Merge pull request #1249 from weiss:push-requirements

Merge branch 'push-requirements' of https://github.com/weiss/ejabberd into weiss-push-requirements
Allow to create room with custom config
2016-09-13 14:31:39 +02:00 · 2016-09-13 14:29:14 +02:00 · 2016-09-13 11:52:59 +02:00 · 2016-09-13 11:27:59 +02:00 · 2016-09-12 15:40:38 +02:00 · 2016-09-12 15:40:38 +02:00
276 changed files with 24133 additions and 11651 deletions
@@ -0,0 +1,15 @@
+> What version of ejabberd are you using?
+
+
+
+> What operating system (version) are you using?
+
+
+
+> How did you install ejabberd (source, package, distribution)?
+
+
+
+> What did not work as expected? Are there error messages in the log? What
+> was the unexpected behavior? What was the expected result?
+
@@ -0,0 +1,20 @@
+We are open to contributions for ejabberd, as GitHub pull requests (PR).
+Here are a few points to consider before submitting your PR. (You can
+remove the whole text after reading.)
+
+1. Does this PR address an issue? Please reference it in the PR
+   description.
+
+2. Have you properly described the proposed change?
+
+3. Please make sure the change is atomic and does only touch the needed
+   modules. If you have other changes/fixes to provide, please submit
+   them as separate PRs.
+
+4. If your change or new feature involves storage backends, did you make
+   sure your change works with all backends?
+
+5. Do you provide tests? How can we check the behavior of the code?
+
+6. Did you consider documentation changes in the
+   processone/docs.ejabberd.im repository?
@@ -1,9 +1,8 @@
 language: erlang

 otp_release:
-  - 17.1
  - 17.5
-  - 18.0
+  - 18.3

 services:
  - riak
@@ -18,19 +17,26 @@ before_install:
  # See: https://github.com/travis-ci/travis-ci/issues/1986
  #
  - sudo sed -i -e s/table_cache/table_open_cache/ -e /log_slow_queries/d /etc/mysql/my.cnf
-  - sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5
+  - sudo apt-key adv --import .travis/mysql_repo_key.asc
  - sudo add-apt-repository 'deb http://repo.mysql.com/apt/ubuntu/ precise mysql-5.6'
  - sudo apt-get -qq update
  - sudo apt-get -qq -o Dpkg::Options::=--force-confold install mysql-server-5.6
+  # /END MYSQL 5.6
+  - pip install --user coveralls-merge

 install:
  - sudo apt-get -qq install libexpat1-dev libyaml-dev libpam0g-dev libsqlite3-dev

 before_script:
+  # Ulimit: See Travis-CI issue report: https://github.com/travis-ci/travis-ci/issues/3328
+  - echo 'ulimit -n 4096' > riak
+  - sudo mv riak /etc/default/riak
  - mkdir "$PWD/ebin"
  - echo "[{riak_kv, [{add_paths, [\"$PWD/ebin/\"]}]}]." > advanced.config
  - sudo mv advanced.config /etc/riak/advanced.config
  - sudo service riak restart
+  - sudo riak-admin wait-for-service riak_kv 'riak@127.0.0.1'
+  - sudo riak-admin test
  - mysql -u root -e "CREATE USER 'ejabberd_test'@'localhost' IDENTIFIED BY 'ejabberd_test';"
  - mysql -u root -e "CREATE DATABASE ejabberd_test;"
  - mysql -u root -e "GRANT ALL ON ejabberd_test.* TO 'ejabberd_test'@'localhost';"
@@ -40,18 +46,26 @@ before_script:

 script:
  - ./autogen.sh
-  - ./configure --prefix=/tmp/ejabberd --enable-all --disable-odbc --disable-elixir
+  - ./configure --prefix=/tmp/ejabberd --enable-all --disable-odbc
  - make
  - make install
  - make xref
-  - make test
+  - sed -i -e 's/ct:pal/ct:log/' test/suite.erl
+  - ln -sf ../sql priv/
+  - escript ./rebar skip_deps=true ct -v
  - grep -q 'TEST COMPLETE, \([[:digit:]]*\) ok, .* of \1 ' logs/raw.log

 after_script:
  - find logs -name suite.log -exec cat '{}' ';'

 after_failure:
+  - find logs -name exunit.log -exec cat '{}' ';'
+  # Try checking Riak database logs
+  - tail -n 100000 /var/log/riak/*.log
  - find logs -name ejabberd.log -exec cat '{}' ';'

+after_success:
+  - coveralls-merge erlang.json
+
 notifications:
  email: false
@@ -0,0 +1,96 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.9 (SunOS)
+
+mQGiBD4+owwRBAC14GIfUfCyEDSIePvEW3SAFUdJBtoQHH/nJKZyQT7h9bPlUWC3
+RODjQReyCITRrdwyrKUGku2FmeVGwn2u2WmDMNABLnpprWPkBdCk96+OmSLN9brZ
+fw2vOUgCmYv2hW0hyDHuvYlQA/BThQoADgj8AW6/0Lo7V1W9/8VuHP0gQwCgvzV3
+BqOxRznNCRCRxAuAuVztHRcEAJooQK1+iSiunZMYD1WufeXfshc57S/+yeJkegNW
+hxwR9pRWVArNYJdDRT+rf2RUe3vpquKNQU/hnEIUHJRQqYHo8gTxvxXNQc7fJYLV
+K2HtkrPbP72vwsEKMYhhr0eKCbtLGfls9krjJ6sBgACyP/Vb7hiPwxh6rDZ7ITnE
+kYpXBACmWpP8NJTkamEnPCia2ZoOHODANwpUkP43I7jsDmgtobZX9qnrAXw+uNDI
+QJEXM6FSbi0LLtZciNlYsafwAPEOMDKpMqAK6IyisNtPvaLd8lH0bPAnWqcyefep
+rv0sxxqUEMcM3o7wwgfN83POkDasDbs3pjwPhxvhz6//62zQJ7Q2TXlTUUwgUmVs
+ZWFzZSBFbmdpbmVlcmluZyA8bXlzcWwtYnVpbGRAb3NzLm9yYWNsZS5jb20+iGkE
+ExECACkCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAIZAQUCUwHUZgUJGmbLywAK
+CRCMcY07UHLh9V+DAKCjS1gGwgVI/eut+5L+l2v3ybl+ZgCcD7ZoA341HtoroV3U
+6xRD09fUgeq0O015U1FMIFBhY2thZ2Ugc2lnbmluZyBrZXkgKHd3dy5teXNxbC5j
+b20pIDxidWlsZEBteXNxbC5jb20+iG8EMBECAC8FAk53Pa0oHSBidWlsZEBteXNx
+bC5jb20gd2lsbCBzdG9wIHdvcmtpbmcgc29vbgAKCRCMcY07UHLh9bU9AJ9xDK0o
+xJFL9vTl9OSZC4lX0K9AzwCcCrS9cnJyz79eaRjL0s2r/CcljdyIZQQTEQIAHQUC
+R6yUtAUJDTBYqAULBwoDBAMVAwIDFgIBAheAABIJEIxxjTtQcuH1B2VHUEcAAQGu
+kgCffz4GUEjzXkOi71VcwgCxASTgbe0An34LPr1j9fCbrXWXO14msIADfb5piEwE
+ExECAAwFAj4+o9EFgwlmALsACgkQSVDhKrJykfIk4QCfWbEeKN+3TRspe+5xKj+k
+QJSammIAnjUz0xFWPlVx0f8o38qNG1bq0cU9iEwEExECAAwFAj5CggMFgwliIokA
+CgkQtvXNTca6JD+WkQCgiGmnoGjMojynp5ppvMXkyUkfnykAoK79E6h8rwkSDZou
+iz7nMRisH8uyiEYEEBECAAYFAj+s468ACgkQr8UjSHiDdA/2lgCg21IhIMMABTYd
+p/IBiUsP/JQLiEoAnRzMywEtujQz/E9ono7H1DkebDa4iEYEEBECAAYFAj+0Q3cA
+CgkQhZavqzBzTmbGwwCdFqD1frViC7WRt8GKoOS7hzNN32kAnirlbwpnT7a6NOsQ
+83nk11a2dePhiEYEEBECAAYFAkNbs+oACgkQi9gubzC5S1x/dACdELKoXQKkwJN0
+gZztsM7kjsIgyFMAnRRMbHQ7V39XC90OIpaPjk3a01tgiEYEExECAAYFAkTxMyYA
+CgkQ9knE9GCTUwwKcQCgibak/SwhxWH1ijRhgYCo5GtM4vcAnAhtzL57wcw1Kg1X
+m7nVGetUqJ7fiEwEEBECAAwFAkGBywEFgwYi2YsACgkQGFnQH2d7oexCjQCcD8sJ
+NDc/mS8m8OGDUOx9VMWcnGkAnj1YWOD+Qhxo3mI/Ul9oEAhNkjcfiEwEEBECAAwF
+AkGByzQFgwYi2VgACgkQgcL36+ITtpIiIwCdFVNVUB8xe8mFXoPm4d9Z54PTjpMA
+niSPA/ZsfJ3oOMLKar4F0QPPrdrGiEwEEBECAAwFAkGBy2IFgwYi2SoACgkQa3Ds
+2V3D9HMJqgCbBYzr5GPXOXgP88jKzmdbjweqXeEAnRss4G2G/3qD7uhTL1SPT1SH
+jWUXiEwEEBECAAwFAkHQkyQFgwXUEWgACgkQfSXKCsEpp8JiVQCghvWvkPqowsw8
+w7WSseTcw1tflvkAni+vLHl/DqIly0LkZYn5jzK1dpvfiEwEEBECAAwFAkIrW7oF
+gwV5SNIACgkQ5hukiRXruavzEwCgkzL5QkLSypcw9LGHcFSx1ya0VL4An35nXkum
+g6cCJ1NP8r2I4NcZWIrqiEwEEhECAAwFAkAqWToFgwd6S1IACgkQPKEfNJT6+GEm
+XACcD+A53A5OGM7w750W11ukq4iZ9ckAnRMvndAqn3YTOxxlLPj2UPZiSgSqiEwE
+EhECAAwFAkA9+roFgwdmqdIACgkQ8tdcY+OcZZyy3wCgtDcwlaq20w0cNuXFLLNe
+EUaFFTwAni6RHN80moSVAdDTRkzZacJU3M5QiEwEEhECAAwFAkEOCoQFgwaWmggA
+CgkQOcor9D1qil/83QCeITZ9wIo7XAMjC6y4ZWUL4m+edZsAoMOhRIRi42fmrNFu
+vNZbnMGej81viEwEEhECAAwFAkKApTQFgwUj/1gACgkQBA3AhXyDn6jjJACcD1A4
+UtXk84J13JQyoH9+dy24714Aniwlsso/9ndICJOkqs2j5dlHFq6oiEwEExECAAwF
+Aj5NTYQFgwlXVwgACgkQLbt2v63UyTMFDACglT5G5NVKf5Mj65bFSlPzb92zk2QA
+n1uc2h19/IwwrsbIyK/9POJ+JMP7iEwEExECAAwFAkHXgHYFgwXNJBYACgkQZu/b
+yM2C/T4/vACfXe67xiSHB80wkmFZ2krb+oz/gBAAnjR2ucpbaonkQQgnC3GnBqmC
+vNaJiEwEExECAAwFAkIYgQ4FgwWMI34ACgkQdsEDHKIxbqGg7gCfQi2HcrHn+yLF
+uNlH1oSOh48ZM0oAn3hKV0uIRJphonHaUYiUP1ttWgdBiGUEExECAB0FCwcKAwQD
+FQMCAxYCAQIXgAUCS3AvygUJEPPzpwASB2VHUEcAAQEJEIxxjTtQcuH1sNsAniYp
+YBGqy/HhMnw3WE8kXahOOR5KAJ4xUmWPGYP4l3hKxyNK9OAUbpDVYIh7BDARAgA7
+BQJCdzX1NB0AT29wcy4uLiBzaG91bGQgaGF2ZSBiZWVuIGxvY2FsISBJJ20gKnNv
+KiBzdHVwaWQuLi4ACgkQOcor9D1qil/vRwCdFo08f66oKLiuEAqzlf9iDlPozEEA
+n2EgvCYLCCHjfGosrkrU3WK5NFVgiI8EMBECAE8FAkVvAL9IHQBTaG91bGQgaGF2
+ZSBiZWVuIGEgbG9jYWwgc2lnbmF0dXJlLCBvciBzb21ldGhpbmcgLSBXVEYgd2Fz
+IEkgdGhpbmtpbmc/AAoJEDnKK/Q9aopfoPsAn3BVqKOalJeF0xPSvLR90PsRlnmG
+AJ44oisY7Tl3NJbPgZal8W32fbqgbIkCIgQQAQIADAUCQYHLhQWDBiLZBwAKCRCq
+4+bOZqFEaKgvEACCErnaHGyUYa0wETjj6DLEXsqeOiXad4i9aBQxnD35GUgcFofC
+/nCY4XcnCMMEnmdQ9ofUuU3OBJ6BNJIbEusAabgLooebP/3KEaiCIiyhHYU5jarp
+ZAh+Zopgs3Oc11mQ1tIaS69iJxrGTLodkAsAJAeEUwTPq9fHFFzC1eGBysoyFWg4
+bIjz/zClI+qyTbFA5g6tRoiXTo8ko7QhY2AA5UGEg+83Hdb6akC04Z2QRErxKAqr
+phHzj8XpjVOsQAdAi/qVKQeNKROlJ+iq6+YesmcWGfzeb87dGNweVFDJIGA0qY27
+pTb2lExYjsRFN4Cb13NfodAbMTOxcAWZ7jAPCxAPlHUG++mHMrhQXEToZnBFE4nb
+nC7vOBNgWdjUgXcpkUCkop4b17BFpR+k8ZtYLSS8p2LLz4uAeCcSm2/msJxT7rC/
+FvoH8428oHincqs2ICo9zO/Ud4HmmO0O+SsZdVKIIjinGyOVWb4OOzkAlnnhEZ3o
+6hAHcREIsBgPwEYVTj/9ZdC0AO44Nj9cU7awaqgtrnwwfr/o4V2gl8bLSkltZU27
+/29HeuOeFGjlFe0YrDd/aRNsxbyb2O28H4sG1CVZmC5uK1iQBDiSyA7Q0bbdofCW
+oQzm5twlpKWnY8Oe0ub9XP5p/sVfck4FceWFHwv+/PC9RzSl33lQ6vM2wIkCIgQT
+AQIADAUCQp8KHAWDBQWacAAKCRDYwgoJWiRXzyE+D/9uc7z6fIsalfOYoLN60ajA
+bQbI/uRKBFugyZ5RoaItusn9Z2rAtn61WrFhu4uCSJtFN1ny2RERg40f56pTghKr
+D+YEt+Nze6+FKQ5AbGIdFsR/2bUk+ZZRSt83e14Lcb6ii/fJfzkoIox9ltkifQxq
+Y7Tvk4noKu4oLSc8O1Wsfc/y0B9sYUUCmUfcnq58DEmGie9ovUslmyt5NPnveXxp
+5UeaRc5Rqt9tK2B4A+7/cqENrdZJbAMSunt2+2fkYiRunAFPKPBdJBsY1sxeL/A9
+aKe0viKEXQdAWqdNZKNCi8rd/oOP99/9lMbFudAbX6nL2DSb1OG2Z7NWEqgIAzjm
+pwYYPCKeVz5Q8R+if9/fe5+STY/55OaI33fJ2H3v+U435VjYqbrerWe36xJItcJe
+qUzW71fQtXi1CTEl3w2ch7VF5oj/QyjabLnAlHgSlkSi6p7By5C2MnbCHlCfPnIi
+nPhFoRcRGPjJe9nFwGs+QblvS/Chzc2WX3s/2SWm4gEUKRX4zsAJ5ocyfa/vkxCk
+SxK/erWlCPf/J1T70+i5waXDN/E3enSet/WL7h94pQKpjz8OdGL4JSBHuAVGA+a+
+dknqnPF0KMKLhjrgV+L7O84FhbmAP7PXm3xmiMPriXf+el5fZZequQoIagf8rdRH
+HhRJxQgI0HNknkaOqs8dtrkCDQQ+PqMdEAgA7+GJfxbMdY4wslPnjH9rF4N2qfWs
+EN/lxaZoJYc3a6M02WCnHl6ahT2/tBK2w1QI4YFteR47gCvtgb6O1JHffOo2HfLm
+RDRiRjd1DTCHqeyX7CHhcghj/dNRlW2Z0l5QFEcmV9U0Vhp3aFfWC4Ujfs3LU+hk
+AWzE7zaD5cH9J7yv/6xuZVw411x0h4UqsTcWMu0iM1BzELqX1DY7LwoPEb/O9Rkb
+f4fmLe11EzIaCa4PqARXQZc4dhSinMt6K3X4BrRsKTfozBu74F47D8Ilbf5vSYHb
+uE5p/1oIDznkg/p8kW+3FxuWrycciqFTcNz215yyX39LXFnlLzKUb/F5GwADBQf+
+Lwqqa8CGrRfsOAJxim63CHfty5mUc5rUSnTslGYEIOCR1BeQauyPZbPDsDD9MZ1Z
+aSafanFvwFG6Llx9xkU7tzq+vKLoWkm4u5xf3vn55VjnSd1aQ9eQnUcXiL4cnBGo
+TbOWI39EcyzgslzBdC++MPjcQTcA7p6JUVsP6oAB3FQWg54tuUo0Ec8bsM8b3Ev4
+2LmuQT5NdKHGwHsXTPtl0klk4bQk4OajHsiy1BMahpT27jWjJlMiJc+IWJ0mghkK
+Ht926s/ymfdf5HkdQ1cyvsz5tryVI3Fx78XeSYfQvuuwqp2H139pXGEkg0n6KdUO
+etdZWhe70YGNPw1yjWJT1IhUBBgRAgAMBQJOdz3tBQkT+wG4ABIHZUdQRwABAQkQ
+jHGNO1By4fUUmwCbBYr2+bBEn/L2BOcnw9Z/QFWuhRMAoKVgCFm5fadQ3Afi+UQl
+AcOphrnJ
+=443I
+-----END PGP PUBLIC KEY BLOCK-----
@@ -184,7 +184,8 @@ install: all copy-files
 		-e "s*{{sysconfdir}}*@sysconfdir@*" \
 		-e "s*{{localstatedir}}*@localstatedir@*" \
 		-e "s*{{docdir}}*@docdir@*" \
-		-e "s*{{erl}}*@ERL@*" ejabberdctl.template \
+		-e "s*{{erl}}*@ERL@*" \
+		-e "s*{{epmd}}*@EPMD@*" ejabberdctl.template \
 		> ejabberdctl.example
 	[ -f $(ETCDIR)/ejabberdctl.cfg ] \
 		&& $(INSTALL) -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
@@ -4,7 +4,7 @@ use Mix.Config
 config :ejabberd,
  file: "config/ejabberd.yml",
  log_path: 'log/ejabberd.log'
- 
+
 # Customize Mnesia directory:
 config :mnesia,
  dir: 'mnesiadb/'
@@ -0,0 +1,169 @@
+defmodule Ejabberd.ConfigFile do
+  use Ejabberd.Config
+
+  def start do
+    [loglevel: 4,
+     log_rotate_size: 10485760,
+     log_rotate_date: "",
+     log_rotate_count: 1,
+     log_rate_limit: 100,
+     auth_method: :internal,
+     max_fsm_queue: 1000,
+     language: "en",
+     allow_contrib_modules: true,
+     hosts: ["localhost"],
+     shaper: shaper,
+     acl: acl,
+     access: access]
+  end
+
+  defp shaper do
+    [normal: 1000,
+      fast: 50000,
+      max_fsm_queue: 1000]
+  end
+
+  defp acl do
+    [local:
+      [user_regexp: "", loopback: [ip: "127.0.0.0/8"]]]
+  end
+
+  defp access do
+    [max_user_sessions: [all: 10],
+     max_user_offline_messages: [admin: 5000, all: 100],
+     local: [local: :allow],
+     c2s: [blocked: :deny, all: :allow],
+     c2s_shaper: [admin: :none, all: :normal],
+     s2s_shaper: [all: :fast],
+     announce: [admin: :allow],
+     configure: [admin: :allow],
+     muc_admin: [admin: :allow],
+     muc_create: [local: :allow],
+     muc: [all: :allow],
+     pubsub_createnode: [local: :allow],
+     register: [all: :allow],
+     trusted_network: [loopback: :allow]]
+  end
+
+  listen :ejabberd_c2s do
+    @opts [
+      port: 5222,
+      max_stanza_size: 65536,
+      shaper: :c2s_shaper,
+      access: :c2s]
+  end
+
+  listen :ejabberd_s2s_in do
+    @opts [port: 5269]
+  end
+
+  listen :ejabberd_http do
+    @opts [
+      port: 5280,
+      web_admin: true,
+      http_poll: true,
+      http_bind: true,
+      captcha: true]
+  end
+
+  module :mod_adhoc do
+  end
+
+  module :mod_announce do
+    @opts [access: :announce]
+  end
+
+  module :mod_blocking do
+  end
+
+  module :mod_caps do
+  end
+
+  module :mod_carboncopy do
+  end
+
+  module :mod_client_state do
+    @opts [
+      drop_chat_states: true,
+      queue_presence: false]
+  end
+
+  module :mod_configure do
+  end
+
+  module :mod_disco do
+  end
+
+  module :mod_irc do
+  end
+
+  module :mod_http_bind do
+  end
+
+  module :mod_last do
+  end
+
+  module :mod_muc do
+    @opts [
+      access: :muc,
+      access_create: :muc_create,
+      access_persistent: :muc_create,
+      access_admin: :muc_admin]
+  end
+
+  module :mod_offline do
+    @opts [access_max_user_messages: :max_user_offline_messages]
+  end
+
+  module :mod_ping do
+  end
+
+  module :mod_privacy do
+  end
+
+  module :mod_private do
+  end
+
+  module :mod_pubsub do
+    @opts [
+      access_createnode: :pubsub_createnode,
+      ignore_pep_from_offline: true,
+      last_item_cache: true,
+      plugins: ["flat", "hometree", "pep"]]
+  end
+
+  module :mod_register do
+    @opts [welcome_message: [
+      subject: "Welcome!",
+      body: "Hi.\nWelcome to this XMPP Server",
+      ip_access: :trusted_network,
+      access: :register]]
+  end
+
+  module :mod_roster do
+  end
+
+  module :mod_shared_roster do
+  end
+
+  module :mod_stats do
+  end
+
+  module :mod_time do
+  end
+
+  module :mod_version do
+  end
+
+  # Example of how to define a hook, called when the event
+  # specified is triggered.
+  #
+  # @event: Name of the event
+  # @opts: Params are optional. Available: :host and :priority.
+  #        If missing, defaults are used. (host: :global | priority: 50)
+  # @callback Could be an anonymous function or a callback from a module,
+  #           use the &ModuleName.function/arity format for that.
+  hook :register_user, [host: "localhost"], fn(user, server) ->
+    info("User registered: #{user} on #{server}")
+  end
+end
@@ -0,0 +1,667 @@
+###
+###               ejabberd configuration file
+###
+###
+
+### The parameters used in this configuration file are explained in more detail
+### in the ejabberd Installation and Operation Guide.
+### Please consult the Guide in case of doubts, it is included with
+### your copy of ejabberd, and is also available online at
+### http://www.process-one.net/en/ejabberd/docs/
+
+### The configuration file is written in YAML.
+### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
+### However, ejabberd treats different literals as different types:
+###
+### - unquoted or single-quoted strings. They are called "atoms".
+###   Example: dog, 'Jupiter', '3.14159', YELLOW
+###
+### - numeric literals. Example: 3, -45.0, .0
+###
+### - quoted or folded strings.
+###   Examples of quoted string: "Lizzard", "orange".
+###   Example of folded string:
+###   > Art thou not Romeo,
+###     and a Montague?
+
+###   =======
+###   LOGGING
+
+##
+## loglevel: Verbosity of log files generated by ejabberd.
+## 0: No ejabberd log at all (not recommended)
+## 1: Critical
+## 2: Error
+## 3: Warning
+## 4: Info
+## 5: Debug
+##
+loglevel: 4
+
+##
+## rotation: Describe how to rotate logs. Either size and/or date can trigger
+## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
+## does not disable rotation, it instead rotates the file and keeps no previous
+## versions around. Setting size to X rotate log when it reaches X bytes.
+## To disable rotation set the size to 0 and the date to ""
+## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
+## Some examples:
+##  $D0     rotate every night at midnight
+##  $D23    rotate every day at 23:00 hr
+##  $W0D23  rotate every week on Sunday at 23:00 hr
+##  $W5D16  rotate every week on Friday at 16:00 hr
+##  $M1D0   rotate on the first day of every month at midnight
+##  $M5D6   rotate on every 5th day of the month at 6:00 hr
+##
+log_rotate_size: 10485760
+log_rotate_date: ""
+log_rotate_count: 1
+
+##
+## overload protection: If you want to limit the number of messages per second
+## allowed from error_logger, which is a good idea if you want to avoid a flood
+## of messages when system is overloaded, you can set a limit.
+## 100 is ejabberd's default.
+log_rate_limit: 100
+
+##
+## watchdog_admins: Only useful for developers: if an ejabberd process
+## consumes a lot of memory, send live notifications to these XMPP
+## accounts.
+##
+## watchdog_admins:
+##   - "bob@example.com"
+
+
+###   ================
+###   SERVED HOSTNAMES
+
+##
+## hosts: Domains served by ejabberd.
+## You can define one or several, for example:
+## hosts:
+##   - "example.net"
+##   - "example.com"
+##   - "example.org"
+##
+hosts:
+  - "localhost"
+
+##
+## route_subdomains: Delegate subdomains to other XMPP servers.
+## For example, if this ejabberd serves example.org and you want
+## to allow communication with an XMPP server called im.example.org.
+##
+## route_subdomains: s2s
+
+###   ===============
+###   LISTENING PORTS
+
+##
+## listen: The ports ejabberd will listen on, which service each is handled
+## by and what options to start it with.
+##
+listen:
+  -
+    port: 5222
+    module: ejabberd_c2s
+    ##
+    ## If TLS is compiled in and you installed a SSL
+    ## certificate, specify the full path to the
+    ## file and uncomment these lines:
+    ##
+    ## certfile: "/path/to/ssl.pem"
+    ## starttls: true
+    ##
+    ## To enforce TLS encryption for client connections,
+    ## use this instead of the "starttls" option:
+    ##
+    ## starttls_required: true
+    ##
+    ## Custom OpenSSL options
+    ##
+    ## protocol_options:
+    ##   - "no_sslv3"
+    ##   - "no_tlsv1"
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5269
+    module: ejabberd_s2s_in
+  ##
+  ## ejabberd_service: Interact with external components (transports, ...)
+  ##
+  ## -
+  ##   port: 8888
+  ##   module: ejabberd_service
+  ##   access: all
+  ##   shaper_rule: fast
+  ##   ip: "127.0.0.1"
+  ##   hosts:
+  ##     "icq.example.org":
+  ##       password: "secret"
+  ##     "sms.example.org":
+  ##       password: "secret"
+
+  ##
+  ## ejabberd_stun: Handles STUN Binding requests
+  ##
+  ## -
+  ##   port: 3478
+  ##   transport: udp
+  ##   module: ejabberd_stun
+
+  ##
+  ## To handle XML-RPC requests that provide admin credentials:
+  ##
+  ## -
+  ##   port: 4560
+  ##   module: ejabberd_xmlrpc
+  -
+    port: 5280
+    module: ejabberd_http
+    ## request_handlers:
+    ##   "/pub/archive": mod_http_fileserver
+    web_admin: true
+    http_poll: true
+    http_bind: true
+    ## register: true
+    captcha: true
+
+##
+## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+## Allowed values are: false optional required required_trusted
+## You must specify a certificate file.
+##
+## s2s_use_starttls: optional
+
+##
+## s2s_certfile: Specify a certificate file.
+##
+## s2s_certfile: "/path/to/ssl.pem"
+
+## Custom OpenSSL options
+##
+## s2s_protocol_options:
+##   - "no_sslv3"
+##   - "no_tlsv1"
+
+##
+## domain_certfile: Specify a different certificate for each served hostname.
+##
+## host_config:
+##   "example.org":
+##     domain_certfile: "/path/to/example_org.pem"
+##   "example.com":
+##     domain_certfile: "/path/to/example_com.pem"
+
+##
+## S2S whitelist or blacklist
+##
+## Default s2s policy for undefined hosts.
+##
+## s2s_access: s2s
+
+##
+## Outgoing S2S options
+##
+## Preferred address families (which to try first) and connect timeout
+## in milliseconds.
+##
+## outgoing_s2s_families:
+##   - ipv4
+##   - ipv6
+## outgoing_s2s_timeout: 10000
+
+###   ==============
+###   AUTHENTICATION
+
+##
+## auth_method: Method used to authenticate the users.
+## The default method is the internal.
+## If you want to use a different method,
+## comment this line and enable the correct ones.
+##
+auth_method: internal
+
+##
+## Store the plain passwords or hashed for SCRAM:
+## auth_password_format: plain
+## auth_password_format: scram
+##
+## Define the FQDN if ejabberd doesn't detect it:
+## fqdn: "server3.example.com"
+
+##
+## Authentication using external script
+## Make sure the script is executable by ejabberd.
+##
+## auth_method: external
+## extauth_program: "/path/to/authentication/script"
+
+##
+## Authentication using ODBC
+## Remember to setup a database in the next section.
+##
+## auth_method: odbc
+
+##
+## Authentication using PAM
+##
+## auth_method: pam
+## pam_service: "pamservicename"
+
+##
+## Authentication using LDAP
+##
+## auth_method: ldap
+##
+## List of LDAP servers:
+## ldap_servers:
+##   - "localhost"
+##
+## Encryption of connection to LDAP servers:
+## ldap_encrypt: none
+## ldap_encrypt: tls
+##
+## Port to connect to on LDAP servers:
+## ldap_port: 389
+## ldap_port: 636
+##
+## LDAP manager:
+## ldap_rootdn: "dc=example,dc=com"
+##
+## Password of LDAP manager:
+## ldap_password: "******"
+##
+## Search base of LDAP directory:
+## ldap_base: "dc=example,dc=com"
+##
+## LDAP attribute that holds user ID:
+## ldap_uids:
+##   - "mail": "%u@mail.example.org"
+##
+## LDAP filter:
+## ldap_filter: "(objectClass=shadowAccount)"
+
+##
+## Anonymous login support:
+##   auth_method: anonymous
+##   anonymous_protocol: sasl_anon | login_anon | both
+##   allow_multiple_connections: true | false
+##
+## host_config:
+##   "public.example.org":
+##     auth_method: anonymous
+##     allow_multiple_connections: false
+##     anonymous_protocol: sasl_anon
+##
+## To use both anonymous and internal authentication:
+##
+## host_config:
+##   "public.example.org":
+##     auth_method:
+##       - internal
+##       - anonymous
+
+###   ==============
+###   DATABASE SETUP
+
+## ejabberd by default uses the internal Mnesia database,
+## so you do not necessarily need this section.
+## This section provides configuration examples in case
+## you want to use other database backends.
+## Please consult the ejabberd Guide for details on database creation.
+
+##
+## MySQL server:
+##
+## odbc_type: mysql
+## odbc_server: "server"
+## odbc_database: "database"
+## odbc_username: "username"
+## odbc_password: "password"
+##
+## If you want to specify the port:
+## odbc_port: 1234
+
+##
+## PostgreSQL server:
+##
+## odbc_type: pgsql
+## odbc_server: "server"
+## odbc_database: "database"
+## odbc_username: "username"
+## odbc_password: "password"
+##
+## If you want to specify the port:
+## odbc_port: 1234
+##
+## If you use PostgreSQL, have a large database, and need a
+## faster but inexact replacement for "select count(*) from users"
+##
+## pgsql_users_number_estimate: true
+
+##
+## ODBC compatible or MSSQL server:
+##
+## odbc_type: odbc
+## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
+
+##
+## Number of connections to open to the database for each virtual host
+##
+## odbc_pool_size: 10
+
+##
+## Interval to make a dummy SQL request to keep the connections to the
+## database alive. Specify in seconds: for example 28800 means 8 hours
+##
+## odbc_keepalive_interval: undefined
+
+###   ===============
+###   TRAFFIC SHAPERS
+
+shaper:
+  ##
+  ## The "normal" shaper limits traffic speed to 1000 B/s
+  ##
+  normal: 1000
+
+  ##
+  ## The "fast" shaper limits traffic speed to 50000 B/s
+  ##
+  fast: 50000
+
+##
+## This option specifies the maximum number of elements in the queue
+## of the FSM. Refer to the documentation for details.
+##
+max_fsm_queue: 1000
+
+###.   ====================
+###'   ACCESS CONTROL LISTS
+acl:
+  ##
+  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
+  ## You can put here as many accounts as you want.
+  ##
+  ## admin:
+  ##   user:
+  ##     - "aleksey": "localhost"
+  ##     - "ermine": "example.org"
+  ##
+  ## Blocked users
+  ##
+  ## blocked:
+  ##   user:
+  ##     - "baduser": "example.org"
+  ##     - "test"
+
+  ## Local users: don't modify this.
+  ##
+  local:
+    user_regexp: ""
+
+  ##
+  ## More examples of ACLs
+  ##
+  ## jabberorg:
+  ##   server:
+  ##     - "jabber.org"
+  ## aleksey:
+  ##   user:
+  ##     - "aleksey": "jabber.ru"
+  ## test:
+  ##   user_regexp: "^test"
+  ##   user_glob: "test*"
+
+  ##
+  ## Loopback network
+  ##
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+
+  ##
+  ## Bad XMPP servers
+  ##
+  ## bad_servers:
+  ##   server:
+  ##     - "xmpp.zombie.org"
+  ##     - "xmpp.spam.com"
+
+##
+## Define specific ACLs in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     acl:
+##       admin:
+##         user:
+##           - "bob-local": "localhost"
+
+###   ============
+###   ACCESS RULES
+access:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions:
+    all: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    admin: 5000
+    all: 100
+  ## This rule allows access only for local users:
+  local:
+    local: allow
+  ## Only non-blocked users can use c2s connections:
+  c2s:
+    blocked: deny
+    all: allow
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    admin: none
+    all: normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper:
+    all: fast
+  ## Only admins can send announcement messages:
+  announce:
+    admin: allow
+  ## Only admins can use the configuration interface:
+  configure:
+    admin: allow
+  ## Admins of this server are also admins of the MUC service:
+  muc_admin:
+    admin: allow
+  ## Only accounts of the local ejabberd server can create rooms:
+  muc_create:
+    local: allow
+  ## All users are allowed to use the MUC service:
+  muc:
+    all: allow
+  ## Only accounts on the local ejabberd server can create Pubsub nodes:
+  pubsub_createnode:
+    local: allow
+  ## In-band registration allows registration of any possible username.
+  ## To disable in-band registration, replace 'allow' with 'deny'.
+  register:
+    all: allow
+  ## Only allow to register from localhost
+  trusted_network:
+    loopback: allow
+  ## Do not establish S2S connections with bad servers
+  ## s2s:
+  ##   bad_servers: deny
+  ##   all: allow
+
+## By default the frequency of account registrations from the same IP
+## is limited to 1 account every 10 minutes. To disable, specify: infinity
+## registration_timeout: 600
+
+##
+## Define specific Access Rules in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     access:
+##       c2s:
+##         admin: allow
+##         all: deny
+##       register:
+##         all: deny
+
+###   ================
+###   DEFAULT LANGUAGE
+
+##
+## language: Default language used for server messages.
+##
+language: "en"
+
+##
+## Set a different default language in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     language: "ru"
+
+###   =======
+###   CAPTCHA
+
+##
+## Full path to a script that generates the image.
+##
+## captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"
+
+##
+## Host for the URL and port where ejabberd listens for CAPTCHA requests.
+##
+## captcha_host: "example.org:5280"
+
+##
+## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
+##
+## captcha_limit: 5
+
+###   =======
+###   MODULES
+
+##
+## Modules enabled in all ejabberd virtual hosts.
+##
+modules:
+  mod_adhoc: {}
+  ## mod_admin_extra: {}
+  mod_announce: # recommends mod_adhoc
+    access: announce
+  mod_blocking: {} # requires mod_privacy
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state:
+    drop_chat_states: true
+    queue_presence: false
+  mod_configure: {} # requires mod_adhoc
+  mod_disco: {}
+  ## mod_echo: {}
+  mod_irc: {}
+  mod_http_bind: {}
+  ## mod_http_fileserver:
+  ##   docroot: "/var/www"
+  ##   accesslog: "/var/log/ejabberd/access.log"
+  mod_last: {}
+  mod_muc:
+    ## host: "conference.@HOST@"
+    access: muc
+    access_create: muc_create
+    access_persistent: muc_create
+    access_admin: muc_admin
+  ## mod_muc_log: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  ## mod_pres_counter:
+  ##   count: 5
+  ##   interval: 60
+  mod_privacy: {}
+  mod_private: {}
+  ## mod_proxy65: {}
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    ## reduces resource comsumption, but XEP incompliant
+    ignore_pep_from_offline: true
+    ## XEP compliant, but increases resource comsumption
+    ## ignore_pep_from_offline: false
+    last_item_cache: false
+    plugins:
+      - "flat"
+      - "hometree"
+      - "pep" # pep requires mod_caps
+  mod_register:
+    ##
+    ## Protect In-Band account registrations with CAPTCHA.
+    ##
+    ## captcha_protected: true
+
+    ##
+    ## Set the minimum informational entropy for passwords.
+    ##
+    ## password_strength: 32
+
+    ##
+    ## After successful registration, the user receives
+    ## a message with this subject and body.
+    ##
+    welcome_message:
+      subject: "Welcome!"
+      body: |-
+        Hi.
+        Welcome to this XMPP server.
+
+    ##
+    ## When a user registers, send a notification to
+    ## these XMPP accounts.
+    ##
+    ## registration_watchers:
+    ##   - "admin1@example.org"
+
+    ##
+    ## Only clients in the server machine can register accounts
+    ##
+    ip_access: trusted_network
+
+    ##
+    ## Local c2s or remote s2s users cannot register accounts
+    ##
+    ## access_from: deny
+
+    access: register
+  mod_roster: {}
+  mod_shared_roster: {}
+  mod_stats: {}
+  mod_time: {}
+  mod_vcard: {}
+  mod_version: {}
+
+##
+## Enable modules with custom options in a specific virtual host
+##
+## host_config:
+##   "localhost":
+##     modules:
+##       mod_echo:
+##         host: "mirror.localhost"
+
+##
+## Enable modules management via ejabberdctl for installation and
+## uninstallation of public/private contributed modules
+## (enabled by default)
+##
+
+allow_contrib_modules: true
+
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8
@@ -30,6 +30,7 @@ fi

