts, opts = NewOpts}).

 normalize_hosts(Hosts) ->
    normalize_hosts(Hosts,[]).
@@ -408,7 +464,7 @@ maps_to_lists(IMap) ->
              end, [], IMap).

 merge_configs(Terms, ResMap) ->
-    lists:foldl(fun({Name, Val}, Map) when is_list(Val) ->
+    lists:foldl(fun({Name, Val}, Map) when is_list(Val), Name =/= auth_method ->
                        Old = maps:get(Name, Map, #{}),
                        New = lists:foldl(fun(SVal, OMap) ->
                                                  NVal = if Name == host_config orelse Name == append_host_config ->
@@ -442,8 +498,8 @@ include_config_files(Terms) ->
                       include_config_file(File, Opts)
               end, lists:flatten(FileOpts)),

-    M1 = merge_configs(transform_terms(Terms1), #{}),
-    M2 = merge_configs(transform_terms(Terms2), M1),
+    M1 = merge_configs(Terms1, #{}),
+    M2 = merge_configs(Terms2, M1),
    maps_to_lists(M2).

 transform_include_option({include_config_file, File}) when is_list(File) ->
@@ -457,7 +513,7 @@ transform_include_option({include_config_file, Filename, Options}) ->
    {Filename, Options}.

 include_config_file(Filename, Options) ->
-    Included_terms = get_plain_terms_file(Filename),
+    Included_terms = get_plain_terms_file(Filename, [{include_files, true}, dont_halt_on_error]),
    Disallow = proplists:get_value(disallow, Options, []),
    Included_terms2 = delete_disallowed(Disallow, Included_terms),
    Allow_only = proplists:get_value(allow_only, Options, all),
@@ -620,14 +676,42 @@ process_host_term(Term, Host, State, Action) ->
        {hosts, _} ->
            State;
 	{Opt, Val} when Action == set ->
-	    set_option({Opt, Host}, Val, State);
+	    set_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
        {Opt, Val} when Action == append ->
-            append_option({Opt, Host}, Val, State);
+            append_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
        Opt ->
            ?WARNING_MSG("Ignore invalid (outdated?) option ~p", [Opt]),
            State
    end.

+rename_option(Option) when is_atom(Option) ->
+    case atom_to_list(Option) of
+	"odbc_" ++ T ->
+	    NewOption = list_to_atom("sql_" ++ T),
+	    ?WARNING_MSG("Option '~s' is obsoleted, use '~s' instead",
+			 [Option, NewOption]),
+	    NewOption;
+	_ ->
+	    Option
+    end;
+rename_option(Option) ->
+    Option.
+
+change_val(auth_method, Val) ->
+    prepare_opt_val(auth_method, Val,
+		    fun(V) ->
+			    L = if is_list(V) -> V;
+				   true -> [V]
+				end,
+			    lists:map(
+			      fun(odbc) -> sql;
+				 (internal) -> mnesia;
+				 (A) when is_atom(A) -> A
+			      end, L)
+		    end, [mnesia]);
+change_val(_Opt, Val) ->
+    Val.
+
 set_option(Opt, Val, State) ->
    State#state{opts = [#local_config{key = Opt, value = Val} |
                        State#state.opts]}.
@@ -686,24 +770,32 @@ add_option(Opt, Val) ->
 -spec prepare_opt_val(any(), any(), check_fun(), any()) -> any().

 prepare_opt_val(Opt, Val, F, Default) ->
-    Res = case F of
-              {Mod, Fun} ->
-                  catch Mod:Fun(Val);
-              _ ->
-                  catch F(Val)
-          end,
-    case Res of
-        {'EXIT', _} ->
-            ?INFO_MSG("Configuration problem:~n"
-                      "** Option: ~s~n"
-                      "** Invalid value: ~s~n"
-                      "** Using as fallback: ~s",
-                      [format_term(Opt),
-                       format_term(Val),
-                       format_term(Default)]),
-            Default;
-        _ ->
-            Res
+    Call = case F of
+	       {Mod, Fun} ->
+		   fun() -> Mod:Fun(Val) end;
+	       _ ->
+		   fun() -> F(Val) end
+	   end,
+    try Call() of
+	Res ->
+	    Res
+    catch {replace_with, NewRes} ->
+	    NewRes;
+	  {invalid_syntax, Error} ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback: ~s",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default),
+			  Error]),
+	    Default;
+	  _:_ ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default)]),
+	    Default
    end.

 -type check_fun() :: fun((any()) -> any()) | {module(), atom()}.
@@ -756,9 +848,61 @@ get_option(Opt, F, Default) ->
            end
    end.

+-spec has_option(atom() | {atom(), global | binary()}) -> any().
+has_option(Opt) ->
+    get_option(Opt, fun(_) -> true end, false).
+
+init_module_db_table(Modules) ->
+    catch ets:new(module_db, [named_table, public, bag]),
+    %% Dirty hack for mod_pubsub
+    ets:insert(module_db, {mod_pubsub, mnesia}),
+    ets:insert(module_db, {mod_pubsub, sql}),
+    lists:foreach(
+      fun(M) ->
+	      case re:split(atom_to_list(M), "_", [{return, list}]) of
+		  [_] ->
+		      ok;
+		  Parts ->
+		      [Suffix|T] = lists:reverse(Parts),
+		      BareMod = string:join(lists:reverse(T), "_"),
+		      ets:insert(module_db, {list_to_atom(BareMod),
+					     list_to_atom(Suffix)})
+	      end
+      end, Modules).
+
+-spec v_db(module(), atom()) -> atom().
+
+v_db(Mod, internal) -> v_db(Mod, mnesia);
+v_db(Mod, odbc) -> v_db(Mod, sql);
+v_db(Mod, Type) ->
+    case ets:match_object(module_db, {Mod, Type}) of
+	[_|_] -> Type;
+	[] -> erlang:error(badarg)
+    end.
+
+-spec default_db(binary(), module()) -> atom().
+
+default_db(Host, Module) ->
+    case ejabberd_config:get_option(
+	   {default_db, Host}, fun(T) when is_atom(T) -> T end) of
+	undefined ->
+	    mnesia;
+	DBType ->
+	    try
+		v_db(Module, DBType)
+	    catch error:badarg ->
+		    ?WARNING_MSG("Module '~s' doesn't support database '~s' "
+				 "defined in option 'default_db', using "
+				 "'mnesia' as fallback", [Module, DBType]),
+		    mnesia
+	    end
+    end.
+
 get_modules_with_options() ->
    {ok, Mods} = application:get_key(ejabberd, modules),
    ExtMods = [Name || {Name, _Details} <- ext_mod:installed()],
+    AllMods = [?MODULE|ExtMods++Mods],
+    init_module_db_table(AllMods),
    lists:foldl(
      fun(Mod, D) ->
 	      case catch Mod:opt_type('') of
@@ -770,23 +914,30 @@ get_modules_with_options() ->
 		  {'EXIT', {undef, _}} ->
 		      D
 	      end
-      end, dict:new(), [?MODULE|ExtMods++Mods]).
+      end, dict:new(), AllMods).

 validate_opts(#state{opts = Opts} = State) ->
    ModOpts = get_modules_with_options(),
-    NewOpts = lists:filter(
-		fun(#local_config{key = {Opt, _Host}, value = Val}) ->
+    NewOpts = lists:filtermap(
+		fun(#local_config{key = {Opt, _Host}, value = Val} = In) ->
 			case dict:find(Opt, ModOpts) of
 			    {ok, [Mod|_]} ->
 				VFun = Mod:opt_type(Opt),
-				case catch VFun(Val) of
-				    {'EXIT', _} ->
+				try VFun(Val) of
+				    _ ->
+					true
+				catch {replace_with, NewVal} ->
+					{true, In#local_config{value = NewVal}};
+				      {invalid_syntax, Error} ->
+					?ERROR_MSG("ignoring option '~s' with "
+						   "invalid value: ~p: ~s",
+						   [Opt, Val, Error]),
+					false;
+				      _:_ ->
 					?ERROR_MSG("ignoring option '~s' with "
 						   "invalid value: ~p",
 						   [Opt, Val]),
-					false;
-				    _ ->
-					true
+					false
 				end;
 			    _ ->
 				?ERROR_MSG("unknown option '~s' will be likely"
@@ -798,11 +949,25 @@ validate_opts(#state{opts = Opts} = State) ->

 -spec get_vh_by_auth_method(atom()) -> [binary()].

-%% Return the list of hosts handled by a given module
+%% Return the list of hosts with a given auth method
 get_vh_by_auth_method(AuthMethod) ->
-    mnesia:dirty_select(local_config,
-			[{#local_config{key = {auth_method, '$1'},
-					value=AuthMethod},[],['$1']}]).
+    Cfgs = mnesia:dirty_match_object(local_config,
+				     #local_config{key = {auth_method, '_'},
+						   _ = '_'}),
+    lists:flatmap(
+      fun(#local_config{key = {auth_method, Host}, value = M}) ->
+	      Methods = if not is_list(M) -> [M];
+			   true -> M
+			end,
+	      case lists:member(AuthMethod, Methods) of
+		  true when Host == global ->
+		      get_myhosts();
+		  true ->
+		      [Host];
+		  false ->
+		      []
+	      end
+      end, Cfgs).

 %% @spec (Path::string()) -> true | false
 is_file_readable(Path) ->
@@ -836,20 +1001,20 @@ get_mylang() ->
      fun iolist_to_binary/1,
      <<"en">>).

-replace_module(mod_announce_odbc) -> {mod_announce, odbc};
-replace_module(mod_blocking_odbc) -> {mod_blocking, odbc};
-replace_module(mod_caps_odbc) -> {mod_caps, odbc};
-replace_module(mod_irc_odbc) -> {mod_irc, odbc};
-replace_module(mod_last_odbc) -> {mod_last, odbc};
-replace_module(mod_muc_odbc) -> {mod_muc, odbc};
-replace_module(mod_offline_odbc) -> {mod_offline, odbc};
-replace_module(mod_privacy_odbc) -> {mod_privacy, odbc};
-replace_module(mod_private_odbc) -> {mod_private, odbc};
-replace_module(mod_roster_odbc) -> {mod_roster, odbc};
-replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, odbc};
-replace_module(mod_vcard_odbc) -> {mod_vcard, odbc};
-replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, odbc};
-replace_module(mod_pubsub_odbc) -> {mod_pubsub, odbc};
+replace_module(mod_announce_odbc) -> {mod_announce, sql};
+replace_module(mod_blocking_odbc) -> {mod_blocking, sql};
+replace_module(mod_caps_odbc) -> {mod_caps, sql};
+replace_module(mod_irc_odbc) -> {mod_irc, sql};
+replace_module(mod_last_odbc) -> {mod_last, sql};
+replace_module(mod_muc_odbc) -> {mod_muc, sql};
+replace_module(mod_offline_odbc) -> {mod_offline, sql};
+replace_module(mod_privacy_odbc) -> {mod_privacy, sql};
+replace_module(mod_private_odbc) -> {mod_private, sql};
+replace_module(mod_roster_odbc) -> {mod_roster, sql};
+replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, sql};
+replace_module(mod_vcard_odbc) -> {mod_vcard, sql};
+replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, sql};
+replace_module(mod_pubsub_odbc) -> {mod_pubsub, sql};
 replace_module(Module) ->
    case is_elixir_module(Module) of
        true  -> expand_elixir_module(Module);
@@ -954,7 +1119,7 @@ transform_terms(Terms) ->
            mod_last,
            ejabberd_s2s,
            ejabberd_listener,
-            ejabberd_odbc_sup,
+            ejabberd_sql_sup,
            shaper,
            ejabberd_s2s_out,
            acl,
@@ -57,6 +57,8 @@
 -include("ejabberd.hrl").
 -include("logger.hrl").

+-define(DEFAULT_VERSION, 1000000).
+

 %%-----------------------------
 %% Module
@@ -69,7 +71,7 @@ start() ->
                                 [SNode3 | Args3] ->
                                     [SNode3, 60000, Args3];
                                 _ ->
-                                     print_usage(),
+                                     print_usage(?DEFAULT_VERSION),
                                     halt(?STATUS_USAGE)
                             end,
    SNode1 = case string:tokens(SNode, "@") of
@@ -93,6 +95,9 @@ start() ->
                           [Node, Reason]),
                     %% TODO: show minimal start help
                     ?STATUS_BADRPC;
+                 {invalid_version, V} ->
+                     print("Invalid API version number: ~p~n", [V]),
+                     ?STATUS_ERROR;
                 S ->
                     S
             end,
@@ -126,11 +131,17 @@ unregister_commands(CmdDescs, Module, Function) ->
 %% Process
 %%-----------------------------

+
 -spec process([string()]) -> non_neg_integer().
+process(Args) ->
+    process(Args, ?DEFAULT_VERSION).
+
+
+-spec process([string()], non_neg_integer()) -> non_neg_integer().

 %% The commands status, stop and restart are defined here to ensure
 %% they are usable even if ejabberd is completely stopped.
-process(["status"]) ->
+process(["status"], _Version) ->
    {InternalStatus, ProvidedStatus} = init:get_status(),
    print("The node ~p is ~p with status: ~p~n",
 	   [node(), InternalStatus, ProvidedStatus]),
@@ -146,24 +157,24 @@ process(["status"]) ->
            ?STATUS_SUCCESS
    end;

-process(["stop"]) ->
+process(["stop"], _Version) ->
    %%ejabberd_cover:stop(),
    init:stop(),
    ?STATUS_SUCCESS;

-process(["restart"]) ->
+process(["restart"], _Version) ->
    init:restart(),
    ?STATUS_SUCCESS;

-process(["mnesia"]) ->
+process(["mnesia"], _Version) ->
    print("~p~n", [mnesia:system_info(all)]),
    ?STATUS_SUCCESS;

-process(["mnesia", "info"]) ->
+process(["mnesia", "info"], _Version) ->
    mnesia:info(),
    ?STATUS_SUCCESS;

-process(["mnesia", Arg]) ->
+process(["mnesia", Arg], _Version) ->
    case catch mnesia:system_info(list_to_atom(Arg)) of
 	{'EXIT', Error} -> print("Error: ~p~n", [Error]);
 	Return -> print("~p~n", [Return])
@@ -172,23 +183,23 @@ process(["mnesia", Arg]) ->

 %% The arguments --long and --dual are not documented because they are
 %% automatically selected depending in the number of columns of the shell
-process(["help" | Mode]) ->
+process(["help" | Mode], Version) ->
    {MaxC, ShCode} = get_shell_info(),
    case Mode of
 	[] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--dual"] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--long"] ->
-	    print_usage(long, MaxC, ShCode),
+	    print_usage(long, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--tags"] ->
-	    print_usage_tags(MaxC, ShCode),
+	    print_usage_tags(MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["--tags", Tag] ->
-	    print_usage_tags(Tag, MaxC, ShCode),
+	    print_usage_tags(Tag, MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["help"] ->
 	    print_usage_help(MaxC, ShCode),
@@ -196,13 +207,22 @@ process(["help" | Mode]) ->
 	[CmdString | _] ->
 	    CmdStringU = ejabberd_regexp:greplace(
                           list_to_binary(CmdString), <<"-">>, <<"_">>),
-	    print_usage_commands(binary_to_list(CmdStringU), MaxC, ShCode),
+	    print_usage_commands2(binary_to_list(CmdStringU), MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS
    end;

-process(Args) ->
+process(["--version", Arg | Args], _) ->
+    Version = 
+	try
+	    list_to_integer(Arg)
+	catch _:_ ->
+		throw({invalid_version, Arg})
+	end,
+    process(Args, Version);
+
+process(Args, Version) ->
    AccessCommands = get_accesscommands(),
-    {String, Code} = process2(Args, AccessCommands),
+    {String, Code} = process2(Args, AccessCommands, Version),
    case String of
 	[] -> ok;
 	_ ->
@@ -211,18 +231,25 @@ process(Args) ->
    Code.

 %% @spec (Args::[string()], AccessCommands) -> {String::string(), Code::integer()}
-process2(["--auth", User, Server, Pass | Args], AccessCommands) ->
-    process2(Args, {list_to_binary(User), list_to_binary(Server), list_to_binary(Pass), true}, AccessCommands);
 process2(Args, AccessCommands) ->
-    process2(Args, admin, AccessCommands).
+    process2(Args, AccessCommands, ?DEFAULT_VERSION).

-process2(Args, Auth, AccessCommands) ->
-    case try_run_ctp(Args, Auth, AccessCommands) of
+%% @spec (Args::[string()], AccessCommands, Version) -> {String::string(), Code::integer()}
+process2(["--auth", User, Server, Pass | Args], AccessCommands, Version) ->
+    process2(Args, AccessCommands, {list_to_binary(User), list_to_binary(Server),
+				    list_to_binary(Pass), true}, Version);
+process2(Args, AccessCommands, Version) ->
+    process2(Args, AccessCommands, noauth, Version).
+
+
+
+process2(Args, AccessCommands, Auth, Version) ->
+    case try_run_ctp(Args, Auth, AccessCommands, Version) of
 	{String, wrong_command_arguments}
          when is_list(String) ->
 	    io:format(lists:flatten(["\n" | String]++["\n"])),
 	    [CommandString | _] = Args,
-            process(["help" | [CommandString]]),
+            process(["help" | [CommandString]], Version),
 	    {lists:flatten(String), ?STATUS_ERROR};
 	{String, Code}
          when is_list(String) and is_integer(Code) ->
@@ -246,29 +273,29 @@ get_accesscommands() ->
 %%-----------------------------

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_run_ctp(Args, Auth, AccessCommands) ->
+try_run_ctp(Args, Auth, AccessCommands, Version) ->
    try ejabberd_hooks:run_fold(ejabberd_ctl_process, false, [Args]) of
 	false when Args /= [] ->
-	    try_call_command(Args, Auth, AccessCommands);
+	    try_call_command(Args, Auth, AccessCommands, Version);
 	false ->
-	    print_usage(),
+	    print_usage(Version),
 	    {"", ?STATUS_USAGE};
 	Status ->
 	    {"", Status}
    catch
 	exit:Why ->
-	    print_usage(),
+	    print_usage(Version),
 	    {io_lib:format("Error in ejabberd ctl process: ~p", [Why]), ?STATUS_USAGE};
 	Error:Why ->
            %% In this case probably ejabberd is not started, so let's show Status
-            process(["status"]),
+            process(["status"], Version),
            print("~n", []),
 	    {io_lib:format("Error in ejabberd ctl process: '~p' ~p", [Error, Why]), ?STATUS_USAGE}
    end.

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_call_command(Args, Auth, AccessCommands) ->
-    try call_command(Args, Auth, AccessCommands) of
+try_call_command(Args, Auth, AccessCommands, Version) ->
+    try call_command(Args, Auth, AccessCommands, Version) of
 	{error, command_unknown} ->
 	    {io_lib:format("Error: command ~p not known.", [hd(Args)]), ?STATUS_ERROR};
 	{error, wrong_command_arguments} ->
@@ -276,24 +303,28 @@ try_call_command(Args, Auth, AccessCommands) ->
 	Res ->
 	    Res
    catch
+	throw:Error ->
+	    {io_lib:format("~p", [Error]), ?STATUS_ERROR};
 	A:Why ->
 	    Stack = erlang:get_stacktrace(),
 	    {io_lib:format("Problem '~p ~p' occurred executing the command.~nStacktrace: ~p", [A, Why, Stack]), ?STATUS_ERROR}
    end.

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()} | {error, ErrorType}
-call_command([CmdString | Args], Auth, AccessCommands) ->
+call_command([CmdString | Args], Auth, AccessCommands, Version) ->
    CmdStringU = ejabberd_regexp:greplace(
                   list_to_binary(CmdString), <<"-">>, <<"_">>),
    Command = list_to_atom(binary_to_list(CmdStringU)),
-    case ejabberd_commands:get_command_format(Command, Auth) of
+    case ejabberd_commands:get_command_format(Command, Auth, Version) of
 	{error, command_unknown} ->
 	    {error, command_unknown};
 	{ArgsFormat, ResultFormat} ->
 	    case (catch format_args(Args, ArgsFormat)) of
 		ArgsFormatted when is_list(ArgsFormatted) ->
-		    Result = ejabberd_commands:execute_command(AccessCommands, Auth, Command,
-							       ArgsFormatted),
+		    Result = ejabberd_commands:execute_command(AccessCommands, 
+							       Auth, Command,
+							       ArgsFormatted,
+							       Version),
 		    format_result(Result, ResultFormat);
 		{'EXIT', {function_clause,[{lists,zip,[A1, A2], _} | _]}} ->
 		    {NumCompa, TextCompa} =
@@ -404,8 +435,8 @@ make_status(ok) -> ?STATUS_SUCCESS;
 make_status(true) -> ?STATUS_SUCCESS;
 make_status(_Error) -> ?STATUS_ERROR.

-get_list_commands() ->
-    try ejabberd_commands:list_commands() of
+get_list_commands(Version) ->
+    try ejabberd_commands:list_commands(Version) of
 	Commands ->
 	    [tuple_command_help(Command)
 	     || {N,_,_}=Command <- Commands,
@@ -458,10 +489,10 @@ get_list_ctls() ->
 -define(U2, "\e[24m").
 -define(U(S), case ShCode of true -> [?U1, S, ?U2]; false -> S end).

-print_usage() ->
+print_usage(Version) ->
    {MaxC, ShCode} = get_shell_info(),
-    print_usage(dual, MaxC, ShCode).
-print_usage(HelpMode, MaxC, ShCode) ->
+    print_usage(dual, MaxC, ShCode, Version).
+print_usage(HelpMode, MaxC, ShCode, Version) ->
    AllCommands =
 	[
 	 {"status", [], "Get ejabberd status"},
@@ -469,12 +500,11 @@ print_usage(HelpMode, MaxC, ShCode) ->
 	 {"restart", [], "Restart ejabberd"},
 	 {"help", ["[--tags [tag] | com?*]"], "Show help (try: ejabberdctl help help)"},
 	 {"mnesia", ["[info]"], "show information of Mnesia system"}] ++
-	get_list_commands() ++
+	get_list_commands(Version) ++
 	get_list_ctls(),

    print(
-       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--auth ",
-	?U("user"), " ", ?U("host"), " ", ?U("password"), "] ",
+       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--version ", ?U("api_version"), "] ",
 	?U("command"), " [", ?U("options"), "]\n"
 	"\n"
 	"Available commands in this ejabberd node:\n"], []),
@@ -598,9 +628,9 @@ format_command_lines(CALD, _MaxCmdLen, MaxC, ShCode, long) ->
 %% Print Tags
 %%-----------------------------

-print_usage_tags(MaxC, ShCode) ->
+print_usage_tags(MaxC, ShCode, Version) ->
    print("Available tags and commands:", []),
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
    lists:foreach(
      fun({Tag, Commands} = _TagCommands) ->
 	      print(["\n\n  ", ?B(Tag), "\n     "], []),
@@ -611,10 +641,10 @@ print_usage_tags(MaxC, ShCode) ->
      TagsCommands),
    print("\n\n", []).

-print_usage_tags(Tag, MaxC, ShCode) ->
+print_usage_tags(Tag, MaxC, ShCode, Version) ->
    print(["Available commands with tag ", ?B(Tag), ":", "\n"], []),
    HelpMode = long,
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
    CommandsNames = case lists:keysearch(Tag, 1, TagsCommands) of
 			{value, {Tag, CNs}} -> CNs;
 			false -> []
@@ -622,7 +652,7 @@ print_usage_tags(Tag, MaxC, ShCode) ->
    CommandsList = lists:map(
 		     fun(NameString) ->
 			     C = ejabberd_commands:get_command_definition(
-                                   list_to_atom(NameString)),
+                                   list_to_atom(NameString), Version),
 			     #ejabberd_commands{name = Name,
 						args = Args,
 						desc = Desc} = C,
@@ -673,20 +703,20 @@ print_usage_help(MaxC, ShCode) ->
 %%-----------------------------

 %% @spec (CmdSubString::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_commands(CmdSubString, MaxC, ShCode) ->
+print_usage_commands2(CmdSubString, MaxC, ShCode, Version) ->
    %% Get which command names match this substring
-    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands()],
+    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands(Version)],
    Cmds = filter_commands(AllCommandsNames, CmdSubString),
    case Cmds of
-    	[] -> io:format("Error: not command found that match: ~p~n", [CmdSubString]);
-	_ -> print_usage_commands2(lists:sort(Cmds), MaxC, ShCode)
+    	[] -> io:format("Error: no command found that match: ~p~n", [CmdSubString]);
+	_ -> print_usage_commands3(lists:sort(Cmds), MaxC, ShCode, Version)
    end.

-print_usage_commands2(Cmds, MaxC, ShCode) ->
+print_usage_commands3(Cmds, MaxC, ShCode, Version) ->
    %% Then for each one print it
    lists:mapfoldl(
      fun(Cmd, Remaining) ->
-	      print_usage_command(Cmd, MaxC, ShCode),
+	      print_usage_command(Cmd, MaxC, ShCode, Version),
 	      case Remaining > 1 of
 		  true -> print([" ", lists:duplicate(MaxC, 126), " \n"], []);
 		  false -> ok
@@ -716,16 +746,16 @@ filter_commands_regexp(All, Glob) ->
      All).

 %% @spec (Cmd::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_command(Cmd, MaxC, ShCode) ->
+print_usage_command(Cmd, MaxC, ShCode, Version) ->
    Name = list_to_atom(Cmd),
-    case ejabberd_commands:get_command_definition(Name) of
+    case ejabberd_commands:get_command_definition(Name, Version) of
 	command_not_found ->
 	    io:format("Error: command ~p not known.~n", [Cmd]);
 	C ->
-	    print_usage_command(Cmd, C, MaxC, ShCode)
+	    print_usage_command2(Cmd, C, MaxC, ShCode)
    end.

-print_usage_command(Cmd, C, MaxC, ShCode) ->
+print_usage_command2(Cmd, C, MaxC, ShCode) ->
    #ejabberd_commands{
 		     tags = TagsAtoms,
 		     desc = Desc,
@@ -753,6 +753,7 @@ code_to_phrase(503) -> <<"Service Unavailable">>;
 code_to_phrase(504) -> <<"Gateway Timeout">>;
 code_to_phrase(505) -> <<"HTTP Version Not Supported">>.

+-spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined.
 parse_auth(<<"Basic ", Auth64/binary>>) ->
    Auth = jlib:decode_base64(Auth64),
    %% Auth should be a string with the format: user@server:password
@@ -32,7 +32,7 @@
 %% API
 -export([start_link/0]).

-export([route/3, route_iq/4, route_iq/5,
+-export([route/3, route_iq/4, route_iq/5, process_iq/3,
 	 process_iq_reply/3, register_iq_handler/4,
 	 register_iq_handler/5, register_iq_response_handler/4,
 	 register_iq_response_handler/5, unregister_iq_handler/2,
@@ -74,7 +74,7 @@ start_link() ->
 process_iq(From, To, Packet) ->
    IQ = jlib:iq_query_info(Packet),
    case IQ of
-      #iq{xmlns = XMLNS} ->
+      #iq{xmlns = XMLNS, lang = Lang} ->
 	  Host = To#jid.lserver,
 	  case ets:lookup(?IQTABLE, {XMLNS, Host}) of
 	    [{_, Module, Function}] ->
@@ -87,8 +87,10 @@ process_iq(From, To, Packet) ->
 		gen_iq_handler:handle(Host, Module, Function, Opts,
 				      From, To, IQ);
 	    [] ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_FEATURE_NOT_IMPLEMENTED),
+		Txt = <<"No module is handling this query">>,
+		Err = jlib:make_error_reply(
+			Packet,
+			?ERRT_FEATURE_NOT_IMPLEMENTED(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end;
      reply ->
@@ -166,8 +168,10 @@ refresh_iq_handlers() ->
    ejabberd_local ! refresh_iq_handlers.

 bounce_resource_packet(From, To, Packet) ->
+    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+    Txt = <<"No available resource found">>,
    Err = jlib:make_error_reply(Packet,
-				?ERR_ITEM_NOT_FOUND),
+				?ERRT_ITEM_NOT_FOUND(Lang, Txt)),
    ejabberd_router:route(To, From, Err),
    stop.

@@ -178,6 +182,7 @@ bounce_resource_packet(From, To, Packet) ->
 init([]) ->
    lists:foreach(fun (Host) ->
 			  ejabberd_router:register_route(Host,
+							 Host,
 							 {apply, ?MODULE,
 							  route}),
 			  ejabberd_hooks:add(local_send_to_resource_hook, Host,
@@ -266,7 +271,16 @@ do_route(From, To, Packet) ->
 	   #xmlel{name = Name} = Packet,
 	   case Name of
 	     <<"iq">> -> process_iq(From, To, Packet);
-	     <<"message">> -> ok;
+	     <<"message">> ->
+		 #xmlel{attrs = Attrs} = Packet,
+		 case fxml:get_attr_s(<<"type">>, Attrs) of
+		   <<"headline">> -> ok;
+		   <<"error">> -> ok;
+		   _ ->
+		       Err = jlib:make_error_reply(Packet,
+						   ?ERR_SERVICE_UNAVAILABLE),
+		       ejabberd_router:route(To, From, Err)
+		 end;
 	     <<"presence">> -> ok;
 	     _ -> ok
 	   end;
@@ -50,6 +50,7 @@
 %% "ejabberd.log" in current directory.
 %% Note: If the directory where to place the ejabberd log file to not exist,
 %% it is not created and no log file will be generated.
+%% @spec () -> string()
 get_log_path() ->
    case ejabberd_config:env_binary_to_list(ejabberd, log_path) of
 	{ok, Path} ->
@@ -99,7 +100,33 @@ get_string_env(Name, Default) ->
            Default
    end.