 AC_PATH_TOOL(ERL, erl, , [${extra_erl_path}$PATH])
 AC_PATH_TOOL(ERLC, erlc, , [${extra_erl_path}$PATH])
+AC_PATH_TOOL(EPMD, epmd, , [${extra_erl_path}$PATH])

 AC_ERLANG_NEED_ERL
 AC_ERLANG_NEED_ERLC
@@ -242,9 +242,7 @@ print_usage() ->
 print_po_header(File) ->
    MsgProps = get_msg_header_props(File),
    {Language, [LastT | AddT]} = prepare_props(MsgProps),
-    application:load(ejabberd),
-    {ok, Version} = application:get_key(ejabberd, vsn),
-    print_po_header(Version, Language, LastT, AddT).
+    print_po_header(Language, LastT, AddT).

 get_msg_header_props(File) ->
    {ok, F} = file:open(File, [read]),
@@ -274,12 +272,11 @@ prepare_props(MsgProps) ->
    Authors = proplists:get_all_values("Author:", MsgProps),
    {Language, Authors}.

-print_po_header(Version, Language, LastTranslator, AdditionalTranslatorsList) ->
+print_po_header(Language, LastTranslator, AdditionalTranslatorsList) ->
    AdditionalTranslatorsString = build_additional_translators(AdditionalTranslatorsList),
    HeaderString =
 	"msgid \"\"\n"
 	"msgstr \"\"\n"
-	"\"Project-Id-Version: " ++ Version ++ "\\n\"\n"
 	++ "\"X-Language: " ++ Language ++ "\\n\"\n"
 	"\"Last-Translator: " ++ LastTranslator ++ "\\n\"\n"
 	++ AdditionalTranslatorsString ++
@@ -157,7 +157,7 @@ extract_lang_srcmsg2po ()
 	echo $MSGS_PATH

 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $PO_PATH.1 > $PO_PATH.2
 	msguniq --sort-by-file $PO_PATH.2 --output-file=$PO_PATH
 	
@@ -176,7 +176,7 @@ extract_lang_src2pot ()
 	echo "" >>$MSGS_PATH

 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $POT_PATH.1 > $POT_PATH.2

 	#msguniq --sort-by-file $POT_PATH.2 $EJA_MSGS_DIR --output-file=$POT_PATH
@@ -0,0 +1,5 @@
+{level, details}.
+{incl_dirs, ["src", "ebin"]}.
+{excl_mods, [eldap, 'ELDAPv3']}.
+{export, "logs/all.coverdata"}.
+
@@ -7,11 +7,18 @@ User=ejabberd
 Group=ejabberd
 LimitNOFILE=16000
 RestartSec=5
-ExecStart=/bin/sh @ctlscriptpath@/ejabberdctl start
+ExecStart=@ctlscriptpath@/ejabberdctl start
 ExecStop=@ctlscriptpath@/ejabberdctl stop
 ExecReload=@ctlscriptpath@/ejabberdctl reload_config
 Type=oneshot
 RemainAfterExit=yes
+# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true

 [Install]
 WantedBy=multi-user.target
@@ -147,6 +147,15 @@ listen:
  ##   access: all
  ##   shaper_rule: fast
  ##   ip: "127.0.0.1"
+  ##   privilege_access: 
+  ##      roster: "both"
+  ##      message: "outgoing"
+  ##      presence: "roster"
+  ##   delegations:
+  ##      "urn:xmpp:mam:1":
+  ##        filtering: ["node"]
+  ##      "http://jabber.org/protocol/pubsub":
+  ##        filtering: []
  ##   hosts:
  ##     "icq.example.org":
  ##       password: "secret"
@@ -254,10 +263,10 @@ auth_method: internal
 ## extauth_program: "/path/to/authentication/script"

 ##
-## Authentication using ODBC
+## Authentication using SQL
 ## Remember to setup a database in the next section.
 ##
-## auth_method: odbc
+## auth_method: sql

 ##
 ## Authentication using PAM
@@ -330,26 +339,26 @@ auth_method: internal
 ##
 ## MySQL server:
 ##
-## odbc_type: mysql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: mysql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234

 ##
 ## PostgreSQL server:
 ##
-## odbc_type: pgsql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: pgsql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234
 ##
 ## If you use PostgreSQL, have a large database, and need a
 ## faster but inexact replacement for "select count(*) from users"
@@ -359,25 +368,25 @@ auth_method: internal
 ##
 ## SQLite:
 ##
-## odbc_type: sqlite
-## odbc_database: "/path/to/database.db"
+## sql_type: sqlite
+## sql_database: "/path/to/database.db"

 ##
 ## ODBC compatible or MSSQL server:
 ##
-## odbc_type: odbc
-## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
+## sql_type: odbc
+## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"

 ##
 ## Number of connections to open to the database for each virtual host
 ##
-## odbc_pool_size: 10
+## sql_pool_size: 10

 ##
 ## Interval to make a dummy SQL request to keep the connections to the
 ## database alive. Specify in seconds: for example 28800 means 8 hours
 ##
-## odbc_keepalive_interval: undefined
+## sql_keepalive_interval: undefined

 ###.  ===============
 ###'  TRAFFIC SHAPERS
@@ -408,14 +417,14 @@ acl:
  ##
  ## admin:
  ##   user:
-  ##     - "aleksey": "localhost"
-  ##     - "ermine": "example.org"
+  ##     - "aleksey@localhost"
+  ##     - "ermine@example.org"
  ##
  ## Blocked users
  ##
  ## blocked:
  ##   user:
-  ##     - "baduser": "example.org"
+  ##     - "baduser@example.org"
  ##     - "test"

  ## Local users: don't modify this.
@@ -431,7 +440,7 @@ acl:
  ##     - "jabber.org"
  ## aleksey:
  ##   user:
-  ##     - "aleksey": "jabber.ru"
+  ##     - "aleksey@jabber.ru"
  ## test:
  ##   user_regexp: "^test"
  ##   user_glob: "test*"
@@ -459,61 +468,61 @@ acl:
 ##     acl:
 ##       admin:
 ##         user:
-##           - "bob-local": "localhost"
+##           - "bob-local@localhost"
+
+###.  ============
+###'  SHAPER RULES
+
+shaper_rules:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    - none: admin
+    - normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper: fast

 ###.  ============
 ###'  ACCESS RULES
-access:
-  ## Maximum number of simultaneous sessions allowed for a single user:
-  max_user_sessions: 
-    all: 10
-  ## Maximum number of offline messages that users can have:
-  max_user_offline_messages: 
-    admin: 5000
-    all: 100
+access_rules:
  ## This rule allows access only for local users:
-  local: 
-    local: allow
+  local:
+    - allow: local
  ## Only non-blocked users can use c2s connections:
-  c2s: 
-    blocked: deny
-    all: allow
-  ## For C2S connections, all users except admins use the "normal" shaper
-  c2s_shaper: 
-    admin: none
-    all: normal
-  ## All S2S connections use the "fast" shaper
-  s2s_shaper: 
-    all: fast
+  c2s:
+    - deny: blocked
+    - allow
  ## Only admins can send announcement messages:
-  announce: 
-    admin: allow
+  announce:
+    - allow: admin
  ## Only admins can use the configuration interface:
  configure: 
-    admin: allow
-  ## Admins of this server are also admins of the MUC service:
-  muc_admin: 
-    admin: allow
+    - allow: admin
  ## Only accounts of the local ejabberd server can create rooms:
  muc_create: 
-    local: allow
-  ## All users are allowed to use the MUC service:
-  muc: 
-    all: allow
+    - allow: local
  ## Only accounts on the local ejabberd server can create Pubsub nodes:
  pubsub_createnode: 
-    local: allow
+    - allow: local
  ## In-band registration allows registration of any possible username.
  ## To disable in-band registration, replace 'allow' with 'deny'.
  register: 
-    all: allow
+    - allow
  ## Only allow to register from localhost
  trusted_network: 
-    loopback: allow
+    - allow: loopback
  ## Do not establish S2S connections with bad servers
  ## s2s: 
-  ##   bad_servers: deny
-  ##   all: allow
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - allow

 ## By default the frequency of account registrations from the same IP
 ## is limited to 1 account every 10 minutes. To disable, specify: infinity
@@ -526,10 +535,10 @@ access:
 ##   "localhost":
 ##     access:
 ##       c2s:
-##         admin: allow
-##         all: deny
+##         - allow: admin
+##         - deny
 ##       register:
-##         all: deny
+##         - deny

 ###.  ================
 ###'  DEFAULT LANGUAGE
@@ -580,6 +589,7 @@ modules:
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {} # requires mod_adhoc
+  ##mod_delegation: {} # for xep0356
  mod_disco: {}
  ## mod_echo: {}
  mod_irc: {}
@@ -590,10 +600,12 @@ modules:
  mod_last: {}
  mod_muc: 
    ## host: "conference.@HOST@"
-    access: muc
+    access:
+      - allow
+    access_admin:
+      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
-    access_admin: muc_admin
  ## mod_muc_log: {}
  ## mod_multicast: {}
  mod_offline: 
@@ -616,45 +628,39 @@ modules:
      - "flat"
      - "hometree"
      - "pep" # pep requires mod_caps
-  mod_register: 
+  ## mod_register:
    ##
    ## Protect In-Band account registrations with CAPTCHA.
    ##
-    ## captcha_protected: true
-
+    ##   captcha_protected: true
    ##
    ## Set the minimum informational entropy for passwords.
    ##
-    ## password_strength: 32
-
+    ##   password_strength: 32
    ##
    ## After successful registration, the user receives
    ## a message with this subject and body.
    ##
-    welcome_message: 
-      subject: "Welcome!"
-      body: |-
-        Hi.
-        Welcome to this XMPP server.
-
+    ##   welcome_message:
+    ##     subject: "Welcome!"
+    ##     body: |-
+    ##       Hi.
+    ##       Welcome to this XMPP server.
    ##
    ## When a user registers, send a notification to
    ## these XMPP accounts.
    ##
-    ## registration_watchers:
-    ##   - "admin1@example.org"
-
+    ##   registration_watchers:
+    ##     - "admin1@example.org"
    ##
    ## Only clients in the server machine can register accounts
    ##
-    ip_access: trusted_network
-
+    ##   ip_access: trusted_network
    ##
    ## Local c2s or remote s2s users cannot register accounts
    ##
-    ## access_from: deny
-
-    access: register
+    ##   access_from: deny
+    ##   access: register
  mod_roster: {}
  mod_shared_roster: {}
  mod_stats: {}
@@ -13,7 +13,7 @@ ERLANG_NODE=ejabberd@localhost
 SCRIPT_DIR=`cd ${0%/*} && pwd`
 ERL={{erl}}
 IEX={{bindir}}/iex
-EPMD={{bindir}}/epmd
+EPMD={{epmd}}
 INSTALLUSER={{installuser}}
 ERL_LIBS={{libdir}}

@@ -83,18 +83,9 @@ if [ "$EJABBERD_DOC_PATH" = "" ] ; then
 fi
 if [ "$ERLANG_NODE_ARG" != "" ] ; then
    ERLANG_NODE=$ERLANG_NODE_ARG
-    NODE=${ERLANG_NODE%@*}
 fi
-if [ "{{release}}" != "true" ] ; then
-    if [ "$EJABBERDDIR" = "" ] ; then
-        EJABBERDDIR={{libdir}}/ejabberd
-    fi
-    if [ "$EJABBERD_PRIV_PATH" = "" ] ; then
-        EJABBERD_PRIV_PATH=$EJABBERDDIR/priv
-    fi
-    if [ "$EJABBERD_BIN_PATH" = "" ] ; then
-        EJABBERD_BIN_PATH=$EJABBERD_PRIV_PATH/bin
-    fi
+if [ "{{release}}" != "true" -a "$EJABBERD_BIN_PATH" = "" ] ; then
+    EJABBERD_BIN_PATH={{libdir}}/ejabberd/priv/bin
 fi
 EJABBERD_LOG_PATH=$LOGS_DIR/ejabberd.log
 DATETIME=`date "+%Y%m%d-%H%M%S"`
@@ -141,8 +132,8 @@ fi
 [ -z "$date" ] || EJABBERD_OPTS="${EJABBERD_OPTS} log_rotate_date '$date'"
 [ -z "$EJABBERD_OPTS" ] || EJABBERD_OPTS="-ejabberd ${EJABBERD_OPTS}"

-[ -d $SPOOL_DIR ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
-cd $SPOOL_DIR
+[ -d "$SPOOL_DIR" ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
+cd "$SPOOL_DIR"

 # export global variables
 export EJABBERD_CONFIG_PATH
@@ -159,6 +150,15 @@ export CONTRIB_MODULES_PATH
 export CONTRIB_MODULES_CONF_DIR
 export ERL_LIBS

+shell_escape_str()
+{
+    if test $# -eq 0; then
+        printf '"" '
+    else
+        shell_escape "$@"
+    fi
+}
+
 shell_escape()
 {
    local RES=()
@@ -190,8 +190,8 @@ start()
 debug()
 {
    debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
         -remsh $ERLANG_NODE \
         -hidden \
         $KERNEL_OPTS \
@@ -204,15 +204,15 @@ debug()
 iexdebug()
 {
    debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
    # Elixir shell is hidden as default
-    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"$NID\"` \
         -remsh $ERLANG_NODE \
-         --erl \"`shell_escape \"$KERNEL_OPTS\"\" \
-         --erl \"`shell_escape \"$ERLANG_OPTS\"\" \
-         --erl \"`shell_escape \"${ARGS[@]}\"\" \
-         --erl \"`shell_escape \"$@\"\""
-    $EXEC_CMD "$CMD"
+         --erl `shell_escape \"$KERNEL_OPTS\"` \
+         --erl `shell_escape \"$ERLANG_OPTS\"` \
+         --erl `shell_escape \"${ARGS[@]}\"` \
+         --erl `shell_escape_str \"$@\"`"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }

 # start interactive server
@@ -233,15 +233,16 @@ live()
 iexlive()
 {
    livewarning
+    echo $@
    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"${ERLANG_NODE}\"` \
         --erl \"-mnesia dir \\\"$SPOOL_DIR\\\"\" \
         --erl \"`shell_escape \"$KERNEL_OPTS\"`\" \
         --erl \"`shell_escape \"$EJABBERD_OPTS\"`\" \
         --app ejabberd \
-         --erl \"`shell_escape \"$ERLANG_OPTS\"`\" \
-         --erl \"`shell_escape \"${ARGS[@]}\"`\" \
-         --erl \"`shell_escape \"$@\"`\""
-    $EXEC_CMD "$CMD"
+         --erl `shell_escape \"$ERLANG_OPTS\"` \
+         --erl `shell_escape \"${ARGS[@]}\"` \
+         --erl `shell_escape_str \"$@\"`"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }

 # start server in the foreground
@@ -309,20 +310,27 @@ livewarning()

 etop()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
+    NID=$(uid top)
    $EXEC_CMD "$ERL \
-      $NAME debug-${TTY}-${ERLANG_NODE} \
+      $NAME $NID \
      -hidden -s etop -s erlang halt -output text -node $ERLANG_NODE"
 }

 ping()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
+    [ -z "$1" ] && PEER=${ERLANG_NODE} || PEER=$1
+    if [ "$PEER" = "${PEER%.*}" ] ; then
+        PING_NAME="-sname"
+        PING_NODE=$(hostname -s)
+    else
+        PING_NAME="-name"
+        PING_NODE=$(hostname)
+    fi
+    NID=$(uid ping ${PING_NODE})
    $EXEC_CMD "$ERL \
-      $NAME ping-${TTY}-${ERLANG_NODE} \
-      -hidden \
-      $KERNEL_OPTS $ERLANG_OPTS \
-      -eval 'io:format(\"~p~n\",[net_adm:ping($1)])' \
+      $PING_NAME $NID \
+      -hidden $KERNEL_OPTS $ERLANG_OPTS \
+      -eval 'io:format(\"~p~n\",[net_adm:ping('\"'\"'$PEER'\"'\"')])' \
      -s erlang halt -output text -noinput"
 }

@@ -350,97 +358,42 @@ help()
 # common control function
 ctl()
 {
-    # Control number of connections identifiers
-    # using flock if available. Expects a linux-style
-    # flock that can lock a file descriptor.
-    MAXCONNID=100
-    CONNLOCKDIR={{localstatedir}}/lock/ejabberdctl
-    FLOCK=/usr/bin/flock
-    if [ ! -x "$FLOCK" ] || [ ! -d "$CONNLOCKDIR" ] ; then
-        JOT=/usr/bin/jot
-        if [ ! -x "$JOT" ] ; then
-            # no flock or jot, simply invoke ctlexec()
-            CTL_CONN="ctl-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        else
-            # no flock, but at least there is jot
-            RAND=`jot -r 1 0 $MAXCONNID`
-            CTL_CONN="ctl-${RAND}-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        fi
-    else
-        # we have flock so we get a lock
-        # on one of a limited number of
-        # conn names -- this allows
-        # concurrent invocations using a bound
-        # number of atoms
-        for N in `seq 1 $MAXCONNID`; do
-            CTL_CONN="ejabberdctl-$N"
-            CTL_LOCKFILE="$CONNLOCKDIR/$CTL_CONN"
-            (
-                exec 8>"$CTL_LOCKFILE"
-                if flock --nb 8; then
-                    ctlexec $CTL_CONN "$@"
-                    ssresult=$?
-                    # segregate from possible flock exit(1)
-                    ssresult=`expr $ssresult \* 10`
-                    exit $ssresult
-                else
-                    exit 1
-                fi
-            )
-            result=$?
-            if [ $result -eq 1 ] ; then
-                # means we errored out in flock
-                # rather than in the exec - stay in the loop
-                # trying other conn names...
-                badlock=1
-            else
-                badlock=""
-                break;
-            fi
-        done
-        result=`expr $result / 10`
-    fi
-
-    if [ "$badlock" ] ;then
-        echo "Ran out of connections to try. Your ejabberd processes" >&2
-        echo "may be stuck or this is a very busy server. For very"   >&2
-        echo "busy servers, consider raising MAXCONNID in ejabberdctl">&2
-        exit 1;
-    fi
-
-    case $result in
-        0) :;;
-        1) :;;
-        2) help;;
-        3) help;;
-    esac
-    return $result
-}
-
-ctlexec()
-{
-    CONN_NAME=$1; shift
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$CONN_NAME\"` \
+    NID=$(uid ctl)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
         -noinput -hidden $KERNEL_OPTS -s ejabberd_ctl \
         -extra `shell_escape \"$ERLANG_NODE\"` $EJABBERD_NO_TIMEOUT \
         `shell_escape \"$@\"`"
    $EXEC_CMD "$CMD"
+    result=$?
+    case $result in
+        2) help;;
+        3) help;;
+        *) :;;
+    esac
+    return $result
+}
+
+uid()
+{
+    uuid=$(uuidgen 2>/dev/null)
+    [ -z "$uuid" -a -f /proc/sys/kernel/random/uuid ] && uuid=$(</proc/sys/kernel/random/uuid)
+    [ -z "$uuid" ] && uuid=$(printf "%X" $RANDOM$(date +%M%S)$$)
+    uuid=${uuid%%-*}
+    [ $# -eq 0 ] && echo ${uuid}-${ERLANG_NODE}
+    [ $# -eq 1 ] && echo ${uuid}-${1}-${ERLANG_NODE}
+    [ $# -eq 2 ] && echo ${uuid}-${1}@${2}
 }

 # stop epmd if there is no other running node
 stop_epmd()
 {
-    $EPMD -names 2>/dev/null | grep -q name || $EPMD -kill >/dev/null
+    "$EPMD" -names 2>/dev/null | grep -q name || "$EPMD" -kill >/dev/null
 }

 # make sure node not already running and node name unregistered
 check_start()
 {
-    $EPMD -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
+    "$EPMD" -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
        ps ux | grep -v grep | grep -q " $ERLANG_NODE " && {
            echo "ERROR: The ejabberd node '$ERLANG_NODE' is already running."
            exit 4
@@ -451,7 +404,7 @@ check_start()
                echo "Shutdown all other erlang nodes, and call 'epmd -kill'."
                exit 5
            } || {
-                $EPMD -kill >/dev/null
+                "$EPMD" -kill >/dev/null
            }
        }
    }
@@ -485,9 +438,9 @@ case "${ARGS[0]}" in
    'live') live;;
    'iexlive') iexlive;;
    'foreground') foreground;;
-    'ping'*) ping ${ARGS# ping};;
+    'ping'*) ping ${ARGS[1]};;
    'etop') etop;;
    'started') wait_for_status 0 30 2;; # wait 30x2s before timeout
-    'stopped') wait_for_status 3 15 2 && stop_epmd;; # wait 15x2s before timeout
+    'stopped') wait_for_status 3 30 2 && stop_epmd;; # wait 30x2s before timeout
    *) ctl "${ARGS[@]}";;
 esac
@@ -26,28 +26,54 @@
                 {tuple, [rterm()]} | {list, rterm()} |
                 rescode | restuple.

+-type oauth_scope() :: atom().
+
+%% ejabberd_commands OAuth ReST ACL definition:
+%% Two fields exist that are used to control access on a command from ReST API:
+%% 1. Policy
+%% If policy is:
+%%  - restricted: command is not exposed as OAuth Rest API.
+%%  - admin: Command is allowed for user that have Admin Rest command enabled by access rule: commands_admin_access
+%%  - user: Command might be called by any server user.
+%%  - open: Command can be called by anyone.
+%%
+%% Policy is just used to control who can call the command. A specific additional access rules can be performed, as
+%% defined by access option.
+%% Access option can be a list of:
+%% - {Module, accessName, DefaultValue}: Reference and existing module access to limit who can use the command.
+%% - AccessRule name: direct name of the access rule to check in config file.
+%% TODO: Access option could be atom command (not a list). In the case, User performing the command, will be added as first parameter
+%% to command, so that the command can perform additional check.
+
 -record(ejabberd_commands,
 	{name                    :: atom(),
         tags = []               :: [atom()] | '_' | '$2',
         desc = ""               :: string() | '_' | '$3',
         longdesc = ""           :: string() | '_',
-	 module                  :: atom(),
-         function                :: atom(),
+	 version = 0             :: integer(),
+	 module                  :: atom() | '_',
+         function                :: atom() | '_',
         args = []               :: [aterm()] | '_' | '$1' | '$2',
         policy = restricted     :: open | restricted | admin | user,
+        %% access is: [accessRuleName] or [{Module, AccessOption, DefaultAccessRuleName}]
+         access = []             :: [{atom(),atom(),atom()}|atom()],
         result = {res, rescode} :: rterm() | '_' | '$2',
         args_desc = none        :: none | [string()] | '_',
         result_desc = none      :: none | string() | '_',
         args_example = none     :: none | [any()] | '_',
         result_example = none   :: any()}).

+%% TODO Fix me: Type is not up to date
 -type ejabberd_commands() :: #ejabberd_commands{name :: atom(),
                                                tags :: [atom()],
                                                desc :: string(),
                                                longdesc :: string(),
+                                                version :: integer(),
                                                module :: atom(),
                                                function :: atom(),
                                                args :: [aterm()],
+                                                policy :: open | restricted | admin | user,
+                                                access :: [{atom(),atom(),atom()}|atom()],
                                                result :: rterm()}.

 %% @type ejabberd_commands() = #ejabberd_commands{
@@ -23,8 +23,7 @@
 	 path = []         :: [binary()],
 	 q = []            :: [{binary() | nokey, binary()}],
 	 us = {<<>>, <<>>} :: {binary(), binary()},
-	 auth              :: {binary(), binary()} |
-	 {auth_jid, {binary(), binary()}, jlib:jid()},
+	 auth              :: {binary(), binary()} | {oauth, binary(), []} | undefined,
 	 lang = <<"">>     :: binary(),
 	 data = <<"">>     :: binary(),
 	 ip                :: {inet:ip_address(), inet:port_number()},
@@ -0,0 +1,26 @@
+%%%----------------------------------------------------------------------
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-record(oauth_token, {
+          token = <<"">>           :: binary() | '_',
+          us = {<<"">>, <<"">>}    :: {binary(), binary()} | '_',
+          scope = []               :: [binary()] | '_',
+          expire                   :: integer() | '$1'
+         }).
@@ -0,0 +1,20 @@
+-include("ejabberd.hrl").
+-include("logger.hrl").
+-include("jlib.hrl").
+
+-type filter_attr() :: {binary(), [binary()]}.
+
+-record(state,
+        {socket                    :: ejabberd_socket:socket_state(),
+         sockmod = ejabberd_socket :: ejabberd_socket | ejabberd_frontend_socket,
+         streamid = <<"">>         :: binary(),
+         host_opts = dict:new()    :: ?TDICT,
+         host = <<"">>             :: binary(),
+         access                    :: atom(),
+         check_from = true         :: boolean(),
+         server_hosts = ?MYHOSTS   :: [binary()],
+         privilege_access          :: [attr()],
+         delegations               :: [filter_attr()],
+         last_pres = dict:new()    :: ?TDICT}).
+
+-type(state() :: #state{} ).
@@ -1,12 +1,13 @@
 -ifndef(EJABBERD_SM_HRL).
 -define(EJABBERD_SM_HRL, true).

-record(session, {sid, usr, us, priority, info}).
+-record(session, {sid, usr, us, priority, info = []}).
 -record(session_counter, {vhost, count}).
 -type sid() :: {erlang:timestamp(), pid()}.
 -type ip() :: {inet:ip_address(), inet:port_number()} | undefined.
 -type info() :: [{conn, atom()} | {ip, ip()} | {node, atom()}
-                 | {oor, boolean()} | {auth_module, atom()}].
+                 | {oor, boolean()} | {auth_module, atom()}
+                 | {num_stanzas_in, non_neg_integer()}].
 -type prio() :: undefined | integer().

 -endif.
@@ -0,0 +1,33 @@
+%%%----------------------------------------------------------------------
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-define(SQL_MARK, sql__mark_).
+-define(SQL(SQL), ?SQL_MARK(SQL)).
+
+-define(SQL_UPSERT_MARK, sql_upsert__mark_).
+-define(SQL_UPSERT(Host, Table, Fields),
+        ejabberd_sql:sql_query(Host, ?SQL_UPSERT_MARK(Table, Fields))).
+-define(SQL_UPSERT_T(Table, Fields),
+        ejabberd_sql:sql_query_t(?SQL_UPSERT_MARK(Table, Fields))).
+
+-record(sql_query, {hash, format_query, format_res, args, loc}).
+
+-record(sql_escape, {string, integer, boolean}).
+
@@ -34,3 +34,10 @@

 -define(CRITICAL_MSG(Format, Args),
 	lager:critical(Format, Args)).
+
+%% Use only when trying to troubleshoot test problem with ExUnit
+-define(EXUNIT_LOG(Format, Args),
+        case lists:keyfind(logger, 1, application:loaded_applications()) of
+            false -> ok;
+            _ -> 'Elixir.Logger':bare_log(error, io_lib:format(Format, Args), [?MODULE])
+        end).
@@ -0,0 +1,5 @@
+-record(motd, {server = <<"">> :: binary(),
+               packet = #xmlel{} :: xmlel()}).
+
+-record(motd_users, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
+                     dummy = [] :: [] | '_'}).
@@ -0,0 +1,4 @@
+-record(caps_features,
+	{node_pair = {<<"">>, <<"">>} :: {binary(), binary()},
+	 features  = []               :: [binary()] | pos_integer()
+	}).
@@ -0,0 +1,4 @@
+-type matchspec_atom() :: '_' | '$1' | '$2' | '$3'.
+-record(carboncopy, {us       :: {binary(), binary()} | matchspec_atom(), 
+		     resource :: binary() | matchspec_atom(),
+		     version  :: binary() | matchspec_atom()}).
@@ -0,0 +1,15 @@
+-type conn_param() :: {binary(), binary(), inet:port_number(), binary()} |
+                      {binary(), binary(), inet:port_number()} |
+                      {binary(), binary()} |
+                      {binary()}.
+
+-type irc_data() :: [{username, binary()} | {connections_params, [conn_param()]}].
+
+-record(irc_connection,
+        {jid_server_host = {#jid{}, <<"">>, <<"">>} :: {jid(), binary(), binary()},
+         pid = self()                               :: pid()}).
+
+-record(irc_custom,
+        {us_host = {{<<"">>, <<"">>}, <<"">>} :: {{binary(), binary()},
+                                                  binary()},
+         data = [] :: irc_data()}).
@@ -0,0 +1,3 @@
+-record(last_activity, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                        timestamp = 0 :: non_neg_integer(),
+                        status = <<"">> :: binary()}).
@@ -0,0 +1,15 @@
+-record(archive_msg,
+	{us = {<<"">>, <<"">>}                :: {binary(), binary()} | '$2',
+	 id = <<>>                            :: binary() | '_',
+	 timestamp = p1_time_compat:timestamp() :: erlang:timestamp() | '_' | '$1',
+	 peer = {<<"">>, <<"">>, <<"">>}      :: ljid() | '_' | '$3' | undefined,
+	 bare_peer = {<<"">>, <<"">>, <<"">>} :: ljid() | '_' | '$3',
+	 packet = #xmlel{}                    :: xmlel() | '_',
+	 nick = <<"">>                        :: binary(),
+	 type = chat                          :: chat | groupchat}).
+
+-record(archive_prefs,
+	{us = {<<"">>, <<"">>} :: {binary(), binary()},
+	 default = never       :: never | always | roster,
+	 always = []           :: [ljid()],
+	 never = []            :: [ljid()]}).
@@ -53,6 +53,7 @@
    members_by_default                   = true :: boolean(),
    members_only                         = false :: boolean(),
    allow_user_invites                   = false :: boolean(),
+    allow_subscription                   = false :: boolean(),
    password_protected                   = false :: boolean(),
    password                             = <<"">> :: binary(),
    anonymous                            = true :: boolean(),
@@ -76,9 +77,15 @@
    jid :: jid(),
    nick :: binary(),
    role :: role(),
+    %%is_subscriber = false :: boolean(),
+    %%subscriptions = [] :: [binary()],
    last_presence :: xmlel()
 }).

+-record(subscriber, {jid :: jid(),
+		     nick = <<>> :: binary(),
+		     nodes = [] :: [binary()]}).
+
 -record(activity,
 {
    message_time    = 0 :: integer(),
@@ -98,6 +105,8 @@
    jid                     = #jid{} :: jid(),
    config                  = #config{} :: config(),
    users                   = (?DICT):new() :: ?TDICT,
+    subscribers             = (?DICT):new() :: ?TDICT,
+    subscriber_nicks        = (?DICT):new() :: ?TDICT,
    last_voice_request_time = treap:empty() :: treap:treap(),
    robots                  = (?DICT):new() :: ?TDICT,
    nicks                   = (?DICT):new() :: ?TDICT,
@@ -0,0 +1,4 @@
+-record(private_storage,
+        {usns = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary() |
+                                             '$1' | '_'},
+         xml = #xmlel{} :: xmlel() | '_' | '$1'}).
@@ -0,0 +1,5 @@
+-record(sr_group, {group_host = {<<"">>, <<"">>} :: {'$1' | binary(), '$2' | binary()},
+                   opts = [] :: list() | '_' | '$2'}).
+
+-record(sr_user, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                  group_host = {<<"">>, <<"">>} :: {binary(), binary()}}).
@@ -0,0 +1,8 @@
+-record(vcard_search,
+	{us, user, luser, fn, lfn, family, lfamily, given,
+	 lgiven, middle, lmiddle, nickname, lnickname, bday,
+	 lbday, ctry, lctry, locality, llocality, email, lemail,
+	 orgname, lorgname, orgunit, lorgunit}).
+
+-record(vcard, {us = {<<"">>, <<"">>} :: {binary(), binary()} | binary(),
+                vcard = #xmlel{} :: xmlel()}).
@@ -0,0 +1,2 @@
+-record(vcard_xupdate, {us = {<<>>, <<>>} :: {binary(), binary()},
+                        hash = <<>>       :: binary()}).
@@ -157,3 +157,20 @@
 -define(NS_HTTP_UPLOAD_OLD, <<"eu:siacs:conversations:http:upload">>).
 -define(NS_THUMBS_1, <<"urn:xmpp:thumbs:1">>).
 -define(NS_NICK,  <<"http://jabber.org/protocol/nick">>).
+-define(NS_MIX_0, <<"urn:xmpp:mix:0">>).
+-define(NS_MIX_SERVICEINFO_0, <<"urn:xmpp:mix:0#serviceinfo">>).
+-define(NS_MIX_NODES_MESSAGES, <<"urn:xmpp:mix:nodes:messages">>).
+-define(NS_MIX_NODES_PRESENCE, <<"urn:xmpp:mix:nodes:presence">>).
+-define(NS_MIX_NODES_PARTICIPANTS, <<"urn:xmpp:mix:nodes:participants">>).
+-define(NS_MIX_NODES_SUBJECT, <<"urn:xmpp:mix:nodes:subject">>).
+-define(NS_MIX_NODES_CONFIG, <<"urn:xmpp:mix:nodes:config">>).
+-define(NS_PRIVILEGE, <<"urn:xmpp:privilege:1">>).
+-define(NS_DELEGATION, <<"urn:xmpp:delegation:1">>).
+-define(NS_MUCSUB, <<"urn:xmpp:mucsub:0">>).
+-define(NS_MUCSUB_NODES_PRESENCE, <<"urn:xmpp:mucsub:nodes:presence">>).
+-define(NS_MUCSUB_NODES_MESSAGES, <<"urn:xmpp:mucsub:nodes:messages">>).
+-define(NS_MUCSUB_NODES_PARTICIPANTS, <<"urn:xmpp:mucsub:nodes:participants">>).
+-define(NS_MUCSUB_NODES_AFFILIATIONS, <<"urn:xmpp:mucsub:nodes:affiliations">>).
+-define(NS_MUCSUB_NODES_SUBJECT, <<"urn:xmpp:mucsub:nodes:subject">>).
+-define(NS_MUCSUB_NODES_CONFIG, <<"urn:xmpp:mucsub:nodes:config">>).
+-define(NS_MUCSUB_NODES_SYSTEM, <<"urn:xmpp:mucsub:nodes:system">>).
@@ -65,7 +65,7 @@
 %% note: pos_integer() should always be used, but we allow anything else coded
 %% as binary, so one can have a custom implementation of nodetree with custom
 %% indexing (see nodetree_virtual). this also allows to use any kind of key for
-%% indexing nodes, as this can be usefull with external backends such as odbc.
+%% indexing nodes, as this can be usefull with external backends such as sql.

 -type(itemId() :: binary()).
 %% @type itemId() = string().
@@ -93,7 +93,12 @@

 -type(subOptions() :: [mod_pubsub:subOption(),...]).

+-type(pubOption() ::
+    {Option::binary(),
+     Values::[binary()]
+}).

+-type(pubOptions() :: [mod_pubsub:pubOption()]).

 -type(affiliation() :: 'none'
                     | 'owner'
@@ -0,0 +1,130 @@
+defmodule ExUnit.CTFormatter do
+  @moduledoc false
+
+  use GenEvent
+
+  import ExUnit.Formatter, only: [format_time: 2, format_test_failure: 5,
+                                  format_test_case_failure: 5]
+
+  def init(opts) do
+    file = File.open! "exunit.log", [:append]
+    # We do not print filter in log file as exclusion of test with tag
+    # pending: true is always done
+    config = %{
+      file: file,
+      seed: opts[:seed],
+      trace: opts[:trace],
+      colors: Keyword.put_new(opts[:colors], :enabled, false),
+      width: 80,
+      tests_counter: 0,
+      failures_counter: 0,
+      skipped_counter: 0,
+      invalids_counter: 0
+    }
+    {:ok, config}
+  end
+
+  def handle_event({:suite_started, _opts}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:suite_finished, run_us, load_us}, config) do
+    print_suite(config, run_us, load_us)
+    File.close config[:file]
+    :remove_handler
+  end
+
+  def handle_event({:test_started, %ExUnit.Test{} = test}, config) do
+    if config.tests_counter == 0, do: IO.binwrite config[:file], "== Running #{test.case} ==\n\n"
+    {:ok, config}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: nil} = _test}, config) do
+    IO.binwrite config[:file], "."
+    {:ok, %{config | tests_counter: config.tests_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:skip, _}} = _test}, config) do
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     skipped_counter: config.skipped_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:invalid, _}} = _test}, config) do
+    IO.binwrite config[:file], "?"
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     invalids_counter: config.invalids_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:failed, failures}} = test}, config) do
+    formatted = format_test_failure(test, failures, config.failures_counter + 1,
+                                    config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    print_logs(test.logs)
+
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     failures_counter: config.failures_counter + 1}}
+  end
+
+  def handle_event({:case_started, %ExUnit.TestCase{}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: nil}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: {:failed, failures}} = test_case}, config) do
+    formatted = format_test_case_failure(test_case, failures, config.failures_counter + 1,
+                                         config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    {:ok, %{config | failures_counter: config.failures_counter + 1}}
+  end
+
+  ## Printing
+
+  defp print_suite(config, run_us, load_us) do
+    IO.binwrite config[:file], "\n\n"
+    IO.binwrite config[:file], format_time(run_us, load_us)
+    IO.binwrite config[:file], "\n\n"
+
+    # singular/plural
+    test_pl = pluralize(config.tests_counter, "test", "tests")
+    failure_pl = pluralize(config.failures_counter, "failure", "failures")
+
+    message =
+      "#{config.tests_counter} #{test_pl}, #{config.failures_counter} #{failure_pl}"
+      |> if_true(config.skipped_counter > 0, & &1 <> ", #{config.skipped_counter} skipped")
+      |> if_true(config.invalids_counter > 0, & &1 <> ", #{config.invalids_counter} invalid")
+
+    cond do
+      config.failures_counter > 0 -> IO.binwrite config[:file], message
+      config.invalids_counter > 0 -> IO.binwrite config[:file], message
+      true                        -> IO.binwrite config[:file], message
+    end
+
+    IO.binwrite config[:file], "\nRandomized with seed #{config.seed}\n\n\n\n"
+  end
+
+  defp if_true(value, false, _fun), do: value
+  defp if_true(value, true, fun), do: fun.(value)
+
+  defp print_failure(formatted, config) do
+    IO.binwrite config[:file], "\n"
+    IO.binwrite config[:file], formatted
+    IO.binwrite config[:file], "\n"
+  end
+
+  defp formatter(_,  msg, _config),
+    do: msg
+
+  defp pluralize(1, singular, _plural), do: singular
+  defp pluralize(_, _singular, plural), do: plural
+
+  defp print_logs(""), do: nil
+
+  defp print_logs(output) do
+    indent = "\n     "
+    output = String.replace(output, "\n", indent)
+    IO.puts(["     The following output was logged:", indent | output])
+  end
+end
@@ -1,2 +0,0 @@
-defmodule Ejabberd do
-end
@@ -0,0 +1,119 @@
+defmodule Ejabberd.Config.Attr do
+  @moduledoc """
+  Module used to work with the attributes parsed from
+  an elixir block (do...end).
+
+  Contains functions for extracting attrs from a block
+  and validation.
+  """
+
+  @type attr :: {atom(), any()}
+
+  @attr_supported [
+    active:
+      [type: :boolean, default: true],
+    git:
+      [type: :string, default: ""],
+    name:
+      [type: :string, default: ""],
+    opts:
+      [type: :list, default: []],
+    dependency:
+      [type: :list, default: []]
+  ]
+
+  @doc """
+  Takes a block with annotations and extracts the list
+  of attributes.
+  """
+  @spec extract_attrs_from_block_with_defaults(any()) :: [attr]
+  def extract_attrs_from_block_with_defaults(block) do
+    block
+    |> extract_attrs_from_block
+    |> put_into_list_if_not_already
+    |> insert_default_attrs_if_missing
+  end
+
+  @doc """
+  Takes an attribute or a list of attrs and validate them.
+
+  Returns a {:ok, attr} or {:error, attr, cause} for each of the attributes.
+  """
+  @spec validate([attr]) :: [{:ok, attr}] | [{:error, attr, atom()}]
+  def validate(attrs) when is_list(attrs), do: Enum.map(attrs, &valid_attr?/1)
+  def validate(attr), do: validate([attr]) |> List.first
+
+  @doc """
+  Returns the type of an attribute, given its name.
+  """
+  @spec get_type_for_attr(atom()) :: atom()
+  def get_type_for_attr(attr_name) do
+    @attr_supported
+    |> Keyword.get(attr_name)
+    |> Keyword.get(:type)
+  end
+
+  @doc """
+  Returns the default value for an attribute, given its name.
+  """
+  @spec get_default_for_attr(atom()) :: any()
+  def get_default_for_attr(attr_name) do
+    @attr_supported
+    |> Keyword.get(attr_name)
+    |> Keyword.get(:default)
+  end
+
+  # Private API
+
+  # Given an elixir block (do...end) returns a list with the annotations
+  # or a single annotation.
+  @spec extract_attrs_from_block(any()) :: [attr] | attr
+  defp extract_attrs_from_block({:__block__, [], attrs}), do: Enum.map(attrs, &extract_attrs_from_block/1)
+  defp extract_attrs_from_block({:@, _, [attrs]}), do: extract_attrs_from_block(attrs)
+  defp extract_attrs_from_block({attr_name, _, [value]}), do: {attr_name, value}
+  defp extract_attrs_from_block(nil), do: []
+
+  # In case extract_attrs_from_block returns a single attribute,
+  # then put it into a list. (Ensures attrs are always into a list).
+  @spec put_into_list_if_not_already([attr] | attr) :: [attr]
+  defp put_into_list_if_not_already(attrs) when is_list(attrs), do: attrs
+  defp put_into_list_if_not_already(attr), do: [attr]
+
+  # Given a list of attributes, it inserts the missing attribute with their
+  # default value.
+  @spec insert_default_attrs_if_missing([attr]) :: [attr]
+  defp insert_default_attrs_if_missing(attrs) do
+    Enum.reduce @attr_supported, attrs, fn({attr_name, _}, acc) ->
+      case Keyword.has_key?(acc, attr_name) do
+        true -> acc
+        false -> Keyword.put(acc, attr_name, get_default_for_attr(attr_name))
+      end
+    end
+  end
+
+  # Given an attribute, validates it and return a tuple with
+  # {:ok, attr} or {:error, attr, cause}
+  @spec valid_attr?(attr) :: {:ok, attr} | {:error, attr, atom()}
+  defp valid_attr?({attr_name, param} = attr) do
+    case Keyword.get(@attr_supported, attr_name) do
+      nil -> {:error, attr, :attr_not_supported}
+      [{:type, param_type} | _] -> case is_of_type?(param, param_type) do
+        true -> {:ok, attr}
+        false -> {:error, attr, :type_not_supported}
+      end
+    end
+  end
+
+  # Given an attribute value and a type, it returns a true
+  # if the value its of the type specified, false otherwise.
+
+  # Usefoul for checking if an attr value respects the type
+  # specified for the annotation.
+  @spec is_of_type?(any(), atom()) :: boolean()
+  defp is_of_type?(param, type) when type == :boolean and is_boolean(param), do: true
+  defp is_of_type?(param, type) when type == :string and is_bitstring(param), do: true
+  defp is_of_type?(param, type) when type == :list and is_list(param), do: true
+  defp is_of_type?(param, type) when type == :atom and is_atom(param), do: true
+  defp is_of_type?(_param, type) when type == :any, do: true
+  defp is_of_type?(_, _), do: false
+end
@@ -0,0 +1,145 @@
+defmodule Ejabberd.Config do
+  @moduledoc """
+  Base module for configuration file.
+
+  Imports macros for the config DSL and contains functions
+  for working/starting the configuration parsed.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.EjabberdLogger
+
+  defmacro __using__(_opts) do
+    quote do
+      import Ejabberd.Config, only: :macros
+      import Ejabberd.Logger
+
+      @before_compile Ejabberd.Config
+    end
+  end
+
+  # Validate the modules parsed and log validation errors at compile time.
+  # Could be also possible to interrupt the compilation&execution by throwing
+  # an exception if necessary.
+  def __before_compile__(_env) do
+    get_modules_parsed_in_order
+    |> EjabberdModule.validate
+    |> EjabberdLogger.log_errors
+  end
+
+  @doc """
+  Given the path of the config file, it evaluates it.
+  """
+  def init(file_path, force \\ false) do
+    init_already_executed = Ejabberd.Config.Store.get(:module_name) != []
+
+    case force do
+      true ->
+        Ejabberd.Config.Store.stop
+        Ejabberd.Config.Store.start_link
+        do_init(file_path)
+      false ->
+        if not init_already_executed, do: do_init(file_path)
+    end
+  end
+
+  @doc """
+  Returns a list with all the opts, formatted for ejabberd.
+  """
+  def get_ejabberd_opts do
+    get_general_opts
+    |> Dict.put(:modules, get_modules_parsed_in_order())
+    |> Dict.put(:listeners, get_listeners_parsed_in_order())
+    |> Ejabberd.Config.OptsFormatter.format_opts_for_ejabberd
+  end
+
+  @doc """
+  Register the hooks defined inside the elixir config file.
+  """
+  def start_hooks do
+    get_hooks_parsed_in_order()
+    |> Enum.each(&Ejabberd.Config.EjabberdHook.start/1)
+  end
+
+  ###
+  ### MACROS
+  ###
+
+  defmacro listen(module, do: block) do
+    attrs = Attr.extract_attrs_from_block_with_defaults(block)
+
+    quote do
+      Ejabberd.Config.Store.put(:listeners, %EjabberdModule{
+        module: unquote(module),
+        attrs: unquote(attrs)
+      })
+    end
+  end
+
+  defmacro module(module, do: block) do
+    attrs = Attr.extract_attrs_from_block_with_defaults(block)
+
+    quote do
+      Ejabberd.Config.Store.put(:modules, %EjabberdModule{
+        module: unquote(module),
+        attrs: unquote(attrs)
+      })
+    end
+  end
+
+  defmacro hook(hook_name, opts, fun) do
+    quote do
+      Ejabberd.Config.Store.put(:hooks, %Ejabberd.Config.EjabberdHook{
+        hook: unquote(hook_name),
+        opts: unquote(opts),
+        fun: unquote(fun)
+      })
+    end
+  end
+
+  # Private API
+
+  defp do_init(file_path) do
+    # File evaluation
+    Code.eval_file(file_path) |> extract_and_store_module_name()
+
+    # Getting start/0 config
+    Ejabberd.Config.Store.get(:module_name)
+    |> case do
+      nil -> IO.puts "[ ERR ] Configuration module not found."
+      [module] -> call_start_func_and_store_data(module)
+    end
+
+    # Fetching git modules and install them
+    get_modules_parsed_in_order()
+    |> EjabberdModule.fetch_git_repos
+  end
+
+  # Returns the modules from the store
+  defp get_modules_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:modules) |> Enum.reverse
+
+  # Returns the listeners from the store
+  defp get_listeners_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:listeners) |> Enum.reverse
+
+  defp get_hooks_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:hooks) |> Enum.reverse
+
+  # Returns the general config options
+  defp get_general_opts,
+    do: Ejabberd.Config.Store.get(:general) |> List.first
+
+  # Gets the general ejabberd options calling
+  # the start/0 function and stores them.
+  defp call_start_func_and_store_data(module) do
+    opts = apply(module, :start, [])
+    Ejabberd.Config.Store.put(:general, opts)
+  end
+
+  # Stores the configuration module name
+  defp extract_and_store_module_name({{:module, mod, _bytes, _}, _}) do
+    Ejabberd.Config.Store.put(:module_name, mod)
+  end
+end
@@ -0,0 +1,23 @@
+defmodule Ejabberd.Config.EjabberdHook do
+  @moduledoc """
+  Module containing functions for manipulating
+  ejabberd hooks.
+  """
+
+  defstruct hook: nil, opts: [], fun: nil
+
+  alias Ejabberd.Config.EjabberdHook
+
+  @type t :: %EjabberdHook{}
+
+  @doc """
+  Register a hook to ejabberd.
+  """
+  @spec start(EjabberdHook.t) :: none
+  def start(%EjabberdHook{hook: hook, opts: opts, fun: fun}) do
+    host = Keyword.get(opts, :host, :global)
+    priority = Keyword.get(opts, :priority, 50)
+
+    :ejabberd_hooks.add(hook, host, fun, priority)
+  end
+end
@@ -0,0 +1,70 @@
+defmodule Ejabberd.Config.EjabberdModule do
+  @moduledoc """
+  Module representing a module block in the configuration file.
+  It offers functions for validation and for starting the modules.
+
+  Warning: The name is EjabberdModule to not collide with
+  the already existing Elixir.Module.
+  """
+
+  @type t :: %{module: atom, attrs: [Attr.t]}
+
+  defstruct [:module, :attrs]
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.Validation
+
+  @doc """
+  Given a list of modules / single module
+  it runs different validators on them.
+
+  For each module, returns a {:ok, mod} or {:error, mod, errors}
+  """
+  def validate(modules) do
+    Validation.validate(modules)
+  end
+
+  @doc """
+  Given a list of modules, it takes only the ones with
+  a git attribute and tries to fetch the repo,
+  then, it install them through :ext_mod.install/1
+  """
+  @spec fetch_git_repos([EjabberdModule.t]) :: none()
+  def fetch_git_repos(modules) do
+    modules
+    |> Enum.filter(&is_git_module?/1)
+    |> Enum.each(&fetch_and_install_git_module/1)
+  end
+
+  # Private API
+
+  defp is_git_module?(%EjabberdModule{attrs: attrs}) do
+    case Keyword.get(attrs, :git) do
+      "" -> false
+      repo -> String.match?(repo, ~r/((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?)([\w\.@\:\/\-~]+)(\.git)(\/)?/)
+    end
+  end
+
+  defp fetch_and_install_git_module(%EjabberdModule{attrs: attrs}) do
+    repo = Keyword.get(attrs, :git)
+    mod_name = case Keyword.get(attrs, :name) do
+      "" -> infer_mod_name_from_git_url(repo)
+      name -> name
+    end
+
+    path = "#{:ext_mod.modules_dir()}/sources/ejabberd-contrib\/#{mod_name}"
+    fetch_and_store_repo_source_if_not_exists(path, repo)
+    :ext_mod.install(mod_name) # Have to check if overwrites an already present mod
+  end
+
+  defp fetch_and_store_repo_source_if_not_exists(path, repo) do
+    unless File.exists?(path) do
+      IO.puts "[info] Fetching: #{repo}"
+      :os.cmd('git clone #{repo} #{path}')
+    end
+  end
+
+  defp infer_mod_name_from_git_url(repo),
+    do: String.split(repo, "/") |> List.last |> String.replace(".git", "")
+end
@@ -0,0 +1,32 @@
+defmodule Ejabberd.Config.EjabberdLogger do
+  @moduledoc """
+  Module used to log validation errors given validated modules
+  given validated modules.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Given a list of modules validated, in the form of {:ok, mod} or
+  {:error, mod, errors}, it logs to the user the errors found.
+  """
+  @spec log_errors([EjabberdModule.t]) :: [EjabberdModule.t]
+  def log_errors(modules_validated) when is_list(modules_validated) do
+    Enum.each modules_validated, &do_log_errors/1
+    modules_validated
+  end
+
+  defp do_log_errors({:ok, _mod}), do: nil
+  defp do_log_errors({:error, _mod, errors}), do: Enum.each errors, &do_log_errors/1
+  defp do_log_errors({:attribute, errors}), do: Enum.each errors, &log_attribute_error/1
+  defp do_log_errors({:dependency, errors}), do: Enum.each errors, &log_dependency_error/1
+
+  defp log_attribute_error({{attr_name, val}, :attr_not_supported}), do:
+    IO.puts "[ WARN ] Annotation @#{attr_name} is not supported."
+
+  defp log_attribute_error({{attr_name, val}, :type_not_supported}), do:
+    IO.puts "[ WARN ] Annotation @#{attr_name} with value #{inspect val} is not supported (type mismatch)."
+
+  defp log_dependency_error({module, :not_found}), do:
+    IO.puts "[ WARN ] Module #{inspect module} was not found, but is required as a dependency."
+end
@@ -0,0 +1,46 @@
+defmodule Ejabberd.Config.OptsFormatter do
+  @moduledoc """
+  Module for formatting options parsed into the format
+  ejabberd uses.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Takes a keyword list with keys corresponding to
+  the keys requested by the ejabberd config (ex: modules: mods)
+  and formats them to be correctly evaluated by ejabberd.
+
+  Look at how Config.get_ejabberd_opts/0 is constructed for
+  more informations.
+  """
+  @spec format_opts_for_ejabberd([{atom(), any()}]) :: list()
+  def format_opts_for_ejabberd(opts) do
+    opts
+    |> format_attrs_for_ejabberd
+  end
+
+  defp format_attrs_for_ejabberd(opts) when is_list(opts),
+    do: Enum.map opts, &format_attrs_for_ejabberd/1
+
+  defp format_attrs_for_ejabberd({:listeners, mods}),
+    do: {:listen, format_listeners_for_ejabberd(mods)}
+
+  defp format_attrs_for_ejabberd({:modules, mods}),
+    do: {:modules, format_mods_for_ejabberd(mods)}
+
+  defp format_attrs_for_ejabberd({key, opts}) when is_atom(key),
+    do: {key, opts}
+
+  defp format_mods_for_ejabberd(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      {mod, attrs[:opts]}
+    end
+  end
+
+  defp format_listeners_for_ejabberd(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      Keyword.put(attrs[:opts], :module, mod)
+    end
+  end
+end
@@ -0,0 +1,55 @@
+defmodule Ejabberd.Config.Store do
+  @moduledoc """
+    Module used for storing the modules parsed from
+    the configuration file.
+
+    Example:
+      - Store.put(:modules, mod1)
+      - Store.put(:modules, mod2)
+
+      - Store.get(:modules) :: [mod1, mod2]
+
+    Be carefoul: when retrieving data you get them
+    in the order inserted into the store, which normally
+    is the reversed order of how the modules are specified
+    inside the configuration file. To resolve this just use
+    a Enum.reverse/1.
+  """
+
+  @name __MODULE__
+
+  def start_link do
+    Agent.start_link(fn -> %{} end, name: @name)
+  end
+
+  @doc """
+  Stores a value based on the key. If the key already exists,
+  then it inserts the new element, maintaining all the others.
+  It uses a list for this.
+  """
+  @spec put(atom, any) :: :ok
+  def put(key, val) do
+    Agent.update @name, &Map.update(&1, key, [val], fn coll ->
+      [val | coll]
+    end)
+  end
+
+  @doc """
+  Gets a value based on the key passed.
+  Returns always a list.
+  """
+  @spec get(atom) :: [any]
+  def get(key) do
+    Agent.get @name, &Map.get(&1, key, [])
+  end
+
+  @doc """
+  Stops the store.
+  It uses Agent.stop underneath, so be aware that exit
+  could be called.
+  """
+  @spec stop() :: :ok
+  def stop do
+    Agent.stop @name
+  end
+end
@@ -0,0 +1,40 @@
+defmodule Ejabberd.Config.Validation do
+  @moduledoc """
+  Module used to validate a list of modules.
+  """
+
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+  @type mod_validation_result :: {:ok, EjabberdModule.t} | {:error, EjabberdModule.t, map}
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.Validator
+  alias Ejabberd.Config.ValidatorUtility
+
+  @doc """
+  Given a module or a list of modules it runs validators on them
+  and returns {:ok, mod} or {:error, mod, errors}, for each
+  of them.
+  """
+  @spec validate([EjabberdModule.t] | EjabberdModule.t) :: [mod_validation_result]
+  def validate(modules) when is_list(modules), do: Enum.map(modules, &do_validate(modules, &1))
+  def validate(module), do: validate([module])
+
+  # Private API
+
+  @spec do_validate([EjabberdModule.t], EjabberdModule.t) :: mod_validation_result
+  defp do_validate(modules, mod) do
+    {modules, mod, %{}}
+    |> Validator.Attrs.validate
+    |> Validator.Dependencies.validate
+    |> resolve_validation_result
+  end
+
+  @spec resolve_validation_result(mod_validation) :: mod_validation_result
+  defp resolve_validation_result({_modules, mod, errors}) do
+    case errors do
+      err when err == %{} -> {:ok, mod}
+      err -> {:error, mod, err}
+    end
+  end
+end
@@ -0,0 +1,28 @@
+defmodule Ejabberd.Config.Validator.Attrs do
+  @moduledoc """
+  Validator module used to validate attributes.
+  """
+
+  # TODO: Duplicated from validator.ex !!!
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+
+  import Ejabberd.Config.ValidatorUtility
+  alias Ejabberd.Config.Attr
+
+  @doc """
+  Given a module (with the form used for validation)
+  it runs Attr.validate/1 on each attribute and
+  returns the validation tuple with the errors updated, if found.
+  """
+  @spec validate(mod_validation) :: mod_validation
+  def validate({modules, mod, errors}) do
+    errors = Enum.reduce mod.attrs, errors, fn(attr, err) ->
+      case Attr.validate(attr) do
+        {:ok, attr} -> err
+        {:error, attr, cause} -> put_error(err, :attribute, {attr, cause})
+      end
+    end
+
+    {modules, mod, errors}
+  end
+end
@@ -0,0 +1,30 @@
+defmodule Ejabberd.Config.Validator.Dependencies do
+  @moduledoc """
+  Validator module used to validate dependencies specified
+  with the @dependency annotation.
+  """
+
+  # TODO: Duplicated from validator.ex !!!
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+  import Ejabberd.Config.ValidatorUtility
+
+  @doc """
+  Given a module (with the form used for validation)
+  it checks if the @dependency annotation is respected and
+  returns the validation tuple with the errors updated, if found.
+  """
+  @spec validate(mod_validation) :: mod_validation
+  def validate({modules, mod, errors}) do
+    module_names = extract_module_names(modules)
+    dependencies = mod.attrs[:dependency]
+
+    errors = Enum.reduce dependencies, errors, fn(req_module, err) ->
+      case req_module in module_names do
+        true -> err
+        false -> put_error(err, :dependency, {req_module, :not_found})
+      end
+    end
+
+    {modules, mod, errors}
+  end
+end
@@ -0,0 +1,30 @@
+defmodule Ejabberd.Config.ValidatorUtility do
+  @moduledoc """
+  Module used as a base validator for validation modules.
+  Imports utility functions for working with validation structures.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Inserts an error inside the errors collection, for the given key.
+  If the key doesn't exists then it creates an empty collection
+  and inserts the value passed.
+  """
+  @spec put_error(map, atom, any) :: map
+  def put_error(errors, key, val) do
+    Map.update errors, key, [val], fn coll ->
+      [val | coll]
+    end
+  end
+
+  @doc """
+  Given a list of modules it extracts and returns a list
+  of the module names (which are Elixir.Module).
+  """
+  @spec extract_module_names(EjabberdModule.t) :: [atom]
+  def extract_module_names(modules) when is_list(modules) do
+    modules
+    |> Enum.map(&Map.get(&1, :module))
+  end
+end
@@ -0,0 +1,18 @@
+defmodule Ejabberd.ConfigUtil do
+  @moduledoc """
+  Module containing utility functions for
+  the config file.
+  """
+
+  @doc """
+  Returns true when the config file is based on elixir.
+  """
+  @spec is_elixir_config(list) :: boolean
+  def is_elixir_config(filename) when is_list(filename) do
+    is_elixir_config(to_string(filename))
+  end
+
+  def is_elixir_config(filename) do
+    String.ends_with?(filename, "exs")
+  end
+end
@@ -0,0 +1,19 @@
+defmodule Ejabberd.Module do
+
+  defmacro __using__(opts) do
+    logger_enabled = Keyword.get(opts, :logger, true)
+
+    quote do
+      @behaviour :gen_mod
+      import Ejabberd.Module
+
+      unquote(if logger_enabled do
+        quote do: import Ejabberd.Logger
+      end)
+    end
+  end
+
+  # gen_mod callbacks
+  def depends(_host, _opts), do: []
+  def mod_opt_type(_), do: []
+end
@@ -0,0 +1,94 @@
+defmodule Mix.Tasks.Ejabberd.Deps.Tree do
+  use Mix.Task
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @shortdoc "Lists all ejabberd modules and their dependencies"
+
+  @moduledoc """
+  Lists all ejabberd modules and their dependencies.
+
+  The project must have ejabberd as a dependency.
+  """
+
+  def run(_argv) do
+    # First we need to start manually the store to be available
+    # during the compilation of the config file.
+    Ejabberd.Config.Store.start_link
+    Ejabberd.Config.init(:ejabberd_config.get_ejabberd_config_path())
+
+    Mix.shell.info "ejabberd modules"
+
+    Ejabberd.Config.Store.get(:modules)
+    |> Enum.reverse # Because of how mods are stored inside the store
+    |> format_mods
+    |> Mix.shell.info
+  end
+
+  defp format_mods(mods) when is_list(mods) do
+    deps_tree = build_dependency_tree(mods)
+    mods_used_as_dependency = get_mods_used_as_dependency(deps_tree)
+
+    keep_only_mods_not_used_as_dep(deps_tree, mods_used_as_dependency)
+    |> format_mods_into_string
+  end
+
+  defp build_dependency_tree(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      deps = attrs[:dependency]
+      build_dependency_tree(mods, mod, deps)
+    end
+  end
+
+  defp build_dependency_tree(mods, mod, []), do: %{module: mod, dependency: []}
+  defp build_dependency_tree(mods, mod, deps) when is_list(deps) do
+    dependencies = Enum.map deps, fn dep ->
+      dep_deps = get_dependencies_of_mod(mods, dep)
+      build_dependency_tree(mods, dep, dep_deps)
+    end
+
+    %{module: mod, dependency: dependencies}
+  end
+
+  defp get_mods_used_as_dependency(mods) when is_list(mods) do
+    Enum.reduce mods, [], fn(mod, acc) ->
+      case mod do
+        %{dependency: []} -> acc
+        %{dependency: deps} -> get_mod_names(deps) ++ acc
+      end
+    end
+  end
+
+  defp get_mod_names([]), do: []
+  defp get_mod_names(mods) when is_list(mods), do: Enum.map(mods, &get_mod_names/1) |> List.flatten
+  defp get_mod_names(%{module: mod, dependency: deps}), do: [mod | get_mod_names(deps)]
+
+  defp keep_only_mods_not_used_as_dep(mods, mods_used_as_dep) do
+    Enum.filter mods, fn %{module: mod} ->
+      not mod in mods_used_as_dep
+    end
+  end
+
+  defp get_dependencies_of_mod(deps, mod_name) do
+    Enum.find(deps, &(Map.get(&1, :module) == mod_name))
+    |> Map.get(:attrs)
+    |> Keyword.get(:dependency)
+  end
+
+  defp format_mods_into_string(mods), do: format_mods_into_string(mods, 0)
+  defp format_mods_into_string([], _indentation), do: ""
+  defp format_mods_into_string(mods, indentation) when is_list(mods) do
+    Enum.reduce mods, "", fn(mod, acc) ->
+      acc <> format_mods_into_string(mod, indentation)
+    end
+  end
+
+  defp format_mods_into_string(%{module: mod, dependency: deps}, 0) do
+    "\n├── #{mod}" <> format_mods_into_string(deps,  2)
+  end
+
+  defp format_mods_into_string(%{module: mod, dependency: deps}, indentation) do
+    spaces = Enum.reduce 0..indentation, "", fn(_, acc) -> " " <> acc end
+    "\n│#{spaces}└── #{mod}" <> format_mods_into_string(deps, indentation + 4)
+  end
+end
@@ -1,21 +1,20 @@
 defmodule ModPresenceDemo do
-  import Ejabberd.Logger # this allow using info, error, etc for logging
-  @behaviour :gen_mod
+  use Ejabberd.Module