+%% @spec () -> ok
 start() ->
+    StartedApps = application:which_applications(5000),
+    case lists:keyfind(logger, 1, StartedApps) of
+        %% Elixir logger is started. We assume everything is in place
+        %% to use lager to Elixir logger bridge.
+        {logger, _, _} ->
+            error_logger:info_msg("Ignoring ejabberd logger options, using Elixir Logger.", []),
+            %% Do not start lager, we rely on Elixir Logger
+            do_start_for_logger();
+        _ ->
+            do_start()
+    end.
+
+do_start_for_logger() ->
+    application:load(sasl),
+    application:set_env(sasl, sasl_error_logger, false),
+    application:load(lager),
+    application:set_env(lager, error_logger_redirect, false),
+    application:set_env(lager, error_logger_whitelist, ['Elixir.Logger.ErrorHandler']),
+    application:set_env(lager, crash_log, false),
+    application:set_env(lager, handlers, [{elixir_logger_backend, [{level, info}]}]),
+    ejabberd:start_app(lager),
+    ok.
+
+%% Start lager
+do_start() ->
    application:load(sasl),
    application:set_env(sasl, sasl_error_logger, false),
    application:load(lager),
@@ -126,10 +153,12 @@ start() ->
    ejabberd:start_app(lager),
    ok.

+%% @spec () -> ok
 reopen_log() ->
    %% Lager detects external log rotation automatically.
    ok.

+%% @spec () -> ok
 rotate_log() ->
    lager_crash_log ! rotate,
    lists:foreach(
@@ -139,8 +168,9 @@ rotate_log() ->
              ok
      end, gen_event:which_handlers(lager_event)).

+%% @spec () -> {loglevel(), atom(), string()}
 get() ->
-    case lager:get_loglevel(lager_console_backend) of
+    case get_lager_loglevel() of
        none -> {0, no_log, "No log"};
        emergency -> {1, critical, "Critical"};
        alert -> {1, critical, "Critical"};
@@ -152,6 +182,7 @@ get() ->
        debug -> {5, debug, "Debug"}
    end.

+%% @spec (loglevel() | {loglevel(), list()}) -> {module, module()}
 set(LogLevel) when is_integer(LogLevel) ->
    LagerLogLevel = case LogLevel of
                        0 -> none;
@@ -162,7 +193,7 @@ set(LogLevel) when is_integer(LogLevel) ->
                        5 -> debug;
 			E ->  throw({wrong_loglevel, E})
                    end,
-    case lager:get_loglevel(lager_console_backend) of
+    case get_lager_loglevel() of
        LagerLogLevel ->
            ok;
        _ ->
@@ -172,6 +203,8 @@ set(LogLevel) when is_integer(LogLevel) ->
                      lager:set_loglevel(H, LagerLogLevel);
                 (lager_console_backend = H) ->
                      lager:set_loglevel(H, LagerLogLevel);
+                 (elixir_logger_backend = H) ->
+                      lager:set_loglevel(H, LagerLogLevel);
                 (_) ->
                      ok
              end, gen_event:which_handlers(lager_event))
@@ -180,3 +213,22 @@ set(LogLevel) when is_integer(LogLevel) ->
 set({_LogLevel, _}) ->
    error_logger:error_msg("custom loglevels are not supported for 'lager'"),
    {module, lager}.
+
+get_lager_loglevel() ->
+    Handlers = get_lager_handlers(),
+    lists:foldl(fun(lager_console_backend, _Acc) ->
+                        lager:get_loglevel(lager_console_backend);
+                   (elixir_logger_backend, _Acc) ->
+                        lager:get_loglevel(elixir_logger_backend);
+                   (_, Acc) ->
+                        Acc
+                end,
+                none, Handlers).
+
+get_lager_handlers() ->
+    case catch gen_event:which_handlers(lager_event) of
+        {'EXIT',noproc} ->
+            [];
+        Result ->
+            Result
+    end.
@@ -39,6 +39,7 @@
         authenticate_user/2,
         authenticate_client/2,
         verify_resowner_scope/3,
+         verify_client_scope/3,
         associate_access_code/3,
         associate_access_token/3,
         associate_refresh_token/3,
@@ -47,6 +48,8 @@
         process/2,
         opt_type/1]).

+-export([oauth_issue_token/1, oauth_list_tokens/0, oauth_revoke_token/1, oauth_list_scopes/0]).
+
 -include("jlib.hrl").

 -include("ejabberd.hrl").
@@ -55,9 +58,16 @@
 -include("ejabberd_http.hrl").
 -include("ejabberd_web_admin.hrl").

+-include("ejabberd_commands.hrl").
+
+
+%% There are two ways to obtain an oauth token:
+%%   * Using the web form/api results in the token being generated in behalf of the user providing the user/pass
+%%   * Using the command line and oauth_issue_token command, the token is generated in behalf of ejabberd' sysadmin
+%%    (as it has access to ejabberd command line).
 -record(oauth_token, {
          token = {<<"">>, <<"">>} :: {binary(), binary()},
-          us = {<<"">>, <<"">>}    :: {binary(), binary()},
+          us = {<<"">>, <<"">>}    :: {binary(), binary()} | server_admin,
          scope = []               :: [binary()],
          expire                   :: integer()
         }).
@@ -73,8 +83,77 @@ start() ->
    ChildSpec = {?MODULE, {?MODULE, start_link, []},
 		 temporary, 1000, worker, [?MODULE]},
    supervisor:start_child(ejabberd_sup, ChildSpec),
+    ejabberd_commands:register_commands(get_commands_spec()),
    ok.

+
+get_commands_spec() ->
+    [
+     #ejabberd_commands{name = oauth_issue_token, tags = [oauth],
+                        desc = "Issue an oauth token. Available scopes are the ones usable by ejabberd admins",
+                        module = ?MODULE, function = oauth_issue_token,
+                        args = [{scopes, string}],
+                        policy = restricted,
+                        args_example = ["connected_users_number;muc_online_rooms"],
+                        args_desc = ["List of scopes to allow, separated by ';'"],
+                        result = {result, {tuple, [{token, string}, {scopes, string}, {expires_in, string}]}}
+                       },
+     #ejabberd_commands{name = oauth_list_tokens, tags = [oauth],
+                        desc = "List oauth tokens, their scope, and how many seconds remain until expirity",
+                        module = ?MODULE, function = oauth_list_tokens,
+                        args = [],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {scope, string}, {expires_in, string}]}}}}
+                       },
+     #ejabberd_commands{name = oauth_list_scopes, tags = [oauth],
+                        desc = "List scopes that can be granted to tokens generated through the command line",
+                        module = ?MODULE, function = oauth_list_scopes,
+                        args = [],
+                        policy = restricted,
+                        result = {scopes, {list, {scope, string}}}
+                       },
+     #ejabberd_commands{name = oauth_revoke_token, tags = [oauth],
+                        desc = "Revoke authorization for a token",
+                        module = ?MODULE, function = oauth_revoke_token,
+                        args = [{token, string}],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {scope, string}, {expires_in, string}]}}}},
+                        result_desc = "List of remaining tokens"
+                       }
+    ].
+
+oauth_issue_token(ScopesString) ->
+    Scopes = [list_to_binary(Scope) || Scope <- string:tokens(ScopesString, ";")],
+    case oauth2:authorize_client_credentials(ejabberd_ctl, Scopes, none) of
+        {ok, {_AppCtx, Authorization}} ->
+            {ok, {_AppCtx2, Response}} = oauth2:issue_token(Authorization, none),
+            {ok, AccessToken} = oauth2_response:access_token(Response),
+            {ok, Expires} = oauth2_response:expires_in(Response),
+            {ok, VerifiedScope} = oauth2_response:scope(Response),
+            {AccessToken, VerifiedScope, integer_to_list(Expires) ++ " seconds"};
+        {error, Error} ->
+            {error, Error}
+    end.
+
+oauth_list_tokens() ->
+    Tokens = mnesia:dirty_match_object(#oauth_token{us = server_admin, _ = '_'}),
+    {MegaSecs, Secs, _MiniSecs} = os:timestamp(),
+    TS = 1000000 * MegaSecs + Secs,
+    [{Token, Scope, integer_to_list(Expires - TS) ++ " seconds"} ||
+        #oauth_token{token=Token, scope=Scope, expire=Expires} <- Tokens].
+
+
+oauth_revoke_token(Token) ->
+    ok = mnesia:dirty_delete(oauth_token, list_to_binary(Token)),
+    oauth_list_tokens().
+
+oauth_list_scopes() ->
+    get_cmd_scopes().
+
+
+
+
+
 start_link() ->
    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).

@@ -130,11 +209,11 @@ authenticate_user({User, Server}, {password, Password} = Ctx) ->
            Access =
                ejabberd_config:get_option(
                  {oauth_access, JID#jid.lserver},
-                  fun(A) when is_atom(A) -> A end,
+		  fun(A) -> A end,
                  none),
            case acl:match_rule(JID#jid.lserver, Access, JID) of
                allow ->
-                    case ejabberd_auth:check_password(User, Server, Password) of
+                    case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
                        true ->
                            {ok, {Ctx, {user, User, Server}}};
                        false ->
@@ -164,20 +243,46 @@ verify_resowner_scope(_, _, _) ->
    {error, badscope}.


+get_cmd_scopes() ->
+    Cmds = lists:filter(fun(Cmd) -> case ejabberd_commands:get_command_policy(Cmd) of
+                                        {ok, Policy} when Policy =/= restricted -> true;
+                                        _ -> false
+                                    end end,
+                        ejabberd_commands:get_commands()),
+    [atom_to_binary(C, utf8) || C <- Cmds].
+
+%% This is callback for oauth tokens generated through the command line.  Only open and admin commands are
+%% made available.
+verify_client_scope({client, ejabberd_ctl}, Scope, Ctx) ->
+    RegisteredScope = get_cmd_scopes(),
+    case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
+                                   oauth2_priv_set:new(RegisteredScope)) of
+        true ->
+            {ok, {Ctx, Scope}};
+        false ->
+            {error, badscope}
+    end.
+
+
+
+
+
 associate_access_code(_AccessCode, _Context, AppContext) ->
    %put(?ACCESS_CODE_TABLE, AccessCode, Context),
    {ok, AppContext}.

 associate_access_token(AccessToken, Context, AppContext) ->
-    {user, User, Server} =
-        proplists:get_value(<<"resource_owner">>, Context, <<"">>),
+    %% Tokens generated using the API/WEB belongs to users and always include the user, server pair.
+    %% Tokens generated form command line aren't tied to an user, and instead belongs to the ejabberd sysadmin
+    US = case proplists:get_value(<<"resource_owner">>, Context, <<"">>) of
+                               {user, User, Server} -> {jid:nodeprep(User), jid:nodeprep(Server)};
+                               undefined -> server_admin
+                           end,
    Scope = proplists:get_value(<<"scope">>, Context, []),
    Expire = proplists:get_value(<<"expiry_time">>, Context, 0),
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
    R = #oauth_token{
      token = AccessToken,
-      us = {LUser, LServer},
+      us = US,
      scope = Scope,
      expire = Expire
     },
@@ -207,7 +312,7 @@ check_token(User, Server, Scope, Token) ->

 check_token(Scope, Token) ->
    case catch mnesia:dirty_read(oauth_token, Token) of
-        [#oauth_token{us = {LUser, LServer},
+        [#oauth_token{us = US,
                      scope = TokenScope,
                      expire = Expire}] ->
            {MegaSecs, Secs, _} = os:timestamp(),
@@ -215,7 +320,10 @@ check_token(Scope, Token) ->
            case oauth2_priv_set:is_member(
                   Scope, oauth2_priv_set:new(TokenScope)) andalso
                Expire > TS of
-                true -> {ok, LUser, LServer};
+                true -> case US of
+                            {LUser, LServer} -> {ok, user, {LUser, LServer}};
+                            server_admin -> {ok, server_admin}
+                        end;
                false -> false
            end;
        _ ->
@@ -486,5 +594,5 @@ logo() ->
 opt_type(oauth_expire) ->
    fun(I) when is_integer(I), I >= 0 -> I end;
 opt_type(oauth_access) ->
-    fun(A) when is_atom(A) -> A end;
+    fun acl:access_rules_validator/1;
 opt_type(_) -> [oauth_expire, oauth_access].
@@ -28,8 +28,8 @@

 %%% Not implemented:
 %%% - write mod_piefxis with ejabberdctl commands
-%%% - Export from mod_offline_odbc.erl
-%%% - Export from mod_private_odbc.erl
+%%% - Export from mod_offline_sql.erl
+%%% - Export from mod_private_sql.erl
 %%% - XEP-227: 6. Security Considerations
 %%% - Other schemas of XInclude are not tested, and may not be imported correctly.
 %%% - If a host has many users, split that host in XML files with 50 users each.
@@ -80,7 +80,6 @@ import_file(FileName) ->
    import_file(FileName, #state{}).

 -spec import_file(binary(), state()) -> ok | {error, atom()}.
-
 import_file(FileName, State) ->
    case file:open(FileName, [read, binary]) of
 	{ok, Fd} ->
@@ -97,72 +96,14 @@ import_file(FileName, State) ->
            {error, Reason}
    end.

-%%%==================================
-%%%% Process Elements
-%%%==================================
-%%%% Process Element
-%%%==================================
-%%%% Add user
-%% @spec (El::xmlel(), Domain::string(), User::binary(), Password::binary() | none)
-%%       -> ok | {error, ErrorText::string()}
-%% @doc Add a new user to the database.
-%% If user already exists, it will be only updated.
 -spec export_server(binary()) -> any().
-
-%% @spec (User::string(), Password::string(), Domain::string())
-%%       -> ok | {atomic, exists} | {error, not_allowed}
-%% @doc  Create a new user
 export_server(Dir) ->
    export_hosts(?MYHOSTS, Dir).

-%%%==================================
-%%%% Populate user
-%% @spec (User::string(), Domain::string(), El::xml())
-%%      -> ok | {error, not_found}
-%%
-%% @doc  Add a new user from a XML file with a roster list.
-%%
-%% Example of a file:
-%% ```
-%% <?xml version='1.0' encoding='UTF-8'?>
-%% <server-data xmlns='http://www.xmpp.org/extensions/xep-0227.html#ns'>
-%%   <host jid='localhost'>
-%%     <user name='juliet' password='s3crEt'>
-%%       <query xmlns='jabber:iq:roster'>
-%%         <item jid='romeo@montague.net'
-%%               name='Romeo'
-%%               subscription='both'>
-%%           <group>Friends</group>
-%%         </item>
-%%       </query>
-%%     </user>
-%%   </host>
-%%  </server-data>
-%% '''
 -spec export_host(binary(), binary()) -> any().
-
 export_host(Dir, Host) ->
    export_hosts([Host], Dir).

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with vCard tags values
-%% @ret  ok | {error, not_found}
-%% @doc  Read vcards from the XML and send it to the server
-%%
-%% Example:
-%% ```
-%% <?xml version='1.0' encoding='UTF-8'?>
-%% <server-data xmlns='http://www.xmpp.org/extensions/xep-0227.html#ns'>
-%%   <host jid='localhost'>
-%%     <user name='admin' password='s3crEt'>
-%%       <vCard xmlns='vcard-temp'>
-%%         <FN>Admin</FN>
-%%       </vCard>
-%%     </user>
-%%   </host>
-%% </server-data>
-%% '''
 %%%===================================================================
 %%% Internal functions
 %%%===================================================================
@@ -194,11 +135,6 @@ export_hosts(Hosts, Dir) ->
            {error, Reason}
    end.

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with offline messages values
-%% @ret  ok | {error, not_found}
-%% @doc  Read off-line message from the XML and send it to the server
 export_host(Dir, FnH, Host) ->
    DFn = make_host_basefilename(Dir, FnH),
    case file:open(DFn, [raw, write]) of
@@ -223,11 +159,6 @@ export_host(Dir, FnH, Host) ->
            {error, Reason}
    end.

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with private storage values
-%% @ret  ok | {error, not_found}
-%% @doc  Private storage parsing
 export_users([{User, _S}|Users], Server, Fd) ->
    case export_user(User, Server, Fd) of
        ok ->
@@ -238,8 +169,6 @@ export_users([{User, _S}|Users], Server, Fd) ->
 export_users([], _Server, _Fd) ->
    ok.

-%%%==================================
-%%%% Utilities
 export_user(User, Server, Fd) ->
    Password = ejabberd_auth:get_password_s(User, Server),
    LServer = jid:nameprep(Server),
@@ -289,7 +218,6 @@ get_vcard(User, Server) ->
            []
    end.

-%%%==================================
 get_offline(User, Server) ->
    case mod_offline:get_offline_els(User, Server) of
        [] ->
@@ -306,7 +234,6 @@ get_offline(User, Server) ->
            [#xmlel{name = <<"offline-messages">>, children = NewEls}]
    end.

-%%%% Export hosts
 get_privacy(User, Server) ->
    case mod_privacy:get_user_lists(User, Server) of
        {ok, #privacy{default = Default,
@@ -333,7 +260,6 @@ get_privacy(User, Server) ->
            []
    end.

-%% @spec (Dir::string(), Hosts::[string()]) -> ok
 get_roster(User, Server) ->
    JID = jid:make(User, Server, <<>>),
    case mod_roster:get_roster(User, Server) of
@@ -576,8 +502,6 @@ process_roster(El, State = #state{user = U, server = S}) ->
            stop("Failed to write roster: ~p", [Err])
    end.

-%%%==================================
-%%%% Export server
 process_privacy(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_privacy:process_iq_set(
@@ -603,7 +527,6 @@ process_privacy(El, State = #state{user = U, server = S}) ->
            {ok, State}
    end.

-%% @spec (Dir::string()) -> ok
 process_private(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_private:process_sm_iq(
@@ -614,8 +537,6 @@ process_private(El, State = #state{user = U, server = S}) ->
            stop("Failed to write private: ~p", [Err])
    end.

-%%%==================================
-%%%% Export host
 process_vcard(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_vcard:process_sm_iq(
@@ -626,7 +547,6 @@ process_vcard(El, State = #state{user = U, server = S}) ->
            stop("Failed to write vcard: ~p", [Err])
    end.

-%% @spec (Dir::string(), Host::string()) -> ok
 process_offline_msg(El, State = #state{user = U, server = S}) ->
    FromS = fxml:get_attr_s(<<"from">>, El#xmlel.attrs),
    case jid:from_string(FromS) of
@@ -643,7 +563,6 @@ process_offline_msg(El, State = #state{user = U, server = S}) ->
            stop("Invalid 'from' = ~s", [FromS])
    end.

-%% @spec (Dir::string(), Fn::string(), Host::string()) -> ok
 process_presence(El, #state{user = U, server = S} = State) ->
    FromS = fxml:get_attr_s(<<"from">>, El#xmlel.attrs),
    case jid:from_string(FromS) of
@@ -35,10 +35,10 @@
 -include("logger.hrl").

 start() ->
-    file:delete(ejabberd_odbc:freetds_config()),
-    file:delete(ejabberd_odbc:odbc_config()),
-    file:delete(ejabberd_odbc:odbcinst_config()),
-    case lists:any(fun(H) -> needs_odbc(H) /= false end,
+    file:delete(ejabberd_sql:freetds_config()),
+    file:delete(ejabberd_sql:odbc_config()),
+    file:delete(ejabberd_sql:odbcinst_config()),
+    case lists:any(fun(H) -> needs_sql(H) /= false end,
                   ?MYHOSTS) of
        true ->
            start_hosts();
@@ -49,34 +49,34 @@ start() ->
 %% Start relationnal DB module on the nodes where it is needed
 start_hosts() ->
    lists:foreach(fun (Host) ->
-			  case needs_odbc(Host) of
-			    {true, App} -> start_odbc(Host, App);
+			  case needs_sql(Host) of
+			    {true, App} -> start_sql(Host, App);
 			    false -> ok
 			  end
 		  end,
 		  ?MYHOSTS).

-%% Start the ODBC module on the given host
-start_odbc(Host, App) ->
+%% Start the SQL module on the given host
+start_sql(Host, App) ->
    ejabberd:start_app(App),
    Supervisor_name = gen_mod:get_module_proc(Host,
-					      ejabberd_odbc_sup),
+					      ejabberd_sql_sup),
    ChildSpec = {Supervisor_name,
-		 {ejabberd_odbc_sup, start_link, [Host]}, transient,
-		 infinity, supervisor, [ejabberd_odbc_sup]},
+		 {ejabberd_sql_sup, start_link, [Host]}, transient,
+		 infinity, supervisor, [ejabberd_sql_sup]},
    case supervisor:start_child(ejabberd_sup, ChildSpec) of
      {ok, _PID} -> ok;
      _Error ->
 	  ?ERROR_MSG("Start of supervisor ~p failed:~n~p~nRetrying."
 		     "..~n",
 		     [Supervisor_name, _Error]),
-	  start_odbc(Host, App)
+	  start_sql(Host, App)
    end.

-%% Returns {true, App} if we have configured odbc for the given host
-needs_odbc(Host) ->
+%% Returns {true, App} if we have configured sql for the given host
+needs_sql(Host) ->
    LHost = jid:nameprep(Host),
-    case ejabberd_config:get_option({odbc_type, LHost},
+    case ejabberd_config:get_option({sql_type, LHost},
                                    fun(mysql) -> mysql;
                                       (pgsql) -> pgsql;
                                       (sqlite) -> sqlite;
@@ -91,11 +91,11 @@ needs_odbc(Host) ->
        undefined -> false
    end.

-opt_type(odbc_type) ->
+opt_type(sql_type) ->
    fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
 	(mssql) -> mssql;
 	(odbc) -> odbc
    end;
-opt_type(_) -> [odbc_type].
+opt_type(_) -> [sql_type].
@@ -141,6 +141,7 @@ handle_call({starttls, TLSSocket}, _From, State) ->
 handle_call({compress, Data}, _From,
 	    #state{socket = Socket, sock_mod = SockMod} =
 		State) ->
+    ejabberd:start_app(ezlib),
    {ok, ZlibSocket} = ezlib:enable_zlib(SockMod,
 						 Socket),
    if Data /= undefined -> do_send(State, Data);
@@ -0,0 +1,179 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created :  8 May 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(ejabberd_redis).
+
+-behaviour(gen_server).
+-behaviour(ejabberd_config).
+
+%% API
+-export([start/0, start_link/0, q/1, qp/1, opt_type/1]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+-define(SERVER, ?MODULE).
+-define(PROCNAME, 'ejabberd_redis_client').
+
+-include("logger.hrl").
+-include("ejabberd.hrl").
+
+-record(state, {}).
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+start() ->
+    case lists:any(
+	   fun(Host) ->
+		   is_redis_configured(Host)
+	   end, ?MYHOSTS) of
+	true ->
+	    Spec = {?MODULE, {?MODULE, start_link, []},
+		    permanent, 2000, worker, [?MODULE]},
+	    supervisor:start_child(ejabberd_sup, Spec);
+	false ->
+	    ok
+    end.
+
+q(Command) ->
+    try eredis:q(?PROCNAME, Command)
+    catch _:Reason -> {error, Reason}
+    end.
+
+qp(Pipeline) ->
+    try eredis:qp(?PROCNAME, Pipeline)
+    catch _:Reason -> {error, Reason}
+    end.
+
+%%%===================================================================
+%%% gen_server callbacks
+%%%===================================================================
+init([]) ->
+    process_flag(trap_exit, true),
+    connect(),
+    {ok, #state{}}.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(connect, State) ->
+    connect(),
+    {noreply, State};
+handle_info({'DOWN', _MRef, _Type, _Pid, Reason}, State) ->
+    ?INFO_MSG("Redis connection has failed: ~p", [Reason]),
+    connect(),
+    {noreply, State};
+handle_info({'EXIT', _, _}, State) ->
+    {noreply, State};
+handle_info(Info, State) ->
+    ?INFO_MSG("unexpected info = ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+is_redis_configured(Host) ->
+    ServerConfigured = ejabberd_config:has_option({redis_server, Host}),
+    PortConfigured = ejabberd_config:has_option({redis_port, Host}),
+    DBConfigured = ejabberd_config:has_option({redis_db, Host}),
+    PassConfigured = ejabberd_config:has_option({redis_password, Host}),
+    ReconnTimeoutConfigured = ejabberd_config:has_option(
+				{redis_reconnect_timeout, Host}),
+    ConnTimeoutConfigured = ejabberd_config:has_option(
+			      {redis_connect_timeout, Host}),
+    Modules = ejabberd_config:get_option(
+		{modules, Host},
+		fun(L) when is_list(L) -> L end, []),
+    SMConfigured = ejabberd_config:get_option(
+		     {sm_db_type, Host},
+		     fun(V) -> V end) == redis,
+    ModuleWithRedisDBConfigured =
+	lists:any(
+	  fun({Module, Opts}) ->
+		  gen_mod:db_type(Host, Opts, Module) == redis
+	  end, Modules),
+    ServerConfigured or PortConfigured or DBConfigured or PassConfigured or
+	ReconnTimeoutConfigured or ConnTimeoutConfigured or
+	SMConfigured or ModuleWithRedisDBConfigured.
+
+iolist_to_list(IOList) ->
+    binary_to_list(iolist_to_binary(IOList)).
+
+connect() ->
+    Server = ejabberd_config:get_option(redis_server,
+					fun iolist_to_list/1,
+					"localhost"),
+    Port = ejabberd_config:get_option(redis_port,
+				      fun(P) when is_integer(P),
+						  P>0, P<65536 ->
+					      P
+				      end, 6379),
+    DB = ejabberd_config:get_option(redis_db,
+				    fun(I) when is_integer(I), I >= 0 ->
+					    I
+				    end, 0),
+    Pass = ejabberd_config:get_option(redis_password,
+				      fun iolist_to_list/1,
+				      ""),
+    ReconnTimeout = timer:seconds(
+		      ejabberd_config:get_option(
+			redis_reconnect_timeout,
+			fun(I) when is_integer(I), I>0 -> I end,
+			1)),
+    ConnTimeout = timer:seconds(
+		    ejabberd_config:get_option(
+		      redis_connect_timeout,
+		      fun(I) when is_integer(I), I>0 -> I end,
+		      1)),
+    try case eredis:start_link(Server, Port, DB, Pass,
+			       ReconnTimeout, ConnTimeout) of
+	    {ok, Client} ->
+		?INFO_MSG("Connected to Redis at ~s:~p", [Server, Port]),
+		unlink(Client),
+		erlang:monitor(process, Client),
+		register(?PROCNAME, Client),
+		{ok, Client};
+	    {error, Why} ->
+		erlang:error(Why)
+	end
+    catch _:Reason ->
+	    Timeout = 10,
+	    ?ERROR_MSG("Redis connection at ~s:~p has failed: ~p; "
+		       "reconnecting in ~p seconds",
+		       [Server, Port, Reason, Timeout]),
+	    erlang:send_after(timer:seconds(Timeout), self(), connect)
+    end.
+
+opt_type(redis_connect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_db) ->
+    fun (I) when is_integer(I), I >= 0 -> I end;
+opt_type(redis_password) -> fun iolist_to_list/1;
+opt_type(redis_port) ->
+    fun (P) when is_integer(P), P > 0, P < 65536 -> P end;
+opt_type(redis_reconnect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_server) -> fun iolist_to_list/1;
+opt_type(_) ->
+    [redis_connect_timeout, redis_db, redis_password,
+     redis_port, redis_reconnect_timeout, redis_server].
@@ -28,7 +28,7 @@
 -behaviour(gen_server).

 %% API
-export([start_link/4, get_proc/1, make_bucket/1, put/2, put/3,
+-export([start_link/5, get_proc/1, make_bucket/1, put/2, put/3,
         get/2, get/3, get_by_index/4, delete/1, delete/2,
         count_by_index/3, get_by_index_range/5,
         get_keys/1, get_keys_by_index/3, is_connected/0,
@@ -68,12 +68,20 @@
 %%% API
 %%%===================================================================
 %% @private
-start_link(Num, Server, Port, _StartInterval) ->
-    gen_server:start_link({local, get_proc(Num)}, ?MODULE, [Server, Port], []).
+start_link(Num, Server, Port, _StartInterval, Options) ->
+    gen_server:start_link({local, get_proc(Num)}, ?MODULE, [Server, Port, Options], []).

 %% @private
 is_connected() ->
-    catch riakc_pb_socket:is_connected(get_random_pid()).
+    lists:all(
+      fun({_Id, Pid, _Type, _Modules}) when is_pid(Pid) ->
+	      case catch riakc_pb_socket:is_connected(get_riak_pid(Pid)) of
+		  true -> true;
+		  _ -> false
+	      end;
+	 (_) ->
+	      false
+      end, supervisor:which_children(ejabberd_riak_sup)).

 %% @private
 get_proc(I) ->
@@ -429,10 +437,8 @@ map_key(Obj, _, _) ->
 %%% gen_server API
 %%%===================================================================
 %% @private
-init([Server, Port]) ->
-    case riakc_pb_socket:start(
-           Server, Port,
-           [auto_reconnect]) of
+init([Server, Port, Options]) ->
+    case riakc_pb_socket:start(Server, Port, Options) of
        {ok, Pid} ->
            erlang:monitor(process, Pid),
            {ok, #state{pid = Pid}};
@@ -517,6 +523,9 @@ make_invalid_object(Val) ->

 get_random_pid() ->
    PoolPid = ejabberd_riak_sup:get_random_pid(),
+    get_riak_pid(PoolPid).
+
+get_riak_pid(PoolPid) ->
    case catch gen_server:call(PoolPid, get_pid) of
 	{ok, Pid} ->
 	    Pid;
@@ -70,8 +70,8 @@ is_riak_configured(Host) ->
 		{modules, Host},
 		fun(L) when is_list(L) -> L end, []),
    ModuleWithRiakDBConfigured = lists:any(
-				   fun({_Module, Opts}) ->
-					   gen_mod:db_type(Host, Opts) == riak
+				   fun({Module, Opts}) ->
+					   gen_mod:db_type(Host, Opts, Module) == riak
 				   end, Modules),
    ServerConfigured or PortConfigured
 	or AuthConfigured or ModuleWithRiakDBConfigured.
@@ -103,12 +103,27 @@ init([]) ->
    StartInterval = get_start_interval(),
    Server = get_riak_server(),
    Port = get_riak_port(),
+    CACertFile = get_riak_cacertfile(),
+    Username = get_riak_username(),
+    Password = get_riak_password(),
+    Options = lists:filter(
+		fun(X) -> X /= nil end,
+		[auto_reconnect,
+		 {keepalive, true},
+		 if CACertFile /= nil -> {cacertfile ,CACertFile};
+		    true -> nil
+		 end,
+		 if (Username /= nil) and (Password /= nil) ->
+			 {credentials, Username, Password};
+		    true -> nil
+		 end
+		]),
    {ok, {{one_for_one, PoolSize*10, 1},
 	  lists:map(
 	    fun(I) ->
 		    {ejabberd_riak:get_proc(I),
 		     {ejabberd_riak, start_link,
-                      [I, Server, Port, StartInterval*1000]},
+                      [I, Server, Port, StartInterval*1000, Options]},
 		     transient, 2000, worker, [?MODULE]}
 	    end, lists:seq(1, PoolSize))}}.

@@ -131,6 +146,27 @@ get_riak_server() ->
 	      binary_to_list(iolist_to_binary(S))
      end, ?DEFAULT_RIAK_HOST).

+get_riak_cacertfile() ->
+    ejabberd_config:get_option(
+      riak_cacertfile,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
+get_riak_username() ->
+    ejabberd_config:get_option(
+      riak_username,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
+get_riak_password() ->
+    ejabberd_config:get_option(
+      riak_password,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
 get_riak_port() ->
    ejabberd_config:get_option(
      riak_port,
@@ -162,6 +198,9 @@ opt_type(riak_port) -> fun (_) -> true end;
 opt_type(riak_server) -> fun (_) -> true end;
 opt_type(riak_start_interval) ->
    fun (N) when is_integer(N), N >= 1 -> N end;
+opt_type(riak_cacertfile) -> fun iolist_to_binary/1;
+opt_type(riak_username) -> fun iolist_to_binary/1;
+opt_type(riak_password) -> fun iolist_to_binary/1;
 opt_type(_) ->
    [modules, riak_pool_size, riak_port, riak_server,
-     riak_start_interval].
+     riak_start_interval, riak_cacertfile, riak_username, riak_password].
@@ -36,7 +36,9 @@
 	 route_error/4,
 	 register_route/1,
 	 register_route/2,
+	 register_route/3,
 	 register_routes/1,
+	 host_of_route/1,
 	 unregister_route/1,
 	 unregister_routes/1,
 	 dirty_get_all_routes/0,
@@ -55,7 +57,7 @@

 -type local_hint() :: undefined | integer() | {apply, atom(), atom()}.

-record(route, {domain, pid, local_hint}).
+-record(route, {domain, server_host, pid, local_hint}).

 -record(state, {}).

@@ -94,19 +96,29 @@ route_error(From, To, ErrPacket, OrigPacket) ->
 -spec register_route(binary()) -> term().

 register_route(Domain) ->
-    register_route(Domain, undefined).
+    ?WARNING_MSG("~s:register_route/1 is deprected, "
+		 "use ~s:register_route/2 instead",
+		 [?MODULE, ?MODULE]),
+    register_route(Domain, ?MYNAME).

-spec register_route(binary(), local_hint()) -> term().
+-spec register_route(binary(), binary()) -> term().

-register_route(Domain, LocalHint) ->
-    case jid:nameprep(Domain) of
-      error -> erlang:error({invalid_domain, Domain});
-      LDomain ->
+register_route(Domain, ServerHost) ->
+    register_route(Domain, ServerHost, undefined).
+
+-spec register_route(binary(), binary(), local_hint()) -> term().
+
+register_route(Domain, ServerHost, LocalHint) ->
+    case {jid:nameprep(Domain), jid:nameprep(ServerHost)} of
+      {error, _} -> erlang:error({invalid_domain, Domain});
+      {_, error} -> erlang:error({invalid_domain, ServerHost});
+      {LDomain, LServerHost} ->
 	  Pid = self(),
 	  case get_component_number(LDomain) of
 	    undefined ->
 		F = fun () ->
 			    mnesia:write(#route{domain = LDomain, pid = Pid,
+						server_host = LServerHost,
 						local_hint = LocalHint})
 		    end,
 		mnesia:transaction(F);
@@ -115,46 +127,42 @@ register_route(Domain, LocalHint) ->
 			    case mnesia:wread({route, LDomain}) of
 			      [] ->
 				  mnesia:write(#route{domain = LDomain,
+						      server_host = LServerHost,
 						      pid = Pid,
 						      local_hint = 1}),
-				  lists:foreach(fun (I) ->
-							mnesia:write(#route{domain
-										=
-										LDomain,
-									    pid
-										=
-										undefined,
-									    local_hint
-										=
-										I})
-						end,
-						lists:seq(2, N));
+				  lists:foreach(
+				    fun (I) ->
+					    mnesia:write(
+					      #route{domain = LDomain,
+						     pid = undefined,
+						     server_host = LServerHost,
+						     local_hint = I})
+				    end,
+				    lists:seq(2, N));
 			      Rs ->
-				  lists:any(fun (#route{pid = undefined,
-							local_hint = I} =
-						     R) ->
-						    mnesia:write(#route{domain =
-									    LDomain,
-									pid =
-									    Pid,
-									local_hint
-									    =
-									    I}),
-						    mnesia:delete_object(R),
-						    true;
-						(_) -> false
-					    end,
-					    Rs)
+				  lists:any(
+				    fun (#route{pid = undefined,
+						local_hint = I} = R) ->
+					    mnesia:write(
+					      #route{domain = LDomain,
+						     pid = Pid,
+						     server_host = LServerHost,
+						     local_hint = I}),
+					    mnesia:delete_object(R),
+					    true;
+					(_) -> false
+				    end,
+				    Rs)
 			    end
 		    end,
 		mnesia:transaction(F)
 	  end
    end.

-spec register_routes([binary()]) -> ok.
+-spec register_routes([{binary(), binary()}]) -> ok.

 register_routes(Domains) ->
-    lists:foreach(fun (Domain) -> register_route(Domain)
+    lists:foreach(fun ({Domain, ServerHost}) -> register_route(Domain, ServerHost)
 		  end,
 		  Domains).

@@ -183,7 +191,9 @@ unregister_route(Domain) ->
 				of
 			      [R] ->
 				  I = R#route.local_hint,
+				  ServerHost = R#route.server_host,
 				  mnesia:write(#route{domain = LDomain,
+						      server_host = ServerHost,
 						      pid = undefined,
 						      local_hint = I}),
 				  mnesia:delete_object(R);
@@ -211,6 +221,20 @@ dirty_get_all_routes() ->
 dirty_get_all_domains() ->
    lists:usort(mnesia:dirty_all_keys(route)).

+-spec host_of_route(binary()) -> binary().
+
+host_of_route(Domain) ->
+    case jid:nameprep(Domain) of
+	error ->
+	    erlang:error({invalid_domain, Domain});
+	LDomain ->
+	    case mnesia:dirty_read(route, LDomain) of
+		[#route{server_host = ServerHost}|_] ->
+		    ServerHost;
+		[] ->
+		    erlang:error({unregistered_route, Domain})
+	    end
+    end.

 %%====================================================================
 %% gen_server callbacks
@@ -283,8 +307,11 @@ handle_info({'DOWN', _Ref, _Type, Pid, _Info}, State) ->
 				      if is_integer(E#route.local_hint) ->
 					     LDomain = E#route.domain,
 					     I = E#route.local_hint,
+					     ServerHost = E#route.server_host,
 					     mnesia:write(#route{domain =
 								     LDomain,
+								 server_host =
+								     ServerHost,
 								 pid =
 								     undefined,
 								 local_hint =
@@ -394,12 +421,10 @@ get_component_number(LDomain) ->
      undefined).

 update_tables() ->
-    case catch mnesia:table_info(route, attributes) of
-      [domain, node, pid] -> mnesia:delete_table(route);
-      [domain, pid] -> mnesia:delete_table(route);
-      [domain, pid, local_hint] -> ok;
-      [domain, pid, local_hint|_] -> mnesia:delete_table(route);
-      {'EXIT', _} -> ok
+    try
+	mnesia:transform_table(route, ignore, record_info(fields, route))
+    catch exit:{aborted, {no_exists, _}} ->
+	    ok
    end,
    case lists:member(local_route,
 		      mnesia:system_info(tables))
@@ -312,8 +312,10 @@ do_route(From, To, Packet) ->
 	    <<"error">> -> ok;
 	    <<"result">> -> ok;
 	    _ ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_SERVICE_UNAVAILABLE),
+		Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+		Txt = <<"No s2s connection found">>,
+		Err = jlib:make_error_reply(
+			Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end,
 	  false
@@ -537,7 +539,7 @@ allow_host2(MyServer, S2SHost) ->
 allow_host1(MyHost, S2SHost) ->
    Rule = ejabberd_config:get_option(
             s2s_access,
-             fun(A) when is_atom(A) -> A end,
+             fun(A) -> A end,
             all),
    JID = jid:make(<<"">>, S2SHost, <<"">>),
    case acl:match_rule(MyHost, Rule, JID) of
@@ -736,5 +738,5 @@ opt_type(route_subdomains) ->
 	(local) -> local
    end;
 opt_type(s2s_access) ->
-    fun (A) when is_atom(A) -> A end;
+    fun acl:access_rules_validator/1;
 opt_type(_) -> [route_subdomains, s2s_access].
@@ -325,7 +325,7 @@ wait_for_feature_request({xmlstreamelement, El},
                           {s2s_tls_compression, StateData#state.server},
                           fun(true) -> true;
                              (false) -> false
-                           end, true) of
+                           end, false) of
                        true -> lists:delete(compression_none, TLSOpts1);
                        false -> [compression_none | TLSOpts1]
                    end,
@@ -192,7 +192,7 @@ init([From, Server, Type]) ->
                     {s2s_tls_compression, From},
                     fun(true) -> true;
                        (false) -> false
-                     end, true) of
+                     end, false) of
                  false -> [compression_none | TLSOpts4];
                  true -> TLSOpts4
              end,
@@ -222,7 +222,7 @@ wait_for_handshake({xmlstreamelement, El}, StateData) ->
 			  send_text(StateData, <<"<handshake/>">>),
 			  lists:foreach(
 			    fun (H) ->
-				    ejabberd_router:register_route(H),
+				    ejabberd_router:register_route(H, ?MYNAME),
 				    ?INFO_MSG("Route registered for service ~p~n",
 					      [H])
 			    end, dict:fetch_keys(StateData#state.host_opts)),
@@ -280,7 +280,9 @@ stream_established({xmlstreamelement, El}, StateData) ->
 	 and (FromJID /= error) ->
 	   ejabberd_router:route(FromJID, ToJID, NewEl);
       true ->
-	   Err = jlib:make_error_reply(NewEl, ?ERR_BAD_REQUEST),
+	   Lang = fxml:get_tag_attr_s(<<"xml:lang">>, El),
+	   Txt = <<"Incorrect stanza name or from/to JID">>,
+	   Err = jlib:make_error_reply(NewEl, ?ERRT_BAD_REQUEST(Lang, Txt)),
 	   send_element(StateData, Err),
 	   error
    end,
@@ -360,7 +362,9 @@ handle_info({route, From, To, Packet}, StateName,
 					      attrs = Attrs2, children = Els}),
 	  send_text(StateData, Text);
      deny ->
-	  Err = jlib:make_error_reply(Packet, ?ERR_NOT_ALLOWED),
+	  Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	  Txt = <<"Denied by ACL">>,
+	  Err = jlib:make_error_reply(Packet, ?ERRT_NOT_ALLOWED(Lang, Txt)),
 	  ejabberd_router:route_error(To, From, Err, Packet)
    end,
    {next_state, StateName, StateData};
@@ -35,6 +35,7 @@
 -export([start/0,
 	 start_link/0,
 	 route/3,
+	 process_iq/3,
 	 open_session/5,
 	 open_session/6,
 	 close_session/4,
@@ -46,6 +47,8 @@
 	 set_presence/7,
 	 unset_presence/6,
 	 close_session_unset_presence/5,
+	 set_offline_info/5,
+	 get_offline_info/4,
 	 dirty_get_sessions_list/0,
 	 dirty_get_my_sessions_list/0,
 	 get_vh_session_list/1,
@@ -65,7 +68,8 @@
 	 get_max_user_sessions/2,
 	 get_all_pids/0,
 	 is_existing_resource/3,
-	 get_commands_spec/0
+	 get_commands_spec/0,
+	 make_sid/0
 	]).

 -export([init/1, handle_call/3, handle_cast/2,
@@ -158,8 +162,10 @@ check_in_subscription(Acc, User, Server, _JID, _Type, _Reason) ->
 -spec bounce_offline_message(jid(), jid(), xmlel()) -> stop.

 bounce_offline_message(From, To, Packet) ->
-    Err = jlib:make_error_reply(Packet,
-				?ERR_SERVICE_UNAVAILABLE),
+    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+    Txt = <<"User session not found">>,
+    Err = jlib:make_error_reply(
+	    Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
    ejabberd_router:route(To, From, Err),
    stop.

@@ -174,14 +180,14 @@ get_user_resources(User, Server) ->
    LUser = jid:nodeprep(User),
    LServer = jid:nameprep(Server),
    Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
    [element(3, S#session.usr) || S <- clean_session_list(Ss)].

 -spec get_user_present_resources(binary(), binary()) -> [tuple()].

 get_user_present_resources(LUser, LServer) ->
    Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
    [{S#session.priority, element(3, S#session.usr)}
     || S <- clean_session_list(Ss), is_integer(S#session.priority)].

@@ -192,7 +198,7 @@ get_user_ip(User, Server, Resource) ->
    LServer = jid:nameprep(Server),
    LResource = jid:resourceprep(Resource),
    Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[] ->
 	    undefined;
 	Ss ->
@@ -207,7 +213,7 @@ get_user_info(User, Server, Resource) ->
    LServer = jid:nameprep(Server),
    LResource = jid:resourceprep(Resource),
    Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[] ->
 	    offline;
 	Ss ->
@@ -257,17 +263,42 @@ get_session_pid(User, Server, Resource) ->
    LServer = jid:nameprep(Server),
    LResource = jid:resourceprep(Resource),
    Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[#session{sid = {_, Pid}}] -> Pid;
 	_ -> none
    end.

+-spec set_offline_info(sid(), binary(), binary(), binary(), info()) -> ok.
+
+set_offline_info({Time, _Pid}, User, Server, Resource, Info) ->
+    SID = {Time, undefined},
+    LUser = jid:nodeprep(User),
+    LServer = jid:nameprep(Server),
+    LResource = jid:resourceprep(Resource),
+    set_session(SID, LUser, LServer, LResource, undefined, Info).
+
+-spec get_offline_info(erlang:timestamp(), binary(), binary(),
+                       binary()) -> none | info().
+
+get_offline_info(Time, User, Server, Resource) ->
+    SID = {Time, undefined},
+    LUser = jid:nodeprep(User),
+    LServer = jid:nameprep(Server),
+    LResource = jid:resourceprep(Resource),
+    Mod = get_sm_backend(LServer),
+    case Mod:get_sessions(LUser, LServer, LResource) of
+	[#session{sid = SID, info = Info}] ->
+	    Info;
+	_ ->
+	    none
+    end.
+
 -spec dirty_get_sessions_list() -> [ljid()].

 dirty_get_sessions_list() ->
    lists:flatmap(
      fun(Mod) ->
-	      [S#session.usr || S <- Mod:get_sessions()]
+	      [S#session.usr || S <- online(Mod:get_sessions())]
      end, get_sm_backends()).

 -spec dirty_get_my_sessions_list() -> [#session{}].
@@ -275,7 +306,7 @@ dirty_get_sessions_list() ->
 dirty_get_my_sessions_list() ->
    lists:flatmap(
      fun(Mod) ->
-	      [S || S <- Mod:get_sessions(),
+	      [S || S <- online(Mod:get_sessions()),
 		    node(element(2, S#session.sid)) == node()]
      end, get_sm_backends()).

@@ -284,14 +315,14 @@ dirty_get_my_sessions_list() ->
 get_vh_session_list(Server) ->
    LServer = jid:nameprep(Server),
    Mod = get_sm_backend(LServer),
-    [S#session.usr || S <- Mod:get_sessions(LServer)].
+    [S#session.usr || S <- online(Mod:get_sessions(LServer))].

 -spec get_all_pids() -> [pid()].

 get_all_pids() ->
    lists:flatmap(
      fun(Mod) ->
-	      [element(2, S#session.sid) || S <- Mod:get_sessions()]
+	      [element(2, S#session.sid) || S <- online(Mod:get_sessions())]
      end, get_sm_backends()).

 -spec get_vh_session_number(binary()) -> non_neg_integer().
@@ -299,7 +330,7 @@ get_all_pids() ->
 get_vh_session_number(Server) ->
    LServer = jid:nameprep(Server),
    Mod = get_sm_backend(LServer),
-    length(Mod:get_sessions(LServer)).
+    length(online(Mod:get_sessions(LServer))).

 register_iq_handler(Host, XMLNS, Module, Fun) ->
    ejabberd_sm ! {register_iq_handler, Host, XMLNS, Module, Fun}.
@@ -391,6 +422,15 @@ set_session(SID, User, Server, Resource, Priority, Info) ->
    Mod:set_session(#session{sid = SID, usr = USR, us = US,
 			     priority = Priority, info = Info}).

+-spec online([#session{}]) -> [#session{}].
+
+online(Sessions) ->
+    lists:filter(fun(#session{sid = {_, undefined}}) ->
+			 false;
+		    (_) ->
+			 true
+		 end, Sessions).
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

 do_route(From, To, {broadcast, _} = Packet) ->
@@ -405,7 +445,7 @@ do_route(From, To, {broadcast, _} = Packet) ->
        _ ->
            {U, S, R} = jid:tolower(To),
 	    Mod = get_sm_backend(S),
-	    case Mod:get_sessions(U, S, R) of
+	    case online(Mod:get_sessions(U, S, R)) of
                [] ->
                    ?DEBUG("packet dropped~n", []);
                Ss ->
@@ -422,6 +462,7 @@ do_route(From, To, #xmlel{} = Packet) ->
    #jid{user = User, server = Server,
 	 luser = LUser, lserver = LServer, lresource = LResource} = To,
    #xmlel{name = Name, attrs = Attrs} = Packet,
+    Lang = fxml:get_attr_s(<<"xml:lang">>, Attrs),
    case LResource of
      <<"">> ->
 	  case Name of
@@ -495,8 +536,9 @@ do_route(From, To, #xmlel{} = Packet) ->
 		  <<"headline">> -> route_message(From, To, Packet, headline);
 		  <<"error">> -> ok;
 		  <<"groupchat">> ->
-		      Err = jlib:make_error_reply(Packet,
-						  ?ERR_SERVICE_UNAVAILABLE),
+		      ErrTxt = <<"User session not found">>,
+		      Err = jlib:make_error_reply(
+			      Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
 		      ejabberd_router:route(To, From, Err);
 		  _ ->
 		      route_message(From, To, Packet, normal)
@@ -505,28 +547,33 @@ do_route(From, To, #xmlel{} = Packet) ->
 	    _ -> ok
 	  end;
      _ ->
-	  Mod = get_sm_backend(LServer),
-	  case Mod:get_sessions(LUser, LServer, LResource) of
+	Mod = get_sm_backend(LServer),
+	case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	    [] ->
 		case Name of
 		  <<"message">> ->
 		      case fxml:get_attr_s(<<"type">>, Attrs) of
 			<<"chat">> -> route_message(From, To, Packet, chat);
-			<<"normal">> -> route_message(From, To, Packet, normal);
-			<<"">> -> route_message(From, To, Packet, normal);
+			<<"headline">> -> ok;
 			<<"error">> -> ok;
+			<<"groupchat">> ->
+			    ErrTxt = <<"User session not found">>,
+			    Err = jlib:make_error_reply(
+				    Packet,
+				    ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
+			    ejabberd_router:route(To, From, Err);
 			_ ->
-			    Err = jlib:make_error_reply(Packet,
-							?ERR_SERVICE_UNAVAILABLE),
-			    ejabberd_router:route(To, From, Err)
+			    route_message(From, To, Packet, normal)
 		      end;
 		  <<"iq">> ->
 		      case fxml:get_attr_s(<<"type">>, Attrs) of
 			<<"error">> -> ok;
 			<<"result">> -> ok;
 			_ ->
-			    Err = jlib:make_error_reply(Packet,
-							?ERR_SERVICE_UNAVAILABLE),
+			    ErrTxt = <<"User session not found">>,
+			    Err = jlib:make_error_reply(
+				    Packet,
+				    ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
 			    ejabberd_router:route(To, From, Err)
 		      end;
 		  _ -> ?DEBUG("packet dropped~n", [])
@@ -573,8 +620,8 @@ route_message(From, To, Packet, Type) ->
 					  (P >= 0) and (Type == headline) ->
 				LResource = jid:resourceprep(R),
 				Mod = get_sm_backend(LServer),
-				case Mod:get_sessions(LUser, LServer,
-						      LResource) of
+				case online(Mod:get_sessions(LUser, LServer,
+							     LResource)) of
 				  [] ->
 				      ok; % Race condition
 				  Ss ->
@@ -591,15 +638,12 @@ route_message(From, To, Packet, Type) ->
 	  case Type of
 	    headline -> ok;
 	    _ ->
-		case ejabberd_auth:is_user_exists(LUser, LServer) of
+		case ejabberd_auth:is_user_exists(LUser, LServer) andalso
+		    is_privacy_allow(From, To, Packet) of
 		  true ->
-		      case is_privacy_allow(From, To, Packet) of
-			true ->
-			    ejabberd_hooks:run(offline_message_hook, LServer,
-					       [From, To, Packet]);
-			false -> ok
-		      end;
-		  _ ->
+		      ejabberd_hooks:run(offline_message_hook, LServer,
+					 [From, To, Packet]);
+		  false ->
 		      Err = jlib:make_error_reply(Packet,
 						  ?ERR_SERVICE_UNAVAILABLE),
 		      ejabberd_router:route(To, From, Err)
@@ -638,7 +682,11 @@ check_existing_resources(LUser, LServer, LResource) ->
    if SIDs == [] -> ok;
       true ->
 	   MaxSID = lists:max(SIDs),
-	   lists:foreach(fun ({_, Pid} = S) when S /= MaxSID ->
+	   lists:foreach(fun ({_, undefined} = S) ->
+				 Mod = get_sm_backend(LServer),
+				 Mod:delete_session(LUser, LServer, LResource,
+						    S);
+			     ({_, Pid} = S) when S /= MaxSID ->
 				 Pid ! replaced;
 			     (_) -> ok
 			 end,
@@ -655,11 +703,11 @@ get_resource_sessions(User, Server, Resource) ->
    LServer = jid:nameprep(Server),
    LResource = jid:resourceprep(Resource),
    Mod = get_sm_backend(LServer),
-    [S#session.sid || S <- Mod:get_sessions(LUser, LServer, LResource)].
+    [S#session.sid || S <- online(Mod:get_sessions(LUser, LServer, LResource))].

 check_max_sessions(LUser, LServer) ->
    Mod = get_sm_backend(LServer),
-    SIDs = [S#session.sid || S <- Mod:get_sessions(LUser, LServer)],
+    SIDs = [S#session.sid || S <- online(Mod:get_sessions(LUser, LServer))],
    MaxSessions = get_max_user_sessions(LUser, LServer),
    if length(SIDs) =< MaxSessions -> ok;
       true -> {_, Pid} = lists:min(SIDs), Pid ! replaced
@@ -683,7 +731,7 @@ get_max_user_sessions(LUser, Host) ->
 process_iq(From, To, Packet) ->
    IQ = jlib:iq_query_info(Packet),
    case IQ of
-      #iq{xmlns = XMLNS} ->
+      #iq{xmlns = XMLNS, lang = Lang} ->
 	  Host = To#jid.lserver,
 	  case ets:lookup(sm_iqtable, {XMLNS, Host}) of
 	    [{_, Module, Function}] ->
@@ -696,8 +744,10 @@ process_iq(From, To, Packet) ->
 		gen_iq_handler:handle(Host, Module, Function, Opts,
 				      From, To, IQ);
 	    [] ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_SERVICE_UNAVAILABLE),
+		Txt = <<"No module is handling this query">>,
+		Err = jlib:make_error_reply(
+			Packet,
+			?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end;
      reply -> ok;
@@ -711,7 +761,7 @@ process_iq(From, To, Packet) ->

 force_update_presence({LUser, LServer}) ->
    Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
    lists:foreach(fun (#session{sid = {_, Pid}}) ->
 			  Pid ! {force_update_presence, LUser, LServer}
 		  end,
@@ -720,12 +770,10 @@ force_update_presence({LUser, LServer}) ->
 -spec get_sm_backend(binary()) -> module().

 get_sm_backend(Host) ->
-    DBType = ejabberd_config:get_option({sm_db_type, Host},
-					fun(mnesia) -> mnesia;
-					   (internal) -> mnesia;
-					   (odbc) -> odbc;
-					   (redis) -> redis
-					end, mnesia),
+    DBType = ejabberd_config:get_option(
+	       {sm_db_type, Host},
+	       fun(T) -> ejabberd_config:v_db(?MODULE, T) end,
+	       mnesia),
    list_to_atom("ejabberd_sm_" ++ atom_to_list(DBType)).

 -spec get_sm_backends() -> [module()].
@@ -795,10 +843,8 @@ kick_user(User, Server) ->
 	end, Resources),
    length(Resources).

-opt_type(sm_db_type) ->
-    fun (mnesia) -> mnesia;
-	(internal) -> mnesia;
-	(odbc) -> odbc;
-	(redis) -> redis
-    end;
+make_sid() ->
+    {p1_time_compat:unique_timestamp(), self()}.
+
+opt_type(sm_db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
 opt_type(_) -> [sm_db_type].
@@ -21,48 +21,12 @@
 -include("logger.hrl").
 -include("jlib.hrl").

-define(PROCNAME, 'ejabberd_redis_client').
-
 %%%===================================================================
 %%% API
 %%%===================================================================
 -spec init() -> ok | {error, any()}.
 init() ->
-    Server = ejabberd_config:get_option(redis_server,
-					fun iolist_to_list/1,
-					"localhost"),
-    Port = ejabberd_config:get_option(redis_port,
-				      fun(P) when is_integer(P),
-						  P>0, P<65536 ->
-					      P
-				      end, 6379),
-    DB = ejabberd_config:get_option(redis_db,
-				    fun(I) when is_integer(I), I >= 0 ->
-					    I
-				    end, 0),
-    Pass = ejabberd_config:get_option(redis_password,
-				      fun iolist_to_list/1,
-				      ""),
-    ReconnTimeout = timer:seconds(
-		      ejabberd_config:get_option(
-			redis_reconnect_timeout,
-			fun(I) when is_integer(I), I>0 -> I end,
-			1)),
-    ConnTimeout = timer:seconds(
-		    ejabberd_config:get_option(
-		      redis_connect_timeout,
-		      fun(I) when is_integer(I), I>0 -> I end,
-		      1)),
-    case eredis:start_link(Server, Port, DB, Pass,
-			   ReconnTimeout, ConnTimeout) of
-	{ok, Client} ->
-	    register(?PROCNAME, Client),
-	    clean_table(),
-	    ok;
-	{error, _} = Err ->
-	    ?ERROR_MSG("failed to start redis client: ~p", [Err]),
-	    Err
-    end.
+    clean_table().