  def start(host, _opts) do
    info('Starting ejabberd module Presence Demo')
-    Ejabberd.Hooks.add(:set_presence_hook, host, __ENV__.module, :on_presence, 50)
+    Ejabberd.Hooks.add(:set_presence_hook, host, __MODULE__, :on_presence, 50)
    :ok
  end
-  
+
  def stop(host) do
    info('Stopping ejabberd module Presence Demo')
-    Ejabberd.Hooks.delete(:set_presence_hook, host, __ENV__.module, :on_presence, 50)
+    Ejabberd.Hooks.delete(:set_presence_hook, host, __MODULE__, :on_presence, 50)
    :ok
  end
-  
+
  def on_presence(user, _server, _resource, _packet) do
    info('Receive presence for #{user}')
    :none
-  end 
+  end
 end
@@ -3,14 +3,16 @@ defmodule Ejabberd.Mixfile do

  def project do
    [app: :ejabberd,
-     version: "16.01.0-beta1",
+     version: "16.08.0",
     description: description,
-     elixir: "~> 1.1",
+     elixir: "~> 1.2",
     elixirc_paths: ["lib"],
     compile_path: ".",
     compilers: [:asn1] ++ Mix.compilers,
     erlc_options: erlc_options,
     erlc_paths: ["asn1", "src"],
+     # Elixir tests are starting the part of ejabberd they need
+     aliases: [test: "test --no-start"],
     package: package,
     deps: deps]
  end
@@ -27,7 +29,7 @@ defmodule Ejabberd.Mixfile do
     included_applications: [:lager, :mnesia, :p1_utils, :cache_tab,
                             :fast_tls, :stringprep, :fast_xml,
                             :stun, :fast_yaml, :ezlib, :iconv,
-                             :esip, :jiffy, :p1_oauth2, :p1_xmlrpc, :eredis,
+                             :esip, :jiffy, :p1_oauth2, :eredis,
                             :p1_mysql, :p1_pgsql, :sqlite3]]
  end

@@ -38,7 +40,7 @@ defmodule Ejabberd.Mixfile do
  end

  defp deps do
-    [{:lager, "~> 3.0"},
+    [{:lager, "~> 3.2"},
     {:p1_utils, "~> 1.0"},
     {:cache_tab, "~> 1.0"},
     {:stringprep, "~> 1.0"},
@@ -49,14 +51,19 @@ defmodule Ejabberd.Mixfile do
     {:esip, "~> 1.0"},
     {:jiffy, "~> 0.14.7"},
     {:p1_oauth2, "~> 0.6.1"},
-     {:p1_xmlrpc, "~> 1.15"},
     {:p1_mysql, "~> 1.0"},
-     {:p1_pgsql, "~> 1.0"},
+     {:p1_pgsql, "~> 1.1"},
     {:sqlite3, "~> 1.1"},
     {:ezlib, "~> 1.0"},
     {:iconv, "~> 1.0"},
     {:eredis, "~> 1.0"},
-     {:exrm, "~> 1.0.0-rc7", only: :dev}]
+     {:exrm, "~> 1.0.0", only: :dev},
+     # relx is used by exrm. Lock version as for now, ejabberd doesn not compile fine with
+     # version 3.20:
+     {:relx, "~> 3.21", only: :dev},
+     {:ex_doc, ">= 0.0.0", only: :dev},
+     {:meck, "~> 0.8.4", only: :test},
+     {:moka, github: "processone/moka", tag: "1.0.5c", only: :test}]
  end

  defp package do
@@ -1,25 +1,30 @@
-%{"bbmustache": {:hex, :bbmustache, "1.0.3"},
-  "cache_tab": {:hex, :cache_tab, "1.0.2"},
-  "eredis": {:hex, :eredis, "1.0.8"},
-  "erlware_commons": {:hex, :erlware_commons, "0.15.0"},
-  "esip": {:hex, :esip, "1.0.2"},
-  "exrm": {:hex, :exrm, "1.0.0-rc7"},
-  "ezlib": {:hex, :ezlib, "1.0.1"},
-  "fast_tls": {:hex, :fast_tls, "1.0.1"},
-  "fast_xml": {:hex, :fast_xml, "1.1.3"},
-  "fast_yaml": {:hex, :fast_yaml, "1.0.2"},
-  "getopt": {:hex, :getopt, "0.8.2"},
-  "goldrush": {:hex, :goldrush, "0.1.7"},
-  "iconv": {:hex, :iconv, "1.0.0"},
-  "jiffy": {:hex, :jiffy, "0.14.7"},
-  "lager": {:hex, :lager, "3.0.2"},
-  "p1_mysql": {:hex, :p1_mysql, "1.0.1"},
-  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1"},
-  "p1_pgsql": {:hex, :p1_pgsql, "1.0.1"},
-  "p1_utils": {:hex, :p1_utils, "1.0.3"},
-  "p1_xmlrpc": {:hex, :p1_xmlrpc, "1.15.1"},
-  "providers": {:hex, :providers, "1.4.1"},
-  "relx": {:hex, :relx, "3.5.0"},
-  "sqlite3": {:hex, :sqlite3, "1.1.5"},
-  "stringprep": {:hex, :stringprep, "1.0.2"},
-  "stun": {:hex, :stun, "1.0.1"}}
+%{"bbmustache": {:hex, :bbmustache, "1.0.4", "7ba94f971c5afd7b6617918a4bb74705e36cab36eb84b19b6a1b7ee06427aa38", [:rebar], []},
+  "cache_tab": {:hex, :cache_tab, "1.0.4", "3fd2b1ab40c36e7830a4e09e836c6b0fa89191cd4e5fd471873e4eb42f5cd37c", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "cf": {:hex, :cf, "0.2.1", "69d0b1349fd4d7d4dc55b7f407d29d7a840bf9a1ef5af529f1ebe0ce153fc2ab", [:rebar3], []},
+  "earmark": {:hex, :earmark, "1.0.1", "2c2cd903bfdc3de3f189bd9a8d4569a075b88a8981ded9a0d95672f6e2b63141", [:mix], []},
+  "eredis": {:hex, :eredis, "1.0.8", "ab4fda1c4ba7fbe6c19c26c249dc13da916d762502c4b4fa2df401a8d51c5364", [:rebar], []},
+  "erlware_commons": {:hex, :erlware_commons, "0.21.0", "a04433071ad7d112edefc75ac77719dd3e6753e697ac09428fc83d7564b80b15", [:rebar3], [{:cf, "0.2.1", [hex: :cf, optional: false]}]},
+  "esip": {:hex, :esip, "1.0.8", "69885a6c07964aabc6c077fe1372aa810a848bd3d9a415b160dabdce9c7a79b5", [:rebar3], [{:fast_tls, "1.0.7", [hex: :fast_tls, optional: false]}, {:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}, {:stun, "1.0.7", [hex: :stun, optional: false]}]},
+  "ex_doc": {:hex, :ex_doc, "0.13.0", "aa2f8fe4c6136a2f7cfc0a7e06805f82530e91df00e2bff4b4362002b43ada65", [:mix], [{:earmark, "~> 1.0", [hex: :earmark, optional: false]}]},
+  "exrm": {:hex, :exrm, "1.0.8", "5aa8990cdfe300282828b02cefdc339e235f7916388ce99f9a1f926a9271a45d", [:mix], [{:relx, "~> 3.5", [hex: :relx, optional: false]}]},
+  "ezlib": {:hex, :ezlib, "1.0.1", "add8b2770a1a70c174aaea082b4a8668c0c7fdb03ee6cc81c6c68d3a6c3d767d", [:rebar3], []},
+  "fast_tls": {:hex, :fast_tls, "1.0.7", "9b72ecfcdcad195ab072c196fab8334f49d8fea76bf1a51f536d69e7527d902a", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "fast_xml": {:hex, :fast_xml, "1.1.15", "6d23eb7f874e1357cf80a48d75a7bd0c8f6318029dc4b70122e9f54911f57f83", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "fast_yaml": {:hex, :fast_yaml, "1.0.6", "3fe6feb7935ae8028b337e53e1db29e73ad3bca8041108f6a8f73b7175ece75c", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "getopt": {:hex, :getopt, "0.8.2", "b17556db683000ba50370b16c0619df1337e7af7ecbf7d64fbf8d1d6bce3109b", [:rebar], []},
+  "goldrush": {:hex, :goldrush, "0.1.8", "2024ba375ceea47e27ea70e14d2c483b2d8610101b4e852ef7f89163cdb6e649", [:rebar3], []},
+  "iconv": {:hex, :iconv, "1.0.2", "a0792f06ab4b5ea1b5bb49789405739f1281a91c44cf3879cb70e4d777666217", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "jiffy": {:hex, :jiffy, "0.14.7", "9f33b893edd6041ceae03bc1e50b412e858cc80b46f3d7535a7a9940a79a1c37", [:rebar, :make], []},
+  "lager": {:hex, :lager, "3.2.1", "eef4e18b39e4195d37606d9088ea05bf1b745986cf8ec84f01d332456fe88d17", [:rebar3], [{:goldrush, "0.1.8", [hex: :goldrush, optional: false]}]},
+  "meck": {:hex, :meck, "0.8.4", "59ca1cd971372aa223138efcf9b29475bde299e1953046a0c727184790ab1520", [:rebar, :make], []},
+  "moka": {:git, "https://github.com/processone/moka.git", "3eed3a6dd7dedb70a6cd18f86c7561a18626eb3b", [tag: "1.0.5c"]},
+  "p1_mysql": {:hex, :p1_mysql, "1.0.1", "d2be1cfc71bb4f1391090b62b74c3f5cb8e7a45b0076b8cb290cd6b2856c581b", [:rebar3], []},
+  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1", "4e021250cc198c538b097393671a41e7cebf463c248980320e038fe0316eb56b", [:rebar3], []},
+  "p1_pgsql": {:hex, :p1_pgsql, "1.1.0", "ca525c42878eac095e5feb19563acc9915c845648f48fdec7ba6266c625d4ac7", [:rebar3], []},
+  "p1_utils": {:hex, :p1_utils, "1.0.5", "3e698354fdc1fea5491d991457b0cb986c0a00a47d224feb841dc3ec82b9f721", [:rebar3], []},
+  "providers": {:hex, :providers, "1.6.0", "db0e2f9043ae60c0155205fcd238d68516331d0e5146155e33d1e79dc452964a", [:rebar3], [{:getopt, "0.8.2", [hex: :getopt, optional: false]}]},
+  "relx": {:hex, :relx, "3.21.0", "91e1ea9f09b4edfda8461901f4b5c5e0226e43ec161e147eeab29f7761df6eb5", [:rebar3], [{:bbmustache, "1.0.4", [hex: :bbmustache, optional: false]}, {:cf, "0.2.1", [hex: :cf, optional: false]}, {:erlware_commons, "0.21.0", [hex: :erlware_commons, optional: false]}, {:getopt, "0.8.2", [hex: :getopt, optional: false]}, {:providers, "1.6.0", [hex: :providers, optional: false]}]},
+  "samerlib": {:git, "https://github.com/processone/samerlib", "fbbba035b1548ac4e681df00d61bf609645333a0", [tag: "0.8.0c"]},
+  "sqlite3": {:hex, :sqlite3, "1.1.5", "794738b6d07b6d36ec6d42492cb9d629bad9cf3761617b8b8d728e765db19840", [:rebar3], []},
+  "stringprep": {:hex, :stringprep, "1.0.6", "1cf1c439eb038aa590da5456e019f86afbfbfeb5a2d37b6e5f873041624c6701", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "stun": {:hex, :stun, "1.0.7", "904dc6f26a3c30c54881c4c3003699f2a4968067ee6b3aecdf9895aad02df75e", [:rebar3], [{:fast_tls, "1.0.7", [hex: :fast_tls, optional: false]}, {:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]}}
@@ -1,7 +1,7 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: 2.1.0-alpha\n"
-"Last-Translator: Carlos E. Lopez - suso AT jabber-hispano.org\n"
+"Project-Id-Version: 16.02\n"
+"Last-Translator: Carlos E. Lopez - carlos AT suchat.org\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -9,7 +9,7 @@ msgstr ""

 #: ejabberd_c2s.erl:505 ejabberd_c2s.erl:853
 msgid "Use of STARTTLS required"
-msgstr "É obrigatorio usar STARTTLS"
+msgstr "Requírese o uso de STARTTLS"

 #: ejabberd_c2s.erl:604
 msgid "No resource provided"
@@ -26,11 +26,11 @@ msgstr "foi expulsado"

 #: ejabberd_c2s.erl:2114
 msgid "Your active privacy list has denied the routing of this stanza."
-msgstr ""
+msgstr "A súa lista de privacidade activa negou o encaminamiento desta estrofa."

 #: ejabberd_c2s.erl:2429
 msgid "Too many unacked stanzas"
-msgstr ""
+msgstr "Demasiadas mensaxes sen recoñecer recibilos"

 #: ejabberd_captcha.erl:122 ejabberd_captcha.erl:245 ejabberd_captcha.erl:284
 msgid "Enter the text you see"
@@ -43,11 +43,11 @@ msgstr ""

 #: ejabberd_captcha.erl:192
 msgid "If you don't see the CAPTCHA image here, visit the web page."
-msgstr ""
+msgstr "Si non ves a imaxe CAPTCHA aquí, visita a páxina web."

 #: ejabberd_captcha.erl:227
 msgid "CAPTCHA web page"
-msgstr ""
+msgstr "CAPTCHA páxina Web"

 #: ejabberd_captcha.erl:381
 msgid "The CAPTCHA is valid."
@@ -59,9 +59,8 @@ msgid "User"
 msgstr "Usuario"

 #: ejabberd_oauth.erl:256
-#, fuzzy
 msgid "Server"
-msgstr "Servidor ~b"
+msgstr "Servidor"

 #: ejabberd_oauth.erl:259 ejabberd_web_admin.erl:1408 mod_configure.erl:1398
 #: mod_configure.erl:1485 mod_configure.erl:1889 mod_configure.erl:2123
@@ -71,7 +70,7 @@ msgstr "Contrasinal"

 #: ejabberd_oauth.erl:267
 msgid "Accept"
-msgstr ""
+msgstr "Aceptar"

 #: ejabberd_web_admin.erl:202 ejabberd_web_admin.erl:214
 #: ejabberd_web_admin.erl:234 ejabberd_web_admin.erl:246
@@ -238,7 +237,6 @@ msgid "Outgoing s2s Connections:"
 msgstr "Conexións S2S saíntes:"

 #: ejabberd_web_admin.erl:1559
-#, fuzzy
 msgid "Incoming s2s Connections:"
 msgstr "Conexións S2S saíntes:"

@@ -253,9 +251,8 @@ msgid "Change Password"
 msgstr "Cambiar contrasinal"

 #: ejabberd_web_admin.erl:1673
-#, fuzzy
 msgid "User ~s"
-msgstr "Usuario "
+msgstr "Usuario ~s"

 #: ejabberd_web_admin.erl:1684
 msgid "Connected Resources:"
@@ -287,9 +284,8 @@ msgid "Stopped Nodes"
 msgstr "Nodos detidos"

 #: ejabberd_web_admin.erl:1833 ejabberd_web_admin.erl:1858
-#, fuzzy
 msgid "Node ~p"
-msgstr "Nodo "
+msgstr "Nodo ~p"

 #: ejabberd_web_admin.erl:1842 mod_configure.erl:150 mod_configure.erl:611
 msgid "Database"
@@ -297,7 +293,7 @@ msgstr "Base de datos"

 #: ejabberd_web_admin.erl:1843 mod_configure.erl:159 mod_configure.erl:648
 msgid "Backup"
-msgstr "Gardar copia de seguridade"
+msgstr "Copia de seguridade"

 #: ejabberd_web_admin.erl:1845
 msgid "Listened Ports"
@@ -326,9 +322,8 @@ msgid "RPC Call Error"
 msgstr "Erro na chamada RPC"

 #: ejabberd_web_admin.erl:1917
-#, fuzzy
 msgid "Database Tables at ~p"
-msgstr "Táboas da base de datos en "
+msgstr "Táboas da base de datos en ~p"

 #: ejabberd_web_admin.erl:1927 mod_vcard.erl:490 mod_vcard.erl:616
 msgid "Name"
@@ -336,7 +331,7 @@ msgstr "Nome"

 #: ejabberd_web_admin.erl:1928
 msgid "Storage Type"
-msgstr "Tipo de almacenamiento"
+msgstr "Tipo de almacenamento"

 #: ejabberd_web_admin.erl:1929
 msgid "Elements"
@@ -351,9 +346,8 @@ msgid "Error"
 msgstr "Erro"

 #: ejabberd_web_admin.erl:1955
-#, fuzzy
 msgid "Backup of ~p"
-msgstr "Copia de seguridade de "
+msgstr "Copia de seguridade de ~p"

 #: ejabberd_web_admin.erl:1959
 msgid ""
@@ -387,7 +381,7 @@ msgid ""
 "Restore binary backup after next ejabberd restart (requires less memory):"
 msgstr ""
 "Restaurar copia de seguridade binaria no seguinte reinicio de ejabberd "
-"(require menos memoria que se instantánea):"
+"(require menos memoria):"

 #: ejabberd_web_admin.erl:1999
 msgid "Store plain text backup:"
@@ -399,7 +393,7 @@ msgstr "Restaurar copias de seguridade de texto plano inmediatamente:"

 #: ejabberd_web_admin.erl:2019
 msgid "Import users data from a PIEFXIS file (XEP-0227):"
-msgstr "Importar usuarios desde un fichero PIEFXIS"
+msgstr "Importar usuarios en un fichero PIEFXIS (XEP-0227):"

 #: ejabberd_web_admin.erl:2032
 msgid "Export data of all users in the server to PIEFXIS files (XEP-0227):"
@@ -409,17 +403,15 @@ msgstr ""

 #: ejabberd_web_admin.erl:2044
 msgid "Export data of users in a host to PIEFXIS files (XEP-0227):"
-msgstr ""
-"Exportar datos de todos os usuarios do servidor a ficheros PIEFXIS "
-"(XEP-0227):"
+msgstr "Exportar datos dos usuarios dun dominio a ficheiros PIEFXIS (XEP-0227):"

 #: ejabberd_web_admin.erl:2060
 msgid "Export all tables as SQL queries to a file:"
-msgstr ""
+msgstr "Exportar todas as táboas a un ficheiro SQL:"

 #: ejabberd_web_admin.erl:2076
 msgid "Import user data from jabberd14 spool file:"
-msgstr "Importar usuario de fichero spool de jabberd14:"
+msgstr "Importar usuario de ficheiro spool de jabberd14:"

 #: ejabberd_web_admin.erl:2087
 msgid "Import users data from jabberd14 spool directory:"
@@ -430,9 +422,8 @@ msgid "Listened Ports at "
 msgstr "Portos de escoita en "

 #: ejabberd_web_admin.erl:2144
-#, fuzzy
 msgid "Modules at ~p"
-msgstr "Módulos en "
+msgstr "Módulos en ~p"

 #: ejabberd_web_admin.erl:2175
 msgid "Statistics of ~p"
@@ -463,9 +454,8 @@ msgid "Transactions Logged:"
 msgstr "Transaccións rexistradas:"

 #: ejabberd_web_admin.erl:2243
-#, fuzzy
 msgid "Update ~p"
-msgstr "Actualizar"
+msgstr "Actualizar ~p"

 #: ejabberd_web_admin.erl:2254
 msgid "Update plan"
@@ -525,7 +515,7 @@ msgstr "Pong"

 #: mod_announce.erl:523
 msgid "Really delete message of the day?"
-msgstr "Está seguro de quere borrar a mensaxe do dia?"
+msgstr "¿Está seguro que quere borrar a mensaxe do dia?"

 #: mod_announce.erl:536 mod_configure.erl:1238 mod_configure.erl:1298
 msgid "Subject"
@@ -553,7 +543,7 @@ msgstr "Enviar anuncio a todos os usuarios en todos os dominios"

 #: mod_announce.erl:668
 msgid "Send announcement to all online users"
-msgstr "Enviar anuncio a todos los usuarios conectados"
+msgstr "Enviar anuncio a todos os usuarios conectados"

 #: mod_announce.erl:670 mod_configure.erl:1231 mod_configure.erl:1291
 msgid "Send announcement to all online users on all hosts"
@@ -595,7 +585,7 @@ msgstr "Iniciar módulos"

 #: mod_configure.erl:156 mod_configure.erl:638
 msgid "Stop Modules"
-msgstr "Detener módulos"
+msgstr "Deter módulos"

 #: mod_configure.erl:162 mod_configure.erl:650
 msgid "Restore"
@@ -844,18 +834,20 @@ msgid ""
 "Too many (~p) failed authentications from this IP address (~s). The address "
 "will be unblocked at ~s UTC"
 msgstr ""
+"Demasiados (~p) fallou autenticaciones desde esta dirección IP (~s). A dirección "
+"será desbloqueada as ~s UTC"

 #: mod_http_upload.erl:586
 msgid "Please specify file size."
-msgstr ""
+msgstr "Por favor, especifica o tamaño do arquivo"

 #: mod_http_upload.erl:590
 msgid "Please specify file name."
-msgstr ""
+msgstr "Por favor, indique o nome do arquivo."

 #: mod_ip_blacklist.erl:121
 msgid "This IP address is blacklisted in ~s"
-msgstr ""
+msgstr "Esta dirección IP está na lista negra en ~s"

 #: mod_irc.erl:220 mod_muc.erl:467
 msgid "Access denied by service policy"
@@ -884,8 +876,8 @@ msgid ""
 "Enter username, encodings, ports and passwords you wish to use for "
 "connecting to IRC servers"
 msgstr ""
-"Introduza o nome de usuario, codificaciones de carácter, portos e "
-"contrasinal que pretende utilizar a conectar a servidores de IRC"
+"Introduce o nome de usuario, codificaciones de carácteres, portos e "
+"contrasinai que queiras usar ao conectar nos servidores de IRC"

 #: mod_irc.erl:667
 msgid "IRC Username"
@@ -970,9 +962,8 @@ msgid "Server ~b"
 msgstr "Servidor ~b"

 #: mod_mam.erl:541
-#, fuzzy
 msgid "Only members may query archives of this room"
-msgstr "Só os moderadores están autorizados a cambiar o tema nesta sala"
+msgstr "Só membros poden consultar o arquivo de mensaxes da sala"

 #: mod_muc.erl:585
 msgid "Only service administrators are allowed to send service messages"
@@ -994,10 +985,9 @@ msgstr "Salas de charla"

 #: mod_muc.erl:781
 msgid "Empty Rooms"
-msgstr ""
+msgstr "Salas baleiras"

 #: mod_muc.erl:933
-#, fuzzy
 msgid "You need a client that supports x:data to register the nickname"
 msgstr ""
 "Necesitas un cliente con soporte de x:data para poder rexistrar o alcume"
@@ -1030,34 +1020,31 @@ msgstr "Módulo de MUC para ejabberd"
 #: mod_muc_admin.erl:231 mod_muc_admin.erl:234 mod_muc_admin.erl:246
 #: mod_muc_admin.erl:320
 msgid "Multi-User Chat"
-msgstr ""
+msgstr "Salas de Charla"

 #: mod_muc_admin.erl:249
-#, fuzzy
 msgid "Total rooms"
-msgstr "Salas de charla"
+msgstr "Salas totais"

 #: mod_muc_admin.erl:250
-#, fuzzy
 msgid "Permanent rooms"
-msgstr "sae da sala"
+msgstr "Salas permanentes"

 #: mod_muc_admin.erl:251
-#, fuzzy
 msgid "Registered nicknames"
-msgstr "Usuarios rexistrados"
+msgstr "Alcumes rexistrados"

 #: mod_muc_admin.erl:254
 msgid "List of rooms"
-msgstr ""
+msgstr "Lista de salas"

 #: mod_muc_log.erl:398 mod_muc_log.erl:407
 msgid "Chatroom configuration modified"
-msgstr "Configuración de la sala modificada"
+msgstr "Configuración da sala modificada"

 #: mod_muc_log.erl:410
 msgid "joins the room"
-msgstr "entra en la sala"
+msgstr "entra na sala"

 #: mod_muc_log.erl:413 mod_muc_log.erl:416
 msgid "leaves the room"
@@ -1077,7 +1064,7 @@ msgstr "foi expulsado, porque a sala cambiouse a só-membros"

 #: mod_muc_log.erl:445
 msgid "has been kicked because of a system shutdown"
-msgstr "foi expulsado por mor dun sistema de peche"
+msgstr "foi expulsado porque o sistema vaise a deter"

 #: mod_muc_log.erl:450
 msgid "is now known as"
@@ -1088,24 +1075,20 @@ msgid " has set the subject to: "
 msgstr " puxo o asunto: "

 #: mod_muc_log.erl:493
-#, fuzzy
 msgid "Chatroom is created"
-msgstr "Salas de charla"
+msgstr "Creouse a sala"

 #: mod_muc_log.erl:495
-#, fuzzy
 msgid "Chatroom is destroyed"
-msgstr "Salas de charla"
+msgstr "Destruíuse a sala"

 #: mod_muc_log.erl:497
-#, fuzzy
 msgid "Chatroom is started"
-msgstr "Salas de charla"
+msgstr "Iniciouse a sala"

 #: mod_muc_log.erl:499
-#, fuzzy
 msgid "Chatroom is stopped"
-msgstr "Salas de charla"
+msgstr "Detívose a sala"

 #: mod_muc_log.erl:503
 msgid "Monday"
@@ -1200,6 +1183,8 @@ msgid ""
 "It is not allowed to send error messages to the room. The participant (~s) "
 "has sent an error message (~s) and got kicked from the room"
 msgstr ""
+"Non está permitido enviar mensaxes de erro á sala. Este participante (~s) "
+"enviou unha mensaxe de erro (~s) e foi expulsado da sala"

 #: mod_muc_room.erl:241
 msgid "It is not allowed to send private messages to the conference"
@@ -1207,20 +1192,19 @@ msgstr "Impedir o envio de mensaxes privadas á sala"

 #: mod_muc_room.erl:316
 msgid "Please, wait for a while before sending new voice request"
-msgstr ""
+msgstr "Por favor, espera un pouco antes de enviar outra petición de voz"

 #: mod_muc_room.erl:329
 msgid "Voice requests are disabled in this conference"
-msgstr ""
+msgstr "As peticións de voz están desactivadas nesta sala"

 #: mod_muc_room.erl:347
 msgid "Failed to extract JID from your voice request approval"
-msgstr ""
+msgstr "Fallo ao extraer o Jabber ID da túa aprobación de petición de voz"

 #: mod_muc_room.erl:377
-#, fuzzy
 msgid "Only moderators can approve voice requests"
-msgstr "Permitir aos usuarios enviar invitacións"
+msgstr "Só os moderadores poden aprobar peticións de voz"

 #: mod_muc_room.erl:389
 msgid "Improper message type"
@@ -1269,11 +1253,11 @@ msgstr "Os visitantes non poden enviar mensaxes a todos os ocupantes"
 #: mod_muc_room.erl:1080
 msgid "Visitors are not allowed to change their nicknames in this room"
 msgstr ""
-"Os visitantes non están autorizados a cambiar os seus That alcumes nesta sala"
+"Os visitantes non teñen permitido cambiar os seus alcumes nesta sala"

 #: mod_muc_room.erl:1093 mod_muc_room.erl:1835
 msgid "That nickname is already in use by another occupant"
-msgstr "Ese alcume que xa está en uso por outro ocupante"
+msgstr "Ese alcume xa está a ser usado por outro ocupante"

 #: mod_muc_room.erl:1822
 msgid "You have been banned from this room"
@@ -1289,12 +1273,11 @@ msgstr "Necesítase contrasinal para entrar nesta sala"

 #: mod_muc_room.erl:1898 mod_register.erl:295
 msgid "Too many CAPTCHA requests"
-msgstr ""
+msgstr "Demasiadas peticións de CAPTCHA"

 #: mod_muc_room.erl:1908 mod_register.erl:301
-#, fuzzy
 msgid "Unable to generate a CAPTCHA"
-msgstr "Non se pode xerar un CAPTCHA"
+msgstr "No se pudo generar un CAPTCHA"

 #: mod_muc_room.erl:1919
 msgid "Incorrect password"
@@ -1378,20 +1361,19 @@ msgstr "calquera"

 #: mod_muc_room.erl:3471
 msgid "Roles for which Presence is Broadcasted"
-msgstr ""
+msgstr "Roles para os que si se difunde a súa Presenza"

 #: mod_muc_room.erl:3486
-#, fuzzy
 msgid "Moderator"
-msgstr "só moderadores"
+msgstr "Moderator"

 #: mod_muc_room.erl:3496
 msgid "Participant"
-msgstr ""
+msgstr "Participante"

 #: mod_muc_room.erl:3506
 msgid "Visitor"
-msgstr ""
+msgstr "Visitante"

 #: mod_muc_room.erl:3513
 msgid "Make room members-only"
@@ -1414,13 +1396,12 @@ msgid "Allow users to send private messages"
 msgstr "Permitir aos usuarios enviar mensaxes privadas"

 #: mod_muc_room.erl:3533
-#, fuzzy
 msgid "Allow visitors to send private messages to"
-msgstr "Permitir aos usuarios enviar mensaxes privadas"
+msgstr "Permitir aos visitantes enviar mensaxes privadas a"

 #: mod_muc_room.erl:3551
 msgid "nobody"
-msgstr ""
+msgstr "ninguén"

 #: mod_muc_room.erl:3576
 msgid "Allow users to query other users"
@@ -1440,13 +1421,12 @@ msgid "Allow visitors to change nickname"
 msgstr "Permitir aos visitantes cambiarse o alcume"

 #: mod_muc_room.erl:3589
-#, fuzzy
 msgid "Allow visitors to send voice requests"
-msgstr "Permitir aos usuarios enviar invitacións"
+msgstr "Permitir aos visitantes enviar peticións de voz"

 #: mod_muc_room.erl:3592
 msgid "Minimum interval between voice requests (in seconds)"
-msgstr ""
+msgstr "Intervalo mínimo entre peticións de voz (en segundos)"

 #: mod_muc_room.erl:3599
 msgid "Make room CAPTCHA protected"
@@ -1454,11 +1434,11 @@ msgstr "Protexer a sala con CAPTCHA"

 #: mod_muc_room.erl:3606
 msgid "Enable message archiving"
-msgstr ""
+msgstr "Activar o almacenamento de mensaxes"

 #: mod_muc_room.erl:3612
 msgid "Exclude Jabber IDs from CAPTCHA challenge"
-msgstr ""
+msgstr "Excluír Jabber IDs das probas de CAPTCHA"

 #: mod_muc_room.erl:3621
 msgid "Enable logging"
@@ -1478,20 +1458,19 @@ msgstr "privado"

 #: mod_muc_room.erl:4326
 msgid "Voice request"
-msgstr ""
+msgstr "Petición de voz"

 #: mod_muc_room.erl:4331
 msgid "Either approve or decline the voice request."
-msgstr ""
+msgstr "Aproba ou rexeita a petición de voz."

 #: mod_muc_room.erl:4351
-#, fuzzy
 msgid "User JID"
-msgstr "Usuario "
+msgstr "Jabber ID do usuario"

 #: mod_muc_room.erl:4355
 msgid "Grant voice to this person?"
-msgstr ""
+msgstr "¿Conceder voz a esta persoa?"

 #: mod_muc_room.erl:4498
 msgid "~s invites you to the room ~s"
@@ -1503,11 +1482,11 @@ msgstr "a contrasinal é"

 #: mod_multicast.erl:291
 msgid "Multicast"
-msgstr ""
+msgstr "Multicast"

 #: mod_multicast.erl:306
 msgid "ejabberd Multicast service"
-msgstr ""
+msgstr "Servizo Multicast de ejabberd"

 #: mod_offline.erl:647
 msgid ""
@@ -1546,7 +1525,7 @@ msgstr "Borrar Todas as Mensaxes Sen conexión"

 #: mod_proxy65_service.erl:248
 msgid "ejabberd SOCKS5 Bytestreams module"
-msgstr "ejabberd SOCKS5 Bytestreams module"
+msgstr "Módulo SOCKS5 Bytestreams para ejabberd"

 #: mod_pubsub.erl:1102
 msgid "Publish-Subscribe"
@@ -1566,7 +1545,7 @@ msgstr "Decidir se aprobar a subscripción desta entidade."

 #: mod_pubsub.erl:1559
 msgid "Node ID"
-msgstr "Nodo IDE"
+msgstr "Nodo ID"

 #: mod_pubsub.erl:1571
 msgid "Subscriber Address"
@@ -1602,7 +1581,7 @@ msgstr "Persistir elementos ao almacenar"

 #: mod_pubsub.erl:3757
 msgid "A friendly name for the node"
-msgstr "Un nome para o nodo"
+msgstr "Un nome sinxelo para o nodo"

 #: mod_pubsub.erl:3759
 msgid "Max # of items to persist"
@@ -1626,12 +1605,11 @@ msgstr "Especificar o modelo do publicante"

 #: mod_pubsub.erl:3769
 msgid "Purge all items when the relevant publisher goes offline"
-msgstr ""
+msgstr "Purgar todos os elementos cando o editor correspondente desconéctase"

 #: mod_pubsub.erl:3771
-#, fuzzy
 msgid "Specify the event message type"
-msgstr "Especifica o modelo de acceso"
+msgstr "Especifica o tipo da mensaxe de evento"

 #: mod_pubsub.erl:3773
 msgid "Max payload size in bytes"
@@ -1650,15 +1628,13 @@ msgid "The collections with which a node is affiliated"
 msgstr "As coleccións coas que un nodo está afiliado"

 #: mod_register.erl:209
-#, fuzzy
 msgid "The CAPTCHA verification has failed"
-msgstr "O CAPTCHA é válido."
+msgstr "A verificación de CAPTCHA fallou"

 #: mod_register.erl:253
-#, fuzzy
 msgid "You need a client that supports x:data and CAPTCHA to register"
 msgstr ""
-"Necesitas un cliente con soporte de x:data para poder rexistrar o alcume"
+"Necesitas un cliente con soporte de x:data e CAPTCHA para rexistrarche"

 #: mod_register.erl:259 mod_register.erl:320
 msgid "Choose a username and password to register with this server"
@@ -1666,9 +1642,8 @@ msgstr ""
 "Escolle un nome de usuario e contrasinal para rexistrarche neste servidor"

 #: mod_register.erl:373 mod_register.erl:421
-#, fuzzy
 msgid "The password is too weak"
-msgstr "a contrasinal é"
+msgstr "O contrasinal é demasiado débil"

 #: mod_register.erl:426
 msgid "Users are not allowed to register accounts so quickly"
@@ -1676,39 +1651,39 @@ msgstr "Os usuarios non están autorizados a rexistrar contas con tanta rapidez"

 #: mod_register_web.erl:105
 msgid "Your Jabber account was successfully created."
-msgstr ""
+msgstr "A súa conta Jabber creouse correctamente."

 #: mod_register_web.erl:110
 msgid "There was an error creating the account: "
-msgstr ""
+msgstr "Produciuse un erro ao crear a conta: "

 #: mod_register_web.erl:119
 msgid "Your Jabber account was successfully deleted."
-msgstr ""
+msgstr "A súa conta Jabber eliminouse correctamente."

 #: mod_register_web.erl:124
 msgid "There was an error deleting the account: "
-msgstr ""
+msgstr "Produciuse un erro ao eliminar a conta: "

 #: mod_register_web.erl:135
 msgid "The password of your Jabber account was successfully changed."
-msgstr ""
+msgstr "O contrasinal da súa conta Jabber cambiouse correctamente."

 #: mod_register_web.erl:140
 msgid "There was an error changing the password: "
-msgstr ""
+msgstr "Produciuse un erro ao cambiar o contrasinal: "

 #: mod_register_web.erl:175 mod_register_web.erl:183
 msgid "Jabber Account Registration"
-msgstr ""
+msgstr "Rexistro de conta Jabber"

 #: mod_register_web.erl:186 mod_register_web.erl:204 mod_register_web.erl:212
 msgid "Register a Jabber account"
-msgstr ""
+msgstr "Rexistrar unha conta Jabber"

 #: mod_register_web.erl:191 mod_register_web.erl:453 mod_register_web.erl:461
 msgid "Unregister a Jabber account"
-msgstr ""
+msgstr "Eliminar o rexistro dunha conta Jabber"

 #: mod_register_web.erl:214
 msgid ""
@@ -1716,40 +1691,45 @@ msgid ""
 "(Jabber IDentifier) will be of the form: username@server. Please read "
 "carefully the instructions to fill correctly the fields."
 msgstr ""
+"Esta páxina permite crear unha conta Jabber neste servidor Jabber. o seu JID "
+"(Jabber IDentificador) será da forma: nomeusuario@servidor. Por favor le "
+"coidadosamente as instrucións para encher correctamente os campos."

 #: mod_register_web.erl:224 mod_register_web.erl:360 mod_register_web.erl:469
-#, fuzzy
 msgid "Username:"
-msgstr "Nome de usuario en IRC"
+msgstr "Nome de usuario:"

 #: mod_register_web.erl:230
 msgid "This is case insensitive: macbeth is the same that MacBeth and Macbeth."
-msgstr ""
+msgstr "Esta é insensible: Macbeth é o mesmo que MacBeth e Macbeth."

 #: mod_register_web.erl:233
 msgid "Characters not allowed:"
-msgstr ""
+msgstr "Caracteres non permitidos:"

 #: mod_register_web.erl:236 mod_register_web.erl:364 mod_register_web.erl:473
-#, fuzzy
 msgid "Server:"
-msgstr "Servidor ~b"
+msgstr "Servidor:"

 #: mod_register_web.erl:245
 msgid ""
 "Don't tell your password to anybody, not even the administrators of the "
-"Jabber server."
+"Jabber Server."
 msgstr ""
+"Non lle diga o seu contrasinal a ninguén, nin sequera os administradores do "
+"Servidor Jabber."

 #: mod_register_web.erl:249
 msgid "You can later change your password using a Jabber client."
-msgstr ""
+msgstr "Máis tarde, pode cambiar o seu contrasinal utilizando un cliente Jabber."

 #: mod_register_web.erl:252
 msgid ""
 "Some Jabber clients can store your password in the computer, but you should "
 "do this only in your personal computer for safety reasons."
 msgstr ""
+"Algúns clientes Jabber pode almacenar o contrasinal no computador, pero debe "
+"facer isto só no seu computador persoal por razóns de seguridade."

 #: mod_register_web.erl:256
 msgid ""
@@ -1757,34 +1737,33 @@ msgid ""
 "Jabber there isn't an automated way to recover your password if you forget "
 "it."
 msgstr ""
+"Memorice o seu contrasinal ou escribilo nun papel colocado nun lugar seguro. En "
+"Jabber non hai unha forma automatizada para recuperar o seu contrasinal si "
+"a esquece"

 #: mod_register_web.erl:262 mod_register_web.erl:374
-#, fuzzy
 msgid "Password Verification:"
 msgstr "Verificación da contrasinal"

 #: mod_register_web.erl:269
-#, fuzzy
 msgid "Register"
-msgstr "Lista de contactos"
+msgstr "Rexistrar"

 #: mod_register_web.erl:366
-#, fuzzy
 msgid "Old Password:"
-msgstr "Contrasinal:"
+msgstr "Contrasinal anterior:"

 #: mod_register_web.erl:370
-#, fuzzy
 msgid "New Password:"
-msgstr "Contrasinal:"
+msgstr "Novo contrasinal:"

 #: mod_register_web.erl:463
 msgid "This page allows to unregister a Jabber account in this Jabber server."
-msgstr ""
+msgstr "Esta páxina permite anular o rexistro dunha conta Jabber neste servidor Jabber."

 #: mod_register_web.erl:480
 msgid "Unregister"
-msgstr ""
+msgstr "Eliminar rexistro"

 #: mod_roster.erl:1436
 msgid "Subscription"
@@ -1872,8 +1851,8 @@ msgid ""
 "Fill in the form to search for any matching Jabber User (Add * to the end of "
 "field to match substring)"
 msgstr ""
-"Enche o formulario para buscar usuarios Jabber. Engade * ao final dun campo "
-"para buscar subcadenas."
+"Enche o formulario para buscar usuarios Jabber (Engade * ao final dun campo "
+"para buscar subcadenas)"

 #: mod_vcard.erl:490 mod_vcard.erl:615
 msgid "Full Name"
@@ -1901,7 +1880,7 @@ msgstr "Necesitas un cliente con soporte de x:data para poder buscar"

 #: mod_vcard.erl:519 mod_vcard_ldap.erl:531
 msgid "vCard User Search"
-msgstr "Procura de usuario en vCard"
+msgstr "vCard busqueda de usuario"

 #: mod_vcard.erl:580 mod_vcard_ldap.erl:586
 msgid "ejabberd vCard module"
@@ -1942,7 +1921,6 @@ msgstr "Rechea campos para buscar usuarios Jabber que concuerden"
 #~ "Este participante é expulsado da sala, porque el enviou un erro de "
 #~ "presenza"

-#, fuzzy
 #~ msgid "CAPTCHA test failed"
 #~ msgstr "O CAPTCHA é válido."

@@ -7,45 +7,49 @@
 %%% Created :  1 May 2013 by Evgeniy Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------

-{deps, [{lager, ".*", {git, "https://github.com/basho/lager", {tag, "3.0.2"}}},
-        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.3"}}},
-        {cache_tab, ".*", {git, "https://github.com/processone/cache_tab", {tag, "1.0.2"}}},
-        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.1"}}},
-        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.2"}}},
-        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.3"}}},
-        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.1"}}},
-        {esip, ".*", {git, "https://github.com/processone/esip", "1.0.2"}},
-        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.2"}}},
+{deps, [{lager, ".*", {git, "https://github.com/basho/lager", {tag, "3.2.1"}}},
+        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.5"}}},
+        {cache_tab, ".*", {git, "https://github.com/processone/cache_tab", {tag, "1.0.4"}}},
+        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.7"}}},
+        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.6"}}},
+        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.15"}}},
+        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.7"}}},
+        {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.8"}}},
+        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.6"}}},
        {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.7"}}},
-        {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2.git", {tag, "0.6.1"}}},
-        {p1_xmlrpc, ".*", {git, "https://github.com/processone/p1_xmlrpc", {tag, "1.15.1"}}},
-	{luerl, ".*", {git, "https://github.com/rvirding/luerl",
-		       "9524d0309a88b7c62ae93da0b632b185de3ba9db"}},
+        {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.1"}}},
+        {luerl, ".*", {git, "https://github.com/rvirding/luerl", {tag, "v0.2"}}},
        {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
-					       {tag, "1.0.1"}}}},
+                                               {tag, "1.0.1"}}}},
        {if_var_true, pgsql, {p1_pgsql, ".*", {git, "https://github.com/processone/p1_pgsql",
-					       {tag, "1.0.1"}}}},
+                                               {tag, "1.1.0"}}}},
        {if_var_true, sqlite, {sqlite3, ".*", {git, "https://github.com/processone/erlang-sqlite3",
-					       {tag, "1.1.5"}}}},
+                                               {tag, "1.1.5"}}}},
        {if_var_true, pam, {p1_pam, ".*", {git, "https://github.com/processone/epam",
-					   {tag, "1.0.0"}}}},
+                                           {tag, "1.0.0"}}}},
        {if_var_true, zlib, {ezlib, ".*", {git, "https://github.com/processone/ezlib",
-					   {tag, "1.0.1"}}}},
-        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
-					      "908a24fda4a46776a5135db60ca071e3d783f9f6"}}},  % for riak_pb-2.1.0.7
+                                           {tag, "1.0.1"}}}},
        {if_var_true, riak, {riakc, ".*", {git, "https://github.com/basho/riak-erlang-client",
-					   "527722d12d0433b837cdb92a60900c2cb5df8942"}}},
+                                           "527722d12d0433b837cdb92a60900c2cb5df8942"}}},
+        %% Forces correct dependency for riakc and allow using newer meck version)
+        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
+                                              "13f9bfb9b27d216e8e033b0e0a9a29097ed923dd"}}},  % for riak_pb-2.1.0.7
+        {if_var_true, riak, {protobuffs, ".*", {git, "https://github.com/basho/erlang_protobuffs",
+                                                "6e7fc924506e2dc166a6170e580ce1d95ebbd5bd"}}},  % for riak_pb-2.1.0.7 with correct meck dependency
+        %% Elixir support, needed to run tests
        {if_var_true, elixir, {elixir, ".*", {git, "https://github.com/elixir-lang/elixir",
-					      {tag, "v1.1.0"}}}},
+                                              {tag, {if_version_above, "17", "v1.2.6", "v1.1.1"}}}}},
        %% TODO: When modules are fully migrated to new structure and mix, we will not need anymore rebar_elixir_plugin
        {if_var_true, elixir, {rebar_elixir_plugin, ".*",
-			       {git, "https://github.com/processone/rebar_elixir_plugin", "0.1.0"}}},
+                               {git, "https://github.com/processone/rebar_elixir_plugin", "0.1.0"}}},
        {if_var_true, iconv, {iconv, ".*", {git, "https://github.com/processone/iconv",
-					    {tag, "1.0.0"}}}},
-        {if_var_true, tools, {meck, "0.8.2", {git, "https://github.com/eproxus/meck",
-					      {tag, "0.8.2"}}}},
+                                            {tag, "1.0.2"}}}},
+        {if_var_true, tools, {meck, "0.8.*", {git, "https://github.com/eproxus/meck",
+                                              {tag, "0.8.4"}}}},
+        {if_var_true, tools, {moka, ".*", {git, "https://github.com/processone/moka.git",
+                                           {tag, "1.0.5c"}}}},
        {if_var_true, redis, {eredis, ".*", {git, "https://github.com/wooga/eredis",
-					     {tag, "v1.0.8"}}}}]}.
+                                             {tag, "v1.0.8"}}}}]}.

 {if_var_true, latest_deps,
 {floating_deps, [cache_tab,
@@ -53,7 +57,7 @@
                  stringprep,
                  fast_xml,
                  esip,
-		  luerl,
+                  luerl,
                  stun,
                  fast_yaml,
                  p1_utils,
@@ -63,10 +67,14 @@
                  ezlib,
                  iconv]}}.

+{erl_first_files, ["src/ejabberd_config.erl", "src/gen_mod.erl"]}.
+
 {erl_opts, [nowarn_deprecated_function,
            {if_var_false, debug, no_debug_info},
+            {if_var_true, debug, debug_info},
            {if_var_true, roster_gateway_workaround, {d, 'ROSTER_GATWAY_WORKAROUND'}},
            {if_var_match, db_type, mssql, {d, 'mssql'}},
+            {if_var_true, elixir, {d, 'ELIXIR_ENABLED'}},
            {if_var_true, erlang_deprecated_types, {d, 'ERL_DEPRECATED_TYPES'}},
            {if_var_true, hipe, native},
            {src_dirs, [asn1, src,
@@ -90,7 +98,7 @@

 {xref_warnings, false}.

-{xref_checks, [deprecated_function_calls, undefined_function_calls]}.
+{xref_checks, [deprecated_function_calls]}.

 {xref_exclusions, [
                   "(\"gen_transport\":_/_)",
@@ -105,10 +113,14 @@
                   {if_var_false, iconv, "(\"iconv\":_/_)"},
                   {if_var_false, odbc, "(\"odbc\":_/_)"},
                   {if_var_false, sqlite, "(\"sqlite3\":_/_)"},
+                   {if_var_false, elixir, "(\"Elixir.Logger.*\":_/_)"},
                   {if_var_false, redis, "(\"eredis\":_/_)"}]}.

 {eunit_compile_opts, [{i, "tools"}]}.

+{if_version_above, "17", {cover_enabled, true}}.
+{cover_export_enabled, true}.
+
 {post_hook_configure, [{"fast_tls", []},
                       {"stringprep", []},
                       {"fast_yaml", []},
@@ -7,6 +7,20 @@
 %%% Created :  1 May 2013 by Evgeniy Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------

+ModCfg0 = fun(F, Cfg, [Key|Tail], Op, Default) ->
+                 {OldVal,PartCfg} = case lists:keytake(Key, 1, Cfg) of
+                                        {value, {_, V1}, V2} -> {V1, V2};
+                                        false -> {if Tail == [] -> Default; true -> [] end, Cfg}
+                                    end,
+                 case Tail of
+                     [] ->
+                         [{Key, Op(OldVal)} | PartCfg];
+                     _ ->
+                         [{Key, F(F, OldVal, Tail, Op, Default)} | PartCfg]
+                 end
+         end,
+ModCfg = fun(Cfg, Keys, Op, Default) -> ModCfg0(ModCfg0, Cfg, Keys, Op, Default) end,
+
 Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config")) of
          {ok, Terms} ->
              Terms;
@@ -14,15 +28,50 @@ Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config"))
              []
      end,

+ProcessSingleVar = fun(F, Var, Tail) ->
+			   case F(F, [Var], []) of
+			       [] -> Tail;
+			       [Val] -> [Val | Tail]
+			   end
+		   end,
+
 ProcessVars = fun(_F, [], Acc) ->
                      lists:reverse(Acc);
+                 (F, [{Type, Ver, Value} | Tail], Acc) when
+                        Type == if_version_above orelse
+                        Type == if_version_below ->
+		      SysVer = erlang:system_info(otp_release),
+		      Include = if Type == if_version_above ->
+					SysVer > Ver;
+				   true ->
+					SysVer < Ver
+				end,
+		      if Include ->
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
+			 true ->
+                              F(F, Tail, Acc)
+		      end;
+                 (F, [{Type, Ver, Value, ElseValue} | Tail], Acc) when
+                        Type == if_version_above orelse
+                        Type == if_version_below ->
+		      SysVer = erlang:system_info(otp_release),
+		      Include = if Type == if_version_above ->
+					SysVer > Ver;
+				   true ->
+					SysVer < Ver
+				end,
+		      if Include ->
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
+			 true ->
+                              F(F, Tail, ProcessSingleVar(F, ElseValue, Acc))
+		      end;
                 (F, [{Type, Var, Value} | Tail], Acc) when
                        Type == if_var_true orelse
                        Type == if_var_false ->
                      Flag = Type == if_var_true,
                      case proplists:get_bool(Var, Cfg) of
                          V when V == Flag ->
-                              F(F, Tail, [Value | Acc]);
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
                          _ ->
                              F(F, Tail, Acc)
                      end;
@@ -31,7 +80,7 @@ ProcessVars = fun(_F, [], Acc) ->
                        Type == if_var_no_match ->
                      case proplists:get_value(Var, Cfg) of
                          V when V == Match ->
-                              F(F, Tail, [Value | Acc]);
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
                          _ ->
                              F(F, Tail, Acc)
                      end;
@@ -107,9 +156,20 @@ Conf5 = case lists:keytake(floating_deps, 1, Conf3) of
                Conf3
        end,

-%io:format("ejabberd configuration:~n  ~p~n", [Conf5]),
+%% When running Travis test, upload test coverage result to coveralls:
+Conf6 = case {lists:keyfind(cover_enabled, 1, Conf5), os:getenv("TRAVIS")} of
+            {{cover_enabled, true}, "true"} ->
+                JobId = os:getenv("TRAVIS_JOB_ID"),
+                CfgTemp = ModCfg(Conf5, [deps], fun(V) -> [{coveralls, ".*", {git, "https://github.com/markusn/coveralls-erl.git", "master"}}|V] end, []),
+                ModCfg(CfgTemp, [post_hooks], fun(V) -> V ++ [{ct, "echo '\n%%! -pa ebin/ deps/coveralls/ebin\nmain(_)->{ok,F}=file:open(\"erlang.json\",[write]),io:fwrite(F,\"~s\",[coveralls:convert_file(\"logs/all.coverdata\", \""++JobId++"\", \"travis-ci\")]).' > getcover.erl"},
+                                                              {ct, "escript ./getcover.erl"}] end, []);
+            _ ->
+                Conf5
+        end,

-Conf5.
+%io:format("ejabberd configuration:~n  ~p~n", [Conf6]),
+
+Conf6.

 %% Local Variables:
 %% mode: erlang
@@ -19,6 +19,9 @@
 CREATE TABLE users (
    username text PRIMARY KEY,
    password text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
 );

@@ -310,3 +313,10 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sm_sid ON sm(usec, pid);
 CREATE INDEX i_sm_node ON sm(node);
 CREATE INDEX i_sm_username ON sm(username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL PRIMARY KEY,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);
@@ -19,12 +19,15 @@
 CREATE TABLE users (
    username varchar(191) PRIMARY KEY,
    password text NOT NULL,
+    serverkey varchar(64) NOT NULL DEFAULT '',
+    salt varchar(64) NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

-- To support SCRAM auth:
-- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
-- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
+-- ALTER TABLE users ADD COLUMN serverkey varchar(64) NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN salt varchar(64) NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;

 CREATE TABLE last (
@@ -272,7 +275,7 @@ CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt(subid(3
 CREATE TABLE muc_room (
    name text NOT NULL,
    host text NOT NULL,
-    opts text NOT NULL,
+    opts mediumtext NOT NULL,
    created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

@@ -325,3 +328,10 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sid ON sm(usec, pid(75));
 CREATE INDEX i_node ON sm(node(75));
 CREATE INDEX i_username ON sm(username);
+
+CREATE TABLE oauth_token (
+    token varchar(191) NOT NULL PRIMARY KEY,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
@@ -19,10 +19,13 @@
 CREATE TABLE users (
    username text PRIMARY KEY,
    "password" text NOT NULL,
+    serverkey text NOT NULL DEFAULT '',
+    salt text NOT NULL DEFAULT '',
+    iterationcount integer NOT NULL DEFAULT 0,
    created_at TIMESTAMP NOT NULL DEFAULT now()
 );

-- To support SCRAM auth:
+-- Add support for SCRAM auth to a database created before ejabberd 16.03:
 -- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
@@ -327,3 +330,12 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sm_sid ON sm USING btree (usec, pid);
 CREATE INDEX i_sm_node ON sm USING btree (node);
 CREATE INDEX i_sm_username ON sm USING btree (username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);
+
+CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);
@@ -29,10 +29,14 @@

 -author('alexey@process-one.net').

-export([start/0, to_record/3, add/3, add_list/3,
-	 add_local/3, add_list_local/3, load_from_config/0,
-	 match_rule/3, match_acl/3, transform_options/1,
-	 opt_type/1]).
+-export([add_access/3, clear/0]).
+-export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
+	 load_from_config/0, match_rule/3, any_rules_allowed/3,
+	 transform_options/1, opt_type/1, acl_rule_matches/3,
+	 acl_rule_verify/1, access_matches/3,
+	 transform_access_rules_config/1,
+	 parse_ip_netmask/1,
+	 access_rules_validator/1, shaper_rules_validator/1]).

 -include("ejabberd.hrl").
 -include("logger.hrl").
@@ -43,6 +47,7 @@
                 rules = [] :: [access_rule()]}).

 -type regexp() :: binary().
+-type iprange() :: {inet:ip_address(), integer()} | binary().
 -type glob() :: binary().
 -type access_name() :: atom().
 -type access_rule() :: {atom(), any()}.
@@ -61,7 +66,7 @@
                   {user_glob, {glob(), host()} | glob()} |
                   {server_glob, glob()} |
                   {resource_glob, glob()} |
-                   {ip, {inet:ip_address(), integer()}} |
+                   {ip, iprange()} |
                   {node_glob, {glob(), glob()}}.

 -type acl() :: #acl{aclname :: aclname(),
@@ -89,12 +94,6 @@ start() ->
    load_from_config(),
    ok.

-spec to_record(binary(), atom(), aclspec()) -> acl().
-
-to_record(Host, ACLName, ACLSpec) ->
-    #acl{aclname = {ACLName, Host},
-	 aclspec = normalize_spec(ACLSpec)}.
-
 -spec add(binary(), aclname(), aclspec()) -> ok | {error, any()}.

 add(Host, ACLName, ACLSpec) ->
@@ -185,6 +184,10 @@ load_from_config() ->
                       {acl, Host}, fun(V) -> V end, []),
              AccessRules = ejabberd_config:get_option(
                              {access, Host}, fun(V) -> V end, []),
+              AccessRulesNew = ejabberd_config:get_option(
+				 {access_rules, Host}, fun(V) -> V end, []),
+              ShaperRules = ejabberd_config:get_option(
+				 {shaper_rules, Host}, fun(V) -> V end, []),
              lists:foreach(
                fun({ACLName, SpecList}) ->
                        lists:foreach(
@@ -198,12 +201,29 @@ load_from_config() ->
                                  add(Host, ACLName, {ACLType, ACLSpecs})
                          end, lists:flatten(SpecList))
                end, ACLs),
+              lists:foreach(
+                fun({Access, Rules}) ->
+			NRules = lists:map(fun({ACL, Type}) ->
+					     {Type, [{acl, ACL}]}
+				     end, Rules),
+                        add_access(Host, Access, NRules ++ [{deny, [all]}])
+                end, AccessRules),
              lists:foreach(
                fun({Access, Rules}) ->
                        add_access(Host, Access, Rules)
-                end, AccessRules)
+                end, AccessRulesNew),
+              lists:foreach(
+                fun({Access, Rules}) ->
+                        add_access(Host, Access, Rules)
+                end, ShaperRules)
      end, Hosts).

+%% Delete all previous set ACLs and Access rules
+clear() ->
+    mnesia:clear_table(acl),
+    mnesia:clear_table(access),
+    ok.
+
 b(S) ->
    iolist_to_binary(S).

@@ -216,23 +236,33 @@ nameprep(S) ->
 resourceprep(S) ->
    jid:resourceprep(b(S)).

+split_user_server(Str, NormFunUsr, NormFunSrv) ->
+    case binary:split(Str, <<"@">>) of
+	[U, S] ->
+	    {NormFunUsr(U), NormFunSrv(S)};
+	_ ->
+	    NormFunUsr(Str)
+    end.
+
 normalize_spec(Spec) ->
    case Spec of
        all -> all;
        none -> none;
+        {acl, N} -> {acl, N};
        {user, {U, S}} -> {user, {nodeprep(U), nameprep(S)}};
-        {user, U} -> {user, nodeprep(U)};
+        {user, U} -> {user, split_user_server(U, fun nodeprep/1, fun nameprep/1)};
        {shared_group, {G, H}} -> {shared_group, {b(G), nameprep(H)}};
-        {shared_group, G} -> {shared_group, b(G)};
+        {shared_group, G} -> {shared_group, split_user_server(G, fun b/1, fun nameprep/1)};
        {user_regexp, {UR, S}} -> {user_regexp, {b(UR), nameprep(S)}};
-        {user_regexp, UR} -> {user_regexp, b(UR)};
+        {user_regexp, UR} -> {user_regexp, split_user_server(UR, fun b/1, fun nameprep/1)};
        {node_regexp, {UR, SR}} -> {node_regexp, {b(UR), b(SR)}};
        {user_glob, {UR, S}} -> {user_glob, {b(UR), nameprep(S)}};
-        {user_glob, UR} -> {user_glob, b(UR)};
+        {user_glob, UR} -> {user_glob, split_user_server(UR, fun b/1, fun nameprep/1)};
        {node_glob, {UR, SR}} -> {node_glob, {b(UR), b(SR)}};
        {server, S} -> {server, nameprep(S)};
        {resource, R} -> {resource, resourceprep(R)};
        {server_regexp, SR} -> {server_regexp, b(SR)};
+        {resource_regexp, R} -> {resource_regexp, b(R)};
        {server_glob, S} -> {server_glob, b(S)};
        {resource_glob, R} -> {resource_glob, b(R)};
        {ip, {Net, Mask}} -> {ip, {Net, Mask}};
@@ -246,107 +276,215 @@ normalize_spec(Spec) ->
            end
    end.

+-spec any_rules_allowed(global | binary(), access_name(),
+                           jid() | ljid() | inet:ip_address()) -> boolean().
+
+any_rules_allowed(Host, Access, Entity) ->
+    lists:any(fun (Rule) ->
+                      allow == acl:match_rule(Host, Rule, Entity)
+              end,
+              Access).
+
 -spec match_rule(global | binary(), access_name(),
                 jid() | ljid() | inet:ip_address()) -> any().