 -spec set_session(#session{}) -> ok.
 set_session(Session) ->
@@ -71,8 +35,8 @@ set_session(Session) ->
    SIDKey = sid_to_key(Session#session.sid),
    ServKey = server_to_key(element(2, Session#session.us)),
    USSIDKey = us_sid_to_key(Session#session.us, Session#session.sid),
-    case eredis:qp(?PROCNAME, [["HSET", USKey, SIDKey, T],
-			       ["HSET", ServKey, USSIDKey, T]]) of
+    case ejabberd_redis:qp([["HSET", USKey, SIDKey, T],
+			    ["HSET", ServKey, USSIDKey, T]]) of
 	[{ok, _}, {ok, _}] ->
 	    ok;
 	Err ->
@@ -83,7 +47,7 @@ set_session(Session) ->
 			    {ok, #session{}} | {error, notfound}.
 delete_session(LUser, LServer, _LResource, SID) ->
    USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} ->
 	    Ss = decode_session_list(Vals),
 	    case lists:keyfind(SID, #session.sid, Ss) of
@@ -93,8 +57,8 @@ delete_session(LUser, LServer, _LResource, SID) ->
 		    SIDKey = sid_to_key(SID),
 		    ServKey = server_to_key(element(2, Session#session.us)),
 		    USSIDKey = us_sid_to_key(Session#session.us, SID),
-		    eredis:qp(?PROCNAME, [["HDEL", USKey, SIDKey],
-					  ["HDEL", ServKey, USSIDKey]]),
+		    ejabberd_redis:qp([["HDEL", USKey, SIDKey],
+				       ["HDEL", ServKey, USSIDKey]]),
 		    {ok, Session}
 	    end;
 	Err ->
@@ -112,7 +76,7 @@ get_sessions() ->
 -spec get_sessions(binary()) -> [#session{}].
 get_sessions(LServer) ->
    ServKey = server_to_key(LServer),
-    case eredis:q(?PROCNAME, ["HGETALL", ServKey]) of
+    case ejabberd_redis:q(["HGETALL", ServKey]) of
 	{ok, Vals} ->
 	    decode_session_list(Vals);
 	Err ->
@@ -123,7 +87,7 @@ get_sessions(LServer) ->
 -spec get_sessions(binary(), binary()) -> [#session{}].
 get_sessions(LUser, LServer) ->
    USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} when is_list(Vals) ->
 	    decode_session_list(Vals);
 	Err ->
@@ -135,7 +99,7 @@ get_sessions(LUser, LServer) ->
    [#session{}].
 get_sessions(LUser, LServer, LResource) ->
    USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} when is_list(Vals) ->
 	    [S || S <- decode_session_list(Vals),
 		  element(3, S#session.usr) == LResource];
@@ -172,7 +136,7 @@ clean_table() ->
    lists:foreach(
      fun(LServer) ->
 	      ServKey = server_to_key(LServer),
-	      case eredis:q(?PROCNAME, ["HKEYS", ServKey]) of
+	      case ejabberd_redis:q(["HKEYS", ServKey]) of
 		  {ok, []} ->
 		      ok;
 		  {ok, Vals} ->
@@ -189,7 +153,7 @@ clean_table() ->
 				     SIDKey = sid_to_key(SID),
 				     ["HDEL", USKey, SIDKey]
 			     end, Vals1),
-		      Res = eredis:qp(?PROCNAME, [Q1|Q2]),
+		      Res = ejabberd_redis:qp([Q1|Q2]),
 		      case lists:filter(
 			     fun({ok, _}) -> false;
 				(_) -> true
@@ -6,7 +6,9 @@
 %%% @end
 %%% Created :  9 Mar 2015 by Evgeny Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------
-module(ejabberd_sm_odbc).
+-module(ejabberd_sm_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).

 -behaviour(ejabberd_sm).

@@ -23,18 +25,19 @@
 -include("ejabberd_sm.hrl").
 -include("logger.hrl").
 -include("jlib.hrl").
+-include("ejabberd_sql_pt.hrl").

 %%%===================================================================
 %%% API
 %%%===================================================================
 -spec init() -> ok | {error, any()}.
 init() ->
-    Node = ejabberd_odbc:escape(jlib:atom_to_binary(node())),
+    Node = jlib:atom_to_binary(node()),
    ?INFO_MSG("Cleaning SQL SM table...", []),
    lists:foldl(
      fun(Host, ok) ->
-	      case ejabberd_odbc:sql_query(
-		     Host, [<<"delete from sm where node='">>, Node, <<"'">>]) of
+	      case ejabberd_sql:sql_query(
+		     Host, ?SQL("delete from sm where node=%(Node)s")) of
 		  {updated, _} ->
 		      ok;
 		  Err ->
@@ -47,20 +50,19 @@ init() ->

 set_session(#session{sid = {Now, Pid}, usr = {U, LServer, R},
 		     priority = Priority, info = Info}) ->
-    Username = ejabberd_odbc:escape(U),
-    Resource = ejabberd_odbc:escape(R),
-    InfoS = ejabberd_odbc:encode_term(Info),
+    InfoS = jlib:term_to_expr(Info),
    PrioS = enc_priority(Priority),
    TS = now_to_timestamp(Now),
    PidS = list_to_binary(erlang:pid_to_list(Pid)),
-    Node = ejabberd_odbc:escape(jlib:atom_to_binary(node(Pid))),
-    case odbc_queries:update(
-	   LServer,
-	   <<"sm">>,
-	   [<<"usec">>, <<"pid">>, <<"node">>, <<"username">>,
-	    <<"resource">>, <<"priority">>, <<"info">>],
-	   [TS, PidS, Node, Username, Resource, PrioS, InfoS],
-	   [<<"usec='">>, TS, <<"' and pid='">>, PidS, <<"'">>]) of
+    Node = jlib:atom_to_binary(node(Pid)),
+    case ?SQL_UPSERT(LServer, "sm",
+                     ["!usec=%(TS)d",
+                      "!pid=%(PidS)s",
+                      "node=%(Node)s",
+                      "username=%(U)s",
+                      "resource=%(R)s",
+                      "priority=%(PrioS)s",
+                      "info=%(InfoS)s"]) of
 	ok ->
 	    ok;
 	Err ->
@@ -70,16 +72,18 @@ set_session(#session{sid = {Now, Pid}, usr = {U, LServer, R},
 delete_session(_LUser, LServer, _LResource, {Now, Pid}) ->
    TS = now_to_timestamp(Now),
    PidS = list_to_binary(erlang:pid_to_list(Pid)),
-    case ejabberd_odbc:sql_query(
+    case ejabberd_sql:sql_query(
 	   LServer,
-	   [<<"select usec, pid, username, resource, priority, info ">>,
-	    <<"from sm where usec='">>, TS, <<"' and pid='">>,PidS, <<"'">>]) of
-	{selected, _, [Row]} ->
-	    ejabberd_odbc:sql_query(
-	      LServer, [<<"delete from sm where usec='">>,
-			TS, <<"' and pid='">>, PidS, <<"'">>]),
+	   ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s "
+                "from sm where usec=%(TS)d and pid=%(PidS)s")) of
+	{selected, [Row]} ->
+            ejabberd_sql:sql_query(
+              LServer,
+              ?SQL("delete from sm"
+                   " where usec=%(TS)d and pid=%(PidS)s")),
 	    {ok, row_to_session(LServer, Row)};
-	{selected, _, []} ->
+	{selected, []} ->
 	    {error, notfound};
 	Err ->
 	    ?ERROR_MSG("failed to delete from 'sm' table: ~p", [Err]),
@@ -93,10 +97,11 @@ get_sessions() ->
      end, ejabberd_sm:get_vh_by_backend(?MODULE)).

 get_sessions(LServer) ->
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -104,12 +109,12 @@ get_sessions(LServer) ->
    end.

 get_sessions(LUser, LServer) ->
-    Username = ejabberd_odbc:escape(LUser),
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm where ">>,
-		     <<"username='">>, Username, <<"'">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm"
+                " where username=%(LUser)s")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -117,14 +122,12 @@ get_sessions(LUser, LServer) ->
    end.

 get_sessions(LUser, LServer, LResource) ->
-    Username = ejabberd_odbc:escape(LUser),
-    Resource = ejabberd_odbc:escape(LResource),
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm where ">>,
-		     <<"username='">>, Username, <<"' and resource='">>,
-		     Resource, <<"'">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm"
+                " where username=%(LUser)s and resource=%(LResource)s")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -135,10 +138,9 @@ get_sessions(LUser, LServer, LResource) ->
 %%% Internal functions
 %%%===================================================================
 now_to_timestamp({MSec, Sec, USec}) ->
-    jlib:integer_to_binary((MSec * 1000000 + Sec) * 1000000 + USec).
+    (MSec * 1000000 + Sec) * 1000000 + USec.

-timestamp_to_now(TS) ->
-    I = jlib:binary_to_integer(TS),
+timestamp_to_now(I) ->
    Head = I div 1000000,
    USec = I rem 1000000,
    MSec = Head div 1000000,
@@ -158,11 +160,11 @@ enc_priority(undefined) ->
 enc_priority(Int) when is_integer(Int) ->
    jlib:integer_to_binary(Int).

-row_to_session(LServer, [USec, PidS, User, Resource, PrioS, InfoS]) ->
+row_to_session(LServer, {USec, PidS, User, Resource, PrioS, InfoS}) ->
    Now = timestamp_to_now(USec),
    Pid = erlang:list_to_pid(binary_to_list(PidS)),
    Priority = dec_priority(PrioS),
-    Info = ejabberd_odbc:decode_term(InfoS),
+    Info = ejabberd_sql:decode_term(InfoS),
    #session{sid = {Now, Pid}, us = {User, LServer},
 	     usr = {User, LServer, Resource},
 	     priority = Priority,
@@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_odbc.erl
+%%% File    : ejabberd_sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
-%%% Purpose : Serve ODBC connection
+%%% Purpose : Serve SQL connection
 %%% Created :  8 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
 %%%
 %%%
@@ -23,7 +23,7 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_odbc).
+-module(ejabberd_sql).

 -behaviour(ejabberd_config).

@@ -39,8 +39,12 @@
 	 sql_query_t/1,
 	 sql_transaction/2,
 	 sql_bloc/2,
+         sql_query_to_iolist/1,
 	 escape/1,
+         standard_escape/1,
 	 escape_like/1,
+	 escape_like_arg/1,
+	 escape_like_arg_circumflex/1,
 	 to_bool/1,
 	 sqlite_db/1,
 	 sqlite_file/1,
@@ -63,18 +67,20 @@

 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -record(state,
 	{db_ref = self()                     :: pid(),
 	 db_type = odbc                      :: pgsql | mysql | sqlite | odbc | mssql,
+	 db_version = undefined              :: undefined | non_neg_integer(),
 	 start_interval = 0                  :: non_neg_integer(),
 	 host = <<"">>                       :: binary(),
 	 max_pending_requests_len            :: non_neg_integer(),
 	 pending_requests = {0, queue:new()} :: {non_neg_integer(), ?TQUEUE}}).

-define(STATE_KEY, ejabberd_odbc_state).
+-define(STATE_KEY, ejabberd_sql_state).

-define(NESTING_KEY, ejabberd_odbc_nesting_level).
+-define(NESTING_KEY, ejabberd_sql_nesting_level).

 -define(TOP_LEVEL_TXN, 0).

@@ -92,6 +98,8 @@

 -define(KEEPALIVE_QUERY, [<<"SELECT 1;">>]).

+-define(PREPARE_KEY, ejabberd_sql_prepare).
+
 %%-define(DBGFSM, true).

 -ifdef(DBGFSM).
@@ -108,19 +116,21 @@
 %%% API
 %%%----------------------------------------------------------------------
 start(Host) ->
-    (?GEN_FSM):start(ejabberd_odbc, [Host],
+    (?GEN_FSM):start(ejabberd_sql, [Host],
 		     fsm_limit_opts() ++ (?FSMOPTS)).

 start_link(Host, StartInterval) ->
-    (?GEN_FSM):start_link(ejabberd_odbc,
+    (?GEN_FSM):start_link(ejabberd_sql,
 			  [Host, StartInterval],
 			  fsm_limit_opts() ++ (?FSMOPTS)).

-type sql_query() :: [sql_query() | binary()].
+-type sql_query() :: [sql_query() | binary()] | #sql_query{} |
+                     fun(() -> any()) | fun((atom(), _) -> any()).
 -type sql_query_result() :: {updated, non_neg_integer()} |
                            {error, binary()} |
                            {selected, [binary()],
-                             [[binary()]]}.
+                             [[binary()]]} |
+                            {selected, [any()]}.

 -spec sql_query(binary(), sql_query()) -> sql_query_result().

@@ -150,7 +160,7 @@ sql_bloc(Host, F) -> sql_call(Host, {sql_bloc, F}).
 sql_call(Host, Msg) ->
    case get(?STATE_KEY) of
      undefined ->
-        case ejabberd_odbc_sup:get_random_pid(Host) of
+        case ejabberd_sql_sup:get_random_pid(Host) of
          none -> {error, <<"Unknown Host">>};
          Pid ->
            (?GEN_FSM):sync_send_event(Pid,{sql_cmd, Msg,
@@ -183,7 +193,7 @@ sql_query_t(Query) ->

 %% Escape character that will confuse an SQL engine
 escape(S) ->
-	<<  <<(odbc_queries:escape(Char))/binary>> || <<Char>> <= S >>.
+	<<  <<(sql_queries:escape(Char))/binary>> || <<Char>> <= S >>.

 %% Escape character that will confuse an SQL engine
 %% Percent and underscore only need to be escaped for pattern matching like
@@ -192,7 +202,24 @@ escape_like(S) when is_binary(S) ->
    << <<(escape_like(C))/binary>> || <<C>> <= S >>;
 escape_like($%) -> <<"\\%">>;
 escape_like($_) -> <<"\\_">>;
-escape_like(C) when is_integer(C), C >= 0, C =< 255 -> odbc_queries:escape(C).
+escape_like($\\) -> <<"\\\\\\\\">>;
+escape_like(C) when is_integer(C), C >= 0, C =< 255 -> sql_queries:escape(C).
+
+escape_like_arg(S) when is_binary(S) ->
+    << <<(escape_like_arg(C))/binary>> || <<C>> <= S >>;
+escape_like_arg($%) -> <<"\\%">>;
+escape_like_arg($_) -> <<"\\_">>;
+escape_like_arg($\\) -> <<"\\\\">>;
+escape_like_arg(C) when is_integer(C), C >= 0, C =< 255 -> <<C>>.
+
+escape_like_arg_circumflex(S) when is_binary(S) ->
+    << <<(escape_like_arg_circumflex(C))/binary>> || <<C>> <= S >>;
+escape_like_arg_circumflex($%) -> <<"^%">>;
+escape_like_arg_circumflex($_) -> <<"^_">>;
+escape_like_arg_circumflex($^) -> <<"^^">>;
+escape_like_arg_circumflex($[) -> <<"^[">>;     % For MSSQL
+escape_like_arg_circumflex($]) -> <<"^]">>;
+escape_like_arg_circumflex(C) when is_integer(C), C >= 0, C =< 255 -> <<C>>.

 to_bool(<<"t">>) -> true;
 to_bool(<<"true">>) -> true;
@@ -218,7 +245,7 @@ sqlite_db(Host) ->

 -spec sqlite_file(binary()) -> string().
 sqlite_file(Host) ->
-    case ejabberd_config:get_option({odbc_database, Host},
+    case ejabberd_config:get_option({sql_database, Host},
 				    fun iolist_to_binary/1) of
 	undefined ->
 	    {ok, Cwd} = file:get_cwd(),
@@ -233,7 +260,7 @@ sqlite_file(Host) ->
 %%%----------------------------------------------------------------------
 init([Host, StartInterval]) ->
    case ejabberd_config:get_option(
-           {odbc_keepalive_interval, Host},
+           {sql_keepalive_interval, Host},
           fun(I) when is_integer(I), I>0 -> I end) of
        undefined ->
            ok;
@@ -243,7 +270,7 @@ init([Host, StartInterval]) ->
    end,
    [DBType | _] = db_opts(Host),
    (?GEN_FSM):send_event(self(), connect),
-    ejabberd_odbc_sup:add_pid(Host, self()),
+    ejabberd_sql_sup:add_pid(Host, self()),
    {ok, connecting,
     #state{db_type = DBType, host = Host,
 	    max_pending_requests_len = max_fsm_queue(),
@@ -255,19 +282,21 @@ connecting(connect, #state{host = Host} = State) ->
 		   [mysql | Args] -> apply(fun mysql_connect/5, Args);
           [pgsql | Args] -> apply(fun pgsql_connect/5, Args);
           [sqlite | Args] -> apply(fun sqlite_connect/1, Args);
+		   [mssql | Args] -> apply(fun odbc_connect/1, Args);
 		   [odbc | Args] -> apply(fun odbc_connect/1, Args)
 		 end,
    {_, PendingRequests} = State#state.pending_requests,
    case ConnectRes of
-      {ok, Ref} ->
-	  erlang:monitor(process, Ref),
-	  lists:foreach(fun (Req) ->
-				(?GEN_FSM):send_event(self(), Req)
-			end,
-			queue:to_list(PendingRequests)),
-	  {next_state, session_established,
-	   State#state{db_ref = Ref,
-		       pending_requests = {0, queue:new()}}};
+        {ok, Ref} ->
+            erlang:monitor(process, Ref),
+            lists:foreach(fun (Req) ->
+                                  (?GEN_FSM):send_event(self(), Req)
+                          end,
+                          queue:to_list(PendingRequests)),
+            State1 = State#state{db_ref = Ref,
+                                 pending_requests = {0, queue:new()}},
+            State2 = get_db_version(State1),
+            {next_state, session_established, State2};
      {error, Reason} ->
 	  ?INFO_MSG("~p connection failed:~n** Reason: ~p~n** "
 		    "Retry after: ~p seconds",
@@ -355,7 +384,7 @@ handle_info(Info, StateName, State) ->
    {next_state, StateName, State}.

 terminate(_Reason, _StateName, State) ->
-    ejabberd_odbc_sup:remove_pid(State#state.host, self()),
+    ejabberd_sql_sup:remove_pid(State#state.host, self()),
    case State#state.db_type of
        mysql -> catch p1_mysql_conn:stop(State#state.db_ref);
        sqlite -> catch sqlite3:close(sqlite_db(State#state.host));
@@ -469,12 +498,82 @@ execute_bloc(F) ->
      Res -> {atomic, Res}
    end.

+execute_fun(F) when is_function(F, 0) ->
+    F();
+execute_fun(F) when is_function(F, 2) ->
+    State = get(?STATE_KEY),
+    F(State#state.db_type, State#state.db_version).
+
+sql_query_internal([{_, _} | _] = Queries) ->
+    State = get(?STATE_KEY),
+    case select_sql_query(Queries, State) of
+        undefined ->
+            {error, <<"no matching query for the current DBMS found">>};
+        Query ->
+            sql_query_internal(Query)
+    end;
+sql_query_internal(#sql_query{} = Query) ->
+    State = get(?STATE_KEY),
+    Res =
+        try
+            case State#state.db_type of
+                odbc ->
+                    generic_sql_query(Query);
+		mssql ->
+		    mssql_sql_query(Query);
+                pgsql ->
+                    Key = {?PREPARE_KEY, Query#sql_query.hash},
+                    case get(Key) of
+                        undefined ->
+                            case pgsql_prepare(Query, State) of
+                                {ok, _, _, _} ->
+                                    put(Key, prepared);
+                                {error, Error} ->
+                                    ?ERROR_MSG("PREPARE failed for SQL query "
+                                               "at ~p: ~p",
+                                               [Query#sql_query.loc, Error]),
+                                    put(Key, ignore)
+                            end;
+                        _ ->
+                            ok
+                    end,
+                    case get(Key) of
+                        prepared ->
+                            pgsql_execute_sql_query(Query, State);
+                        _ ->
+                            generic_sql_query(Query)
+                    end;
+                mysql ->
+                    generic_sql_query(Query);
+                sqlite ->
+                    sqlite_sql_query(Query)
+            end
+        catch
+            Class:Reason ->
+                ST = erlang:get_stacktrace(),
+                ?ERROR_MSG("Internal error while processing SQL query: ~p",
+                           [{Class, Reason, ST}]),
+                {error, <<"internal error">>}
+        end,
+    case Res of
+        {error, <<"No SQL-driver information available.">>} ->
+            {updated, 0};
+        _Else -> Res
+    end;
+sql_query_internal(F) when is_function(F) ->
+    case catch execute_fun(F) of
+        {'EXIT', Reason} -> {error, Reason};
+        Res -> Res
+    end;
 sql_query_internal(Query) ->
    State = get(?STATE_KEY),
    ?DEBUG("SQL: \"~s\"", [Query]),
    Res = case State#state.db_type of
 	    odbc ->
-		to_odbc(odbc:sql_query(State#state.db_ref, Query,
+		to_odbc(odbc:sql_query(State#state.db_ref, [Query],
+                                       (?TRANSACTION_TIMEOUT) - 1000));
+	    mssql ->
+		to_odbc(odbc:sql_query(State#state.db_ref, [Query],
                                       (?TRANSACTION_TIMEOUT) - 1000));
 	    pgsql ->
 		pgsql_to_odbc(pgsql:squery(State#state.db_ref, Query));
@@ -495,6 +594,122 @@ sql_query_internal(Query) ->
      _Else -> Res
    end.

+select_sql_query(Queries, State) ->
+    select_sql_query(
+      Queries, State#state.db_type, State#state.db_version, undefined).
+
+select_sql_query([], _Type, _Version, undefined) ->
+    undefined;
+select_sql_query([], _Type, _Version, Query) ->
+    Query;
+select_sql_query([{any, Query} | _], _Type, _Version, _) ->
+    Query;
+select_sql_query([{Type, Query} | _], Type, _Version, _) ->
+    Query;
+select_sql_query([{{Type, _Version1}, Query1} | Rest], Type, undefined, _) ->
+    select_sql_query(Rest, Type, undefined, Query1);
+select_sql_query([{{Type, Version1}, Query1} | Rest], Type, Version, Query) ->
+    if
+        Version >= Version1 ->
+            Query1;
+        true ->
+            select_sql_query(Rest, Type, Version, Query)
+    end;
+select_sql_query([{_, _} | Rest], Type, Version, Query) ->
+    select_sql_query(Rest, Type, Version, Query).
+
+generic_sql_query(SQLQuery) ->
+    sql_query_format_res(
+      sql_query_internal(generic_sql_query_format(SQLQuery)),
+      SQLQuery).
+
+generic_sql_query_format(SQLQuery) ->
+    Args = (SQLQuery#sql_query.args)(generic_escape()),
+    (SQLQuery#sql_query.format_query)(Args).
+
+generic_escape() ->
+    #sql_escape{string = fun(X) -> <<"'", (escape(X))/binary, "'">> end,
+                integer = fun(X) -> integer_to_binary(X) end,
+                boolean = fun(true) -> <<"1">>;
+                             (false) -> <<"0">>
+                          end
+               }.
+
+sqlite_sql_query(SQLQuery) ->
+    sql_query_format_res(
+      sql_query_internal(sqlite_sql_query_format(SQLQuery)),
+      SQLQuery).
+
+sqlite_sql_query_format(SQLQuery) ->
+    Args = (SQLQuery#sql_query.args)(sqlite_escape()),
+    (SQLQuery#sql_query.format_query)(Args).
+
+sqlite_escape() ->
+    #sql_escape{string = fun(X) -> <<"'", (standard_escape(X))/binary, "'">> end,
+                integer = fun(X) -> integer_to_binary(X) end,
+                boolean = fun(true) -> <<"1">>;
+                             (false) -> <<"0">>
+                          end
+               }.
+
+standard_escape(S) ->
+    << <<(case Char of
+              $' -> << "''" >>;
+              _ -> << Char >>
+          end)/binary>> || <<Char>> <= S >>.
+
+mssql_sql_query(SQLQuery) ->
+    sqlite_sql_query(SQLQuery).
+
+pgsql_prepare(SQLQuery, State) ->
+    Escape = #sql_escape{_ = fun(X) -> X end},
+    N = length((SQLQuery#sql_query.args)(Escape)),
+    Args = [<<$$, (integer_to_binary(I))/binary>> || I <- lists:seq(1, N)],
+    Query = (SQLQuery#sql_query.format_query)(Args),
+    pgsql:prepare(State#state.db_ref, SQLQuery#sql_query.hash, Query).
+
+pgsql_execute_escape() ->
+    #sql_escape{string = fun(X) -> X end,
+                integer = fun(X) -> [integer_to_binary(X)] end,
+                boolean = fun(true) -> "1";
+                             (false) -> "0"
+                          end
+               }.
+
+pgsql_execute_sql_query(SQLQuery, State) ->
+    Args = (SQLQuery#sql_query.args)(pgsql_execute_escape()),
+    ExecuteRes =
+        pgsql:execute(State#state.db_ref, SQLQuery#sql_query.hash, Args),
+%    {T, ExecuteRes} =
+%        timer:tc(pgsql, execute, [State#state.db_ref, SQLQuery#sql_query.hash, Args]),
+%    io:format("T ~s ~p~n", [SQLQuery#sql_query.hash, T]),
+    Res = pgsql_execute_to_odbc(ExecuteRes),
+    sql_query_format_res(Res, SQLQuery).
+
+
+sql_query_format_res({selected, _, Rows}, SQLQuery) ->
+    Res =
+        lists:flatmap(
+          fun(Row) ->
+                  try
+                      [(SQLQuery#sql_query.format_res)(Row)]
+                  catch
+                      Class:Reason ->
+                          ST = erlang:get_stacktrace(),
+                          ?ERROR_MSG("Error while processing "
+                                     "SQL query result: ~p~n"
+                                     "row: ~p",
+                                     [{Class, Reason, ST}, Row]),
+                          []
+                  end
+          end, Rows),
+    {selected, Res};
+sql_query_format_res(Res, _SQLQuery) ->
+    Res.
+
+sql_query_to_iolist(SQLQuery) ->
+    generic_sql_query_format(SQLQuery).
+
 %% Generate the OTP callback return tuple depending on the driver result.
 abort_on_driver_error({error, <<"query timed out">>} =
 			  Reply,
@@ -606,6 +821,18 @@ pgsql_item_to_odbc(<<"UPDATE ", N/binary>>) ->
 pgsql_item_to_odbc({error, Error}) -> {error, Error};
 pgsql_item_to_odbc(_) -> {updated, undefined}.

+pgsql_execute_to_odbc({ok, {<<"SELECT", _/binary>>, Rows}}) ->
+    {selected, [], [[Field || {_, Field} <- Row] || Row <- Rows]};
+pgsql_execute_to_odbc({ok, {'INSERT', N}}) ->
+    {updated, N};
+pgsql_execute_to_odbc({ok, {'DELETE', N}}) ->
+    {updated, N};
+pgsql_execute_to_odbc({ok, {'UPDATE', N}}) ->
+    {updated, N};
+pgsql_execute_to_odbc({error, Error}) -> {error, Error};
+pgsql_execute_to_odbc(_) -> {updated, undefined}.
+
+
 %% == Native MySQL code

 %% part of init/1
@@ -658,6 +885,24 @@ to_odbc({error, Reason}) when is_list(Reason) ->
 to_odbc(Res) ->
    Res.

+get_db_version(#state{db_type = pgsql} = State) ->
+    case pgsql:squery(State#state.db_ref,
+                      <<"select current_setting('server_version_num')">>) of
+        {ok, [{_, _, [[SVersion]]}]} ->
+            case catch binary_to_integer(SVersion) of
+                Version when is_integer(Version) ->
+                    State#state{db_version = Version};
+                Error ->
+                    ?WARNING_MSG("error getting pgsql version: ~p", [Error]),
+                    State
+            end;
+        Res ->
+            ?WARNING_MSG("error getting pgsql version: ~p", [Res]),
+            State
+    end;
+get_db_version(State) ->
+    State.
+
 log(Level, Format, Args) ->
    case Level of
      debug -> ?DEBUG(Format, Args);
@@ -666,14 +911,14 @@ log(Level, Format, Args) ->
    end.

 db_opts(Host) ->
-    Type = ejabberd_config:get_option({odbc_type, Host},
+    Type = ejabberd_config:get_option({sql_type, Host},
                                      fun(mysql) -> mysql;
                                         (pgsql) -> pgsql;
                                         (sqlite) -> sqlite;
 					 (mssql) -> mssql;
                                         (odbc) -> odbc
                                      end, odbc),
-    Server = ejabberd_config:get_option({odbc_server, Host},
+    Server = ejabberd_config:get_option({sql_server, Host},
                                        fun iolist_to_binary/1,
                                        <<"localhost">>),
    case Type of
@@ -683,41 +928,40 @@ db_opts(Host) ->
            [sqlite, Host];
        _ ->
            Port = ejabberd_config:get_option(
-                     {odbc_port, Host},
+                     {sql_port, Host},
                     fun(P) when is_integer(P), P > 0, P < 65536 -> P end,
                     case Type of
 			 mssql -> ?MSSQL_PORT;
                         mysql -> ?MYSQL_PORT;
                         pgsql -> ?PGSQL_PORT
                     end),
-            DB = ejabberd_config:get_option({odbc_database, Host},
+            DB = ejabberd_config:get_option({sql_database, Host},
                                            fun iolist_to_binary/1,
                                            <<"ejabberd">>),
-            User = ejabberd_config:get_option({odbc_username, Host},
+            User = ejabberd_config:get_option({sql_username, Host},
                                              fun iolist_to_binary/1,
                                              <<"ejabberd">>),
-            Pass = ejabberd_config:get_option({odbc_password, Host},
+            Pass = ejabberd_config:get_option({sql_password, Host},
                                              fun iolist_to_binary/1,
                                              <<"">>),
 	    case Type of
 		mssql ->
-		    Username = get_mssql_user(Server, User),
-		    [odbc, <<"DSN=", Host/binary, ";UID=", Username/binary,
-			     ";PWD=", Pass/binary>>];
+		    [mssql, <<"DSN=", Host/binary, ";UID=", User/binary,
+			      ";PWD=", Pass/binary>>];
 		_ ->
 		    [Type, Server, Port, DB, User, Pass]
 	    end
    end.

 init_mssql(Host) ->
-    Server = ejabberd_config:get_option({odbc_server, Host},
+    Server = ejabberd_config:get_option({sql_server, Host},
                                        fun iolist_to_binary/1,
                                        <<"localhost">>),
    Port = ejabberd_config:get_option(
-	     {odbc_port, Host},
+	     {sql_port, Host},
 	     fun(P) when is_integer(P), P > 0, P < 65536 -> P end,
 	     ?MSSQL_PORT),
-    DB = ejabberd_config:get_option({odbc_database, Host},
+    DB = ejabberd_config:get_option({sql_database, Host},
 				    fun iolist_to_binary/1,
 				    <<"ejabberd">>),
    FreeTDS = io_lib:fwrite("[~s]~n"
@@ -762,21 +1006,6 @@ init_mssql(Host) ->
 	    Err
    end.

-get_mssql_user(Server, User) ->
-    HostName = case inet_parse:address(binary_to_list(Server)) of
-		   {ok, _} ->
-		       Server;
-		   {error, _} ->
-		       hd(str:tokens(Server, <<".">>))
-	       end,
-    UserName = case str:chr(User, $@) of
-		   0 ->
-		       <<User/binary, $@, HostName/binary>>;
-		   _ ->
-		       User
-	       end,
-    UserName.
-
 tmp_dir() ->
    filename:join(["/tmp", "ejabberd"]).

@@ -800,30 +1029,39 @@ fsm_limit_opts() ->
      _ -> []
    end.

+check_error({error, Why} = Err, #sql_query{} = Query) ->
+    ?ERROR_MSG("SQL query '~s' at ~p failed: ~p",
+               [Query#sql_query.hash, Query#sql_query.loc, Why]),
+    Err;
 check_error({error, Why} = Err, Query) ->
-    ?ERROR_MSG("SQL query '~s' failed: ~p", [Query, Why]),
+    case catch iolist_to_binary(Query) of
+        SQuery when is_binary(SQuery) ->
+            ?ERROR_MSG("SQL query '~s' failed: ~p", [SQuery, Why]);
+        _ ->
+            ?ERROR_MSG("SQL query ~p failed: ~p", [Query, Why])
+    end,
    Err;
 check_error(Result, _Query) ->
    Result.

 opt_type(max_fsm_queue) ->
    fun (N) when is_integer(N), N > 0 -> N end;
-opt_type(odbc_database) -> fun iolist_to_binary/1;
-opt_type(odbc_keepalive_interval) ->
+opt_type(sql_database) -> fun iolist_to_binary/1;
+opt_type(sql_keepalive_interval) ->
    fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_password) -> fun iolist_to_binary/1;
-opt_type(odbc_port) ->
+opt_type(sql_password) -> fun iolist_to_binary/1;
+opt_type(sql_port) ->
    fun (P) when is_integer(P), P > 0, P < 65536 -> P end;
-opt_type(odbc_server) -> fun iolist_to_binary/1;
-opt_type(odbc_type) ->
+opt_type(sql_server) -> fun iolist_to_binary/1;
+opt_type(sql_type) ->
    fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
 	(mssql) -> mssql;
 	(odbc) -> odbc
    end;
-opt_type(odbc_username) -> fun iolist_to_binary/1;
+opt_type(sql_username) -> fun iolist_to_binary/1;
 opt_type(_) ->
-    [max_fsm_queue, odbc_database, odbc_keepalive_interval,
-     odbc_password, odbc_port, odbc_server, odbc_type,
-     odbc_username].
+    [max_fsm_queue, sql_database, sql_keepalive_interval,
+     sql_password, sql_port, sql_server, sql_type,
+     sql_username].
@@ -0,0 +1,550 @@
+%%%-------------------------------------------------------------------
+%%% File    : ejabberd_sql_pt.erl
+%%% Author  : Alexey Shchepin <alexey@process-one.net>
+%%% Description : Parse transform for SQL queries
+%%%
+%%% Created : 20 Jan 2016 by Alexey Shchepin <alexey@process-one.net>
+%%%-------------------------------------------------------------------
+-module(ejabberd_sql_pt).
+
+%% API
+-export([parse_transform/2]).
+
+-export([parse/2]).
+
+-include("ejabberd_sql_pt.hrl").
+
+-record(state, {loc,
+                'query' = [],
+                params = [],
+                param_pos = 0,
+                args = [],
+                res = [],
+                res_vars = [],
+                res_pos = 0}).
+
+-define(QUERY_RECORD, "sql_query").
+
+-define(ESCAPE_RECORD, "sql_escape").
+-define(ESCAPE_VAR, "__SQLEscape").
+
+-define(MOD, sql__module_).
+
+%%====================================================================
+%% API
+%%====================================================================
+%%--------------------------------------------------------------------
+%% Function:
+%% Description:
+%%--------------------------------------------------------------------
+parse_transform(AST, _Options) ->
+    %io:format("PT: ~p~nOpts: ~p~n", [AST, Options]),
+    NewAST = top_transform(AST),
+    %io:format("NewPT: ~p~n", [NewAST]),
+    NewAST.
+
+
+
+%%====================================================================
+%% Internal functions
+%%====================================================================
+
+
+transform(Form) ->
+    case erl_syntax:type(Form) of
+        application ->
+            case erl_syntax_lib:analyze_application(Form) of
+                {?SQL_MARK, 1} ->
+                    case erl_syntax:application_arguments(Form) of
+                        [Arg] ->
+                            case erl_syntax:type(Arg) of
+                                string ->
+                                    S = erl_syntax:string_value(Arg),
+                                    Pos = erl_syntax:get_pos(Arg),
+                                    ParseRes = parse(S, Pos),
+                                    set_pos(make_sql_query(ParseRes), Pos);
+                                _ ->
+                                    throw({error, erl_syntax:get_pos(Form),
+                                           "?SQL argument must be "
+                                           "a constant string"})
+                            end;
+                        _ ->
+                            throw({error, erl_syntax:get_pos(Form),
+                                   "wrong number of ?SQL args"})
+                    end;
+                {?SQL_UPSERT_MARK, 2} ->
+                    case erl_syntax:application_arguments(Form) of
+                        [TableArg, FieldsArg] ->
+                            case {erl_syntax:type(TableArg),
+                                  erl_syntax:is_proper_list(FieldsArg)}of
+                                {string, true} ->
+                                    Table = erl_syntax:string_value(TableArg),
+                                    ParseRes =
+                                        parse_upsert(
+                                          erl_syntax:list_elements(FieldsArg)),
+                                    Pos = erl_syntax:get_pos(Form),
+                                    set_pos(
+                                      make_sql_upsert(Table, ParseRes, Pos),
+                                      Pos);
+                                _ ->
+                                    throw({error, erl_syntax:get_pos(Form),
+                                           "?SQL_UPSERT arguments must be "
+                                           "a constant string and a list"})
+                            end;
+                        _ ->
+                            throw({error, erl_syntax:get_pos(Form),
+                                   "wrong number of ?SQL_UPSERT args"})
+                    end;
+                _ ->
+                    Form
+            end;
+        attribute ->
+            case erl_syntax:atom_value(erl_syntax:attribute_name(Form)) of
+                module ->
+                    case erl_syntax:attribute_arguments(Form) of
+                        [M | _] ->
+                            Module = erl_syntax:atom_value(M),
+                            %io:format("module ~p~n", [Module]),
+                            put(?MOD, Module),
+                            Form;
+                        _ ->
+                            Form
+                    end;
+                _ ->
+                    Form
+            end;
+        _ ->
+            Form
+    end.
+
+top_transform(Forms) when is_list(Forms) ->
+    lists:map(
+      fun(Form) ->
+              try
+                  Form2 = erl_syntax_lib:map(
+                            fun(Node) ->
+                                                %io:format("asd ~p~n", [Node]),
+                                    transform(Node)
+                            end, Form),
+                  Form3 = erl_syntax:revert(Form2),
+                  Form3
+	      catch
+		  throw:{error, Line, Error} ->
+		      {error, {Line, erl_parse, Error}}
+	      end
+      end, Forms).
+
+parse(S, Loc) ->
+    parse1(S, [], #state{loc = Loc}).
+
+parse(S, ParamPos, Loc) ->
+    parse1(S, [], #state{loc = Loc, param_pos = ParamPos}).
+
+parse1([], Acc, State) ->
+    State1 = append_string(lists:reverse(Acc), State),
+    State1#state{'query' = lists:reverse(State1#state.'query'),
+                 params = lists:reverse(State1#state.params),
+                 args = lists:reverse(State1#state.args),
+                 res = lists:reverse(State1#state.res),
+                 res_vars = lists:reverse(State1#state.res_vars)
+                };
+parse1([$@, $( | S], Acc, State) ->
+    State1 = append_string(lists:reverse(Acc), State),
+    {Name, Type, S1, State2} = parse_name(S, State1),
+    Var = "__V" ++ integer_to_list(State2#state.res_pos),
+    EVar = erl_syntax:variable(Var),
+    Convert =
+        case Type of
+            integer ->
+                erl_syntax:application(
+                  erl_syntax:atom(binary_to_integer),
+                  [EVar]);
+            string ->
+                EVar;
+            boolean ->
+                erl_syntax:application(
+                  erl_syntax:atom(ejabberd_sql),
+                  erl_syntax:atom(to_bool),
+                  [EVar])
+        end,
+    State3 = append_string(Name, State2),
+    State4 = State3#state{res_pos = State3#state.res_pos + 1,
+                          res = [Convert | State3#state.res],
+                          res_vars = [EVar | State3#state.res_vars]},
+    parse1(S1, [], State4);
+parse1([$%, $( | S], Acc, State) ->
+    State1 = append_string(lists:reverse(Acc), State),
+    {Name, Type, S1, State2} = parse_name(S, State1),
+    Var = State2#state.param_pos,
+    Convert =
+        erl_syntax:application(
+          erl_syntax:record_access(
+            erl_syntax:variable(?ESCAPE_VAR),
+            erl_syntax:atom(?ESCAPE_RECORD),
+            erl_syntax:atom(Type)),
+          [erl_syntax:variable(Name)]),
+    State3 = State2,
+    State4 =
+        State3#state{'query' = [{var, Var} | State3#state.'query'],
+                     args = [Convert | State3#state.args],
+                     params = [Var | State3#state.params],
+                     param_pos = State3#state.param_pos + 1},
+    parse1(S1, [], State4);
+parse1([C | S], Acc, State) ->
+    parse1(S, [C | Acc], State).
+
+append_string([], State) ->
+    State;
+append_string(S, State) ->
+    State#state{query = [{str, S} | State#state.query]}.
+
+parse_name(S, State) ->
+    parse_name(S, [], 0, State).
+
+parse_name([], _Acc, _Depth, State) ->
+    throw({error, State#state.loc,
+           "expected ')', found end of string"});
+parse_name([$), T | S], Acc, 0, State) ->
+    Type =
+        case T of
+            $d -> integer;
+            $s -> string;
+            $b -> boolean;
+            _ ->
+                throw({error, State#state.loc,
+                       ["unknown type specifier '", T, "'"]})
+        end,
+    {lists:reverse(Acc), Type, S, State};
+parse_name([$)], _Acc, 0, State) ->
+    throw({error, State#state.loc,
+           "expected type specifier, found end of string"});
+parse_name([$( = C | S], Acc, Depth, State) ->
+    parse_name(S, [C | Acc], Depth + 1, State);
+parse_name([$) = C | S], Acc, Depth, State) ->
+    parse_name(S, [C | Acc], Depth - 1, State);
+parse_name([C | S], Acc, Depth, State) ->
+    parse_name(S, [C | Acc], Depth, State).
+
+
+make_var(V) ->
+    Var = "__V" ++ integer_to_list(V),
+    erl_syntax:variable(Var).
+
+
+make_sql_query(State) ->
+    Hash = erlang:phash2(State#state{loc = undefined}),
+    SHash = <<"Q", (integer_to_binary(Hash))/binary>>,
+    Query = pack_query(State#state.'query'),
+    EQuery =
+        lists:map(
+          fun({str, S}) ->
+                  erl_syntax:binary(
+                    [erl_syntax:binary_field(
+                       erl_syntax:string(S))]);
+             ({var, V}) -> make_var(V)
+          end, Query),
+    erl_syntax:record_expr(
+     erl_syntax:atom(?QUERY_RECORD),
+     [erl_syntax:record_field(
+       erl_syntax:atom(hash),
+        %erl_syntax:abstract(SHash)
+        erl_syntax:binary(
+          [erl_syntax:binary_field(
+             erl_syntax:string(binary_to_list(SHash)))])),
+      erl_syntax:record_field(
+       erl_syntax:atom(args),
+        erl_syntax:fun_expr(
+          [erl_syntax:clause(
+             [erl_syntax:variable(?ESCAPE_VAR)],
+             none,
+             [erl_syntax:list(State#state.args)]
+            )])),
+      erl_syntax:record_field(
+       erl_syntax:atom(format_query),
+        erl_syntax:fun_expr(
+          [erl_syntax:clause(
+             [erl_syntax:list(lists:map(fun make_var/1, State#state.params))],
+             none,
+             [erl_syntax:list(EQuery)]
+            )])),
+      erl_syntax:record_field(
+       erl_syntax:atom(format_res),
+        erl_syntax:fun_expr(
+          [erl_syntax:clause(
+             [erl_syntax:list(State#state.res_vars)],
+             none,
+             [erl_syntax:tuple(State#state.res)]
+            )])),
+      erl_syntax:record_field(
+       erl_syntax:atom(loc),
+        erl_syntax:abstract({get(?MOD), State#state.loc}))
+     ]).
+
+pack_query([]) ->
+    [];
+pack_query([{str, S1}, {str, S2} | Rest]) ->
+    pack_query([{str, S1 ++ S2} | Rest]);
+pack_query([X | Rest]) ->
+    [X | pack_query(Rest)].
+
+
+parse_upsert(Fields) ->
+    {Fs, _} =
+        lists:foldr(
+          fun(F, {Acc, Param}) ->
+                  case erl_syntax:type(F) of
+                      string ->
+                          V = erl_syntax:string_value(F),
+                          {_, _, State} = Res =
+                              parse_upsert_field(
+                                V, Param, erl_syntax:get_pos(F)),
+                          {[Res | Acc], State#state.param_pos};
+                      _ ->
+                          throw({error, erl_syntax:get_pos(F),
+                                 "?SQL_UPSERT field must be "
+                                 "a constant string"})
+                  end
+          end, {[], 0}, Fields),
+    %io:format("upsert ~p~n", [{Fields, Fs}]),
+    Fs.
+
+%% key | {Update}
+parse_upsert_field([$! | S], ParamPos, Loc) ->
+    {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
+    {Name, key, ParseState};
+parse_upsert_field([$- | S], ParamPos, Loc) ->
+    {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
+    {Name, {false}, ParseState};
+parse_upsert_field(S, ParamPos, Loc) ->
+    {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
+    {Name, {true}, ParseState}.
+
+parse_upsert_field1([], _Acc, _ParamPos, Loc) ->
+    throw({error, Loc,
+           "?SQL_UPSERT fields must have the "
+           "following form: \"[!-]name=value\""});
+parse_upsert_field1([$= | S], Acc, ParamPos, Loc) ->
+    {lists:reverse(Acc), parse(S, ParamPos, Loc)};
+parse_upsert_field1([C | S], Acc, ParamPos, Loc) ->
+    parse_upsert_field1(S, [C | Acc], ParamPos, Loc).
+
+
+make_sql_upsert(Table, ParseRes, Pos) ->
+    check_upsert(ParseRes, Pos),
+    erl_syntax:fun_expr(
+      [erl_syntax:clause(
+         [erl_syntax:atom(pgsql), erl_syntax:variable("__Version")],
+         [erl_syntax:infix_expr(
+            erl_syntax:variable("__Version"),
+            erl_syntax:operator('>='),
+            erl_syntax:integer(90100))],
+         [make_sql_upsert_pgsql901(Table, ParseRes),
+          erl_syntax:atom(ok)]),
+       erl_syntax:clause(
+         [erl_syntax:underscore(), erl_syntax:underscore()],
+         none,
+         [make_sql_upsert_generic(Table, ParseRes)])
+      ]).
+
+make_sql_upsert_generic(Table, ParseRes) ->
+    Update = make_sql_query(make_sql_upsert_update(Table, ParseRes)),
+    Insert = make_sql_query(make_sql_upsert_insert(Table, ParseRes)),
+    InsertBranch =
+        erl_syntax:case_expr(
+          erl_syntax:application(
+            erl_syntax:atom(ejabberd_sql),
+            erl_syntax:atom(sql_query_t),
+            [Insert]),
+          [erl_syntax:clause(
+             [erl_syntax:abstract({updated, 1})],
+             none,
+             [erl_syntax:atom(ok)]),
+           erl_syntax:clause(
+             [erl_syntax:variable("__UpdateRes")],
+             none,
+             [erl_syntax:variable("__UpdateRes")])]),
+    erl_syntax:case_expr(
+      erl_syntax:application(
+        erl_syntax:atom(ejabberd_sql),
+        erl_syntax:atom(sql_query_t),
+        [Update]),
+      [erl_syntax:clause(
+         [erl_syntax:abstract({updated, 1})],
+         none,
+         [erl_syntax:atom(ok)]),
+       erl_syntax:clause(
+         [erl_syntax:underscore()],
+         none,
+         [InsertBranch])]).
+
+make_sql_upsert_update(Table, ParseRes) ->
+    WPairs =
+        lists:flatmap(
+          fun({_Field, {_}, _ST}) ->
+                  [];
+             ({Field, key, ST}) ->
+                  [ST#state{
+                     'query' = [{str, Field}, {str, "="}] ++ ST#state.'query'
+                    }]
+          end, ParseRes),
+    Where = join_states(WPairs, " AND "),
+    SPairs =
+        lists:flatmap(
+          fun({_Field, key, _ST}) ->
+                  [];
+             ({_Field, {false}, _ST}) ->
+                  [];
+             ({Field, {true}, ST}) ->
+                  [ST#state{
+                     'query' = [{str, Field}, {str, "="}] ++ ST#state.'query'
+                    }]
+          end, ParseRes),
+    Set = join_states(SPairs, ", "),
+    State =
+        concat_states(
+          [#state{'query' = [{str, "UPDATE "}, {str, Table}, {str, " SET "}]},
+           Set,
+           #state{'query' = [{str, " WHERE "}]},
+           Where
+          ]),
+    State.
+
+make_sql_upsert_insert(Table, ParseRes) ->
+    Vals =
+        lists:map(
+          fun({_Field, _, ST}) ->
+                  ST
+          end, ParseRes),
+    Fields =
+        lists:map(
+          fun({Field, _, _ST}) ->
+                  #state{'query' = [{str, Field}]}
+          end, ParseRes),
+    State =
+        concat_states(
+          [#state{'query' = [{str, "INSERT INTO "}, {str, Table}, {str, "("}]},
+           join_states(Fields, ", "),
+           #state{'query' = [{str, ") VALUES ("}]},
+           join_states(Vals, ", "),
+           #state{'query' = [{str, ")"}]}
+          ]),
+    State.
+
+make_sql_upsert_pgsql901(Table, ParseRes) ->
+    Update = make_sql_upsert_update(Table, ParseRes),
+    Vals =
+        lists:map(
+          fun({_Field, _, ST}) ->
+                  ST
+          end, ParseRes),
+    Fields =
+        lists:map(
+          fun({Field, _, _ST}) ->
+                  #state{'query' = [{str, Field}]}
+          end, ParseRes),
+    Insert =
+        concat_states(
+          [#state{'query' = [{str, "INSERT INTO "}, {str, Table}, {str, "("}]},
+           join_states(Fields, ", "),
+           #state{'query' = [{str, ") SELECT "}]},
+           join_states(Vals, ", "),
+           #state{'query' = [{str, " WHERE NOT EXISTS (SELECT * FROM upsert)"}]}
+          ]),
+    State =
+        concat_states(
+          [#state{'query' = [{str, "WITH upsert AS ("}]},
+           Update,
+           #state{'query' = [{str, " RETURNING *) "}]},
+           Insert
+          ]),
+    Upsert = make_sql_query(State),
+    erl_syntax:application(
+      erl_syntax:atom(ejabberd_sql),
+      erl_syntax:atom(sql_query_t),
+      [Upsert]).
+
+
+check_upsert(ParseRes, Pos) ->
+    Set =
+        lists:filter(
+          fun({_Field, Match, _ST}) ->
+                  Match /= key
+          end, ParseRes),
+    case Set of
+        [] ->
+            throw({error, Pos,
+                   "No ?SQL_UPSERT fields to set, use INSERT instead"});
+        _ ->
+            ok
+    end,
+    ok.
+
+
+concat_states(States) ->
+    lists:foldr(
+      fun(ST11, ST2) ->
+              ST1 = resolve_vars(ST11, ST2),
+              ST1#state{
+                'query' = ST1#state.'query' ++ ST2#state.'query',
+                params = ST1#state.params ++ ST2#state.params,
+                args = ST1#state.args ++ ST2#state.args,
+                res = ST1#state.res ++ ST2#state.res,
+                res_vars = ST1#state.res_vars ++ ST2#state.res_vars,
+                loc = case ST1#state.loc of
+                          undefined -> ST2#state.loc;
+                          _ -> ST1#state.loc
+                      end
+               }
+      end, #state{}, States).
+
+resolve_vars(ST1, ST2) ->
+    Max = lists:max([0 | ST1#state.params ++ ST2#state.params]),
+    {Map, _} =
+        lists:foldl(
+          fun(Var, {Acc, New}) ->
+                  case lists:member(Var, ST2#state.params) of
+                      true ->
+                          {dict:store(Var, New, Acc), New + 1};
+                      false ->
+                          {Acc, New}
+                  end
+          end, {dict:new(), Max + 1}, ST1#state.params),
+    NewParams =
+        lists:map(
+          fun(Var) ->
+                  case dict:find(Var, Map) of
+                      {ok, New} ->
+                          New;
+                      error ->
+                          Var
+                  end
+          end, ST1#state.params),
+    NewQuery =
+        lists:map(
+          fun({var, Var}) ->
+                  case dict:find(Var, Map) of
+                      {ok, New} ->
+                          {var, New};
+                      error ->
+                          {var, Var}
+                  end;
+             (S) -> S
+          end, ST1#state.'query'),
+    ST1#state{params = NewParams, 'query' = NewQuery}.
+
+
+join_states([], _Sep) ->
+    #state{};
+join_states([H | T], Sep) ->
+    J = [[H] | [[#state{'query' = [{str, Sep}]}, X] || X <- T]],
+    concat_states(lists:append(J)).
+
+
+set_pos(Tree, Pos) ->
+    erl_syntax_lib:map(
+      fun(Node) ->
+              case erl_syntax:get_pos(Node) of
+                  0 -> erl_syntax:set_pos(Node, Pos);
+                  _ -> Node
+              end
+      end, Tree).
@@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_odbc_sup.erl
+%%% File    : ejabberd_sql_sup.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
-%%% Purpose : ODBC connections supervisor
+%%% Purpose : SQL connections supervisor
 %%% Created : 22 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
 %%%
 %%%
@@ -23,7 +23,7 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_odbc_sup).
+-module(ejabberd_sql_sup).

 -behaviour(ejabberd_config).

@@ -42,7 +42,7 @@

 -define(DEFAULT_POOL_SIZE, 10).

-define(DEFAULT_ODBC_START_INTERVAL, 30).
+-define(DEFAULT_SQL_START_INTERVAL, 30).

 -define(CONNECT_TIMEOUT, 500).

@@ -62,14 +62,14 @@ start_link(Host) ->

 init([Host]) ->
    PoolSize = ejabberd_config:get_option(
-                 {odbc_pool_size, Host},
+                 {sql_pool_size, Host},
                 fun(I) when is_integer(I), I>0 -> I end,
                 ?DEFAULT_POOL_SIZE),
    StartInterval = ejabberd_config:get_option(
-                      {odbc_start_interval, Host},
+                      {sql_start_interval, Host},
                      fun(I) when is_integer(I), I>0 -> I end,
-                      ?DEFAULT_ODBC_START_INTERVAL),
-    Type = ejabberd_config:get_option({odbc_type, Host},
+                      ?DEFAULT_SQL_START_INTERVAL),
+    Type = ejabberd_config:get_option({sql_type, Host},
                                      fun(mysql) -> mysql;
                                         (pgsql) -> pgsql;
                                         (sqlite) -> sqlite;
@@ -80,7 +80,7 @@ init([Host]) ->
        sqlite ->
            check_sqlite_db(Host);
 	mssql ->
-	    ejabberd_odbc:init_mssql(Host);
+	    ejabberd_sql:init_mssql(Host);
        _ ->
            ok
    end,
@@ -89,7 +89,7 @@ init([Host]) ->
     {{one_for_one, PoolSize * 10, 1},
      lists:map(fun (I) ->
 			{I,
-			 {ejabberd_odbc, start_link,
+			 {ejabberd_sql, start_link,
 			  [Host, StartInterval * 1000]},
 			 transient, 2000, worker, [?MODULE]}
 		end,
@@ -121,12 +121,12 @@ transform_options(Opts) ->
    lists:foldl(fun transform_options/2, [], Opts).

 transform_options({odbc_server, {Type, Server, Port, DB, User, Pass}}, Opts) ->
-    [{odbc_type, Type},
-     {odbc_server, Server},
-     {odbc_port, Port},
-     {odbc_database, DB},
-     {odbc_username, User},
-     {odbc_password, Pass}|Opts];
+    [{sql_type, Type},
+     {sql_server, Server},
+     {sql_port, Port},
+     {sql_database, DB},
+     {sql_username, User},
+     {sql_password, Pass}|Opts];
 transform_options({odbc_server, {mysql, Server, DB, User, Pass}}, Opts) ->
    transform_options({odbc_server, {mysql, Server, ?MYSQL_PORT, DB, User, Pass}}, Opts);
 transform_options({odbc_server, {pgsql, Server, DB, User, Pass}}, Opts) ->
@@ -137,8 +137,8 @@ transform_options(Opt, Opts) ->
    [Opt|Opts].

 check_sqlite_db(Host) ->
-    DB = ejabberd_odbc:sqlite_db(Host),
-    File = ejabberd_odbc:sqlite_file(Host),
+    DB = ejabberd_sql:sqlite_db(Host),
+    File = ejabberd_sql:sqlite_file(Host),
    Ret = case filelib:ensure_dir(File) of
 	      ok ->
 		  case sqlite3:open(DB, [{file, File}]) of
@@ -211,11 +211,11 @@ read_lines(Fd, File, Acc) ->
            []
    end.

-opt_type(odbc_pool_size) ->
+opt_type(sql_pool_size) ->
    fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_start_interval) ->
+opt_type(sql_start_interval) ->
    fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_type) ->
+opt_type(sql_type) ->
    fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
@@ -223,4 +223,4 @@ opt_type(odbc_type) ->
 	(odbc) -> odbc
    end;
 opt_type(_) ->
-    [odbc_pool_size, odbc_start_interval, odbc_type].
+    [sql_pool_size, sql_start_interval, sql_type].
@@ -186,18 +186,24 @@ process_large_heap(Pid, Info) ->
                           "much memory:~n~p~n~s",
                           [node(), Pid, Info, DetailedInfo])),
    From = jid:make(<<"">>, Host, <<"watchdog">>),
+    Hint = [#xmlel{name = <<"no-permanent-store">>,
+		   attrs = [{<<"xmlns">>, ?NS_HINTS}]}],
    lists:foreach(fun (JID) ->
-                          send_message(From, jid:make(JID), Body)
+                          send_message(From, jid:make(JID), Body, Hint)
                  end, JIDs).

 send_message(From, To, Body) ->
+    send_message(From, To, Body, []).
+
+send_message(From, To, Body, ExtraEls) ->
    ejabberd_router:route(From, To,
 			  #xmlel{name = <<"message">>,
 				 attrs = [{<<"type">>, <<"chat">>}],
 				 children =
 				     [#xmlel{name = <<"body">>, attrs = [],
 					     children =
-						 [{xmlcdata, Body}]}]}).
+						 [{xmlcdata, Body}]}
+				      | ExtraEls]}).

 get_admin_jids() ->
    ejabberd_config:get_option(
@@ -264,7 +264,7 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->

 get_auth_account(HostOfRule, AccessRule, User, Server,
 		 Pass) ->
-    case ejabberd_auth:check_password(User, Server, Pass) of
+    case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
      true ->
 	  case is_acl_match(HostOfRule, AccessRule,
 			    jid:make(User, Server, <<"">>))
@@ -1520,8 +1520,7 @@ get_offlinemsg_length(ModOffline, User, Server) ->
    case ModOffline of
      none -> <<"disabled">>;
      _ ->
-	  pretty_string_int(ModOffline:get_queue_length(User,
-							Server))
+	  pretty_string_int(ModOffline:count_offline_messages(User,Server))
    end.

 get_offlinemsg_module(Server) ->
@@ -2415,7 +2414,7 @@ node_backup_parse_query(Node, Query) ->
                                                    lists:keysearch(<<Action/binary,
                                                                      "host">>,
                                                                    1, Query),
-                                                ejabberd_cluster:call(Node, ejd2odbc,
+                                                ejabberd_cluster:call(Node, ejd2sql,
                                                         export, [Host, Path]);
 					    <<"import_file">> ->
 						ejabberd_cluster:call(Node, ejabberd_admin,
@@ -373,6 +373,10 @@ try_do_command(AccessCommands, Auth, Command, AttrL,
 			       "The call provided additional unused "
 				 "arguments:~n~p",
 			       [ExitAtL]);
+      exit:{invalid_arg_type, Arg, Type} ->
+	  build_fault_response(-122,
+			       "Parameter '~p' can't be coerced to type '~p'",
+			       [Arg, Type]);
      Why ->
 	  build_fault_response(-118,
 			       "A problem '~p' occurred executing the "
@@ -472,7 +476,7 @@ format_arg(undefined, binary) -> <<>>;
 format_arg(undefined, string) -> "";
 format_arg(Arg, Format) ->
    ?ERROR_MSG("don't know how to format Arg ~p for format ~p", [Arg, Format]),
-    error.
+    exit({invalid_arg_type, Arg, Format}).

 process_unicode_codepoints(Str) ->
    iolist_to_binary(lists:map(fun(X) when X > 255 -> unicode:characters_to_binary([X]);
@@ -491,7 +495,7 @@ format_result(Atom, {Name, atom}) ->
     [{Name, iolist_to_binary(atom_to_list(Atom))}]};
 format_result(Int, {Name, integer}) ->
    {struct, [{Name, Int}]};
-format_result(String, {Name, string}) when is_list(String) ->
+format_result([A|_]=String, {Name, string}) when is_list(String) and is_integer(A) ->
    {struct, [{Name, lists:flatten(String)}]};
 format_result(Binary, {Name, string}) when is_binary(Binary) ->
    {struct, [{Name, binary_to_list(Binary)}]};
@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejd2odbc.erl
+%%% File    : ejd2sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Export some mnesia tables to SQL DB
 %%% Created : 22 Aug 2005 by Alexey Shchepin <alexey@process-one.net>
@@ -23,14 +23,15 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejd2odbc).
+-module(ejd2sql).