-match_rule(_Host, all, _JID) ->
-    allow;
-match_rule(_Host, none, _JID) ->
-    deny;
+match_rule(Host, Access, IP) when tuple_size(IP) == 4;
+    tuple_size(IP) == 8 ->
+    access_matches(Access, #{ip => IP}, Host);
 match_rule(Host, Access, JID) ->
-    GAccess = ets:lookup(access, {Access, global}),
-    LAccess = if Host /= global ->
-                      ets:lookup(access, {Access, Host});
-                 true ->
-                      []
-              end,
-    case GAccess ++ LAccess of
-        [] ->
-            deny;
-        AccessList ->
-            Rules = lists:flatmap(
-                      fun(#access{rules = Rs}) ->
-                              Rs
-                      end, AccessList),
-            match_acls(Rules, JID, Host)
-    end.
+    access_matches(Access, #{usr => jid:tolower(JID)}, Host).

-match_acls([], _, _Host) -> deny;
-match_acls([{ACL, Access} | ACLs], JID, Host) ->
-    case match_acl(ACL, JID, Host) of
-      true -> Access;
-      _ -> match_acls(ACLs, JID, Host)
-    end.
+-spec acl_rule_verify(aclspec()) -> boolean().

-spec match_acl(atom(),
-                jid() | ljid() | inet:ip_address(),
-                binary()) -> boolean().
-
-match_acl(all, _JID, _Host) ->
+acl_rule_verify(all) ->
    true;
-match_acl(none, _JID, _Host) ->
+acl_rule_verify(none) ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D}, Mask}})
+    when is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    A >= 0, A =< 255, B >= 0, B =< 255, C >= 0, C =< 255, D >= 0, D =< 255,
+    is_integer(Mask), Mask >= 0, Mask =< 32 ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D,E,F,G,H}, Mask}}) when
+    is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    is_integer(E), is_integer(F), is_integer(G), is_integer(H),
+    A >= 0, A =< 65535, B >= 0, B =< 65535, C >= 0, C =< 65535, D >= 0, D =< 65535,
+    E >= 0, E =< 65535, F >= 0, F =< 65535, G >= 0, G =< 65535, H >= 0, H =< 65535,
+    is_integer(Mask), Mask >= 0, Mask =< 64 ->
+    true;
+acl_rule_verify({user, {U, S}}) when is_binary(U), is_binary(S) ->
+    true;
+acl_rule_verify({user, U}) when is_binary(U) ->
+    true;
+acl_rule_verify({server, S}) when is_binary(S) ->
+    true;
+acl_rule_verify({resource, R}) when is_binary(R) ->
+    true;
+acl_rule_verify({shared_group, {G, H}}) when is_binary(G), is_binary(H) ->
+    true;
+acl_rule_verify({shared_group, G}) when is_binary(G) ->
+    true;
+acl_rule_verify({user_regexp, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_regexp, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_regexp, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_regexp, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_regexp, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify({user_glob, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_glob, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_glob, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_glob, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_glob, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify(_Spec) ->
+    false.
+invalid_syntax(Msg, Data) ->
+    throw({invalid_syntax, iolist_to_binary(io_lib:format(Msg, Data))}).
+
+acl_rules_verify([{acl, Name} | Rest], true) when is_atom(Name) ->
+    acl_rules_verify(Rest, true);
+acl_rules_verify([{acl, Name} = Rule | _Rest], false) when is_atom(Name) ->
+    invalid_syntax(<<"Using acl: rules not allowed: ~p">>, [Rule]);
+acl_rules_verify([Rule | Rest], AllowAcl) ->
+    case acl_rule_verify(Rule) of
+	false ->
+	    invalid_syntax(<<"Invalid rule: ~p">>, [Rule]);
+	true ->
+	    acl_rules_verify(Rest, AllowAcl)
+    end;
+acl_rules_verify([], _AllowAcl) ->
+    true;
+acl_rules_verify(Rules, _AllowAcl) ->
+    invalid_syntax(<<"Not a acl rules list: ~p">>, [Rules]).
+
+
+
+all_acl_rules_matches([], _Data, _Host) ->
    false;
-match_acl(ACL, IP, Host) when tuple_size(IP) == 4;
-                              tuple_size(IP) == 8 ->
-    lists:any(
-      fun(#acl{aclspec = {ip, {Net, Mask}}}) ->
-              is_ip_match(IP, Net, Mask);
-         (_) ->
-              false
-      end, get_aclspecs(ACL, Host));
-match_acl(ACL, JID, Host) ->
-    {User, Server, Resource} = jid:tolower(JID),
-    lists:any(
-      fun(#acl{aclspec = Spec}) ->
-              case Spec of
-                  all -> true;
-                  {user, {U, S}} -> U == User andalso S == Server;
-                  {user, U} ->
-                      U == User andalso
-                          lists:member(Server, ?MYHOSTS);
-                  {server, S} -> S == Server;
-                  {resource, R} -> R == Resource;
-                  {shared_group, {G, H}} ->
-                      Mod = loaded_shared_roster_module(H),
-                      Mod:is_user_in_group({User, Server}, G, H);
-                  {shared_group, G} ->
-                      Mod = loaded_shared_roster_module(Host),
-                      Mod:is_user_in_group({User, Server}, G, Host);
-                  {user_regexp, {UR, S}} ->
-                      S == Server andalso is_regexp_match(User, UR);
-                  {user_regexp, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_regexp_match(User, UR);
-                  {server_regexp, SR} ->
-                      is_regexp_match(Server, SR);
-                  {resource_regexp, RR} ->
-                      is_regexp_match(Resource, RR);
-                  {node_regexp, {UR, SR}} ->
-                      is_regexp_match(Server, SR) andalso
-                          is_regexp_match(User, UR);
-                  {user_glob, {UR, S}} ->
-                      S == Server andalso is_glob_match(User, UR);
-                  {user_glob, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_glob_match(User, UR);
-                  {server_glob, SR} -> is_glob_match(Server, SR);
-                  {resource_glob, RR} ->
-                      is_glob_match(Resource, RR);
-                  {node_glob, {UR, SR}} ->
-                      is_glob_match(Server, SR) andalso
-                          is_glob_match(User, UR);
-                  WrongSpec ->
-                      ?ERROR_MSG("Wrong ACL expression: ~p~nCheck your "
-                                 "config file and reload it with the override_a"
-                                 "cls option enabled",
-                                 [WrongSpec]),
-                      false
-              end
-      end,
-      get_aclspecs(ACL, Host)).
+all_acl_rules_matches(Rules, Data, Host) ->
+    all_acl_rules_matches2(Rules, Data, Host).
+
+all_acl_rules_matches2([Rule | Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    all_acl_rules_matches2(Tail, Data, Host);
+	false ->
+	    false
+    end;
+all_acl_rules_matches2([], _Data, _Host) ->
+    true.
+
+any_acl_rules_matches([], _Data, _Host) ->
+    false;
+any_acl_rules_matches([Rule|Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    true;
+	false ->
+	    any_acl_rules_matches(Tail, Data, Host)
+    end.
+
+-spec acl_rule_matches(aclspec(), any(), global|binary()) -> boolean().
+
+acl_rule_matches(all, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, all}, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, Name}, Data, Host) ->
+    ACLs = get_aclspecs(Name, Host),
+    RawACLs = lists:map(fun(#acl{aclspec = R}) -> R end, ACLs),
+    any_acl_rules_matches(RawACLs, Data, Host);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := {IP, _Port}}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := IP}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({user, {U, S}}, #{usr := {U, S, _}}, _Host) ->
+    true;
+acl_rule_matches({user, U}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS);
+acl_rule_matches({server, S}, #{usr := {_, S, _}}, _Host) ->
+    true;
+acl_rule_matches({resource, R}, #{usr := {_, _, R}}, _Host) ->
+    true;
+acl_rule_matches({shared_group, {G, H}}, #{usr := {U, S, _}}, _Host) ->
+    Mod = loaded_shared_roster_module(H),
+    Mod:is_user_in_group({U, S}, G, H);
+acl_rule_matches({shared_group, G}, #{usr := {U, S, _}}, Host) ->
+    Mod = loaded_shared_roster_module(Host),
+    Mod:is_user_in_group({U, S}, G, Host);
+acl_rule_matches({user_regexp, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR);
+acl_rule_matches({user_regexp, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_regexp_match(U, UR);
+acl_rule_matches({server_regexp, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_regexp_match(S, SR);
+acl_rule_matches({resource_regexp, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_regexp_match(R, RR);
+acl_rule_matches({node_regexp, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR) andalso is_regexp_match(S, SR);
+acl_rule_matches({user_glob, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR);
+acl_rule_matches({user_glob, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_glob_match(U, UR);
+acl_rule_matches({server_glob, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_glob_match(S, SR);
+acl_rule_matches({resource_glob, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_glob_match(R, RR);
+acl_rule_matches({node_glob, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR) andalso is_glob_match(S, SR);
+acl_rule_matches(_ACL, _Data, _Host) ->
+    false.
+
+-spec access_matches(atom()|list(), any(), global|binary()) -> any().
+access_matches(all, _Data, _Host) ->
+    allow;
+access_matches(none, _Data, _Host) ->
+    deny;
+access_matches(Name, Data, Host) when is_atom(Name) ->
+    GAccess = ets:lookup(access, {Name, global}),
+    LAccess =
+	if Host /= global -> ets:lookup(access, {Name, Host});
+	    true -> []
+	end,
+    case GAccess ++ LAccess of
+	[] ->
+	    deny;
+	AccessList ->
+	    Rules = lists:flatmap(
+		fun(#access{rules = Rs}) ->
+		    Rs
+		end, AccessList),
+	    access_rules_matches(Rules, Data, Host)
+    end;
+access_matches(Rules, Data, Host) when is_list(Rules) ->
+    access_rules_matches(Rules, Data, Host).
+
+
+-spec access_rules_matches(list(), any(), global|binary()) -> any().
+
+access_rules_matches(AR, Data, Host) ->
+    access_rules_matches(AR, Data, Host, deny).
+
+access_rules_matches([{Type, Acls} | Rest], Data, Host, Default) ->
+    case all_acl_rules_matches(Acls, Data, Host) of
+	false ->
+	    access_rules_matches(Rest, Data, Host, Default);
+	true ->
+	    Type
+    end;
+access_rules_matches([], _Data, _Host, Default) ->
+    Default.

 get_aclspecs(ACL, Host) ->
-      ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).
+    ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).

 is_regexp_match(String, RegExp) ->
    case ejabberd_regexp:run(String, RegExp) of
@@ -418,6 +556,63 @@ parse_ip_netmask(S) ->
      _ -> error
    end.

+transform_access_rules_config(Config) when is_list(Config) ->
+    lists:map(fun transform_access_rules_config2/1, lists:flatten(Config));
+transform_access_rules_config(Config) ->
+    transform_access_rules_config([Config]).
+
+transform_access_rules_config2(Type) when is_integer(Type); is_atom(Type) ->
+    {Type, [all]};
+transform_access_rules_config2({Type, ACL}) when is_atom(ACL) ->
+    {Type, [{acl, ACL}]};
+transform_access_rules_config2({Res, Rules}) when is_list(Rules) ->
+    T = lists:map(fun({Type, Args}) when is_list(Args) ->
+			  normalize_spec({Type, hd(lists:flatten(Args))});
+		     (V) -> normalize_spec(V)
+		  end, lists:flatten(Rules)),
+    {Res, T};
+transform_access_rules_config2({Res, Rule}) ->
+    {Res, [Rule]}.
+
+access_rules_validator(Name) when is_atom(Name) ->
+    Name;
+access_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(allow) -> true;
+					  (deny) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+
+shaper_rules_validator(Name) when is_atom(Name) ->
+    Name;
+shaper_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(V) when is_atom(V) -> true;
+					  (V2) when is_integer(V2) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+access_shaper_rules_validator([{Type, Acls} = Rule | Rest], RuleTypeCheck) ->
+    case RuleTypeCheck(Type) of
+	true ->
+	    case acl_rules_verify(Acls, true) of
+		true ->
+		    access_shaper_rules_validator(Rest, RuleTypeCheck);
+		Err ->
+		    Err
+	    end;
+	false ->
+	    invalid_syntax(<<"Invalid rule type: ~p in rule ~p">>, [Type, Rule])
+    end;
+access_shaper_rules_validator([], _RuleTypeCheck) ->
+    true;
+access_shaper_rules_validator(Value, _RuleTypeCheck) ->
+    invalid_syntax(<<"Not a rule definition: ~p">>, [Value]).
+
+
 transform_options(Opts) ->
    Opts1 = lists:foldl(fun transform_options/2, [], Opts),
    {ACLOpts, Opts2} = lists:mapfoldl(
@@ -432,6 +627,18 @@ transform_options(Opts) ->
                               (O, Acc) ->
                                    {[], [O|Acc]}
                            end, [], Opts2),
+    {NewAccessOpts, Opts4} = lists:mapfoldl(
+                            fun({access_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts3),
+    {ShaperOpts, Opts5} = lists:mapfoldl(
+                            fun({shaper_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts4),
    ACLOpts1 = ejabberd_config:collect_options(lists:flatten(ACLOpts)),
    AccessOpts1 = case ejabberd_config:collect_options(
                         lists:flatten(AccessOpts)) of
@@ -445,7 +652,21 @@ transform_options(Opts) ->
                   [] -> [];
                   L2 -> [{acl, L2}]
               end,
-    ACLOpts2 ++ AccessOpts1 ++ Opts3.
+    NewAccessOpts1 = case lists:map(
+			    fun({NAName, Os}) ->
+				    {NAName, transform_access_rules_config(Os)}
+			    end, lists:flatten(NewAccessOpts)) of
+			 [] -> [];
+			 L3 -> [{access_rules, L3}]
+		     end,
+    ShaperOpts1 = case lists:map(
+			    fun({SName, Ss}) ->
+				    {SName, transform_access_rules_config(Ss)}
+			    end, lists:flatten(ShaperOpts)) of
+			 [] -> [];
+			 L4 -> [{shaper_rules, L4}]
+		     end,
+    ACLOpts2 ++ AccessOpts1 ++ NewAccessOpts1 ++ ShaperOpts1 ++ Opts5.

 transform_options({acl, Name, Type}, Opts) ->
    T = case Type of
@@ -466,7 +687,8 @@ transform_options({acl, Name, Type}, Opts) ->
            {server_regexp, SR} -> {server_regexp, [b(SR)]};
            {server_glob, S} -> {server_glob, [b(S)]};
            {ip, S} -> {ip, [b(S)]};
-            {resource_glob, R} -> {resource_glob, [b(R)]}
+            {resource_glob, R} -> {resource_glob, [b(R)]};
+            {resource_regexp, R} -> {resource_regexp, [b(R)]}
        end,
    [{acl, [{Name, [T]}]}|Opts];
 transform_options({access, Name, Rules}, Opts) ->
@@ -476,5 +698,7 @@ transform_options(Opt, Opts) ->
    [Opt|Opts].

 opt_type(access) -> fun (V) -> V end;
+opt_type(access_rules) -> fun (V) -> V end;
+opt_type(shaper_rules) -> fun (V) -> V end;
 opt_type(acl) -> fun (V) -> V end;
-opt_type(_) -> [access, acl].
+opt_type(_) -> [access, acl, access_rules, shaper_rules].
@@ -41,13 +41,7 @@
 %% Parse an ad-hoc request.  Return either an adhoc_request record or
 %% an {error, ErrorType} tuple.
 %%
-spec(parse_request/1 ::
-(
-  IQ :: iq_request())
-    -> adhoc_response()
-    %%
-     | {error, _}
-).
+-spec parse_request(IQ :: iq_request()) -> adhoc_response() | {error, _}.

 parse_request(#iq{type = set, lang = Lang, sub_el = SubEl, xmlns = ?NS_COMMANDS}) ->
    ?DEBUG("entering parse_request...", []),
@@ -68,7 +62,9 @@ parse_request(#iq{type = set, lang = Lang, sub_el = SubEl, xmlns = ?NS_COMMANDS}
        xdata     = XData,
        others    = Others
    };
-parse_request(_) -> {error, ?ERR_BAD_REQUEST}.
+parse_request(#iq{lang = Lang}) ->
+    Text = <<"Failed to parse ad-hoc command request">>,
+    {error, ?ERRT_BAD_REQUEST(Lang, Text)}.

 %% Borrowed from mod_vcard.erl
 find_xdata_el(#xmlel{children = SubEls}) ->
@@ -86,12 +82,9 @@ find_xdata_el1([_ | Els]) -> find_xdata_el1(Els).
 %% record, filling in values for language, node and session id from
 %% the request.
 %%
-spec(produce_response/2 ::
-(
-  Adhoc_Request  :: adhoc_request(),
-  Adhoc_Response :: adhoc_response())
-    -> Xmlel::xmlel()
-).
+-spec produce_response(Adhoc_Request :: adhoc_request(),
+		       Adhoc_Response :: adhoc_response()) ->
+			      Xmlel::xmlel().

 %% Produce a <command/> node to use as response from an adhoc_response
 %% record.
@@ -102,11 +95,7 @@ produce_response(#adhoc_request{lang = Lang, node = Node, sessionid = SessionID}
    }).

 %%
-spec(produce_response/1 ::
-(
-  Adhoc_Response::adhoc_response())
-    -> Xmlel::xmlel()
-).
+-spec produce_response(Adhoc_Response::adhoc_response()) -> Xmlel::xmlel().

 produce_response(
  #adhoc_response{
@@ -88,13 +88,8 @@ start() ->
    ok.

 %%
-spec(register_mechanism/3 ::
-(
-  Mechanim     :: mechanism(),
-  Module       :: module(),
-  PasswordType :: password_type())
-    -> any()
-).
+-spec register_mechanism(Mechanim :: mechanism(), Module :: module(),
+			 PasswordType :: password_type()) -> any().

 register_mechanism(Mechanism, Module, PasswordType) ->
    case is_disabled(Mechanism) of
@@ -132,18 +127,14 @@ register_mechanism(Mechanism, Module, PasswordType) ->
 %%    end.

 check_credentials(_State, Props) ->
-    User = proplists:get_value(username, Props, <<>>),
+    User = proplists:get_value(authzid, Props, <<>>),
    case jid:nodeprep(User) of
      error -> {error, <<"not-authorized">>};
      <<"">> -> {error, <<"not-authorized">>};
      _LUser -> ok
    end.

-spec(listmech/1 ::
-(
-  Host ::binary())
-    -> Mechanisms::mechanisms()
-).
+-spec listmech(Host ::binary()) -> Mechanisms::mechanisms().

 listmech(Host) ->
    Mechs = ets:select(sasl_mechanism,
@@ -213,12 +204,7 @@ server_step(State, ClientIn) ->
 %% Remove the anonymous mechanism from the list if not enabled for the given
 %% host
 %%
-spec(filter_anonymous/2 ::
-(
-  Host  :: binary(),
-  Mechs :: mechanisms())
-    -> mechanisms()
-).
+-spec filter_anonymous(Host :: binary(), Mechs :: mechanisms()) -> mechanisms().

 filter_anonymous(Host, Mechs) ->
    case ejabberd_auth_anonymous:is_sasl_anonymous_enabled(Host) of
@@ -226,11 +212,7 @@ filter_anonymous(Host, Mechs) ->
      false -> Mechs -- [<<"ANONYMOUS">>]
    end.

-spec(is_disabled/1 ::
-(
-  Mechanism :: mechanism())
-    -> boolean()
-).
+-spec is_disabled(Mechanism :: mechanism()) -> boolean().

 is_disabled(Mechanism) ->
    Disabled = ejabberd_config:get_option(
@@ -45,9 +45,8 @@ mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) ->

 mech_step(#state{server = Server} = S, ClientIn) ->
    User = iolist_to_binary([randoms:get_string(),
-                             randoms:get_string(),
-                             randoms:get_string()]),
+                             jlib:integer_to_binary(p1_time_compat:unique_integer([positive]))]),
    case ejabberd_auth:is_user_exists(User, Server) of
        true  -> mech_step(S, ClientIn);
-        false -> {ok, [{username, User}, {auth_module, ejabberd_auth_anonymous}]}
+        false -> {ok, [{username, User}, {authzid, User}, {auth_module, ejabberd_auth_anonymous}]}
    end.
@@ -50,14 +50,14 @@
                username = <<"">> :: binary(),
                authzid = <<"">> :: binary(),
                get_password = fun(_) -> {false, <<>>} end :: get_password_fun(),
-                check_password = fun(_, _, _, _) -> false end :: check_password_fun(),
+                check_password = fun(_, _, _, _, _) -> false end :: check_password_fun(),
                auth_module :: atom(),
                host = <<"">> :: binary(),
-                hostfqdn = <<"">> :: binary()}).
+                hostfqdn = <<"">> :: binary() | [binary()]}).

 start(_Opts) ->
    Fqdn = get_local_fqdn(),
-    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~s",
+    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~p",
 	      [Fqdn]),
    cyrsasl:register_mechanism(<<"DIGEST-MD5">>, ?MODULE,
 			       digest).
@@ -83,9 +83,7 @@ mech_step(#state{step = 3, nonce = Nonce} = State,
      bad -> {error, <<"bad-protocol">>};
      KeyVals ->
 	  DigestURI = proplists:get_value(<<"digest-uri">>, KeyVals, <<>>),
-	  %DigestURI = fxml:get_attr_s(<<"digest-uri">>, KeyVals),
 	  UserName = proplists:get_value(<<"username">>, KeyVals, <<>>),
-	  %UserName = fxml:get_attr_s(<<"username">>, KeyVals),
 	  case is_digesturi_valid(DigestURI, State#state.host,
 				  State#state.hostfqdn)
 	      of
@@ -97,13 +95,11 @@ mech_step(#state{step = 3, nonce = Nonce} = State,
 		{error, <<"not-authorized">>, UserName};
 	    true ->
 		AuthzId = proplists:get_value(<<"authzid">>, KeyVals, <<>>),
-		%AuthzId = fxml:get_attr_s(<<"authzid">>, KeyVals),
 		case (State#state.get_password)(UserName) of
 		  {false, _} -> {error, <<"not-authorized">>, UserName};
 		  {Passwd, AuthModule} ->
-		      case (State#state.check_password)(UserName, <<"">>,
+		      case (State#state.check_password)(UserName, UserName, <<"">>,
 		                    proplists:get_value(<<"response">>, KeyVals, <<>>),
-							%fxml:get_attr_s(<<"response">>, KeyVals),
 							fun (PW) ->
 								response(KeyVals,
 									 UserName,
@@ -130,7 +126,11 @@ mech_step(#state{step = 5, auth_module = AuthModule,
 		 username = UserName, authzid = AuthzId},
 	  <<"">>) ->
    {ok,
-     [{username, UserName}, {authzid, AuthzId},
+     [{username, UserName}, {authzid, case AuthzId of
+        <<"">> -> UserName;
+        _ -> AuthzId
+      end
+    },
      {auth_module, AuthModule}]};
 mech_step(A, B) ->
    ?DEBUG("SASL DIGEST: A ~p B ~p", [A, B]),
@@ -183,16 +183,16 @@ is_digesturi_valid(DigestURICase, JabberDomain,
    DigestURI = stringprep:tolower(DigestURICase),
    case catch str:tokens(DigestURI, <<"/">>) of
 	[<<"xmpp">>, Host] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (Host == JabberDomain) or IsHostFqdn;
 	[<<"xmpp">>, Host, ServName] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (ServName == JabberDomain) and IsHostFqdn;
 	_ ->
 	    false
    end.

-is_host_fqdn(Host, [Letter | _Tail] = Fqdn) when not is_list(Letter) ->
+is_host_fqdn(Host, Fqdn) when is_binary(Fqdn) ->
    Host == Fqdn;
 is_host_fqdn(_Host, []) ->
    false;
@@ -204,6 +204,7 @@ is_host_fqdn(Host, [Fqdn | FqdnTail]) when Host /= Fqdn ->
 get_local_fqdn() ->
    case catch get_local_fqdn2() of
      Str when is_binary(Str) -> Str;
+      List when is_list(List) -> List;
      _ ->
 	  <<"unknown-fqdn, please configure fqdn "
 	    "option in ejabberd.yml!">>
@@ -211,9 +212,11 @@ get_local_fqdn() ->

 get_local_fqdn2() ->
    case ejabberd_config:get_option(
-           fqdn, fun iolist_to_binary/1) of
+           fqdn, fun(X) -> X end) of
        ConfiguredFqdn when is_binary(ConfiguredFqdn) ->
            ConfiguredFqdn;
+        [A | _] = ConfiguredFqdns when is_binary(A) ->
+            ConfiguredFqdns;
        undefined ->
            {ok, Hostname} = inet:gethostname(),
            {ok, {hostent, Fqdn, _, _, _, _}} =
@@ -51,7 +51,7 @@ mech_step(State, ClientIn) ->
                    {ok,
                     [{username, User}, {authzid, AuthzId},
                      {auth_module, ejabberd_oauth}]};
-                false ->
+                _ ->
                    {error, <<"not-authorized">>, User}
            end;
        _ -> {error, <<"bad-protocol">>}
@@ -45,7 +45,7 @@ mech_new(_Host, _GetPassword, CheckPassword, _CheckPasswordDigest) ->
 mech_step(State, ClientIn) ->
    case prepare(ClientIn) of
      [AuthzId, User, Password] ->
-	  case (State#state.check_password)(User, Password) of
+	  case (State#state.check_password)(User, AuthzId, Password) of
 	    {true, AuthModule} ->
 		{ok,
 		 [{username, User}, {authzid, AuthzId},
@@ -60,12 +60,17 @@ prepare(ClientIn) ->
      [<<"">>, UserMaybeDomain, Password] ->
 	  case parse_domain(UserMaybeDomain) of
 	    %% <NUL>login@domain<NUL>pwd
-	    [User, _Domain] -> [UserMaybeDomain, User, Password];
+	    [User, _Domain] -> [User, User, Password];
 	    %% <NUL>login<NUL>pwd
-	    [User] -> [<<"">>, User, Password]
+	    [User] -> [User, User, Password]
 	  end;
+      [AuthzId, User, Password] ->
+      case parse_domain(AuthzId) of
      %% login@domain<NUL>login<NUL>pwd
-      [AuthzId, User, Password] -> [AuthzId, User, Password];
+        [AuthzUser, _Domain] -> [AuthzUser, User, Password];
+        %% login<NUL>login<NUL>pwd
+        [AuthzUser] -> [AuthzUser, User, Password]
+      end;
      _ -> error
    end.

@@ -159,7 +159,8 @@ mech_step(#state{step = 4} = State, ClientIn) ->
 					 ServerSignature =
 					     scram:server_signature(State#state.server_key,
 								    AuthMessage),
-					 {ok, [{username, State#state.username}],
+					 {ok, [{username, State#state.username},
+					       {authzid, State#state.username}],
 					  <<"v=",
 					    (jlib:encode_base64(ServerSignature))/binary>>};
 				     true -> {error, <<"bad-auth">>, State#state.username}
@@ -79,7 +79,7 @@ is_loaded() ->
 start_app(App, Type, StartFlag) when not is_list(App) ->
    start_app([App], Type, StartFlag);
 start_app([App|Apps], Type, StartFlag) ->
-    case application:start(App) of
+    case application:start(App,Type) of
        ok ->
            spawn(fun() -> check_app_modules(App, StartFlag) end),
            start_app(Apps, Type, StartFlag);
@@ -87,6 +87,7 @@ get_commands_spec() ->
 			args = [], result = {res, rescode}},
     #ejabberd_commands{name = reopen_log, tags = [logs, server],
 			desc = "Reopen the log files",
+			policy = admin,
 			module = ?MODULE, function = reopen_log,
 			args = [], result = {res, rescode}},
     #ejabberd_commands{name = rotate_log, tags = [logs, server],
@@ -129,6 +130,7 @@ get_commands_spec() ->

     #ejabberd_commands{name = register, tags = [accounts],
 			desc = "Register a user",
+			policy = admin,
 			module = ?MODULE, function = register,
 			args = [{user, binary}, {host, binary}, {password, binary}],
 			result = {res, restuple}},
@@ -166,7 +168,7 @@ get_commands_spec() ->
     #ejabberd_commands{name = list_cluster, tags = [cluster],
 			desc = "List nodes that are part of the cluster handled by Node",
 			module = ?MODULE, function = list_cluster,
-			args = [], 
+			args = [],
 			result = {nodes, {list, {node, atom}}}},

     #ejabberd_commands{name = import_file, tags = [mnesia],
@@ -192,16 +194,16 @@ get_commands_spec() ->
 			module = ejabberd_piefxis, function = export_host,
 			args = [{dir, string}, {host, string}], result = {res, rescode}},

-     #ejabberd_commands{name = export_odbc, tags = [mnesia, odbc],
+     #ejabberd_commands{name = delete_mnesia, tags = [mnesia, sql],
                        desc = "Export all tables as SQL queries to a file",
-                        module = ejd2odbc, function = export,
-                        args = [{host, string}, {file, string}], result = {res, rescode}},
-     #ejabberd_commands{name = convert_to_scram, tags = [odbc],
+                        module = ejd2sql, function = delete,
+                        args = [{host, string}], result = {res, rescode}},
+     #ejabberd_commands{name = convert_to_scram, tags = [sql],
 			desc = "Convert the passwords in 'users' ODBC table to SCRAM",
-			module = ejabberd_auth_odbc, function = convert_to_scram,
+			module = ejabberd_auth_sql, function = convert_to_scram,
 			args = [{host, binary}], result = {res, rescode}},

-     #ejabberd_commands{name = import_prosody, tags = [mnesia, odbc, riak],
+     #ejabberd_commands{name = import_prosody, tags = [mnesia, sql, riak],
 			desc = "Import data from Prosody",
 			module = prosody2ejabberd, function = from_dir,
 			args = [{dir, string}], result = {res, rescode}},
@@ -220,11 +222,11 @@ get_commands_spec() ->
 			desc = "Delete offline messages older than DAYS",
 			module = ?MODULE, function = delete_old_messages,
 			args = [{days, integer}], result = {res, rescode}},
-	 
-     #ejabberd_commands{name = export2odbc, tags = [mnesia],
+
+     #ejabberd_commands{name = export2sql, tags = [mnesia],
 			desc = "Export virtual host information from Mnesia tables to SQL files",
-			module = ejd2odbc, function = export,
-			args = [{host, string}, {directory, string}],
+			module = ejd2sql, function = export,
+			args = [{host, string}, {file, string}],
 			result = {res, rescode}},
     #ejabberd_commands{name = set_master, tags = [mnesia],
 			desc = "Set master node of the clustered Mnesia tables",
@@ -378,13 +380,12 @@ register(User, Host, Password) ->
 	{atomic, ok} ->
 	    {ok, io_lib:format("User ~s@~s successfully registered", [User, Host])};
 	{atomic, exists} ->
-	    String = io_lib:format("User ~s@~s already registered at node ~p",
-				   [User, Host, node()]),
-	    {exists, String};
+	    Msg = io_lib:format("User ~s@~s already registered", [User, Host]),
+	    {error, conflict, 10090, Msg};
 	{error, Reason} ->
 	    String = io_lib:format("Can't register user ~s@~s at node ~p: ~p",
 				   [User, Host, node(), Reason]),
-	    {cannot_register, String}
+	    {error, cannot_register, 10001, String}
    end.

 unregister(User, Host) ->
@@ -30,7 +30,7 @@

 -behaviour(application).

-export([start_modules/0, start/2, prep_stop/1, stop/1,
+-export([start/2, prep_stop/1, stop/1,
 	 init/0, opt_type/1]).

 -include("ejabberd.hrl").
@@ -45,6 +45,7 @@ start(normal, _Args) ->
    write_pid_file(),
    jid:start(),
    start_apps(),
+    start_elixir_application(),
    ejabberd:check_app(ejabberd),
    randoms:start(),
    db_init(),
@@ -55,6 +56,7 @@ start(normal, _Args) ->
    ejabberd_admin:start(),
    gen_mod:start(),
    ext_mod:start(),
+    setup_if_elixir_conf_used(),
    ejabberd_config:start(),
    set_settings_from_config(),
    acl:start(),
@@ -63,6 +65,7 @@ start(normal, _Args) ->
    Sup = ejabberd_sup:start_link(),
    ejabberd_rdbms:start(),
    ejabberd_riak_sup:start(),
+    ejabberd_redis:start(),
    ejabberd_sm:start(),
    cyrsasl:start(),
    % Profiling
@@ -71,8 +74,10 @@ start(normal, _Args) ->
    maybe_add_nameservers(),
    ejabberd_auth:start(),
    ejabberd_oauth:start(),
-    start_modules(),
+    gen_mod:start_modules(),
    ejabberd_listener:start_listeners(),
+    ejabberd_service:start(),
+    register_elixir_config_hooks(),
    ?INFO_MSG("ejabberd ~s is started in the node ~p", [?VERSION, node()]),
    Sup;
 start(_, _) ->
@@ -83,9 +88,9 @@ start(_, _) ->
 %% before shutting down the processes of the application.
 prep_stop(State) ->
    ejabberd_listener:stop_listeners(),
-    stop_modules(),
    ejabberd_admin:stop(),
    broadcast_c2s_shutdown(),
+    gen_mod:stop_modules(),
    timer:sleep(5000),
    State.