 -author('alexey@process-one.net').

 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -export([export/2, export/3, import_file/2, import/2,
-	 import/3]).
+	 import/3, delete/1]).

 -define(MAX_RECORDS_PER_TRANSACTION, 100).

@@ -43,7 +44,7 @@
 %%% A table can be converted from Mnesia to an ODBC database by calling
 %%% one of the API function with the following parameters:
 %%% - Server is the server domain you want to convert
-%%% - Output can be either odbc to export to the configured relational
+%%% - Output can be either sql to export to the configured relational
 %%%   database or "Filename" to export to text file.

 modules() ->
@@ -76,10 +77,29 @@ export(Server, Output, Module) ->
    IO = prepare_output(Output),
    lists:foreach(
      fun({Table, ConvertFun}) ->
-              export(LServer, Table, IO, ConvertFun)
+              case export(LServer, Table, IO, ConvertFun) of
+                  {atomic, ok} -> ok;
+                  {aborted, Reason} ->
+                      ?ERROR_MSG("Failed export for module ~p: ~p",
+                                 [Module, Reason])
+              end
      end, Module:export(Server)),
    close_output(Output, IO).

+delete(Server) ->
+    Modules = modules(),
+    lists:foreach(
+      fun(Module) ->
+              delete(Server, Module)
+      end, Modules).
+
+delete(Server, Module) ->
+    LServer = jid:nameprep(iolist_to_binary(Server)),
+    lists:foreach(
+      fun({Table, ConvertFun}) ->
+              delete(LServer, Table, ConvertFun)
+      end, Module:export(Server)).
+
 import_file(Server, FileName) when is_binary(FileName) ->
    import(Server, binary_to_list(FileName));
 import_file(Server, FileName) ->
@@ -90,7 +110,7 @@ import_file(Server, FileName) ->
            LServer = jid:nameprep(Server),
            Mods = [{Mod, gen_mod:db_type(LServer, Mod)}
                    || Mod <- modules(), gen_mod:is_loaded(LServer, Mod)],
-            AuthMods = case lists:member(ejabberd_auth_internal,
+            AuthMods = case lists:member(ejabberd_auth_mnesia,
                                         ejabberd_auth:auth_modules(LServer)) of
                           true ->
                               [{ejabberd_auth, mnesia}];
@@ -136,7 +156,8 @@ export(LServer, Table, IO, ConvertFun) ->
                              case ConvertFun(LServer, R) of
                                  [] ->
                                      Acc;
-                                  SQL ->
+                                  SQL1 ->
+                                      SQL = format_queries(SQL1),
                                      if N < (?MAX_RECORDS_PER_TRANSACTION) - 1 ->
                                              {N + 1, [SQL | SQLs]};
                                         true ->
@@ -154,17 +175,36 @@ export(LServer, Table, IO, ConvertFun) ->

 output(_LServer, _Table, _IO, []) ->
    ok;
-output(LServer, _Table, odbc, SQLs) ->
-    ejabberd_odbc:sql_transaction(LServer, SQLs);
+output(LServer, _Table, sql, SQLs) ->
+    ejabberd_sql:sql_transaction(LServer, SQLs);
 output(_LServer, Table, Fd, SQLs) ->
    file:write(Fd, ["-- \n-- Mnesia table: ", atom_to_list(Table),
                    "\n--\n", SQLs]).

+delete(LServer, Table, ConvertFun) ->
+    F = fun () ->
+                mnesia:write_lock_table(Table),
+                {_N, SQLs} =
+                    mnesia:foldl(
+                      fun(R, {N, SQLs} = Acc) ->
+                              case ConvertFun(LServer, R) of
+                                  [] ->
+                                      Acc;
+                                  _SQL ->
+				      mnesia:delete_object(R),
+                                      Acc
+                              end
+                      end,
+                      {0, []}, Table),
+                delete(LServer, Table, SQLs)
+        end,
+    mnesia:transaction(F).
+
 import(LServer, SelectQuery, IO, ConvertFun, Opts) ->
    F = case proplists:get_bool(fast, Opts) of
            true ->
                fun() ->
-                        case ejabberd_odbc:sql_query_t(SelectQuery) of
+                        case ejabberd_sql:sql_query_t(SelectQuery) of
                            {selected, _, Rows} ->
                                lists:foldl(fun process_sql_row/2,
                                            {IO, ConvertFun, undefined}, Rows);
@@ -174,16 +214,16 @@ import(LServer, SelectQuery, IO, ConvertFun, Opts) ->
                end;
            false ->
                fun() ->
-                        ejabberd_odbc:sql_query_t(
+                        ejabberd_sql:sql_query_t(
                          [iolist_to_binary(
                             [<<"declare c cursor for ">>, SelectQuery])]),
                        fetch(IO, ConvertFun, undefined)
                end
        end,
-    ejabberd_odbc:sql_transaction(LServer, F).
+    ejabberd_sql:sql_transaction(LServer, F).

 fetch(IO, ConvertFun, PrevRow) ->
-    case ejabberd_odbc:sql_query_t([<<"fetch c;">>]) of
+    case ejabberd_sql:sql_query_t([<<"fetch c;">>]) of
        {selected, _, [Row]} ->
            process_sql_row(Row, {IO, ConvertFun, PrevRow}),
            fetch(IO, ConvertFun, Row);
@@ -280,3 +320,11 @@ flatten1([H|T], Acc) ->
    flatten1(T, [[H, $\n]|Acc]);
 flatten1([], Acc) ->
    Acc.
+
+format_queries(SQLs) ->
+    lists:map(
+      fun(#sql_query{} = SQL) ->
+              ejabberd_sql:sql_query_to_iolist(SQL);
+         (SQL) ->
+              SQL
+      end, SQLs).
@@ -0,0 +1,122 @@
+%%%-------------------------------------------------------------------
+%%% @author Mickael Remond <mremond@process-one.net>
+%%% @doc
+%%% This module bridges lager logs to Elixir Logger.
+%%% @end
+%%% Created : 9 March 2016 by Mickael Remond <mremond@process-one.net>
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%-------------------------------------------------------------------
+
+-module(elixir_logger_backend).
+
+-behaviour(gen_event).
+
+-export([init/1, handle_call/2, handle_event/2, handle_info/2, terminate/2,
+         code_change/3]).
+
+-record(state, {level = debug}).
+
+init(Opts) ->
+    Level = proplists:get_value(level, Opts, debug),
+    State = #state{level = Level},
+    {ok, State}.
+
+%% @private
+handle_event({log, LagerMsg}, State) ->
+    #{mode := Mode, truncate := Truncate, level := MinLevel, utc_log := UTCLog} =  'Elixir.Logger.Config':'__data__'(),
+    MsgLevel = severity_to_level(lager_msg:severity(LagerMsg)),
+    case {lager_util:is_loggable(LagerMsg, lager_util:level_to_num(State#state.level), ?MODULE),
+          'Elixir.Logger':compare_levels(MsgLevel, MinLevel)} of
+        {_, lt}->
+            {ok, State};
+        {true, _} ->
+            Metadata = normalize_pid(lager_msg:metadata(LagerMsg)),
+            Message = 'Elixir.Logger.Utils':truncate(lager_msg:message(LagerMsg), Truncate),
+            Timestamp = timestamp(lager_msg:timestamp(LagerMsg), UTCLog),
+            GroupLeader = case proplists:get_value(pid, Metadata, self()) of
+                              Pid when is_pid(Pid) ->
+                                  erlang:process_info(self(), group_leader);
+                              _ -> {group_leader, self()}
+                          end,
+            notify(Mode, {MsgLevel, GroupLeader, {'Elixir.Logger', Message, Timestamp, Metadata}}),
+            {ok, State};
+        _ ->
+            {ok, State}            
+    end;
+handle_event(_Msg, State) ->
+    {ok, State}.
+
+%% @private
+%% TODO Handle loglevels
+handle_call(get_loglevel, State) ->
+    {ok, lager_util:config_to_mask(State#state.level), State};
+handle_call({set_loglevel, Config}, State) ->
+    {ok, ok, State#state{level = Config}}.
+
+%% @private
+handle_info(_Msg, State) ->
+    {ok, State}.
+
+%% @private
+terminate(_Reason, _State) ->
+    ok.
+
+%% @private
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+notify(sync, Msg)  ->
+    gen_event:sync_notify('Elixir.Logger', Msg);
+notify(async, Msg) ->
+    gen_event:notify('Elixir.Logger', Msg).
+
+normalize_pid(Metadata) ->
+    case proplists:get_value(pid, Metadata) of
+        Pid when is_pid(Pid) -> Metadata;
+        Pid when is_list(Pid) ->
+            M1 = proplists:delete(pid, Metadata),
+            case catch erlang:list_to_pid(Pid) of
+                {'EXIT', _} ->
+                    M1;
+                PidAsPid ->
+                    [{pid, PidAsPid}|M1]
+            end;
+        _ ->
+            proplists:delete(pid, Metadata)
+    end.
+
+%% Return timestamp with milliseconds
+timestamp(Time, UTCLog) ->
+    {_, _, Micro} = p1_time_compat:timestamp(),
+    {Date, {Hours, Minutes, Seconds}} =
+        case UTCLog of
+            true  -> calendar:now_to_universal_time(Time);
+            false -> calendar:now_to_local_time(Time)
+        end,
+    {Date, {Hours, Minutes, Seconds, Micro div 1000}}.
+    
+
+severity_to_level(debug) -> debug;
+severity_to_level(info) -> info;
+severity_to_level(notice) -> info;
+severity_to_level(warning) -> warn;
+severity_to_level(error) -> error;
+severity_to_level(critical) -> error;
+severity_to_level(alert) -> error;
+severity_to_level(emergency) -> error.
@@ -271,7 +271,7 @@ geturl(Url, Hdrs, UsrOpts) ->
        [U, Pass] -> [{proxy_user, U}, {proxy_password, Pass}];
        _ -> []
    end,
-    case httpc:request(get, {Url, Hdrs}, Host++User++UsrOpts, []) of
+    case httpc:request(get, {Url, Hdrs}, Host++User++UsrOpts++[{version, "HTTP/1.0"}], []) of
        {ok, {{_, 200, _}, Headers, Response}} ->
            {ok, Headers, Response};
        {ok, {{_, Code, _}, _Headers, Response}} ->
@@ -509,12 +509,11 @@ compile(_Module, _Spec, DestDir) ->
    filelib:ensure_dir(filename:join(Ebin, ".")),
    EjabBin = filename:dirname(code:which(ejabberd)),
    EjabInc = filename:join(filename:dirname(EjabBin), "include"),
-    XmlHrl = filename:join(EjabInc, "xml.hrl"),
-    Logger = [{d, 'P1LOGGER'} || code:is_loaded(lager)==false],
+    XmlHrl = filename:join(EjabInc, "fxml.hrl"),
    ExtLib = [{d, 'NO_EXT_LIB'} || filelib:is_file(XmlHrl)],
    Options = [{outdir, Ebin}, {i, "include"}, {i, EjabInc},
               verbose, report_errors, report_warnings]
-              ++ Logger ++ ExtLib,
+              ++ ExtLib,
    [file:copy(App, Ebin) || App <- filelib:wildcard("src/*.app")],
    Result = [case compile:file(File, Options) of
            {ok, _} -> ok;
@@ -31,11 +31,12 @@

 -export([start/0, start_module/2, start_module/3,
 	 stop_module/2, stop_module_keep_config/2, get_opt/3,
-	 get_opt/4, get_opt_host/3, db_type/1, db_type/2,
+	 get_opt/4, get_opt_host/3, db_type/2, db_type/3,
 	 get_module_opt/4, get_module_opt/5, get_module_opt_host/3,
 	 loaded_modules/1, loaded_modules_with_opts/1,
 	 get_hosts/2, get_module_proc/2, is_loaded/2,
-	 start_modules/1, default_db/1, v_db/1, opt_type/1]).
+	 start_modules/0, start_modules/1, stop_modules/0, stop_modules/1,
+	 opt_type/1, db_mod/2, db_mod/3]).

 %%-export([behaviour_info/1]).

@@ -47,10 +48,11 @@
         opts = [] :: opts() | '_' | '$2'}).

 -type opts() :: [{atom(), any()}].
-type db_type() :: odbc | mnesia | riak.
+-type db_type() :: sql | mnesia | riak.

 -callback start(binary(), opts()) -> any().
 -callback stop(binary()) -> any().
+-callback mod_opt_type(atom()) -> fun((term()) -> term()) | [atom()].

 -export_type([opts/0]).
 -export_type([db_type/0]).
@@ -64,23 +66,38 @@ start() ->
 	     {keypos, #ejabberd_module.module_host}]),
    ok.

+-spec start_modules() -> any().
+
+%% Start all the modules in all the hosts
+start_modules() ->
+    lists:foreach(
+	fun(Host) ->
+	    start_modules(Host)
+	end, ?MYHOSTS).
+
+get_modules_options(Host) ->
+    ejabberd_config:get_option(
+	{modules, Host},
+	fun(Mods) ->
+	    lists:map(
+		fun({M, A}) when is_atom(M), is_list(A) ->
+		    {M, A}
+		end, Mods)
+	end, []).
+
 -spec start_modules(binary()) -> any().

 start_modules(Host) ->
-    Modules = ejabberd_config:get_option(
-		{modules, Host},
-		fun(L) when is_list(L) -> L end, []),
+    Modules = get_modules_options(Host),
    lists:foreach(
-      fun({Module, Opts}) ->
-	      start_module(Host, Module, Opts)
-      end, Modules).
+	fun({Module, Opts}) ->
+	    start_module(Host, Module, Opts)
+	end, Modules).

 -spec start_module(binary(), atom()) -> any().

 start_module(Host, Module) ->
-    Modules = ejabberd_config:get_option(
-		{modules, Host},
-		fun(L) when is_list(L) -> L end, []),
+    Modules = get_modules_options(Host),
    case lists:keyfind(Module, 1, Modules) of
 	{_, Opts} ->
 	    start_module(Host, Module, Opts);
@@ -121,6 +138,23 @@ is_app_running(AppName) ->
    lists:keymember(AppName, 1,
 		    application:which_applications(Timeout)).

+-spec stop_modules() -> any().
+
+stop_modules() ->
+    lists:foreach(
+	fun(Host) ->
+	    stop_modules(Host)
+	end, ?MYHOSTS).
+
+-spec stop_modules(binary()) -> any().
+
+stop_modules(Host) ->
+    Modules = get_modules_options(Host),
+    lists:foreach(
+	fun({Module, _Args}) ->
+	    gen_mod:stop_module_keep_config(Host, Module)
+	end, Modules).
+
 -spec stop_module(binary(), atom()) -> error | {aborted, any()} | {atomic, any()}.

 stop_module(Host, Module) ->
@@ -232,18 +266,25 @@ get_opt_host(Host, Opts, Default) ->
    ejabberd_regexp:greplace(Val, <<"@HOST@">>, Host).

 validate_opts(Module, Opts) ->
-    lists:filter(
+    lists:filtermap(
      fun({Opt, Val}) ->
 	      case catch Module:mod_opt_type(Opt) of
 		  VFun when is_function(VFun) ->
-		      case catch VFun(Val) of
-			  {'EXIT', _} ->
+		      try VFun(Val) of
+			  _ ->
+			      true
+		      catch {replace_with, NewVal} ->
+			      {true, {Opt, NewVal}};
+			    {invalid_syntax, Error} ->
+			      ?ERROR_MSG("ignoring invalid value '~p' for "
+					 "option '~s' of module '~s': ~s",
+					 [Val, Opt, Module, Error]),
+			      false;
+			    _:_ ->
 			      ?ERROR_MSG("ignoring invalid value '~p' for "
 					 "option '~s' of module '~s'",
 					 [Val, Opt, Module]),
-			      false;
-			  _ ->
-			      true
+			      false
 		      end;
 		  L when is_list(L) ->
 		      SOpts = str:join([[$', atom_to_list(A), $'] || A <- L], <<", ">>),
@@ -262,29 +303,46 @@ validate_opts(Module, Opts) ->
 	      false
      end, Opts).

-spec v_db(db_type() | internal) -> db_type().
-
-v_db(odbc) -> odbc;
-v_db(internal) -> mnesia;
-v_db(mnesia) -> mnesia;
-v_db(riak) -> riak.
-
-spec db_type(opts()) -> db_type().
-
-db_type(Opts) ->
-    db_type(global, Opts).
-
-spec db_type(binary() | global, atom() | opts()) -> db_type().
+-spec db_type(binary() | global, module()) -> db_type();
+	     (opts(), module()) -> db_type().

+db_type(Opts, Module) when is_list(Opts) ->
+    db_type(global, Opts, Module);
 db_type(Host, Module) when is_atom(Module) ->
-    get_module_opt(Host, Module, db_type, fun v_db/1, default_db(Host));
-db_type(Host, Opts) when is_list(Opts) ->
-    get_opt(db_type, Opts, fun v_db/1, default_db(Host)).
+    case catch Module:mod_opt_type(db_type) of
+	F when is_function(F) ->
+	    case get_module_opt(Host, Module, db_type, F) of
+		undefined -> ejabberd_config:default_db(Host, Module);
+		Type -> Type
+	    end;
+	_ ->
+	    undefined
+    end.

-spec default_db(binary() | global) -> db_type().
+-spec db_type(binary(), opts(), module()) -> db_type().

-default_db(Host) ->
-    ejabberd_config:get_option({default_db, Host}, fun v_db/1, mnesia).
+db_type(Host, Opts, Module) ->
+    case catch Module:mod_opt_type(db_type) of
+	F when is_function(F) ->
+	    case get_opt(db_type, Opts, F) of
+		undefined -> ejabberd_config:default_db(Host, Module);
+		Type -> Type
+	    end;
+	_ ->
+	    undefined
+    end.
+
+-spec db_mod(binary() | global | db_type(), module()) -> module().
+
+db_mod(Type, Module) when is_atom(Type) ->
+    list_to_atom(atom_to_list(Module) ++ "_" ++ atom_to_list(Type));
+db_mod(Host, Module) when is_binary(Host) orelse Host == global ->
+    db_mod(db_type(Host, Module), Module).
+
+-spec db_mod(binary() | global, opts(), module()) -> module().
+
+db_mod(Host, Opts, Module) when is_list(Opts) ->
+    db_mod(db_type(Host, Opts, Module), Module).

 -spec loaded_modules(binary()) -> [atom()].

@@ -332,6 +390,6 @@ get_module_proc(Host, Base) ->
 is_loaded(Host, Module) ->
    ets:member(ejabberd_modules, {Module, Host}).

-opt_type(default_db) -> fun v_db/1;
+opt_type(default_db) -> fun(T) when is_atom(T) -> T end;
 opt_type(modules) -> fun (L) when is_list(L) -> L end;
 opt_type(_) -> [default_db, modules].
@@ -35,6 +35,7 @@
 -type(pubsubState() :: mod_pubsub:pubsubState()).
 -type(pubsubItem() :: mod_pubsub:pubsubItem()).
 -type(subOptions() :: mod_pubsub:subOptions()).
+-type(pubOptions() :: mod_pubsub:pubOptions()).
 -type(affiliation() :: mod_pubsub:affiliation()).
 -type(subscription() :: mod_pubsub:subscription()).
 -type(subId() :: mod_pubsub:subId()).
@@ -109,7 +110,8 @@
 	PublishModel :: publishModel(),
 	Max_Items :: non_neg_integer(),
 	ItemId :: <<>> | itemId(),
-	Payload :: payload()) ->
+	Payload :: payload(),
+	Options :: pubOptions()) ->
    {result, {default, broadcast, [itemId()]}} |
    {error, xmlel()}.

@@ -87,9 +87,13 @@ split(#jid{user = U, server = S, resource = R}) ->
 split(_) ->
    error.

-spec from_string(binary()) -> jid() | error.
-
-from_string(S) ->
+-spec from_string(binary() | string()) -> jid() | error.
+from_string(S) when is_list(S) ->
+    %% We do not accept list because we want to enforce good practice of
+    %% using binaries for string. However, we do not let it crash to avoid
+    %% losing associated ets table.
+    {error, need_jid_as_binary};
+from_string(S) when is_binary(S) ->
    SplitPattern = ets:lookup_element(jlib, string_to_jid_pattern, 2),
    Size = size(S),
    End = Size-1,
@@ -43,7 +43,7 @@
 	 get_iq_namespace/1, iq_query_info/1,
 	 iq_query_or_response_info/1, is_iq_request_type/1,
 	 iq_to_xml/1, parse_xdata_submit/1,
-	 is_standalone_chat_state/1,
+	 unwrap_carbon/1, is_standalone_chat_state/1,
 	 add_delay_info/3, add_delay_info/4,
 	 timestamp_to_legacy/1, timestamp_to_iso_basic/1, timestamp_to_iso/2,
 	 now_to_utc_string/1, now_to_local_string/1,
@@ -54,7 +54,8 @@
 	 binary_to_integer/1, binary_to_integer/2,
 	 integer_to_binary/1, integer_to_binary/2,
 	 atom_to_binary/1, binary_to_atom/1, tuple_to_binary/1,
-	 l2i/1, i2l/1, i2l/2, queue_drop_while/2]).
+	 l2i/1, i2l/1, i2l/2, queue_drop_while/2,
+	 expr_to_term/1, term_to_expr/1]).

 %% The following functions are deprecated and will be removed soon
 %% Use corresponding functions from jid.erl instead
@@ -528,25 +529,64 @@ rsm_encode_count(Count, Arr) ->
 	    children = [{xmlcdata, i2l(Count)}]}
     | Arr].

+-spec unwrap_carbon(xmlel()) -> xmlel().
+
+unwrap_carbon(#xmlel{name = <<"message">>} = Stanza) ->
+    case unwrap_carbon(Stanza, <<"sent">>) of
+      #xmlel{} = Payload ->
+	  Payload;
+      false ->
+	  case unwrap_carbon(Stanza, <<"received">>) of
+	    #xmlel{} = Payload ->
+		Payload;
+	    false ->
+		Stanza
+	  end
+    end;
+unwrap_carbon(Stanza) -> Stanza.
+
+-spec unwrap_carbon(xmlel(), binary()) -> xmlel() | false.
+
+unwrap_carbon(Stanza, Direction) ->
+    case fxml:get_subtag(Stanza, Direction) of
+      #xmlel{name = Direction, attrs = Attrs} = El ->
+	  case fxml:get_attr_s(<<"xmlns">>, Attrs) of
+	    NS when NS == ?NS_CARBONS_2;
+		    NS == ?NS_CARBONS_1 ->
+		case fxml:get_subtag_with_xmlns(El, <<"forwarded">>,
+						?NS_FORWARD) of
+		  #xmlel{children = Els} ->
+		      case fxml:remove_cdata(Els) of
+			[#xmlel{} = Payload] ->
+			    Payload;
+			_ ->
+			    false
+		      end;
+		  false ->
+		      false
+		end;
+	    _NS ->
+		false
+	  end;
+      false ->
+	  false
+    end.
+
 -spec is_standalone_chat_state(xmlel()) -> boolean().

-is_standalone_chat_state(#xmlel{name = <<"message">>} = El) ->
-    ChatStates = [<<"active">>, <<"inactive">>, <<"gone">>, <<"composing">>,
-		  <<"paused">>],
-    Stripped =
-	lists:foldl(fun(ChatState, AccEl) ->
-			    fxml:remove_subtags(AccEl, ChatState,
-					       {<<"xmlns">>, ?NS_CHATSTATES})
-		    end, El, ChatStates),
-    case Stripped of
-      #xmlel{children = [#xmlel{name = <<"thread">>}]} ->
-	  true;
-      #xmlel{children = []} ->
-	  true;
-      _ ->
+is_standalone_chat_state(Stanza) ->
+    case unwrap_carbon(Stanza) of
+      #xmlel{name = <<"message">>, children = Els} ->
+	  IgnoreNS = [?NS_CHATSTATES, ?NS_DELAY],
+	  Stripped = [El || #xmlel{name = Name, attrs = Attrs} = El <- Els,
+			    not lists:member(fxml:get_attr_s(<<"xmlns">>,
+							     Attrs),
+					     IgnoreNS),
+			    Name /= <<"thread">>],
+	  Stripped == [];
+      #xmlel{} ->
 	  false
-    end;
-is_standalone_chat_state(_El) -> false.
+    end.

 -spec add_delay_info(xmlel(), jid() | ljid() | binary(), erlang:timestamp())
 		     -> xmlel().
@@ -901,6 +941,14 @@ tuple_to_binary(T) ->
 atom_to_binary(A) ->
    erlang:atom_to_binary(A, utf8).

+expr_to_term(Expr) ->
+    Str = binary_to_list(<<Expr/binary, ".">>),
+    {ok, Tokens, _} = erl_scan:string(Str),
+    {ok, Term} = erl_parse:parse_term(Tokens),
+    Term.
+
+term_to_expr(Term) ->
+    list_to_binary(io_lib:print(Term)).

 l2i(I) when is_integer(I) -> I;
 l2i(L) when is_binary(L) -> binary_to_integer(L).
@@ -233,7 +233,7 @@ process_sm_iq(From, To, IQ) ->
    process_adhoc_request(From, To, IQ, adhoc_sm_commands).

 process_adhoc_request(From, To,
-		      #iq{sub_el = SubEl} = IQ, Hook) ->
+		      #iq{sub_el = SubEl, lang = Lang} = IQ, Hook) ->
    ?DEBUG("About to parse ~p...", [IQ]),
    case adhoc:parse_request(IQ) of
      {error, Error} ->
@@ -245,8 +245,9 @@ process_adhoc_request(From, To,
 	      of
 	    ignore -> ignore;
 	    empty ->
+		Txt = <<"No hook has processed this command">>,
 		IQ#iq{type = error,
-		      sub_el = [SubEl, ?ERR_ITEM_NOT_FOUND]};
+		      sub_el = [SubEl, ?ERRT_ITEM_NOT_FOUND(Lang, Txt)]};
 	    {error, Error} ->
 		IQ#iq{type = error, sub_el = [SubEl, Error]};
 	    Command -> IQ#iq{type = result, sub_el = [Command]}
@@ -277,7 +278,9 @@ ping_command(_Acc, _From, _To,
 						      [{<<"info">>,
 							translate:translate(Lang,
 									    <<"Pong">>)}]});
-       true -> {error, ?ERR_BAD_REQUEST}
+       true ->
+	    Txt = <<"Incorrect value of 'action' attribute">>,
+	    {error, ?ERRT_BAD_REQUEST(Lang, Txt)}
    end;
 ping_command(Acc, _From, _To, _Request) -> Acc.

@@ -31,7 +31,7 @@
 -include("logger.hrl").

 -export([start/2, stop/1, compile/1, get_cookie/0,
-	 remove_node/1, set_password/3,
+	 remove_node/1, set_password/3, check_password/3,
 	 check_password_hash/4, delete_old_users/1,
 	 delete_old_users_vhost/2, ban_account/3,
 	 num_active_users/2, num_resources/2, resource_num/3,
@@ -162,7 +162,7 @@ get_commands_spec() ->
 			result_desc = "Status code: 0 on success, 1 otherwise"},
     #ejabberd_commands{name = check_password, tags = [accounts],
 			desc = "Check if a password is correct",
-			module = ejabberd_auth, function = check_password,
+			module = ?MODULE, function = check_password,
 			args = [{user, binary}, {host, binary}, {password, binary}],
 			args_example = [<<"peter">>, <<"myserver.com">>, <<"secret">>],
 			args_desc = ["User name to check", "Server to check", "Password to check"],
@@ -531,7 +531,7 @@ get_commands_spec() ->
 			tags = [offline],
 			desc = "Get the number of unread offline messages",
                        policy = user,
-			module = mod_offline, function = get_queue_length,
+			module = mod_offline, function = count_offline_messages,
 			args = [],
 			result = {res, integer}},
     #ejabberd_commands{name = send_message, tags = [stanza],
@@ -590,36 +590,38 @@ remove_node(Node) ->
 %%%

 set_password(User, Host, Password) ->
-    case ejabberd_auth:set_password(User, Host, Password) of
-	ok ->
-	    ok;
-	_ ->
-	    error
-    end.
+    Fun = fun () -> ejabberd_auth:set_password(User, Host, Password) end,
+    user_action(User, Host, Fun, ok).
+
+check_password(User, Host, Password) ->
+    ejabberd_auth:check_password(User, <<>>, Host, Password).

 %% Copied some code from ejabberd_commands.erl
 check_password_hash(User, Host, PasswordHash, HashMethod) ->
    AccountPass = ejabberd_auth:get_password_s(User, Host),
    AccountPassHash = case {AccountPass, HashMethod} of
 			  {A, _} when is_tuple(A) -> scrammed;
-			  {_, "md5"} -> get_md5(AccountPass);
-			  {_, "sha"} -> get_sha(AccountPass);
-			  _ -> undefined
+			  {_, <<"md5">>} -> get_md5(AccountPass);
+			  {_, <<"sha">>} -> get_sha(AccountPass);
+                          {_, Method} ->
+			      ?ERROR_MSG("check_password_hash called "
+ 					 "with hash method: ~p", [Method]),
+ 			      undefined
 		      end,
    case AccountPassHash of
 	scrammed ->
-	    ?ERROR_MSG("Passwords are scrammed, and check_password_hash can not work.", []),
+	    ?ERROR_MSG("Passwords are scrammed, and check_password_hash cannot work.", []),
 	    throw(passwords_scrammed_command_cannot_work);
-	undefined -> error;
+	undefined -> throw(unkown_hash_method);
 	PasswordHash -> ok;
-	_ -> error
+	_ -> false
    end.
 get_md5(AccountPass) ->
-    lists:flatten([io_lib:format("~.16B", [X])
-		   || X <- binary_to_list(erlang:md5(AccountPass))]).
+    iolist_to_binary([io_lib:format("~2.16.0B", [X])
+                      || X <- binary_to_list(erlang:md5(AccountPass))]).
 get_sha(AccountPass) ->
-    lists:flatten([io_lib:format("~.16B", [X])
-		   || X <- binary_to_list(p1_sha:sha1(AccountPass))]).
+    iolist_to_binary([io_lib:format("~2.16.0B", [X])
+ 		      || X <- binary_to_list(p1_sha:sha1(AccountPass))]).

 num_active_users(Host, Days) ->
    list_last_activity(Host, true, Days).
@@ -748,21 +750,7 @@ kick_sessions(User, Server, Reason) ->
      fun(Resource) ->
 	      kick_this_session(User, Server, Resource, Reason)
      end,
-      get_resources(User, Server)).
-
-get_resources(User, Server) ->
-    lists:map(
-      fun(Session) ->
-	      element(3, Session#session.usr)
-      end,
-      get_sessions(User, Server)).
-
-get_sessions(User, Server) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
-    Sessions =  mnesia:dirty_index_read(session, {LUser, LServer}, #session.us),
-    true = is_list(Sessions),
-    Sessions.
+      ejabberd_sm:get_user_resources(User, Server)).

 set_random_password(User, Server, Reason) ->
    NewPass = build_random_password(Reason),
@@ -796,7 +784,8 @@ resource_num(User, Host, Num) ->
 	true ->
 	    lists:nth(Num, Resources);
 	false ->
-	    lists:flatten(io_lib:format("Error: Wrong resource number: ~p", [Num]))
+            throw({bad_argument,
+                   lists:flatten(io_lib:format("Wrong resource number: ~p", [Num]))})
    end.

 kick_session(User, Server, Resource, ReasonText) ->
@@ -861,7 +850,8 @@ connected_users_info() ->
 			      PI when is_integer(PI) -> PI;
 			      _ -> nil
 			  end,
-	      {[U, $@, S, $/, R], atom_to_list(Conn), IPS, Port, PriorityI, NodeS, Uptime}
+	      {binary_to_list(<<U/binary, $@, S/binary, $/, R/binary>>),
+	       atom_to_list(Conn), IPS, Port, PriorityI, NodeS, Uptime}
      end,
      USRIs).

@@ -873,26 +863,36 @@ connected_users_vhost(Host) ->
 dirty_get_sessions_list2() ->
    mnesia:dirty_select(
      session,
-      [{#session{usr = '$1', sid = '$2', priority = '$3', info = '$4', _ = '_'},
-	[],
-	[['$1', '$2', '$3', '$4']]}]).
+      [{#session{usr = '$1', sid = {'$2', '$3'}, priority = '$4', info = '$5',
+		 _ = '_'},
+	[{is_pid, '$3'}],
+	[['$1', {{'$2', '$3'}}, '$4', '$5']]}]).

 %% Make string more print-friendly
 stringize(String) ->
    %% Replace newline characters with other code
    ejabberd_regexp:greplace(String, <<"\n">>, <<"\\n">>).

+set_presence(User, Host, Resource, Type, Show, Status, Priority)
+        when is_integer(Priority) ->
+    BPriority = integer_to_binary(Priority),
+    set_presence(User, Host, Resource, Type, Show, Status, BPriority);
 set_presence(User, Host, Resource, Type, Show, Status, Priority) ->
-    Pid = ejabberd_sm:get_session_pid(User, Host, Resource),
-    USR = jid:to_string(jid:make(User, Host, Resource)),
-    US = jid:to_string(jid:make(User, Host, <<>>)),
-    Message = {route_xmlstreamelement,
-	       {xmlel, <<"presence">>,
-		[{<<"from">>, USR}, {<<"to">>, US}, {<<"type">>, Type}],
-		[{xmlel, <<"show">>, [], [{xmlcdata, Show}]},
-		 {xmlel, <<"status">>, [], [{xmlcdata, Status}]},
-		 {xmlel, <<"priority">>, [], [{xmlcdata, Priority}]}]}},
-    Pid ! Message.
+    case ejabberd_sm:get_session_pid(User, Host, Resource) of
+	none ->
+	    error;
+	Pid ->
+	    USR = jid:to_string(jid:make(User, Host, Resource)),
+	    US = jid:to_string(jid:make(User, Host, <<>>)),
+	    Message = {route_xmlstreamelement,
+		    {xmlel, <<"presence">>,
+			[{<<"from">>, USR}, {<<"to">>, US}, {<<"type">>, Type}],
+			[{xmlel, <<"show">>, [], [{xmlcdata, Show}]},
+			{xmlel, <<"status">>, [], [{xmlcdata, Status}]},
+			{xmlel, <<"priority">>, [], [{xmlcdata, Priority}]}]}},
+	    Pid ! Message,
+	    ok
+    end.

 user_sessions_info(User, Host) ->
    CurrentSec = calendar:datetime_to_gregorian_seconds({date(), time()}),
@@ -901,7 +901,9 @@ user_sessions_info(User, Host) ->
 		   {'EXIT', _Reason} ->
 		       [];
 		   Ss ->
-		       Ss
+		       lists:filter(fun(#session{sid = {_, Pid}}) ->
+					    is_pid(Pid)
+				    end, Ss)
 	       end,
    lists:map(
      fun(Session) ->
@@ -1164,7 +1166,8 @@ subscribe_roster({Name, Server, Group, Nick}, [{Name, Server, _, _} | Roster]) -
    subscribe_roster({Name, Server, Group, Nick}, Roster);
 %% Subscribe Name2 to Name1
 subscribe_roster({Name1, Server1, Group1, Nick1}, [{Name2, Server2, Group2, Nick2} | Roster]) ->
-    subscribe(Name1, Server1, Name2, Server2, Nick2, Group2, <<"both">>, []),
+    subscribe(Name1, Server1, list_to_binary(Name2), list_to_binary(Server2),
+	list_to_binary(Nick2), list_to_binary(Group2), <<"both">>, []),
    subscribe_roster({Name1, Server1, Group1, Nick1}, Roster).

 push_alltoall(S, G) ->
@@ -1193,7 +1196,7 @@ push_roster_item(LU, LS, R, U, S, Action) ->
    ejabberd_sm:route(LJID, LJID, BroadcastEl),
    Item = build_roster_item(U, S, Action),
    ResIQ = build_iq_roster_push(Item),
-    ejabberd_router:route(LJID, LJID, ResIQ).
+    ejabberd_router:route(jid:remove_resource(LJID), LJID, ResIQ).

 build_roster_item(U, S, {add, Nick, Subs, Group}) ->
    {xmlel, <<"item">>,
@@ -1322,8 +1325,7 @@ srg_get_info(Group, Host) ->
 	Os when is_list(Os) -> Os;
 	error -> []
    end,
-    [{jlib:atom_to_binary(Title),
-      io_lib:format("~p", [btl(Value)])} || {Title, Value} <- Opts].
+    [{jlib:atom_to_binary(Title), btl(Value)} || {Title, Value} <- Opts].

 btl([]) -> [];
 btl([B|L]) -> [btl(B)|btl(L)];
@@ -1582,6 +1584,20 @@ decide_rip_jid({UName, UServer}, Match_list) ->
      end,
      Match_list).

+user_action(User, Server, Fun, OK) ->
+    case ejabberd_auth:is_user_exists(User, Server) of
+        true ->
+ 	    case catch Fun() of
+                OK -> ok;
+ 		{error, Error} -> throw(Error);
+                Error ->
+                    ?ERROR_MSG("Command returned: ~p", [Error]),
+ 		    1
+ 	    end;
+ 	false ->
+ 	    throw({not_found, "unknown_user"})
+    end.
+
 %% Copied from ejabberd-2.0.0/src/acl.erl
 is_regexp_match(String, RegExp) ->
    case ejabberd_regexp:run(String, RegExp) of
@@ -41,11 +41,16 @@
 -include("logger.hrl").
 -include("jlib.hrl").
 -include("adhoc.hrl").
+-include("mod_announce.hrl").

-record(motd, {server = <<"">> :: binary(),
-               packet = #xmlel{} :: xmlel()}).
-record(motd_users, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
-                     dummy = [] :: [] | '_'}).
+-callback init(binary(), gen_mod:opts()) -> any().
+-callback import(binary(), #motd{} | #motd_users{}) -> ok | pass.
+-callback set_motd_users(binary(), [{binary(), binary(), binary()}]) -> {atomic, any()}.
+-callback set_motd(binary(), xmlel()) -> {atomic, any()}.
+-callback delete_motd(binary()) -> {atomic, any()}.
+-callback get_motd(binary()) -> {ok, xmlel()} | error.
+-callback is_motd_user(binary(), binary()) -> boolean().
+-callback set_motd_user(binary(), binary()) -> {atomic, any()}.

 -define(PROCNAME, ejabberd_announce).

@@ -55,20 +60,8 @@
 tokenize(Node) -> str:tokens(Node, <<"/#">>).

 start(Host, Opts) ->
-    case gen_mod:db_type(Host, Opts) of
-        mnesia ->
-            mnesia:create_table(motd,
-                                [{disc_copies, [node()]},
-                                 {attributes,
-                                  record_info(fields, motd)}]),
-            mnesia:create_table(motd_users,
-                                [{disc_copies, [node()]},
-                                 {attributes,
-                                  record_info(fields, motd_users)}]),
-            update_tables();
-        _ ->
-            ok
-    end,
+    Mod = gen_mod:db_mod(Host, Opts, ?MODULE),
+    Mod:init(Host, Opts),
    ejabberd_hooks:add(local_send_to_resource_hook, Host,
 		       ?MODULE, announce, 50),
    ejabberd_hooks:add(disco_local_identity, Host, ?MODULE, disco_identity, 50),
@@ -211,15 +204,15 @@ disco_identity(Acc, _From, _To, Node, Lang) ->

 %%-------------------------------------------------------------------------

-define(INFO_RESULT(Allow, Feats),
+-define(INFO_RESULT(Allow, Feats, Lang),
 	case Allow of
 	    deny ->
-		{error, ?ERR_FORBIDDEN};
+		{error, ?ERRT_FORBIDDEN(Lang, <<"Denied by ACL">>)};
 	    allow ->
 		{result, Feats}
 	end).

-disco_features(Acc, From, #jid{lserver = LServer} = _To, <<"announce">>, _Lang) ->
+disco_features(Acc, From, #jid{lserver = LServer} = _To, <<"announce">>, Lang) ->
    case gen_mod:is_loaded(LServer, mod_adhoc) of
 	false ->
 	    Acc;
@@ -229,13 +222,14 @@ disco_features(Acc, From, #jid{lserver = LServer} = _To, <<"announce">>, _Lang)
 	    case {acl:match_rule(LServer, Access1, From),
 		  acl:match_rule(global, Access2, From)} of
 		{deny, deny} ->
-		    {error, ?ERR_FORBIDDEN};
+		    Txt = <<"Denied by ACL">>,
+		    {error, ?ERRT_FORBIDDEN(Lang, Txt)};
 		_ ->
 		    {result, []}
 	    end
    end;

-disco_features(Acc, From, #jid{lserver = LServer} = _To, Node, _Lang) ->
+disco_features(Acc, From, #jid{lserver = LServer} = _To, Node, Lang) ->
    case gen_mod:is_loaded(LServer, mod_adhoc) of
 	false ->
 	    Acc;
@@ -246,25 +240,25 @@ disco_features(Acc, From, #jid{lserver = LServer} = _To, Node, _Lang) ->
 	    AllowGlobal = acl:match_rule(global, AccessGlobal, From),
 	    case Node of
 		?NS_ADMIN_ANNOUNCE ->
-		    ?INFO_RESULT(Allow, [?NS_COMMANDS]);
+		    ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_ANNOUNCE_ALL ->
-		    ?INFO_RESULT(Allow, [?NS_COMMANDS]);
+		    ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_SET_MOTD ->
-		    ?INFO_RESULT(Allow, [?NS_COMMANDS]);
+		    ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_EDIT_MOTD ->
-		    ?INFO_RESULT(Allow, [?NS_COMMANDS]);
+		    ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_DELETE_MOTD ->
-		    ?INFO_RESULT(Allow, [?NS_COMMANDS]);
+		    ?INFO_RESULT(Allow, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_ANNOUNCE_ALLHOSTS ->
-		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS]);
+		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_ANNOUNCE_ALL_ALLHOSTS ->
-		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS]);
+		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_SET_MOTD_ALLHOSTS ->
-		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS]);
+		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_EDIT_MOTD_ALLHOSTS ->
-		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS]);
+		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS], Lang);
 		?NS_ADMIN_DELETE_MOTD_ALLHOSTS ->
-		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS]);
+		    ?INFO_RESULT(AllowGlobal, [?NS_COMMANDS], Lang);
 		_ ->
 		    Acc
 	    end
@@ -283,10 +277,10 @@ disco_features(Acc, From, #jid{lserver = LServer} = _To, Node, _Lang) ->
    }
 )).

-define(ITEMS_RESULT(Allow, Items),
+-define(ITEMS_RESULT(Allow, Items, Lang),
 	case Allow of
 	    deny ->
-		{error, ?ERR_FORBIDDEN};
+		{error, ?ERRT_FORBIDDEN(Lang, <<"Denied by ACL">>)};
 	    allow ->
 		{result, Items}
 	end).
@@ -320,7 +314,7 @@ disco_items(Acc, From, #jid{lserver = LServer} = To, <<"announce">>, Lang) ->
 	    announce_items(Acc, From, To, Lang)
    end;

-disco_items(Acc, From, #jid{lserver = LServer} = _To, Node, _Lang) ->
+disco_items(Acc, From, #jid{lserver = LServer} = _To, Node, Lang) ->
    case gen_mod:is_loaded(LServer, mod_adhoc) of
 	false ->
 	    Acc;
@@ -331,25 +325,25 @@ disco_items(Acc, From, #jid{lserver = LServer} = _To, Node, _Lang) ->
 	    AllowGlobal = acl:match_rule(global, AccessGlobal, From),
 	    case Node of
 		?NS_ADMIN_ANNOUNCE ->
-		    ?ITEMS_RESULT(Allow, []);
+		    ?ITEMS_RESULT(Allow, [], Lang);
 		?NS_ADMIN_ANNOUNCE_ALL ->
-		    ?ITEMS_RESULT(Allow, []);
+		    ?ITEMS_RESULT(Allow, [], Lang);
 		?NS_ADMIN_SET_MOTD ->
-		    ?ITEMS_RESULT(Allow, []);
+		    ?ITEMS_RESULT(Allow, [], Lang);
 		?NS_ADMIN_EDIT_MOTD ->
-		    ?ITEMS_RESULT(Allow, []);
+		    ?ITEMS_RESULT(Allow, [], Lang);
 		?NS_ADMIN_DELETE_MOTD ->
-		    ?ITEMS_RESULT(Allow, []);
+		    ?ITEMS_RESULT(Allow, [], Lang);
 		?NS_ADMIN_ANNOUNCE_ALLHOSTS ->
-		    ?ITEMS_RESULT(AllowGlobal, []);
+		    ?ITEMS_RESULT(AllowGlobal, [], Lang);
 		?NS_ADMIN_ANNOUNCE_ALL_ALLHOSTS ->
-		    ?ITEMS_RESULT(AllowGlobal, []);
+		    ?ITEMS_RESULT(AllowGlobal, [], Lang);
 		?NS_ADMIN_SET_MOTD_ALLHOSTS ->
-		    ?ITEMS_RESULT(AllowGlobal, []);
+		    ?ITEMS_RESULT(AllowGlobal, [], Lang);
 		?NS_ADMIN_EDIT_MOTD_ALLHOSTS ->
-		    ?ITEMS_RESULT(AllowGlobal, []);
+		    ?ITEMS_RESULT(AllowGlobal, [], Lang);
 		?NS_ADMIN_DELETE_MOTD_ALLHOSTS ->
-		    ?ITEMS_RESULT(AllowGlobal, []);
+		    ?ITEMS_RESULT(AllowGlobal, [], Lang);
 		_ ->
 		    Acc
 	    end
@@ -396,7 +390,8 @@ announce_items(Acc, From, #jid{lserver = LServer, server = Server} = _To, Lang)
 commands_result(Allow, From, To, Request) ->
    case Allow of
 	deny ->
-	    {error, ?ERR_FORBIDDEN};
+	    Lang = Request#adhoc_request.lang,
+	    {error, ?ERRT_FORBIDDEN(Lang, <<"Denied by ACL">>)};
 	allow ->
 	    announce_commands(From, To, Request)
    end.
@@ -463,12 +458,13 @@ announce_commands(From, To,
 	    %% User returns form.
 	    case jlib:parse_xdata_submit(XData) of
 		invalid ->
-		    {error, ?ERR_BAD_REQUEST};
+		    {error, ?ERRT_BAD_REQUEST(Lang, <<"Incorrect data form">>)};
 		Fields ->
 		    handle_adhoc_form(From, To, Request, Fields)
 	    end;
       true ->
-	    {error, ?ERR_BAD_REQUEST}
+	    Txt = <<"Incorrect action or data form">>,
+	    {error, ?ERRT_BAD_REQUEST(Lang, Txt)}
    end.

 -define(VVALUE(Val),
@@ -688,7 +684,9 @@ announce_all(From, To, Packet) ->
    Access = get_access(Host),
    case acl:match_rule(Host, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    Local = jid:make(<<>>, To#jid.server, <<>>),
@@ -703,7 +701,9 @@ announce_all_hosts_all(From, To, Packet) ->
    Access = get_access(global),
    case acl:match_rule(global, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    Local = jid:make(<<>>, To#jid.server, <<>>),
@@ -719,7 +719,9 @@ announce_online(From, To, Packet) ->
    Access = get_access(Host),
    case acl:match_rule(Host, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    announce_online1(ejabberd_sm:get_vh_session_list(Host),
@@ -731,7 +733,9 @@ announce_all_hosts_online(From, To, Packet) ->
    Access = get_access(global),
    case acl:match_rule(global, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    announce_online1(ejabberd_sm:dirty_get_sessions_list(),
@@ -752,7 +756,9 @@ announce_motd(From, To, Packet) ->
    Access = get_access(Host),
    case acl:match_rule(Host, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    announce_motd(Host, Packet)
@@ -762,7 +768,9 @@ announce_all_hosts_motd(From, To, Packet) ->
    Access = get_access(global),
    case acl:match_rule(global, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    Hosts = ?MYHOSTS,
@@ -774,48 +782,17 @@ announce_motd(Host, Packet) ->
    announce_motd_update(LServer, Packet),
    Sessions = ejabberd_sm:get_vh_session_list(LServer),
    announce_online1(Sessions, LServer, Packet),
-    case gen_mod:db_type(LServer, ?MODULE) of
-        mnesia ->
-            F = fun() ->
-                        lists:foreach(
-                          fun({U, S, _R}) ->
-                                  mnesia:write(#motd_users{us = {U, S}})
-                          end, Sessions)
-                end,
-            mnesia:transaction(F);
-        riak ->
-            try
-                lists:foreach(
-                  fun({U, S, _R}) ->
-                          ok = ejabberd_riak:put(#motd_users{us = {U, S}},
-						 motd_users_schema(),
-                                                 [{'2i', [{<<"server">>, S}]}])
-                  end, Sessions),
-                {atomic, ok}
-            catch _:{badmatch, Err} ->
-                    {atomic, Err}
-            end;
-        odbc ->
-            F = fun() ->
-                        lists:foreach(
-                          fun({U, _S, _R}) ->
-                                  Username = ejabberd_odbc:escape(U),
-                                  odbc_queries:update_t(
-                                    <<"motd">>,
-                                    [<<"username">>, <<"xml">>],
-                                    [Username, <<"">>],
-                                    [<<"username='">>, Username, <<"'">>])
-                          end, Sessions)
-                end,
-            ejabberd_odbc:sql_transaction(LServer, F)
-    end.
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:set_motd_users(LServer, Sessions).

 announce_motd_update(From, To, Packet) ->
    Host = To#jid.lserver,
    Access = get_access(Host),
    case acl:match_rule(Host, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    announce_motd_update(Host, Packet)
@@ -825,7 +802,9 @@ announce_all_hosts_motd_update(From, To, Packet) ->
    Access = get_access(global),
    case acl:match_rule(global, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    Hosts = ?MYHOSTS,
@@ -834,34 +813,17 @@ announce_all_hosts_motd_update(From, To, Packet) ->

 announce_motd_update(LServer, Packet) ->
    announce_motd_delete(LServer),
-    case gen_mod:db_type(LServer, ?MODULE) of
-        mnesia ->
-            F = fun() ->
-                        mnesia:write(#motd{server = LServer, packet = Packet})
-                end,
-            mnesia:transaction(F);
-        riak ->
-            {atomic, ejabberd_riak:put(#motd{server = LServer,
-                                             packet = Packet},
-				       motd_schema())};
-        odbc ->
-            XML = ejabberd_odbc:escape(fxml:element_to_binary(Packet)),
-            F = fun() ->
-                        odbc_queries:update_t(
-                          <<"motd">>,
-                          [<<"username">>, <<"xml">>],
-                          [<<"">>, XML],
-                          [<<"username=''">>])
-                end,
-            ejabberd_odbc:sql_transaction(LServer, F)
-    end.
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:set_motd(LServer, Packet).

 announce_motd_delete(From, To, Packet) ->
    Host = To#jid.lserver,
    Access = get_access(Host),
    case acl:match_rule(Host, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    announce_motd_delete(Host)
@@ -871,7 +833,9 @@ announce_all_hosts_motd_delete(From, To, Packet) ->
    Access = get_access(global),
    case acl:match_rule(global, Access, From) of
 	deny ->
-	    Err = jlib:make_error_reply(Packet, ?ERR_FORBIDDEN),
+	    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	    Txt = <<"Denied by ACL">>,
+	    Err = jlib:make_error_reply(Packet, ?ERRT_FORBIDDEN(Lang, Txt)),
 	    ejabberd_router:route(To, From, Err);
 	allow ->
 	    Hosts = ?MYHOSTS,
@@ -879,112 +843,30 @@ announce_all_hosts_motd_delete(From, To, Packet) ->
    end.

 announce_motd_delete(LServer) ->
-    case gen_mod:db_type(LServer, ?MODULE) of
-        mnesia ->
-            F = fun() ->
-                        mnesia:delete({motd, LServer}),
-                        mnesia:write_lock_table(motd_users),
-                        Users = mnesia:select(
-                                  motd_users,
-                                  [{#motd_users{us = '$1', _ = '_'},
-                                    [{'==', {element, 2, '$1'}, LServer}],
-                                    ['$1']}]),
-                        lists:foreach(fun(US) ->
-                                              mnesia:delete({motd_users, US})
-                                      end, Users)
-                end,
-            mnesia:transaction(F);
-        riak ->
-            try
-                ok = ejabberd_riak:delete(motd, LServer),
-                ok = ejabberd_riak:delete_by_index(motd_users,
-                                                   <<"server">>,
-                                                   LServer),
-                {atomic, ok}
-            catch _:{badmatch, Err} ->
-                    {atomic, Err}
-            end;
-        odbc ->
-            F = fun() ->
-                        ejabberd_odbc:sql_query_t([<<"delete from motd;">>])
-                end,
-            ejabberd_odbc:sql_transaction(LServer, F)
-    end.
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:delete_motd(LServer).

-send_motd(JID) ->
-    send_motd(JID, gen_mod:db_type(JID#jid.lserver, ?MODULE)).
-
-send_motd(#jid{luser = LUser, lserver = LServer} = JID, mnesia) ->
-    case catch mnesia:dirty_read({motd, LServer}) of
-	[#motd{packet = Packet}] ->
-	    US = {LUser, LServer},
-	    case catch mnesia:dirty_read({motd_users, US}) of
-		[#motd_users{}] ->
-		    ok;
-		_ ->
+send_motd(#jid{luser = LUser, lserver = LServer} = JID) when LUser /= <<>> ->
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    case Mod:get_motd(LServer) of
+	{ok, Packet} ->
+	    case Mod:is_motd_user(LUser, LServer) of
+		false ->
 		    Local = jid:make(<<>>, LServer, <<>>),
 		    ejabberd_router:route(Local, JID, Packet),
-		    F = fun() ->
-				mnesia:write(#motd_users{us = US})
-			end,
-		    mnesia:transaction(F)
+		    Mod:set_motd_user(LUser, LServer);
+		true ->
+		    ok
 	    end;
-	_ ->
+	error ->
 	    ok
    end;
-send_motd(#jid{luser = LUser, lserver = LServer} = JID, riak) ->
-    case catch ejabberd_riak:get(motd, motd_schema(), LServer) of
-        {ok, #motd{packet = Packet}} ->
-            US = {LUser, LServer},
-            case ejabberd_riak:get(motd_users, motd_users_schema(), US) of
-                {ok, #motd_users{}} ->
-                    ok;
-                _ ->
-                    Local = jid:make(<<>>, LServer, <<>>),
-		    ejabberd_router:route(Local, JID, Packet),
-                    {atomic, ejabberd_riak:put(
-                               #motd_users{us = US}, motd_users_schema(),
-                               [{'2i', [{<<"server">>, LServer}]}])}
-            end;
-        _ ->
-            ok
-    end;
-send_motd(#jid{luser = LUser, lserver = LServer} = JID, odbc) when LUser /= <<>> ->
-    case catch ejabberd_odbc:sql_query(
-                 LServer, [<<"select xml from motd where username='';">>]) of
-        {selected, [<<"xml">>], [[XML]]} ->
-            case fxml_stream:parse_element(XML) of
-                {error, _} ->
-                    ok;
-                Packet ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    case catch ejabberd_odbc:sql_query(
-                                 LServer,
-                                 [<<"select username from motd "
-                                    "where username='">>, Username, <<"';">>]) of
-                        {selected, [<<"username">>], []} ->
-                            Local = jid:make(<<"">>, LServer, <<"">>),
-                            ejabberd_router:route(Local, JID, Packet),
-                            F = fun() ->
-                                        odbc_queries:update_t(
-                                          <<"motd">>,
-                                          [<<"username">>, <<"xml">>],
-                                          [Username, <<"">>],
-                                          [<<"username='">>, Username, <<"'">>])
-                                end,
-                            ejabberd_odbc:sql_transaction(LServer, F);
-                        _ ->
-                            ok
-                    end
-            end;
-        _ ->
-            ok
-    end;
-send_motd(_, odbc) ->
+send_motd(_) ->
    ok.

 get_stored_motd(LServer) ->
-    case get_stored_motd_packet(LServer, gen_mod:db_type(LServer, ?MODULE)) of
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    case Mod:get_motd(LServer) of
        {ok, Packet} ->
            {fxml:get_subtag_cdata(Packet, <<"subject">>),
             fxml:get_subtag_cdata(Packet, <<"body">>)};
@@ -992,34 +874,6 @@ get_stored_motd(LServer) ->
            {<<>>, <<>>}
    end.

-get_stored_motd_packet(LServer, mnesia) ->
-    case catch mnesia:dirty_read({motd, LServer}) of
-	[#motd{packet = Packet}] ->
-            {ok, Packet};
-	_ ->
-	    error
-    end;
-get_stored_motd_packet(LServer, riak) ->
-    case ejabberd_riak:get(motd, motd_schema(), LServer) of
-        {ok, #motd{packet = Packet}} ->
-            {ok, Packet};
-	_ ->
-	    error
-    end;
-get_stored_motd_packet(LServer, odbc) ->
-    case catch ejabberd_odbc:sql_query(
-                 LServer, [<<"select xml from motd where username='';">>]) of
-        {selected, [<<"xml">>], [[XML]]} ->
-            case fxml_stream:parse_element(XML) of
-                {error, _} ->
-                    error;
-                Packet ->
-                    {ok, Packet}
-            end;
-        _ ->
-            error
-    end.
-
 %% This function is similar to others, but doesn't perform any ACL verification
 send_announcement_to_all(Host, SubjectS, BodyS) ->
    SubjectEls = if SubjectS /= <<>> ->
@@ -1049,102 +903,23 @@ send_announcement_to_all(Host, SubjectS, BodyS) ->

 get_access(Host) ->
    gen_mod:get_module_opt(Host, ?MODULE, access,
-                           fun(A) when is_atom(A) -> A end,
+                           fun(A) -> A end,
                           none).