@@ -137,42 +142,6 @@ db_init() ->
    ejabberd:start_app(mnesia, permanent),
    mnesia:wait_for_tables(mnesia:system_info(local_tables), infinity).

-%% Start all the modules in all the hosts
-start_modules() ->
-    lists:foreach(
-      fun(Host) ->
-              Modules = ejabberd_config:get_option(
-                          {modules, Host},
-                          fun(Mods) ->
-                                  lists:map(
-                                    fun({M, A}) when is_atom(M), is_list(A) ->
-                                            {M, A}
-                                    end, Mods)
-                          end, []),
-              lists:foreach(
-                fun({Module, Args}) ->
-                        gen_mod:start_module(Host, Module, Args)
-                end, Modules)
-      end, ?MYHOSTS).
-
-%% Stop all the modules in all the hosts
-stop_modules() ->
-    lists:foreach(
-      fun(Host) ->
-              Modules = ejabberd_config:get_option(
-                          {modules, Host},
-                          fun(Mods) ->
-                                  lists:map(
-                                    fun({M, A}) when is_atom(M), is_list(A) ->
-                                            {M, A}
-                                    end, Mods)
-                          end, []),
-              lists:foreach(
-                fun({Module, _Args}) ->
-                        gen_mod:stop_module_keep_config(Host, Module)
-                end, Modules)
-      end, ?MYHOSTS).
-
 connect_nodes() ->
    Nodes = ejabberd_config:get_option(
              cluster_nodes,
@@ -256,7 +225,6 @@ start_apps() ->
    ejabberd:start_app(fast_tls),
    ejabberd:start_app(fast_xml),
    ejabberd:start_app(stringprep),
-    ejabberd:start_app(ezlib),
    ejabberd:start_app(cache_tab).

 opt_type(net_ticktime) ->
@@ -273,3 +241,26 @@ opt_type(modules) ->
 		      Mods)
    end;
 opt_type(_) -> [cluster_nodes, loglevel, modules, net_ticktime].
+
+setup_if_elixir_conf_used() ->
+  case ejabberd_config:is_using_elixir_config() of
+    true -> 'Elixir.Ejabberd.Config.Store':start_link();
+    false -> ok
+  end.
+
+register_elixir_config_hooks() ->
+  case ejabberd_config:is_using_elixir_config() of
+    true -> 'Elixir.Ejabberd.Config':start_hooks();
+    false -> ok
+  end.
+
+start_elixir_application() ->
+    case ejabberd_config:is_elixir_enabled() of
+	true ->
+	    case application:ensure_started(elixir) of
+		ok -> ok;
+		{error, _Msg} -> ?ERROR_MSG("Elixir application not started.", [])
+	    end;
+	_ ->
+	    ok
+    end.
@@ -32,9 +32,9 @@
 -author('alexey@process-one.net').

 %% External exports
-export([start/0, set_password/3, check_password/3,
-	 check_password/5, check_password_with_authmodule/3,
-	 check_password_with_authmodule/5, try_register/3,
+-export([start/0, set_password/3, check_password/4,
+	 check_password/6, check_password_with_authmodule/4,
+	 check_password_with_authmodule/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2, export/1, import/1,
 	 get_vh_registered_users_number/1, import/3,
@@ -63,8 +63,8 @@
 -callback remove_user(binary(), binary()) -> any().
 -callback remove_user(binary(), binary(), binary()) -> any().
 -callback is_user_exists(binary(), binary()) -> boolean() | {error, atom()}.
-callback check_password(binary(), binary(), binary()) -> boolean().
-callback check_password(binary(), binary(), binary(), binary(),
+-callback check_password(binary(), binary(), binary(), binary()) -> boolean().
+-callback check_password(binary(), binary(), binary(), binary(), binary(),
                         fun((binary()) -> binary())) -> boolean().
 -callback try_register(binary(), binary(), binary()) -> {atomic, atom()} |
                                                        {error, atom()}.
@@ -102,10 +102,10 @@ store_type(Server) ->
 		end,
 		plain, auth_modules(Server)).

-spec check_password(binary(), binary(), binary()) -> boolean().
+-spec check_password(binary(), binary(), binary(), binary()) -> boolean().

-check_password(User, Server, Password) ->
-    case check_password_with_authmodule(User, Server,
+check_password(User, AuthzId, Server, Password) ->
+    case check_password_with_authmodule(User, AuthzId, Server,
 					Password)
 	of
      {true, _AuthModule} -> true;
@@ -113,15 +113,15 @@ check_password(User, Server, Password) ->
    end.

 %% @doc Check if the user and password can login in server.
-%% @spec (User::string(), Server::string(), Password::string(),
+%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string(),
 %%        Digest::string(), DigestGen::function()) ->
 %%     true | false
-spec check_password(binary(), binary(), binary(), binary(),
+-spec check_password(binary(), binary(), binary(), binary(), binary(),
                     fun((binary()) -> binary())) -> boolean().
                                 
-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    case check_password_with_authmodule(User, Server,
+    case check_password_with_authmodule(User, AuthzId, Server,
 					Password, Digest, DigestGen)
 	of
      {true, _AuthModule} -> true;
@@ -132,28 +132,28 @@ check_password(User, Server, Password, Digest,
 %% The user can login if at least an authentication method accepts the user
 %% and the password.
 %% The first authentication method that accepts the credentials is returned.
-%% @spec (User::string(), Server::string(), Password::string()) ->
+%% @spec (User::string(), AuthzId::string(), Server::string(), Password::string()) ->
 %%     {true, AuthModule} | false
 %% where
 %%   AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
-%%                 | ejabberd_auth_internal | ejabberd_auth_ldap
-%%                 | ejabberd_auth_odbc | ejabberd_auth_pam
-spec check_password_with_authmodule(binary(), binary(), binary()) -> false |
+%%                 | ejabberd_auth_mnesia | ejabberd_auth_ldap
+%%                 | ejabberd_auth_sql | ejabberd_auth_pam | ejabberd_auth_riak
+-spec check_password_with_authmodule(binary(), binary(), binary(), binary()) -> false |
                                                                      {true, atom()}.

-check_password_with_authmodule(User, Server,
+check_password_with_authmodule(User, AuthzId, Server,
 			       Password) ->
    check_password_loop(auth_modules(Server),
-			[User, Server, Password]).
+			[User, AuthzId, Server, Password]).

-spec check_password_with_authmodule(binary(), binary(), binary(), binary(),
+-spec check_password_with_authmodule(binary(), binary(), binary(), binary(), binary(),
                                     fun((binary()) -> binary())) -> false |
                                                                     {true, atom()}.

-check_password_with_authmodule(User, Server, Password,
+check_password_with_authmodule(User, AuthzId, Server, Password,
 			       Digest, DigestGen) ->
    check_password_loop(auth_modules(Server),
-			[User, Server, Password, Digest, DigestGen]).
+			[User, AuthzId, Server, Password, Digest, DigestGen]).

 check_password_loop([], _Args) -> false;
 check_password_loop([AuthModule | AuthModules], Args) ->
@@ -428,30 +428,21 @@ auth_modules() ->
 %% Return the list of authenticated modules for a given host
 auth_modules(Server) ->
    LServer = jid:nameprep(Server),
-    Default = case gen_mod:default_db(LServer) of
-		  mnesia -> internal;
-		  DBType -> DBType
-	      end,
+    Default = ejabberd_config:default_db(LServer, ?MODULE),
    Methods = ejabberd_config:get_option(
-                {auth_method, LServer},
-                fun(V) when is_list(V) ->
-                        true = lists:all(fun is_atom/1, V),
-                        V;
-                   (V) when is_atom(V) ->
-                        [V]
-                end, [Default]),
+                {auth_method, LServer}, opt_type(auth_method), [Default]),
    [jlib:binary_to_atom(<<"ejabberd_auth_",
                           (jlib:atom_to_binary(M))/binary>>)
     || M <- Methods].

 export(Server) ->
-    ejabberd_auth_internal:export(Server).
+    ejabberd_auth_mnesia:export(Server).

 import(Server) ->
-    ejabberd_auth_internal:import(Server).
+    ejabberd_auth_mnesia:import(Server).

 import(Server, mnesia, Passwd) ->
-    ejabberd_auth_internal:import(Server, mnesia, Passwd);
+    ejabberd_auth_mnesia:import(Server, mnesia, Passwd);
 import(Server, riak, Passwd) ->
    ejabberd_auth_riak:import(Server, riak, Passwd);
 import(_, _, _) ->
@@ -459,7 +450,7 @@ import(_, _, _) ->

 opt_type(auth_method) ->
    fun (V) when is_list(V) ->
-	    true = lists:all(fun is_atom/1, V), V;
-	(V) when is_atom(V) -> [V]
+	    lists:map(fun(M) -> ejabberd_config:v_db(?MODULE, M) end, V);
+	(V) -> [ejabberd_config:v_db(?MODULE, V)]
    end;
 opt_type(_) -> [auth_method].
@@ -38,8 +38,8 @@
 	 unregister_connection/3
 	]).

-export([login/2, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([login/2, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -56,7 +56,7 @@
 %% Create the anonymous table if at least one virtual host has anonymous features enabled
 %% Register to login / logout events
 -record(anonymous, {us = {<<"">>, <<"">>} :: {binary(), binary()},
-                    sid = {p1_time_compat:timestamp(), self()} :: ejabberd_sm:sid()}).
+                    sid = ejabberd_sm:make_sid() :: ejabberd_sm:sid()}).

 start(Host) ->
    %% TODO: Check cluster mode
@@ -175,11 +175,11 @@ purge_hook(true, LUser, LServer) ->

 %% When anonymous login is enabled, check the password for permenant users
 %% before allowing access
-check_password(User, Server, Password) ->
-    check_password(User, Server, Password, undefined,
+check_password(User, AuthzId, Server, Password) ->
+    check_password(User, AuthzId, Server, Password, undefined,
 		   undefined).

-check_password(User, Server, _Password, _Digest,
+check_password(User, _AuthzId, Server, _Password, _Digest,
 	       _DigestGen) ->
    case
      ejabberd_auth:is_user_exists_in_other_modules(?MODULE,
@@ -31,8 +31,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -56,7 +56,7 @@ start(Host) ->
            "extauth"),
    extauth:start(Host, Cmd),
    check_cache_last_options(Host),
-    ejabberd_auth_internal:start(Host).
+    ejabberd_auth_mnesia:start(Host).

 check_cache_last_options(Server) ->
    case get_cache_option(Server) of
@@ -76,21 +76,27 @@ plain_password_required() -> true.

 store_type() -> external.

-check_password(User, Server, Password) ->
-    case get_cache_option(Server) of
-      false -> check_password_extauth(User, Server, Password);
-      {true, CacheTime} ->
-	  check_password_cache(User, Server, Password, CacheTime)
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    case get_cache_option(Server) of
+	      false ->
+		  check_password_extauth(User, AuthzId, Server, Password);
+	      {true, CacheTime} ->
+		  check_password_cache(User, AuthzId, Server, Password,
+				       CacheTime)
+	    end
    end.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

 set_password(User, Server, Password) ->
    case extauth:set_password(User, Server, Password) of
      true ->
-	  set_password_internal(User, Server, Password), ok;
+	  set_password_mnesia(User, Server, Password), ok;
      _ -> {error, unknown_problem}
    end.

@@ -102,20 +108,20 @@ try_register(User, Server, Password) ->
    end.

 dirty_get_registered_users() ->
-    ejabberd_auth_internal:dirty_get_registered_users().
+    ejabberd_auth_mnesia:dirty_get_registered_users().

 get_vh_registered_users(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users(Server).

 get_vh_registered_users(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users(Server,
 						   Data).

 get_vh_registered_users_number(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server).

 get_vh_registered_users_number(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server,
 							  Data).

 %% The password can only be returned if cache is enabled, cached info exists and is fresh enough.
@@ -147,7 +153,7 @@ remove_user(User, Server) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server)
+		ejabberd_auth_mnesia:remove_user(User, Server)
 	  end
    end.

@@ -158,7 +164,7 @@ remove_user(User, Server, Password) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server,
+		ejabberd_auth_mnesia:remove_user(User, Server,
 						   Password)
 	  end
    end.
@@ -178,8 +184,8 @@ get_cache_option(Host) ->
        CacheTime -> {true, CacheTime}
    end.

-%% @spec (User, Server, Password) -> true | false
-check_password_extauth(User, Server, Password) ->
+%% @spec (User, AuthzId, Server, Password) -> true | false
+check_password_extauth(User, _AuthzId, Server, Password) ->
    extauth:check_password(User, Server, Password) andalso
      Password /= <<"">>.

@@ -187,45 +193,45 @@ check_password_extauth(User, Server, Password) ->
 try_register_extauth(User, Server, Password) ->
    extauth:try_register(User, Server, Password).

-check_password_cache(User, Server, Password, 0) ->
-    check_password_external_cache(User, Server, Password);
-check_password_cache(User, Server, Password,
+check_password_cache(User, AuthzId, Server, Password, 0) ->
+    check_password_external_cache(User, AuthzId, Server, Password);
+check_password_cache(User, AuthzId, Server, Password,
 		     CacheTime) ->
    case get_last_access(User, Server) of
      online ->
-	  check_password_internal(User, Server, Password);
+	  check_password_mnesia(User, AuthzId, Server, Password);
      never ->
-	  check_password_external_cache(User, Server, Password);
+	  check_password_external_cache(User, AuthzId, Server, Password);
      mod_last_required ->
 	  ?ERROR_MSG("extauth is used, extauth_cache is enabled "
 		     "but mod_last is not enabled in that "
 		     "host",
 		     []),
-	  check_password_external_cache(User, Server, Password);
+	  check_password_external_cache(User, AuthzId, Server, Password);
      TimeStamp ->
 	  case is_fresh_enough(TimeStamp, CacheTime) of
 	    %% If no need to refresh, check password against Mnesia
 	    true ->
-		case check_password_internal(User, Server, Password) of
+		case check_password_mnesia(User, AuthzId, Server, Password) of
 		  %% If password valid in Mnesia, accept it
 		  true -> true;
 		  %% Else (password nonvalid in Mnesia), check in extauth and cache result
 		  false ->
-		      check_password_external_cache(User, Server, Password)
+		      check_password_external_cache(User, AuthzId, Server, Password)
 		end;
 	    %% Else (need to refresh), check in extauth and cache result
 	    false ->
-		check_password_external_cache(User, Server, Password)
+		check_password_external_cache(User, AuthzId, Server, Password)
 	  end
    end.

-get_password_internal(User, Server) ->
-    ejabberd_auth_internal:get_password(User, Server).
+get_password_mnesia(User, Server) ->
+    ejabberd_auth_mnesia:get_password(User, Server).

-%% @spec (User, Server, CacheTime) -> false | Password::string()
+-spec get_password_cache(User::binary(), Server::binary(), CacheTime::integer()) -> Password::string() | false.
 get_password_cache(User, Server, CacheTime) ->
    case get_last_access(User, Server) of
-      online -> get_password_internal(User, Server);
+      online -> get_password_mnesia(User, Server);
      never -> false;
      mod_last_required ->
 	  ?ERROR_MSG("extauth is used, extauth_cache is enabled "
@@ -235,16 +241,16 @@ get_password_cache(User, Server, CacheTime) ->
 	  false;
      TimeStamp ->
 	  case is_fresh_enough(TimeStamp, CacheTime) of
-	    true -> get_password_internal(User, Server);
+	    true -> get_password_mnesia(User, Server);
 	    false -> false
 	  end
    end.

 %% Check the password using extauth; if success then cache it
-check_password_external_cache(User, Server, Password) ->
-    case check_password_extauth(User, Server, Password) of
+check_password_external_cache(User, AuthzId, Server, Password) ->
+    case check_password_extauth(User, AuthzId, Server, Password) of
      true ->
-	  set_password_internal(User, Server, Password), true;
+	  set_password_mnesia(User, Server, Password), true;
      false -> false
    end.

@@ -252,31 +258,31 @@ check_password_external_cache(User, Server, Password) ->
 try_register_external_cache(User, Server, Password) ->
    case try_register_extauth(User, Server, Password) of
      {atomic, ok} = R ->
-	  set_password_internal(User, Server, Password), R;
+	  set_password_mnesia(User, Server, Password), R;
      _ -> {error, not_allowed}
    end.

-%% @spec (User, Server, Password) -> true | false
-check_password_internal(User, Server, Password) ->
-    ejabberd_auth_internal:check_password(User, Server,
+%% @spec (User, AuthzId, Server, Password) -> true | false
+check_password_mnesia(User, AuthzId, Server, Password) ->
+    ejabberd_auth_mnesia:check_password(User, AuthzId, Server,
 					  Password).

 %% @spec (User, Server, Password) -> ok | {error, invalid_jid}
-set_password_internal(User, Server, Password) ->
+set_password_mnesia(User, Server, Password) ->
 %% @spec (TimeLast, CacheTime) -> true | false
 %%       TimeLast = online | never | integer()
 %%       CacheTime = integer() | false
-    ejabberd_auth_internal:set_password(User, Server,
+    ejabberd_auth_mnesia:set_password(User, Server,
 					Password).

 is_fresh_enough(TimeStampLast, CacheTime) ->
    Now = p1_time_compat:system_time(seconds),
    TimeStampLast + CacheTime > Now.

-%% @spec (User, Server) -> online | never | mod_last_required | TimeStamp::integer()
 %% Code copied from mod_configure.erl
 %% Code copied from web/ejabberd_web_admin.erl
 %% TODO: Update time format to XEP-0202: Entity Time
+-spec(get_last_access(User::binary(), Server::binary()) -> (online | never | mod_last_required | integer())).
 get_last_access(User, Server) ->
    case ejabberd_sm:get_user_resources(User, Server) of
      [] ->
@@ -37,7 +37,7 @@
 	 handle_cast/2, terminate/2, code_change/3]).

 -export([start/1, stop/1, start_link/1, set_password/3,
-	 check_password/3, check_password/5, try_register/3,
+	 check_password/4, check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -116,19 +116,22 @@ plain_password_required() -> true.

 store_type() -> external.

-check_password(User, Server, Password) ->
-    if Password == <<"">> -> false;
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
       true ->
-	   case catch check_password_ldap(User, Server, Password)
-	       of
-	     {'EXIT', _} -> false;
-	     Result -> Result
-	   end
+	    if Password == <<"">> -> false;
+	       true ->
+		    case catch check_password_ldap(User, Server, Password) of
+		      {'EXIT', _} -> false;
+		      Result -> Result
+		    end
+	    end
    end.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

 set_password(User, Server, Password) ->
    {ok, State} = eldap_utils:get_state(Server, ?MODULE),
@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_internal.erl
+%%% File    : ejabberd_auth_mnesia.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via mnesia
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_auth_internal).
+-module(ejabberd_auth_mnesia).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).

 -behaviour(ejabberd_config).

@@ -31,8 +33,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -43,6 +45,7 @@

 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                 password = <<"">> :: binary() | scram() | '_'}).
@@ -86,45 +89,50 @@ store_type() ->
      true -> scram %% allows: PLAIN SCRAM
    end.

-check_password(User, Server, Password) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Password}]
-	  when is_binary(Password) ->
-	  Password /= <<"">>;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  is_password_scram_valid(Password, Scram);
-      _ -> false
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Password}] when is_binary(Password) ->
+		  Password /= <<"">>;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  is_password_scram_valid(Password, Scram);
+	      _ -> false
+	    end
    end.

-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Passwd}] when is_binary(Passwd) ->
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  Passwd = jlib:decode_base64(Scram#scram.storedkey),
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      _ -> false
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Passwd}] when is_binary(Passwd) ->
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  Passwd = jlib:decode_base64(Scram#scram.storedkey),
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      _ -> false
+	    end
    end.

 %% @spec (User::string(), Server::string(), Password::string()) ->
@@ -465,12 +473,22 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
    [{passwd,
      fun(Host, #passwd{us = {LUser, LServer}, password = Password})
+            when LServer == Host,
+                 is_binary(Password) ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
+         (Host, #passwd{us = {LUser, LServer}, password = #scram{} = Scram})
            when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+              StoredKey = Scram#scram.storedkey,
+              ServerKey = Scram#scram.serverkey,
+              Salt = Scram#scram.salt,
+              IterationCount = Scram#scram.iterationcount,
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password, serverkey, salt, "
+                    "iterationcount) "
+                    "values (%(LUser)s, %(StoredKey)s, %(ServerKey)s,"
+                    " %(Salt)s, %(IterationCount)d);")];
         (_Host, _R) ->
              []
      end}].
@@ -30,8 +30,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -46,11 +46,14 @@ start(_Host) ->
 set_password(_User, _Server, _Password) ->
    {error, not_allowed}.

-check_password(User, Server, Password, _Digest,
+check_password(User, AuthzId, Server, Password, _Digest,
 	       _DigestGen) ->
-    check_password(User, Server, Password).
+    check_password(User, AuthzId, Server, Password).

-check_password(User, Host, Password) ->
+check_password(User, AuthzId, Host, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
    Service = get_pam_service(Host),
    UserInfo = case get_pam_userinfotype(Host) of
 		 username -> User;
@@ -61,6 +64,7 @@ check_password(User, Host, Password) ->
 	of
      true -> true;
      _ -> false
+        end
    end.

 try_register(_User, _Server, _Password) ->
@@ -25,13 +25,15 @@

 -module(ejabberd_auth_riak).

+-compile([{parse_transform, ejabberd_sql_pt}]).
+
 -author('alexey@process-one.net').

 -behaviour(ejabberd_auth).

 %% External exports
-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -42,6 +44,7 @@
 -export([passwd_schema/0]).

 -include("ejabberd.hrl").
+-include("ejabberd_sql_pt.hrl").

 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                 password = <<"">> :: binary() | scram() | '_'}).
@@ -66,9 +69,12 @@ store_type() ->
 passwd_schema() ->
    {record_info(fields, passwd), #passwd{}}.

-check_password(User, Server, Password) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LUser = jid:nodeprep(User),
+        LServer = jid:nameprep(Server),
    case ejabberd_riak:get(passwd, passwd_schema(), {LUser, LServer}) of
        {ok, #passwd{password = Password}} when is_binary(Password) ->
            Password /= <<"">>;
@@ -76,12 +82,16 @@ check_password(User, Server, Password) ->
            is_password_scram_valid(Password, Scram);
        _ ->
            false
+        end
    end.

-check_password(User, Server, Password, Digest,
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LUser = jid:nodeprep(User),
+        LServer = jid:nameprep(Server),
    case ejabberd_riak:get(passwd, passwd_schema(), {LUser, LServer}) of
      {ok, #passwd{password = Passwd}} when is_binary(Passwd) ->
 	  DigRes = if Digest /= <<"">> ->
@@ -102,6 +112,7 @@ check_password(User, Server, Password, Digest,
 	     true -> (Passwd == Password) and (Password /= <<"">>)
 	  end;
      _ -> false
+        end
    end.

 set_password(User, Server, Password) ->
@@ -282,12 +293,10 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
    [{passwd,
      fun(Host, #passwd{us = {LUser, LServer}, password = Password})
-            when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+         when LServer == Host ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
         (_Host, _R) ->
              []
      end}].
@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_odbc.erl
+%%% File    : ejabberd_auth_sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via ODBC
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------

-module(ejabberd_auth_odbc).
+-module(ejabberd_auth_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).

 -behaviour(ejabberd_config).

@@ -31,8 +33,8 @@

 -behaviour(ejabberd_auth).

-export([start/1, set_password/3, check_password/3,
-	 check_password/5, try_register/3,
+-export([start/1, set_password/3, check_password/4,
+	 check_password/6, try_register/3,
 	 dirty_get_registered_users/0, get_vh_registered_users/1,
 	 get_vh_registered_users/2,
 	 get_vh_registered_users_number/1,
@@ -43,6 +45,7 @@

 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").

 -define(SALT_LENGTH, 16).

@@ -63,31 +66,30 @@ store_type() ->
      true -> scram %% allows: PLAIN SCRAM
    end.

-%% @spec (User, Server, Password) -> true | false | {error, Error}
-check_password(User, Server, Password) ->
-    LServer = jid:nameprep(Server),
-    LUser = jid:nodeprep(User),
+%% @spec (User, AuthzId, Server, Password) -> true | false | {error, Error}
+check_password(User, AuthzId, Server, Password) ->
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LServer = jid:nameprep(Server),
+        LUser = jid:nodeprep(User),
    if (LUser == error) or (LServer == error) ->
            false;
       (LUser == <<>>) or (LServer == <<>>) ->
            false;
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
-                    try odbc_queries:get_password_scram(LServer, Username) of
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>],
-                         [[StoredKey, ServerKey, Salt, IterationCount]]} ->
+                    try sql_queries:get_password_scram(LServer, LUser) of
+                        {selected,
+                         [{StoredKey, ServerKey, Salt, IterationCount}]} ->
                            Scram =
                                #scram{storedkey = StoredKey,
                                       serverkey = ServerKey,
                                       salt = Salt,
-                                       iterationcount = binary_to_integer(
-                                                          IterationCount)},
-                            is_password_scram_valid(Password, Scram);
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>], []} ->
+                                       iterationcount = IterationCount},
+                            is_password_scram_valid_stored(Password, Scram, LUser, LServer);
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -96,12 +98,12 @@ check_password(User, Server, Password) ->
                            false %% Typical error is database not accessible
                    end;
                false ->
-                    try odbc_queries:get_password(LServer, Username) of
-                        {selected, [<<"password">>], [[Password]]} ->
+                    try sql_queries:get_password(LServer, LUser) of
+                        {selected, [{Password}]} ->
                            Password /= <<"">>;
-                        {selected, [<<"password">>], [[_Password2]]} ->
+                        {selected, [{_Password2}]} ->
                            false; %% Password is not correct
-                        {selected, [<<"password">>], []} ->
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -110,13 +112,17 @@ check_password(User, Server, Password) ->
                            false %% Typical error is database not accessible
                    end
            end
+        end
    end.

-%% @spec (User, Server, Password, Digest, DigestGen) -> true | false | {error, Error}
-check_password(User, Server, Password, Digest,
+%% @spec (User, AuthzId, Server, Password, Digest, DigestGen) -> true | false | {error, Error}
+check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
-    LServer = jid:nameprep(Server),
-    LUser = jid:nodeprep(User),
+    if AuthzId /= <<>> andalso AuthzId /= User ->
+        false;
+    true ->
+        LServer = jid:nameprep(Server),
+        LUser = jid:nodeprep(User),
    if (LUser == error) or (LServer == error) ->
            false;
       (LUser == <<>>) or (LServer == <<>>) ->
@@ -124,10 +130,9 @@ check_password(User, Server, Password, Digest,
       true ->
            case is_scrammed() of
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    try odbc_queries:get_password(LServer, Username) of
+                    try sql_queries:get_password(LServer, LUser) of
                        %% Account exists, check if password is valid
-                        {selected, [<<"password">>], [[Passwd]]} ->
+                        {selected, [{Passwd}]} ->
                            DigRes = if Digest /= <<"">> ->
                                             Digest == DigestGen(Passwd);
                                        true -> false
@@ -135,7 +140,7 @@ check_password(User, Server, Password, Digest,
                            if DigRes -> true;
                               true -> (Passwd == Password) and (Password /= <<"">>)
                            end;
-                        {selected, [<<"password">>], []} ->
+                        {selected, []} ->
                            false; %% Account does not exist
                        {error, _Error} ->
                            false %% Typical error is that table doesn't exist
@@ -146,6 +151,7 @@ check_password(User, Server, Password, Digest,
                true ->
                    false
            end
+        end
    end.

 %% @spec (User::string(), Server::string(), Password::string()) ->
@@ -158,26 +164,24 @@ set_password(User, Server, Password) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            {error, invalid_jid};
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
                    Scram = password_to_scram(Password),
-                    case catch odbc_queries:set_password_scram_t(
+                    case catch sql_queries:set_password_scram_t(
                                 LServer,
-                                 Username,
-                                 ejabberd_odbc:escape(Scram#scram.storedkey),
-                                 ejabberd_odbc:escape(Scram#scram.serverkey),
-                                 ejabberd_odbc:escape(Scram#scram.salt),
-                                 integer_to_binary(Scram#scram.iterationcount)
+                                 LUser,
+                                 Scram#scram.storedkey,
+                                 Scram#scram.serverkey,
+                                 Scram#scram.salt,
+                                 Scram#scram.iterationcount
                                )
                        of
                        {atomic, ok} -> ok;
                        Other -> {error, Other}
                    end;
                false ->
-                    Pass = ejabberd_odbc:escape(Password),
-                    case catch odbc_queries:set_password_t(LServer,
-                                                           Username, Pass)
+                    case catch sql_queries:set_password_t(LServer,
+                                                           LUser, Password)
                        of
                        {atomic, ok} -> ok;
                        Other -> {error, Other}
@@ -194,26 +198,23 @@ try_register(User, Server, Password) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            {error, invalid_jid};
       true ->
-	  Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
                    Scram = password_to_scram(Password),
-                    case catch odbc_queries:add_user_scram(
+                    case catch sql_queries:add_user_scram(
                                 LServer,
-                                 Username,
-                                 ejabberd_odbc:escape(Scram#scram.storedkey),
-                                 ejabberd_odbc:escape(Scram#scram.serverkey),
-                                 ejabberd_odbc:escape(Scram#scram.salt),
-                                 integer_to_binary(Scram#scram.iterationcount)
+                                 LUser,
+                                 Scram#scram.storedkey,
+                                 Scram#scram.serverkey,
+                                 Scram#scram.salt,
+                                 Scram#scram.iterationcount
                                ) of
                        {updated, 1} -> {atomic, ok};
                        _ -> {atomic, exists}
                    end;
                false ->
-                    Pass = ejabberd_odbc:escape(Password),
-                    case catch odbc_queries:add_user(LServer, Username,
-                                                     Pass)
-                        of
+                    case catch sql_queries:add_user(LServer, LUser,
+                                                     Password) of
                        {updated, 1} -> {atomic, ok};
                        _ -> {atomic, exists}
                    end
@@ -221,42 +222,58 @@ try_register(User, Server, Password) ->
    end.

 dirty_get_registered_users() ->
-    Servers = ejabberd_config:get_vh_by_auth_method(odbc),
+    Servers = ejabberd_config:get_vh_by_auth_method(sql),
    lists:flatmap(fun (Server) ->
 			  get_vh_registered_users(Server)
 		  end,
 		  Servers).

 get_vh_registered_users(Server) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:list_users(LServer) of
-      {selected, [<<"username">>], Res} ->
-	  [{U, LServer} || [U] <- Res];
-      _ -> []
+    case jid:nameprep(Server) of
+        error -> [];
+        <<>> -> [];
+        LServer ->
+            case catch sql_queries:list_users(LServer) of
+                {selected, Res} ->
+                    [{U, LServer} || {U} <- Res];
+                _ -> []
+            end
    end.

 get_vh_registered_users(Server, Opts) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:list_users(LServer, Opts) of
-      {selected, [<<"username">>], Res} ->
-	  [{U, LServer} || [U] <- Res];
-      _ -> []
+    case jid:nameprep(Server) of
+        error -> [];
+        <<>> -> [];
+        LServer ->
+            case catch sql_queries:list_users(LServer, Opts) of
+                {selected, Res} ->
+                    [{U, LServer} || {U} <- Res];
+                _ -> []
+            end
    end.

 get_vh_registered_users_number(Server) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:users_number(LServer) of
-      {selected, [_], [[Res]]} ->
-	  jlib:binary_to_integer(Res);
-      _ -> 0
+    case jid:nameprep(Server) of
+        error -> 0;
+        <<>> -> 0;
+        LServer ->
+            case catch sql_queries:users_number(LServer) of
+                {selected, [{Res}]} ->
+                    Res;
+                _ -> 0
+            end
    end.

 get_vh_registered_users_number(Server, Opts) ->
-    LServer = jid:nameprep(Server),
-    case catch odbc_queries:users_number(LServer, Opts) of
-      {selected, [_], [[Res]]} ->
-	  jlib:binary_to_integer(Res);
-      _Other -> 0
+    case jid:nameprep(Server) of
+        error -> 0;
+        <<>> -> 0;
+        LServer ->
+            case catch sql_queries:users_number(LServer, Opts) of
+                {selected, [{Res}]} ->
+                    Res;
+                _Other -> 0
+            end
    end.

 get_password(User, Server) ->
@@ -267,24 +284,22 @@ get_password(User, Server) ->
       (LUser == <<>>) or (LServer == <<>>) ->
            false;
       true ->
-            Username = ejabberd_odbc:escape(LUser),
            case is_scrammed() of
                true ->
-                    case catch odbc_queries:get_password_scram(
-                                 LServer, Username) of
-                        {selected, [<<"password">>, <<"serverkey">>,
-                                    <<"salt">>, <<"iterationcount">>],
-                         [[StoredKey, ServerKey, Salt, IterationCount]]} ->
+                    case catch sql_queries:get_password_scram(
+                                 LServer, LUser) of
+                        {selected,
+                         [{StoredKey, ServerKey, Salt, IterationCount}]} ->
                            {jlib:decode_base64(StoredKey),
                             jlib:decode_base64(ServerKey),
                             jlib:decode_base64(Salt),
-                             binary_to_integer(IterationCount)};
+                             IterationCount};
                        _ -> false
                    end;
                false ->
-                    case catch odbc_queries:get_password(LServer, Username)
+                    case catch sql_queries:get_password(LServer, LUser)
                        of
-                        {selected, [<<"password">>], [[Password]]} -> Password;
+                        {selected, [{Password}]} -> Password;
                        _ -> false
                    end
            end
@@ -300,9 +315,8 @@ get_password_s(User, Server) ->
       true ->
            case is_scrammed() of
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    case catch odbc_queries:get_password(LServer, Username) of
-                        {selected, [<<"password">>], [[Password]]} -> Password;
+                    case catch sql_queries:get_password(LServer, LUser) of
+                        {selected, [{Password}]} -> Password;
                        _ -> <<"">>
                    end;
                true -> <<"">>
@@ -311,15 +325,17 @@ get_password_s(User, Server) ->

 %% @spec (User, Server) -> true | false | {error, Error}
 is_user_exists(User, Server) ->
-    case jid:nodeprep(User) of
-      error -> false;
-      LUser ->
-	  Username = ejabberd_odbc:escape(LUser),
-	  LServer = jid:nameprep(Server),
-	  try odbc_queries:get_password(LServer, Username) of
-	    {selected, [<<"password">>], [[_Password]]} ->
+    LServer = jid:nameprep(Server),
+    LUser = jid:nodeprep(User),
+    if (LUser == error) or (LServer == error) ->
+            false;
+       (LUser == <<>>) or (LServer == <<>>) ->
+            false;
+       true ->
+	  try sql_queries:get_password(LServer, LUser) of
+	    {selected, [{_Password}]} ->
 		true; %% Account exists
-	    {selected, [<<"password">>], []} ->
+	    {selected, []} ->
 		false; %% Account does not exist
 	    {error, Error} -> {error, Error}
 	  catch
@@ -331,12 +347,14 @@ is_user_exists(User, Server) ->
 %% @doc Remove user.
 %% Note: it may return ok even if there was some problem removing the user.
 remove_user(User, Server) ->
-    case jid:nodeprep(User) of
-      error -> error;
-      LUser ->
-	  Username = ejabberd_odbc:escape(LUser),
-	  LServer = jid:nameprep(Server),
-	  catch odbc_queries:del_user(LServer, Username),
+    LServer = jid:nameprep(Server),
+    LUser = jid:nodeprep(User),
+    if (LUser == error) or (LServer == error) ->
+            error;
+       (LUser == <<>>) or (LServer == <<>>) ->
+            error;
+       true ->
+	  catch sql_queries:del_user(LServer, LUser),
 	  ok
    end.