 %%-------------------------------------------------------------------------
-
-update_tables() ->
-    update_motd_table(),
-    update_motd_users_table().
-
-update_motd_table() ->
-    Fields = record_info(fields, motd),
-    case mnesia:table_info(motd, attributes) of
-	Fields ->
-            ejabberd_config:convert_table_to_binary(
-              motd, Fields, set,
-              fun(#motd{server = S}) -> S end,
-              fun(#motd{server = S, packet = P} = R) ->
-                      NewS = iolist_to_binary(S),
-                      NewP = fxml:to_xmlel(P),
-                      R#motd{server = NewS, packet = NewP}
-              end);
-	_ ->
-	    ?INFO_MSG("Recreating motd table", []),
-	    mnesia:transform_table(motd, ignore, Fields)
-    end.
-
-
-update_motd_users_table() ->
-    Fields = record_info(fields, motd_users),
-    case mnesia:table_info(motd_users, attributes) of
-	Fields ->
-	    ejabberd_config:convert_table_to_binary(
-              motd_users, Fields, set,
-              fun(#motd_users{us = {U, _}}) -> U end,
-              fun(#motd_users{us = {U, S}} = R) ->
-                      NewUS = {iolist_to_binary(U),
-                               iolist_to_binary(S)},
-                      R#motd_users{us = NewUS}
-              end);
-	_ ->
-	    ?INFO_MSG("Recreating motd_users table", []),
-	    mnesia:transform_table(motd_users, ignore, Fields)
-    end.
-
-motd_schema() ->
-    {record_info(fields, motd), #motd{}}.
-
-motd_users_schema() ->
-    {record_info(fields, motd_users), #motd_users{}}.
-
-export(_Server) ->
-    [{motd,
-      fun(Host, #motd{server = LServer, packet = El})
-            when LServer == Host ->
-              [[<<"delete from motd where username='';">>],
-               [<<"insert into motd(username, xml) values ('', '">>,
-                ejabberd_odbc:escape(fxml:element_to_binary(El)),
-                <<"');">>]];
-         (_Host, _R) ->
-              []
-      end},
-     {motd_users,
-      fun(Host, #motd_users{us = {LUser, LServer}})
-            when LServer == Host, LUser /= <<"">> ->
-              Username = ejabberd_odbc:escape(LUser),
-              [[<<"delete from motd where username='">>, Username, <<"';">>],
-               [<<"insert into motd(username, xml) values ('">>,
-                Username, <<"', '');">>]];
-         (_Host, _R) ->
-              []
-      end}].
+export(LServer) ->
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:export(LServer).

 import(LServer) ->
-    [{<<"select xml from motd where username='';">>,
-      fun([XML]) ->
-              El = fxml_stream:parse_element(XML),
-              #motd{server = LServer, packet = El}
-      end},
-     {<<"select username from motd where xml='';">>,
-      fun([LUser]) ->
-              #motd_users{us = {LUser, LServer}}
-      end}].
+    Mod = gen_mod:db_mod(LServer, ?MODULE),
+    Mod:import(LServer).

-import(_LServer, mnesia, #motd{} = Motd) ->
-    mnesia:dirty_write(Motd);
-import(_LServer, mnesia, #motd_users{} = Users) ->
-    mnesia:dirty_write(Users);
-import(_LServer, riak, #motd{} = Motd) ->
-    ejabberd_riak:put(Motd, motd_schema());
-import(_LServer, riak, #motd_users{us = {_, S}} = Users) ->
-    ejabberd_riak:put(Users, motd_users_schema(),
-		      [{'2i', [{<<"server">>, S}]}]);
-import(_, _, _) ->
-    pass.
+import(LServer, DBType, LA) ->
+    Mod = gen_mod:db_mod(DBType, ?MODULE),
+    Mod:import(LServer, LA).

 mod_opt_type(access) ->
-    fun (A) when is_atom(A) -> A end;
-mod_opt_type(db_type) -> fun gen_mod:v_db/1;
+    fun acl:access_rules_validator/1;
+mod_opt_type(db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
 mod_opt_type(_) -> [access, db_type].
@@ -0,0 +1,129 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created : 13 Apr 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(mod_announce_mnesia).
+-behaviour(mod_announce).
+
+%% API
+-export([init/2, set_motd_users/2, set_motd/2, delete_motd/1,
+	 get_motd/1, is_motd_user/2, set_motd_user/2, import/2]).
+
+-include("jlib.hrl").
+-include("mod_announce.hrl").
+-include("logger.hrl").
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+init(_Host, _Opts) ->
+    mnesia:create_table(motd,
+			[{disc_copies, [node()]},
+			 {attributes,
+			  record_info(fields, motd)}]),
+    mnesia:create_table(motd_users,
+			[{disc_copies, [node()]},
+			 {attributes,
+			  record_info(fields, motd_users)}]),
+    update_tables().
+
+set_motd_users(_LServer, USRs) ->
+    F = fun() ->
+		lists:foreach(
+		  fun({U, S, _R}) ->
+			  mnesia:write(#motd_users{us = {U, S}})
+		  end, USRs)
+	end,
+    mnesia:transaction(F).
+
+set_motd(LServer, Packet) ->
+    F = fun() ->
+		mnesia:write(#motd{server = LServer, packet = Packet})
+	end,
+    mnesia:transaction(F).
+
+delete_motd(LServer) ->
+    F = fun() ->
+		mnesia:delete({motd, LServer}),
+		mnesia:write_lock_table(motd_users),
+		Users = mnesia:select(
+			  motd_users,
+			  [{#motd_users{us = '$1', _ = '_'},
+			    [{'==', {element, 2, '$1'}, LServer}],
+			    ['$1']}]),
+		lists:foreach(fun(US) ->
+				      mnesia:delete({motd_users, US})
+			      end, Users)
+	end,
+    mnesia:transaction(F).
+
+get_motd(LServer) ->
+    case mnesia:dirty_read({motd, LServer}) of
+	[#motd{packet = Packet}] ->
+	    {ok, Packet};
+	_ ->
+	    error
+    end.
+
+is_motd_user(LUser, LServer) ->
+    case mnesia:dirty_read({motd_users, {LUser, LServer}}) of
+	[#motd_users{}] -> true;
+	_ -> false
+    end.
+
+set_motd_user(LUser, LServer) ->
+    F = fun() ->
+		mnesia:write(#motd_users{us = {LUser, LServer}})
+	end,
+    mnesia:transaction(F).
+
+import(_LServer, #motd{} = Motd) ->
+    mnesia:dirty_write(Motd);
+import(_LServer, #motd_users{} = Users) ->
+    mnesia:dirty_write(Users).
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+update_tables() ->
+    update_motd_table(),
+    update_motd_users_table().
+
+update_motd_table() ->
+    Fields = record_info(fields, motd),
+    case mnesia:table_info(motd, attributes) of
+	Fields ->
+            ejabberd_config:convert_table_to_binary(
+              motd, Fields, set,
+              fun(#motd{server = S}) -> S end,
+              fun(#motd{server = S, packet = P} = R) ->
+                      NewS = iolist_to_binary(S),
+                      NewP = fxml:to_xmlel(P),
+                      R#motd{server = NewS, packet = NewP}
+              end);
+	_ ->
+	    ?INFO_MSG("Recreating motd table", []),
+	    mnesia:transform_table(motd, ignore, Fields)
+    end.
+
+
+update_motd_users_table() ->
+    Fields = record_info(fields, motd_users),
+    case mnesia:table_info(motd_users, attributes) of
+	Fields ->
+	    ejabberd_config:convert_table_to_binary(
+              motd_users, Fields, set,
+              fun(#motd_users{us = {U, _}}) -> U end,
+              fun(#motd_users{us = {U, S}} = R) ->
+                      NewUS = {iolist_to_binary(U),
+                               iolist_to_binary(S)},
+                      R#motd_users{us = NewUS}
+              end);
+	_ ->
+	    ?INFO_MSG("Recreating motd_users table", []),
+	    mnesia:transform_table(motd_users, ignore, Fields)
+    end.
@@ -0,0 +1,87 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created : 13 Apr 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(mod_announce_riak).
+-behaviour(mod_announce).
+
+%% API
+-export([init/2, set_motd_users/2, set_motd/2, delete_motd/1,
+	 get_motd/1, is_motd_user/2, set_motd_user/2, import/2]).
+
+-include("jlib.hrl").
+-include("mod_announce.hrl").
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+init(_Host, _Opts) ->
+    ok.
+
+set_motd_users(_LServer, USRs) ->
+    try
+	lists:foreach(
+	  fun({U, S, _R}) ->
+		  ok = ejabberd_riak:put(#motd_users{us = {U, S}},
+					 motd_users_schema(),
+					 [{'2i', [{<<"server">>, S}]}])
+	  end, USRs),
+	{atomic, ok}
+    catch _:{badmatch, Err} ->
+	    {atomic, Err}
+    end.
+
+set_motd(LServer, Packet) ->
+    {atomic, ejabberd_riak:put(#motd{server = LServer,
+				     packet = Packet},
+			       motd_schema())}.
+
+delete_motd(LServer) ->
+    try
+	ok = ejabberd_riak:delete(motd, LServer),
+	ok = ejabberd_riak:delete_by_index(motd_users,
+					   <<"server">>,
+					   LServer),
+	{atomic, ok}
+    catch _:{badmatch, Err} ->
+	    {atomic, Err}
+    end.
+
+get_motd(LServer) ->
+    case ejabberd_riak:get(motd, motd_schema(), LServer) of
+        {ok, #motd{packet = Packet}} ->
+	    {ok, Packet};
+	_ ->
+	    error
+    end.
+
+is_motd_user(LUser, LServer) ->
+    case ejabberd_riak:get(motd_users, motd_users_schema(),
+			   {LUser, LServer}) of
+	{ok, #motd_users{}} -> true;
+	_ -> false
+    end.
+
+set_motd_user(LUser, LServer) ->
+    {atomic, ejabberd_riak:put(
+	       #motd_users{us = {LUser, LServer}}, motd_users_schema(),
+	       [{'2i', [{<<"server">>, LServer}]}])}.
+
+import(_LServer, #motd{} = Motd) ->
+    ejabberd_riak:put(Motd, motd_schema());
+import(_LServer, #motd_users{us = {_, S}} = Users) ->
+    ejabberd_riak:put(Users, motd_users_schema(),
+		      [{'2i', [{<<"server">>, S}]}]).
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+motd_schema() ->
+    {record_info(fields, motd), #motd{}}.
+
+motd_users_schema() ->
+    {record_info(fields, motd_users), #motd_users{}}.
@@ -0,0 +1,127 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created : 13 Apr 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(mod_announce_sql).
+-behaviour(mod_announce).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
+
+%% API
+-export([init/2, set_motd_users/2, set_motd/2, delete_motd/1,
+	 get_motd/1, is_motd_user/2, set_motd_user/2, import/1,
+	 import/2, export/1]).
+
+-include("jlib.hrl").
+-include("mod_announce.hrl").
+-include("ejabberd_sql_pt.hrl").
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+init(_Host, _Opts) ->
+    ok.
+
+set_motd_users(LServer, USRs) ->
+    F = fun() ->
+		lists:foreach(
+		  fun({U, _S, _R}) ->
+                          ?SQL_UPSERT_T(
+                             "motd",
+                             ["!username=%(U)s",
+                              "xml=''"])
+		  end, USRs)
+	end,
+    ejabberd_sql:sql_transaction(LServer, F).
+
+set_motd(LServer, Packet) ->
+    XML = fxml:element_to_binary(Packet),
+    F = fun() ->
+                ?SQL_UPSERT_T(
+                   "motd",
+                   ["!username=''",
+                    "xml=%(XML)s"])
+	end,
+    ejabberd_sql:sql_transaction(LServer, F).
+
+delete_motd(LServer) ->
+    F = fun() ->
+                ejabberd_sql:sql_query_t(?SQL("delete from motd"))
+	end,
+    ejabberd_sql:sql_transaction(LServer, F).
+
+get_motd(LServer) ->
+    case catch ejabberd_sql:sql_query(
+                 LServer,
+                 ?SQL("select @(xml)s from motd where username=''")) of
+        {selected, [{XML}]} ->
+            case fxml_stream:parse_element(XML) of
+                {error, _} ->
+                    error;
+                Packet ->
+		    {ok, Packet}
+	    end;
+	_ ->
+	    error
+    end.
+
+is_motd_user(LUser, LServer) ->
+    case catch ejabberd_sql:sql_query(
+                 LServer,
+                 ?SQL("select @(username)s from motd"
+                      " where username=%(LUser)s")) of
+        {selected, [_|_]} ->
+	    true;
+	_ ->
+	    false
+    end.
+
+set_motd_user(LUser, LServer) ->
+    F = fun() ->
+                ?SQL_UPSERT_T(
+                   "motd",
+                   ["!username=%(LUser)s",
+                    "xml=''"])
+        end,
+    ejabberd_sql:sql_transaction(LServer, F).
+
+export(_Server) ->
+    [{motd,
+      fun(Host, #motd{server = LServer, packet = El})
+            when LServer == Host ->
+              XML = fxml:element_to_binary(El),
+              [?SQL("delete from motd where username='';"),
+               ?SQL("insert into motd(username, xml) values ('', %(XML)s);")];
+         (_Host, _R) ->
+              []
+      end},
+     {motd_users,
+      fun(Host, #motd_users{us = {LUser, LServer}})
+            when LServer == Host, LUser /= <<"">> ->
+              [?SQL("delete from motd where username=%(LUser)s;"),
+               ?SQL("insert into motd(username, xml) values (%(LUser)s, '');")];
+         (_Host, _R) ->
+              []
+      end}].
+
+import(LServer) ->
+    [{<<"select xml from motd where username='';">>,
+      fun([XML]) ->
+              El = fxml_stream:parse_element(XML),
+              #motd{server = LServer, packet = El}
+      end},
+     {<<"select username from motd where xml='';">>,
+      fun([LUser]) ->
+              #motd_users{us = {LUser, LServer}}
+      end}].
+
+import(_, _) ->
+    pass.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
@@ -39,6 +39,10 @@

 -include("mod_privacy.hrl").

+-callback process_blocklist_block(binary(), binary(), function()) -> {atomic, any()}.
+-callback unblock_by_filter(binary(), binary(), function()) -> {atomic, any()}.
+-callback process_blocklist_get(binary(), binary()) -> [listitem()] | error.
+
 start(Host, Opts) ->
    IQDisc = gen_mod:get_opt(iqdisc, Opts, fun gen_iq_handler:check_type/1,
                             one_queue),
@@ -64,29 +68,33 @@ process_iq(_From, _To, IQ) ->
    IQ#iq{type = error, sub_el = [SubEl, ?ERR_NOT_ALLOWED]}.

 process_iq_get(_, From, _To,
-	       #iq{xmlns = ?NS_BLOCKING,
+	       #iq{xmlns = ?NS_BLOCKING, lang = Lang,
 		   sub_el = #xmlel{name = <<"blocklist">>}},
 	       _) ->
    #jid{luser = LUser, lserver = LServer} = From,
-    {stop, process_blocklist_get(LUser, LServer)};
+    {stop, process_blocklist_get(LUser, LServer, Lang)};
 process_iq_get(Acc, _, _, _, _) -> Acc.

 process_iq_set(_, From, _To,
-	       #iq{xmlns = ?NS_BLOCKING,
+	       #iq{xmlns = ?NS_BLOCKING, lang = Lang,
 		   sub_el =
 		       #xmlel{name = SubElName, children = SubEls}}) ->
    #jid{luser = LUser, lserver = LServer} = From,
    Res = case {SubElName, fxml:remove_cdata(SubEls)} of
-	    {<<"block">>, []} -> {error, ?ERR_BAD_REQUEST};
+	    {<<"block">>, []} ->
+		Txt = <<"No items found in this query">>,
+		{error, ?ERRT_BAD_REQUEST(Lang, Txt)};
 	    {<<"block">>, Els} ->
 		JIDs = parse_blocklist_items(Els, []),
-		process_blocklist_block(LUser, LServer, JIDs);
+		process_blocklist_block(LUser, LServer, JIDs, Lang);
 	    {<<"unblock">>, []} ->
-		process_blocklist_unblock_all(LUser, LServer);
+		process_blocklist_unblock_all(LUser, LServer, Lang);
 	    {<<"unblock">>, Els} ->
 		JIDs = parse_blocklist_items(Els, []),
-		process_blocklist_unblock(LUser, LServer, JIDs);
-	    _ -> {error, ?ERR_BAD_REQUEST}
+		process_blocklist_unblock(LUser, LServer, JIDs, Lang);
+	    _ ->
+		Txt = <<"Unknown blocking command">>,
+		{error, ?ERRT_BAD_REQUEST(Lang, Txt)}
 	  end,
    {stop, Res};
 process_iq_set(Acc, _, _, _) -> Acc.
@@ -125,7 +133,7 @@ parse_blocklist_items([#xmlel{name = <<"item">>,
 parse_blocklist_items([_ | Els], JIDs) ->
    parse_blocklist_items(Els, JIDs).

-process_blocklist_block(LUser, LServer, JIDs) ->
+process_blocklist_block(LUser, LServer, JIDs, Lang) ->
    Filter = fun (List) ->
 		     AlreadyBlocked = list_to_blocklist_jids(List, []),
 		     lists:foldr(fun (JID, List1) ->
@@ -143,9 +151,8 @@ process_blocklist_block(LUser, LServer, JIDs) ->
 				 end,
 				 List, JIDs)
 	     end,
-    case process_blocklist_block(LUser, LServer, Filter,
-				 gen_mod:db_type(LServer, mod_privacy))
-	of
+    Mod = db_mod(LServer),
+    case Mod:process_blocklist_block(LUser, LServer, Filter) of
      {atomic, {ok, Default, List}} ->
 	  UserList = make_userlist(Default, List),
 	  broadcast_list_update(LUser, LServer, Default,
@@ -155,110 +162,17 @@ process_blocklist_block(LUser, LServer, JIDs) ->
 	  {result, [], UserList};
      _Err ->
 	    ?ERROR_MSG("Error processing ~p: ~p", [{LUser, LServer, JIDs}, _Err]),
-	    {error, ?ERR_INTERNAL_SERVER_ERROR}
+	    {error, ?ERRT_INTERNAL_SERVER_ERROR(Lang, <<"Database failure">>)}
    end.

-process_blocklist_block(LUser, LServer, Filter,
-			mnesia) ->
-    F = fun () ->
-		case mnesia:wread({privacy, {LUser, LServer}}) of
-		  [] ->
-		      P = #privacy{us = {LUser, LServer}},
-		      NewDefault = <<"Blocked contacts">>,
-		      NewLists1 = [],
-		      List = [];
-		  [#privacy{default = Default, lists = Lists} = P] ->
-		      case lists:keysearch(Default, 1, Lists) of
-			{value, {_, List}} ->
-			    NewDefault = Default,
-			    NewLists1 = lists:keydelete(Default, 1, Lists);
-			false ->
-			    NewDefault = <<"Blocked contacts">>,
-			    NewLists1 = Lists,
-			    List = []
-		      end
-		end,
-		NewList = Filter(List),
-		NewLists = [{NewDefault, NewList} | NewLists1],
-		mnesia:write(P#privacy{default = NewDefault,
-				       lists = NewLists}),
-		{ok, NewDefault, NewList}
-	end,
-    mnesia:transaction(F);
-process_blocklist_block(LUser, LServer, Filter,
-			riak) ->
-    {atomic,
-     begin
-         case ejabberd_riak:get(privacy, mod_privacy:privacy_schema(),
-				{LUser, LServer}) of
-             {ok, #privacy{default = Default, lists = Lists} = P} ->
-                 case lists:keysearch(Default, 1, Lists) of
-                     {value, {_, List}} ->
-                         NewDefault = Default,
-                         NewLists1 = lists:keydelete(Default, 1, Lists);
-                     false ->
-                         NewDefault = <<"Blocked contacts">>,
-                         NewLists1 = Lists,
-                         List = []
-                 end;
-             {error, _} ->
-                 P = #privacy{us = {LUser, LServer}},
-                 NewDefault = <<"Blocked contacts">>,
-                 NewLists1 = [],
-                 List = []
-         end,
-         NewList = Filter(List),
-         NewLists = [{NewDefault, NewList} | NewLists1],
-         case ejabberd_riak:put(P#privacy{default = NewDefault,
-                                          lists = NewLists},
-				mod_privacy:privacy_schema()) of
-             ok ->
-                 {ok, NewDefault, NewList};
-             Err ->
-                 Err
-         end
-     end};
-process_blocklist_block(LUser, LServer, Filter, odbc) ->
-    F = fun () ->
-		Default = case
-			    mod_privacy:sql_get_default_privacy_list_t(LUser)
-			      of
-			    {selected, [<<"name">>], []} ->
-				Name = <<"Blocked contacts">>,
-				mod_privacy:sql_add_privacy_list(LUser, Name),
-				mod_privacy:sql_set_default_privacy_list(LUser,
-									 Name),
-				Name;
-			    {selected, [<<"name">>], [[Name]]} -> Name
-			  end,
-		{selected, [<<"id">>], [[ID]]} =
-		    mod_privacy:sql_get_privacy_list_id_t(LUser, Default),
-		case mod_privacy:sql_get_privacy_list_data_by_id_t(ID)
-		    of
-		  {selected,
-		   [<<"t">>, <<"value">>, <<"action">>, <<"ord">>,
-		    <<"match_all">>, <<"match_iq">>, <<"match_message">>,
-		    <<"match_presence_in">>, <<"match_presence_out">>],
-		   RItems = [_ | _]} ->
-		      List = lists:flatmap(fun mod_privacy:raw_to_item/1, RItems);
-		  _ -> List = []
-		end,
-		NewList = Filter(List),
-		NewRItems = lists:map(fun mod_privacy:item_to_raw/1,
-				      NewList),
-		mod_privacy:sql_set_privacy_list(ID, NewRItems),
-		{ok, Default, NewList}
-	end,
-    ejabberd_odbc:sql_transaction(LServer, F).
-
-process_blocklist_unblock_all(LUser, LServer) ->
+process_blocklist_unblock_all(LUser, LServer, Lang) ->
    Filter = fun (List) ->
 		     lists:filter(fun (#listitem{action = A}) -> A =/= deny
 				  end,
 				  List)
 	     end,
-    DBType = gen_mod:db_type(LServer, mod_privacy),
-    case unblock_by_filter(LUser, LServer, Filter, DBType) of
+    Mod = db_mod(LServer),
+    case Mod:unblock_by_filter(LUser, LServer, Filter) of
      {atomic, ok} -> {result, []};
      {atomic, {ok, Default, List}} ->
 	  UserList = make_userlist(Default, List),
@@ -268,10 +182,10 @@ process_blocklist_unblock_all(LUser, LServer) ->
 	  {result, [], UserList};
      _Err ->
 	    ?ERROR_MSG("Error processing ~p: ~p", [{LUser, LServer}, _Err]),
-	    {error, ?ERR_INTERNAL_SERVER_ERROR}
+	    {error, ?ERRT_INTERNAL_SERVER_ERROR(Lang, <<"Database failure">>)}
    end.

-process_blocklist_unblock(LUser, LServer, JIDs) ->
+process_blocklist_unblock(LUser, LServer, JIDs, Lang) ->
    Filter = fun (List) ->
 		     lists:filter(fun (#listitem{action = deny, type = jid,
 						 value = JID}) ->
@@ -280,8 +194,8 @@ process_blocklist_unblock(LUser, LServer, JIDs) ->
 				  end,
 				  List)
 	     end,
-    DBType = gen_mod:db_type(LServer, mod_privacy),
-    case unblock_by_filter(LUser, LServer, Filter, DBType) of
+    Mod = db_mod(LServer),
+    case Mod:unblock_by_filter(LUser, LServer, Filter) of
      {atomic, ok} -> {result, []};
      {atomic, {ok, Default, List}} ->
 	  UserList = make_userlist(Default, List),
@@ -292,84 +206,9 @@ process_blocklist_unblock(LUser, LServer, JIDs) ->
 	  {result, [], UserList};
      _Err ->
 	    ?ERROR_MSG("Error processing ~p: ~p", [{LUser, LServer, JIDs}, _Err]),
-	    {error, ?ERR_INTERNAL_SERVER_ERROR}
+	    {error, ?ERRT_INTERNAL_SERVER_ERROR(Lang, <<"Database failure">>)}
    end.

-unblock_by_filter(LUser, LServer, Filter, mnesia) ->
-    F = fun () ->
-		case mnesia:read({privacy, {LUser, LServer}}) of
-		  [] ->
-		      % No lists, nothing to unblock
-		      ok;
-		  [#privacy{default = Default, lists = Lists} = P] ->
-		      case lists:keysearch(Default, 1, Lists) of
-			{value, {_, List}} ->
-			    NewList = Filter(List),
-			    NewLists1 = lists:keydelete(Default, 1, Lists),
-			    NewLists = [{Default, NewList} | NewLists1],
-			    mnesia:write(P#privacy{lists = NewLists}),
-			    {ok, Default, NewList};
-			false ->
-			    % No default list, nothing to unblock
-			    ok
-		      end
-		end
-	end,
-    mnesia:transaction(F);
-unblock_by_filter(LUser, LServer, Filter, riak) ->
-    {atomic,
-     case ejabberd_riak:get(privacy, mod_privacy:privacy_schema(),
-			    {LUser, LServer}) of
-         {error, _} ->
-             %% No lists, nothing to unblock
-             ok;
-         {ok, #privacy{default = Default, lists = Lists} = P} ->
-             case lists:keysearch(Default, 1, Lists) of
-                 {value, {_, List}} ->
-                     NewList = Filter(List),
-                     NewLists1 = lists:keydelete(Default, 1, Lists),
-                     NewLists = [{Default, NewList} | NewLists1],
-                     case ejabberd_riak:put(P#privacy{lists = NewLists},
-					    mod_privacy:privacy_schema()) of
-                         ok ->
-                             {ok, Default, NewList};
-                         Err ->
-                             Err
-                     end;
-                 false ->
-                     %% No default list, nothing to unblock
-                     ok
-             end
-     end};
-unblock_by_filter(LUser, LServer, Filter, odbc) ->
-    F = fun () ->
-		case mod_privacy:sql_get_default_privacy_list_t(LUser)
-		    of
-		  {selected, [<<"name">>], []} -> ok;
-		  {selected, [<<"name">>], [[Default]]} ->
-		      {selected, [<<"id">>], [[ID]]} =
-			  mod_privacy:sql_get_privacy_list_id_t(LUser, Default),
-		      case mod_privacy:sql_get_privacy_list_data_by_id_t(ID)
-			  of
-			{selected,
-			 [<<"t">>, <<"value">>, <<"action">>, <<"ord">>,
-			  <<"match_all">>, <<"match_iq">>, <<"match_message">>,
-			  <<"match_presence_in">>, <<"match_presence_out">>],
-			 RItems = [_ | _]} ->
-			    List = lists:flatmap(fun mod_privacy:raw_to_item/1,
-                                                 RItems),
-			    NewList = Filter(List),
-			    NewRItems = lists:map(fun mod_privacy:item_to_raw/1,
-						  NewList),
-			    mod_privacy:sql_set_privacy_list(ID, NewRItems),
-			    {ok, Default, NewList};
-			_ -> ok
-		      end;
-		  _ -> ok
-		end
-	end,
-    ejabberd_odbc:sql_transaction(LServer, F).
-
 make_userlist(Name, List) ->
    NeedDb = mod_privacy:is_list_needdb(List),
    #userlist{name = Name, list = List, needdb = NeedDb}.
@@ -385,11 +224,11 @@ broadcast_blocklist_event(LUser, LServer, Event) ->
    ejabberd_sm:route(JID, JID,
                      {broadcast, {blocking, Event}}).

-process_blocklist_get(LUser, LServer) ->
-    case process_blocklist_get(LUser, LServer,
-			       gen_mod:db_type(LServer, mod_privacy))
-	of
-      error -> {error, ?ERR_INTERNAL_SERVER_ERROR};
+process_blocklist_get(LUser, LServer, Lang) ->
+    Mod = db_mod(LServer),
+    case Mod:process_blocklist_get(LUser, LServer) of
+      error ->
+	  {error, ?ERRT_INTERNAL_SERVER_ERROR(Lang, <<"Database failure">>)};
      List ->
 	  JIDs = list_to_blocklist_jids(List, []),
 	  Items = lists:map(fun (JID) ->
@@ -407,49 +246,9 @@ process_blocklist_get(LUser, LServer) ->
 		   children = Items}]}
    end.

-process_blocklist_get(LUser, LServer, mnesia) ->
-    case catch mnesia:dirty_read(privacy, {LUser, LServer})
-	of
-      {'EXIT', _Reason} -> error;
-      [] -> [];
-      [#privacy{default = Default, lists = Lists}] ->
-	  case lists:keysearch(Default, 1, Lists) of
-	    {value, {_, List}} -> List;
-	    _ -> []
-	  end
-    end;
-process_blocklist_get(LUser, LServer, riak) ->
-    case ejabberd_riak:get(privacy, mod_privacy:privacy_schema(),
-			   {LUser, LServer}) of
-        {ok, #privacy{default = Default, lists = Lists}} ->
-            case lists:keysearch(Default, 1, Lists) of
-                {value, {_, List}} -> List;
-                _ -> []
-            end;
-        {error, notfound} ->
-            [];
-        {error, _} ->
-            error
-    end;
-process_blocklist_get(LUser, LServer, odbc) ->
-    case catch
-	   mod_privacy:sql_get_default_privacy_list(LUser, LServer)
-	of
-      {selected, [<<"name">>], []} -> [];
-      {selected, [<<"name">>], [[Default]]} ->
-	  case catch mod_privacy:sql_get_privacy_list_data(LUser,
-							   LServer, Default)
-	      of
-	    {selected,
-	     [<<"t">>, <<"value">>, <<"action">>, <<"ord">>,
-	      <<"match_all">>, <<"match_iq">>, <<"match_message">>,
-	      <<"match_presence_in">>, <<"match_presence_out">>],
-	     RItems} ->
-		lists:flatmap(fun mod_privacy:raw_to_item/1, RItems);
-	    {'EXIT', _} -> error
-	  end;
-      {'EXIT', _} -> error
-    end.
+db_mod(LServer) ->
+    DBType = gen_mod:db_type(LServer, mod_privacy),
+    gen_mod:db_mod(DBType, ?MODULE).

 mod_opt_type(iqdisc) -> fun gen_iq_handler:check_type/1;
 mod_opt_type(_) -> [iqdisc].
--- a/Show More
+++ b/Show More