@@ -352,27 +370,23 @@ remove_user(User, Server, Password) ->
       true ->
            case is_scrammed() of
                true ->
-                    case check_password(User, Server, Password) of
+                    case check_password(User, <<"">>, Server, Password) of
                        true ->
                            remove_user(User, Server),
                            ok;
                        false -> not_allowed
                    end;
                false ->
-                    Username = ejabberd_odbc:escape(LUser),
-                    Pass = ejabberd_odbc:escape(Password),
                    F = fun () ->
-                                Result = odbc_queries:del_user_return_password(
-                                           LServer, Username, Pass),
+                                Result = sql_queries:del_user_return_password(
+                                           LServer, LUser, Password),
                                case Result of
-                                    {selected, [<<"password">>],
-                                     [[Password]]} -> ok;
-                                    {selected, [<<"password">>],
-                                     []} -> not_exists;
+                                    {selected, [{Password}]} -> ok;
+                                    {selected, []} -> not_exists;
                                    _ -> not_allowed
                                end
                        end,
-                    {atomic, Result} = odbc_queries:sql_transaction(
+                    {atomic, Result} = sql_queries:sql_transaction(
                                         LServer, F),
                    Result
            end
@@ -403,6 +417,15 @@ password_to_scram(Password, IterationCount) ->
 	   salt = jlib:encode_base64(Salt),
 	   iterationcount = IterationCount}.

+is_password_scram_valid_stored(Pass, {scram,Pass,<<>>,<<>>,0}, LUser, LServer) ->
+    ?INFO_MSG("Apparently, SQL auth method and scram password formatting are "
+	"enabled, but the password of user '~s' in the 'users' table is not "
+	"scrammed. You may want to execute this command: "
+	"ejabberdctl convert_to_scram ~s", [LUser, LServer]),
+    false;
+is_password_scram_valid_stored(Password, Scram, _, _) ->
+    is_password_scram_valid(Password, Scram).
+
 is_password_scram_valid(Password, Scram) ->
    IterationCount = Scram#scram.iterationcount,
    Salt = jlib:decode_base64(Scram#scram.salt),
@@ -414,19 +437,15 @@ is_password_scram_valid(Password, Scram) ->

 -define(BATCH_SIZE, 1000).

-set_password_scram_t(Username,
+set_password_scram_t(LUser,
                     StoredKey, ServerKey, Salt, IterationCount) ->
-    odbc_queries:update_t(<<"users">>,
-                          [<<"username">>,
-                           <<"password">>,
-                           <<"serverkey">>,
-                           <<"salt">>,
-                           <<"iterationcount">>],
-                          [Username, StoredKey,
-                           ServerKey, Salt,
-                           IterationCount],
-                          [<<"username='">>, Username,
-                           <<"'">>]).
+    ?SQL_UPSERT_T(
+       "users",
+       ["!username=%(LUser)s",
+        "password=%(StoredKey)s",
+        "serverkey=%(ServerKey)s",
+        "salt=%(Salt)s",
+        "iterationcount=%(IterationCount)d"]).

 convert_to_scram(Server) ->
    LServer = jid:nameprep(Server),
@@ -436,31 +455,31 @@ convert_to_scram(Server) ->
            {error, {incorrect_server_name, Server}};
        true ->
            F = fun () ->
-                        case ejabberd_odbc:sql_query_t(
-                               [<<"select username, password from users where "
-                                 "iterationcount=0 limit ">>,
-                                integer_to_binary(?BATCH_SIZE),
-                                <<";">>]) of
-                            {selected, [<<"username">>, <<"password">>], []} ->
+                        BatchSize = ?BATCH_SIZE,
+                        case ejabberd_sql:sql_query_t(
+                               ?SQL("select @(username)s, @(password)s"
+                                    " from users"
+                                    " where iterationcount=0"
+                                    " limit %(BatchSize)d")) of
+                            {selected, []} ->
                                ok;
-                            {selected, [<<"username">>, <<"password">>], Rs} ->
+                            {selected, Rs} ->
                                lists:foreach(
-                                  fun([LUser, Password]) ->
-                                          Username = ejabberd_odbc:escape(LUser),
+                                  fun({LUser, Password}) ->
                                          Scram = password_to_scram(Password),
                                          set_password_scram_t(
-                                            Username,
-                                            ejabberd_odbc:escape(Scram#scram.storedkey),
-                                            ejabberd_odbc:escape(Scram#scram.serverkey),
-                                            ejabberd_odbc:escape(Scram#scram.salt),
-                                            integer_to_binary(Scram#scram.iterationcount)
+                                            LUser,
+                                            Scram#scram.storedkey,
+                                            Scram#scram.serverkey,
+                                            Scram#scram.salt,
+                                            Scram#scram.iterationcount
                                           )
                                  end, Rs),
                                continue;
                            Err -> {bad_reply, Err}
                        end
                end,
-            case odbc_queries:sql_transaction(LServer, F) of
+            case sql_queries:sql_transaction(LServer, F) of
                {atomic, ok} -> ok;
                {atomic, continue} -> convert_to_scram(Server);
                {atomic, Error} -> {error, Error};
@@ -90,7 +90,8 @@
 %%%    PowFloat = math:pow(Base, Exponent),
 %%%    round(PowFloat).</pre>
 %%%
-%%% Since this function will be called by ejabberd_commands, it must be exported.
+%%% Since this function will be called by ejabberd_commands, it must
+%%% be exported.
 %%% Add to your module:
 %%% <pre>-export([calc_power/2]).</pre>
 %%%
@@ -201,24 +202,36 @@
 %%% TODO: consider this feature:
 %%% All commands are catched. If an error happens, return the restuple:
 %%%   {error, flattened error string}
-%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc) need to allows this.
-%%% And ejabberd_xmlrpc must be prepared to handle such an unexpected response.
+%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc)
+%%% need to allows this. And ejabberd_xmlrpc must be prepared to
+%%% handle such an unexpected response.


 -module(ejabberd_commands).
 -author('badlop@process-one.net').

+-define(DEFAULT_VERSION, 1000000).
+
 -export([init/0,
 	 list_commands/0,
+	 list_commands/1,
 	 get_command_format/1,
-         get_command_format/2,
+	 get_command_format/2,
+	 get_command_format/3,
+         get_command_policy_and_scope/1,
 	 get_command_definition/1,
+	 get_command_definition/2,
 	 get_tags_commands/0,
-         get_commands/0,
+	 get_tags_commands/1,
+         get_exposed_commands/0,
 	 register_commands/1,
-	 unregister_commands/1,
+   unregister_commands/1,
+   expose_commands/1,
 	 execute_command/2,
-         execute_command/4,
+	 execute_command/3,
+	 execute_command/4,
+	 execute_command/5,
+	 execute_command/6,
         opt_type/1,
         get_commands_spec/0
 	]).
@@ -226,6 +239,7 @@
 -include("ejabberd_commands.hrl").
 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include_lib("stdlib/include/ms_transform.hrl").

 -define(POLICY_ACCESS, '$policy').

@@ -260,23 +274,27 @@ get_commands_spec() ->
                           args_example = ["/home/me/docs/api.html", "mod_admin", "java,json"],
                           result_example = ok}].
 init() ->
-    ets:new(ejabberd_commands, [named_table, set, public,
-				{keypos, #ejabberd_commands.name}]),
+    mnesia:create_table(ejabberd_commands,
+                        [{ram_copies, [node()]},
+                         {local_content, true},
+                         {attributes, record_info(fields, ejabberd_commands)},
+                         {type, bag}]),
+    mnesia:add_table_copy(ejabberd_commands, node(), ram_copies),
    register_commands(get_commands_spec()).

 -spec register_commands([ejabberd_commands()]) -> ok.

 %% @doc Register ejabberd commands.
-%% If a command is already registered, a warning is printed and the old command is preserved.
+%% If a command is already registered, a warning is printed and the
+%% old command is preserved.
+%% A registered command is not directly available to be called through
+%% ejabberd ReST API. It need to be exposed to be available through API.
 register_commands(Commands) ->
    lists:foreach(
      fun(Command) ->
-	      case ets:insert_new(ejabberd_commands, Command) of
-		  true ->
-		      ok;
-		  false ->
-		      ?DEBUG("This command is already defined:~n~p", [Command])
-	      end
+              %% XXX check if command exists
+              mnesia:dirty_write(Command)
+              %% ?DEBUG("This command is already defined:~n~p", [Command])
      end,
      Commands).

@@ -286,147 +304,297 @@ register_commands(Commands) ->
 unregister_commands(Commands) ->
    lists:foreach(
      fun(Command) ->
-	      ets:delete_object(ejabberd_commands, Command)
+	      mnesia:dirty_delete_object(Command)
      end,
      Commands).

+%% @doc Expose command through ejabberd ReST API.
+%% Pass a list of command names or policy to expose.
+-spec expose_commands([ejabberd_commands()|atom()|open|user|admin|restricted]) -> ok | {error, atom()}.
+
+expose_commands(Commands) ->
+    Names = lists:map(fun(#ejabberd_commands{name = Name}) ->
+                              Name;
+                         (Name) when is_atom(Name) ->
+                              Name
+                      end,
+                      Commands),
+
+    case ejabberd_config:add_local_option(commands, [{add_commands, Names}]) of
+        {aborted, Reason} ->
+            {error, Reason};
+        {atomic, Result} ->
+            Result
+    end.
+
 -spec list_commands() -> [{atom(), [aterm()], string()}].

 %% @doc Get a list of all the available commands, arguments and description.
 list_commands() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    _ = '_'}),
-    [{A, B, C} || [A, B, C] <- Commands].
+    list_commands(?DEFAULT_VERSION).

-spec list_commands_policy() -> [{atom(), [aterm()], string(), atom()}].
+-spec list_commands(integer()) -> [{atom(), [aterm()], string()}].

-%% @doc Get a list of all the available commands, arguments, description, and
-%% policy.
-list_commands_policy() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    policy = '$4',
-					    _ = '_'}),
-    [{A, B, C, D} || [A, B, C, D] <- Commands].
+%% @doc Get a list of all the available commands, arguments and
+%% description in a given API verion.
+list_commands(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc} || #ejabberd_commands{name = Name,
+                                              args = Args,
+                                              desc = Desc} <- Commands].

-spec get_command_format(atom()) -> {[aterm()], rterm()} | {error, command_unknown}.
+
+-spec list_commands_policy(integer()) ->
+				  [{atom(), [aterm()], string(), atom()}].
+
+%% @doc Get a list of all the available commands, arguments,
+%% description, and policy in a given API version.
+list_commands_policy(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc, Policy} ||
+        #ejabberd_commands{name = Name,
+                           args = Args,
+                           desc = Desc,
+                           policy = Policy} <- Commands].
+
+-spec get_command_format(atom()) -> {[aterm()], rterm()}.

 %% @doc Get the format of arguments and result of a command.
 get_command_format(Name) ->
-    get_command_format(Name, noauth).
+    get_command_format(Name, noauth, ?DEFAULT_VERSION).
+get_command_format(Name, Version) when is_integer(Version) ->
+    get_command_format(Name, noauth, Version);
+get_command_format(Name, Auth)  ->
+    get_command_format(Name, Auth, ?DEFAULT_VERSION).

-get_command_format(Name, Auth) ->
-    Admin = is_admin(Name, Auth),
-    Matched = ets:match(ejabberd_commands,
-			#ejabberd_commands{name = Name,
-					   args = '$1',
-					   result = '$2',
-                                           policy = '$3',
-					   _ = '_'}),
-    case Matched of
-	[] ->
-	    {error, command_unknown};
-	[[Args, Result, user]] when Admin;
-                                    Auth == noauth ->
-	    {[{user, binary}, {server, binary} | Args], Result};
-	[[Args, Result, _]] ->
-	    {Args, Result}
+-spec get_command_format(atom(),
+			 {binary(), binary(), binary(), boolean()} |
+			 noauth | admin,
+			 integer()) ->
+				{[aterm()], rterm()}.
+
+get_command_format(Name, Auth, Version) ->
+    Admin = is_admin(Name, Auth, #{}),
+    #ejabberd_commands{args = Args,
+		       result = Result,
+                       policy = Policy} =
+        get_command_definition(Name, Version),
+    case Policy of
+        user when Admin;
+                  Auth == noauth ->
+            {[{user, binary}, {server, binary} | Args], Result};
+        _ ->
+            {Args, Result}
    end.

-spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
+-spec get_command_policy_and_scope(atom()) -> {ok, open|user|admin|restricted, [oauth_scope()]} | {error, command_not_found}.
+
+%% @doc return command policy.
+get_command_policy_and_scope(Name) ->
+    case get_command_definition(Name) of
+        #ejabberd_commands{policy = Policy} = Cmd ->
+            {ok, Policy, cmd_scope(Cmd)};
+        command_not_found ->
+            {error, command_not_found}
+    end.
+
+%% The oauth scopes for a command are the command name itself,
+%% also might include either 'ejabberd:user' or 'ejabberd:admin'
+cmd_scope(#ejabberd_commands{policy = Policy, name = Name}) ->
+    [erlang:atom_to_binary(Name,utf8)] ++ [<<"ejabberd:user">> || Policy == user] ++ [<<"ejabberd:admin">> || Policy == admin].
+
+
+-spec get_command_definition(atom()) -> ejabberd_commands().

 %% @doc Get the definition record of a command.
 get_command_definition(Name) ->
-    case ets:lookup(ejabberd_commands, Name) of
-	[E] -> E;
-	[] -> command_not_found
+    get_command_definition(Name, ?DEFAULT_VERSION).
+
+-spec get_command_definition(atom(), integer()) -> ejabberd_commands().
+
+%% @doc Get the definition record of a command in a given API version.
+get_command_definition(Name, Version) ->
+    case lists:reverse(
+           lists:sort(
+             mnesia:dirty_select(
+               ejabberd_commands,
+               ets:fun2ms(
+                 fun(#ejabberd_commands{name = N, version = V} = C)
+                       when N == Name, V =< Version ->
+                         {V, C}
+                 end)))) of
+        [{_, Command} | _ ] -> Command;
+        _E -> throw({error, unknown_command})
    end.

-%% @spec (Name::atom(), Arguments) -> ResultTerm | {error, command_unknown}
-%% @doc Execute a command.
-execute_command(Name, Arguments) ->
-    execute_command([], noauth, Name, Arguments).
+-spec get_commands_definition(integer()) -> [ejabberd_commands()].

-spec execute_command([{atom(), [atom()], [any()]}],
-                      {binary(), binary(), binary(), boolean()} |
-                      noauth | admin,
-                      atom(),
-                      [any()]
+% @doc Returns all commands for a given API version
+get_commands_definition(Version) ->
+    L = lists:reverse(
+          lists:sort(
+            mnesia:dirty_select(
+              ejabberd_commands,
+              ets:fun2ms(
+                fun(#ejabberd_commands{name = Name, version = V} = C)
+                      when V =< Version ->
+                        {Name, V, C}
+                end)))),
+    F = fun({_Name, _V, Command}, []) ->
+                [Command];
+           ({Name, _V, _Command}, [#ejabberd_commands{name=Name}|_T] = Acc) ->
+                Acc;
+           ({_Name, _V, Command}, Acc) -> [Command | Acc]
+        end,
+    lists:foldl(F, [], L).
+
+%% @spec (Name::atom(), Arguments) -> ResultTerm
+%% where
+%%       Arguments = [any()]
+%% @doc Execute a command.
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided | access_rules_unauthorized
+execute_command(Name, Arguments) ->
+    execute_command(Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command(atom(),
+                      [any()],
+		      integer() |
+		      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin
                     ) -> any().

-%% @spec (AccessCommands, Auth, Name::atom(), Arguments) -> ResultTerm | {error, Error}
+%% @spec (Name::atom(), Arguments, integer() | Auth) -> ResultTerm
 %% where
-%%       AccessCommands = [{Access, CommandNames, Arguments}]
+%%       Auth = {User::string(), Server::string(), Password::string(),
+%%               Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided
+execute_command(Name, Arguments, Version) when is_integer(Version) ->
+    execute_command([], noauth, Name, Arguments, Version);
+execute_command(Name, Arguments, Auth) ->
+    execute_command([], Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments) ->
+%%                                     ResultTerm | {error, Error}
+%% where
+%%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
 %%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
 %%            | noauth
 %%            | admin
-%%       Method = atom()
 %%       Arguments = [any()]
-%%       Error = command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
-execute_command(AccessCommands1, Auth1, Name, Arguments) ->
-    Auth = case is_admin(Name, Auth1) of
+%%
+%% @doc Execute a command
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
+execute_command(AccessCommands, Auth, Name, Arguments) ->
+    execute_command(AccessCommands, Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command([{atom(), [atom()], [any()]}] | undefined,
+                      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin,
+                      atom(),
+                      [any()],
+		      integer()
+                     ) -> any().
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments, integer()) -> ResultTerm
+%% where
+%%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
+%%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided | access_rules_unauthorized
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version) ->
+    execute_command(AccessCommands1, Auth1, Name, Arguments, Version, #{}).
+
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version, CallerInfo) ->
+    Auth = case is_admin(Name, Auth1, CallerInfo) of
               true -> admin;
               false -> Auth1
           end,
-    case ets:lookup(ejabberd_commands, Name) of
-	[Command] ->
-            AccessCommands = get_access_commands(AccessCommands1),
-	    try check_access_commands(AccessCommands, Auth, Name, Command, Arguments) of
-		ok -> execute_command2(Auth, Command, Arguments)
-	    catch
-		{error, Error} -> {error, Error}
-	    end;
-	[] -> {error, command_unknown}
+    TokenJID = oauth_token_user(Auth1),
+    Command = get_command_definition(Name, Version),
+    AccessCommands = get_all_access_commands(AccessCommands1),
+
+    case check_access_commands(AccessCommands, Auth, Name, Command, Arguments, CallerInfo) of
+        ok -> execute_check_policy(Auth, TokenJID, Command, Arguments)
    end.

-execute_command2(
-  _Auth, #ejabberd_commands{policy = open} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  _Auth, #ejabberd_commands{policy = restricted} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  _Auth, #ejabberd_commands{policy = admin} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  {User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, [User, Server | Arguments]).

-execute_command2(Command, Arguments) ->
+execute_check_policy(
+  _Auth, _JID, #ejabberd_commands{policy = open} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  noauth, _JID, Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  _Auth, _JID, #ejabberd_commands{policy = restricted} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  _Auth, JID, #ejabberd_commands{policy = admin} = Command, Arguments) ->
+    execute_check_access(JID, Command, Arguments);
+execute_check_policy(
+  admin, JID, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_check_access(JID, Command, Arguments);
+execute_check_policy(
+  {User, Server, _, _}, JID, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_check_access(JID, Command, [User, Server | Arguments]).
+
+execute_check_access(_FromJID, #ejabberd_commands{access = []} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_access(undefined, _Command, _Arguments) ->
+    throw({error, access_rules_unauthorized});
+execute_check_access(FromJID, #ejabberd_commands{access = AccessRefs} = Command, Arguments) ->
+    %% TODO Review: Do we have smarter / better way to check rule on other Host than global ?
+    Host = global,
+    Rules = lists:map(fun({Mod, AccessName, Default}) ->
+                              gen_mod:get_module_opt(Host, Mod,
+                                                     AccessName, fun(A) -> A end, Default);
+                         (Default) ->
+                              Default
+                      end, AccessRefs),
+    case acl:any_rules_allowed(Host, Rules, FromJID) of
+        true ->
+            do_execute_command(Command, Arguments);
+        false ->
+            throw({error, access_rules_unauthorized})
+    end.
+
+do_execute_command(Command, Arguments) ->
    Module = Command#ejabberd_commands.module,
    Function = Command#ejabberd_commands.function,
    ?DEBUG("Executing command ~p:~p with Args=~p", [Module, Function, Arguments]),
-    try apply(Module, Function, Arguments) of
-	Response ->
-	    Response
-    catch
-	Problem ->
-	    {error, Problem}
-    end.
+    apply(Module, Function, Arguments).

 -spec get_tags_commands() -> [{string(), [string()]}].

 %% @spec () -> [{Tag::string(), [CommandName::string()]}]
 %% @doc Get all the tags and associated commands.
 get_tags_commands() ->
-    CommandTags = ets:match(ejabberd_commands,
-			    #ejabberd_commands{
-			      name = '$1',
-			      tags = '$2',
-			      _ = '_'}),
+    get_tags_commands(?DEFAULT_VERSION).
+
+-spec get_tags_commands(integer()) -> [{string(), [string()]}].
+
+%% @spec (integer) -> [{Tag::string(), [CommandName::string()]}]
+%% @doc Get all the tags and associated commands in a given API version
+get_tags_commands(Version) ->
+    CommandTags = [{Name, Tags} ||
+		      #ejabberd_commands{name = Name, tags = Tags}
+			  <- get_commands_definition(Version)],
    Dict = lists:foldl(
-	     fun([CommandNameAtom, CTags], D) ->
+	     fun({CommandNameAtom, CTags}, D) ->
 		     CommandName = atom_to_list(CommandNameAtom),
 		     case CTags of
 			 [] ->
@@ -445,7 +613,6 @@ get_tags_commands() ->
 	     CommandTags),
    orddict:to_list(Dict).

-
 %% -----------------------------
 %% Access verification
 %% -----------------------------
@@ -460,12 +627,12 @@ get_tags_commands() ->
 %% At least one AccessCommand must be satisfied.
 %% It may throw {error, Error} where:
 %% Error = account_unprivileged | invalid_account_data
-check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
+check_access_commands([], _Auth, _Method, _Command, _Arguments, _CallerInfo) ->
    ok;
-check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
+check_access_commands(AccessCommands, Auth, Method, Command1, Arguments, CallerInfo) ->
    Command =
        case {Command1#ejabberd_commands.policy, Auth} of
-            {user, {_, _, _}} ->
+            {user, {_, _, _, _}} ->
                Command1;
            {user, _} ->
                Command1#ejabberd_commands{
@@ -475,29 +642,31 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
                Command1
        end,
    AccessCommandsAllowed =
-	lists:filter(
-	  fun({Access, Commands, ArgumentRestrictions}) ->
-		  case check_access(Command, Access, Auth) of
-		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
-					       Method, Arguments);
-		      false ->
-			  false
-		  end;
-	      ({Access, Commands}) ->
-		  ArgumentRestrictions = [],
-		  case check_access(Command, Access, Auth) of
-		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
-					       Method, Arguments);
-		      false ->
-			  false
-		  end
-	  end,
-	  AccessCommands),
+        lists:filter(
+          fun({Access, Commands, ArgumentRestrictions}) ->
+                  case check_access(Command, Access, Auth, CallerInfo) of
+                      true ->
+                          check_access_command(Commands, Command,
+                                               ArgumentRestrictions,
+                                               Method, Arguments);
+                      false ->
+                          false
+                  end;
+             ({Access, Commands}) ->
+                  ArgumentRestrictions = [],
+                  case check_access(Command, Access, Auth, CallerInfo) of
+                      true ->
+                          check_access_command(Commands, Command,
+                                               ArgumentRestrictions,
+                                               Method, Arguments);
+                      false ->
+                          false
+                  end
+          end,
+          AccessCommands),
    case AccessCommandsAllowed of
-	[] -> throw({error, account_unprivileged});
-	L when is_list(L) -> ok
+        [] -> throw({error, account_unprivileged});
+        L when is_list(L) -> ok
    end.

 -spec check_auth(ejabberd_commands(), noauth) -> noauth_provided;
@@ -508,53 +677,62 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
 check_auth(_Command, noauth) ->
    no_auth_provided;
 check_auth(Command, {User, Server, {oauth, Token}, _}) ->
-    Scope = erlang:atom_to_binary(Command#ejabberd_commands.name, utf8),
-    case ejabberd_oauth:check_token(User, Server, Scope, Token) of
+    ScopeList = cmd_scope(Command),
+    case ejabberd_oauth:check_token(User, Server, ScopeList, Token) of
        true ->
            {ok, User, Server};
-        false ->
+        _ ->
            throw({error, invalid_account_data})
    end;
 check_auth(_Command, {User, Server, Password, _}) when is_binary(Password) ->
    %% Check the account exists and password is valid
-    case ejabberd_auth:check_password(User, Server, Password) of
+    case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
        true -> {ok, User, Server};
        _ -> throw({error, invalid_account_data})
    end.

-check_access(Command, ?POLICY_ACCESS, _)
+check_access(Command, ?POLICY_ACCESS, _, _)
  when Command#ejabberd_commands.policy == open ->
    true;
-check_access(_Command, _Access, admin) ->
+check_access(_Command, _Access, admin, _) ->
    true;
-check_access(_Command, _Access, {_User, _Server, _, true}) ->
+check_access(_Command, _Access, {_User, _Server, _, true}, _) ->
    false;
-check_access(Command, Access, Auth)
+check_access(Command, Access, Auth, CallerInfo)
  when Access =/= ?POLICY_ACCESS;
       Command#ejabberd_commands.policy == open;
       Command#ejabberd_commands.policy == user ->
    case check_auth(Command, Auth) of
 	{ok, User, Server} ->
-	    check_access2(Access, User, Server);
+	    check_access2(Access, CallerInfo#{usr => jid:split(jid:make(User, Server, <<>>))}, Server);
+	no_auth_provided ->
+	    case Command#ejabberd_commands.policy of
+		user ->
+		    false;
+		_ ->
+		    check_access2(Access, CallerInfo, global)
+	    end;
 	_ ->
 	    false
    end;
-check_access(_Command, _Access, _Auth) ->
+check_access(_Command, _Access, _Auth, _CallerInfo) ->
    false.

-check_access2(?POLICY_ACCESS, _User, _Server) ->
+check_access2(?POLICY_ACCESS, _CallerInfo, _Server) ->
    true;
-check_access2(Access, User, Server) ->
+check_access2(Access, AccessInfo, Server) ->
    %% Check this user has access permission
-    case acl:match_rule(Server, Access, jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(Access, AccessInfo, Server) of
 	allow -> true;
 	deny -> false
    end.

-check_access_command(Commands, Command, ArgumentRestrictions, Method, Arguments) ->
+check_access_command(Commands, Command, ArgumentRestrictions,
+		     Method, Arguments) ->
    case Commands==all orelse lists:member(Method, Commands) of
-	true -> check_access_arguments(Command, ArgumentRestrictions, Arguments);
-	false -> false
+        true -> check_access_arguments(Command, ArgumentRestrictions,
+                                       Arguments);
+        false -> false
    end.

 check_access_arguments(Command, ArgumentRestrictions, Arguments) ->
@@ -577,69 +755,84 @@ tag_arguments(ArgsDefs, Args) ->
      Args).


-get_access_commands(undefined) ->
-    Cmds = get_commands(),
+%% Get commands for all version
+get_all_access_commands(AccessCommands) ->
+    get_access_commands(AccessCommands, ?DEFAULT_VERSION).
+
+get_access_commands(undefined, Version) ->
+    Cmds = get_exposed_commands(Version),
    [{?POLICY_ACCESS, Cmds, []}];
-get_access_commands(AccessCommands) ->
+get_access_commands(AccessCommands, _Version) ->
    AccessCommands.

-get_commands() ->
-    Opts = ejabberd_config:get_option(
+get_exposed_commands() ->
+    get_exposed_commands(?DEFAULT_VERSION).
+get_exposed_commands(Version) ->
+    Opts0 = ejabberd_config:get_option(
             commands,
             fun(V) when is_list(V) -> V end,
-             []),
-    CommandsList = list_commands_policy(),
+              []),
+    Opts = lists:map(fun(V) when is_tuple(V) -> [V]; (V) -> V end, Opts0),
+    CommandsList = list_commands_policy(Version),
    OpenCmds = [N || {N, _, _, open} <- CommandsList],
    RestrictedCmds = [N || {N, _, _, restricted} <- CommandsList],
    AdminCmds = [N || {N, _, _, admin} <- CommandsList],
    UserCmds = [N || {N, _, _, user} <- CommandsList],
    Cmds =
        lists:foldl(
-          fun({add_commands, L}, Acc) ->
-                  Cmds = case L of
-                             open -> OpenCmds;
-                             restricted -> RestrictedCmds;
-                             admin -> AdminCmds;
-                             user -> UserCmds;
-                             _ when is_list(L) -> L
-                         end,
+          fun([{add_commands, L}], Acc) ->
+                  Cmds = expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds),
                  lists:usort(Cmds ++ Acc);
-             ({remove_commands, L}, Acc) ->
-                  Cmds = case L of
-                             open -> OpenCmds;
-                             restricted -> RestrictedCmds;
-                             admin -> AdminCmds;
-                             user -> UserCmds;
-                             _ when is_list(L) -> L
-                         end,
+             ([{remove_commands, L}], Acc) ->
+                  Cmds = expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds),
                  Acc -- Cmds;
             (_, Acc) -> Acc
-          end, AdminCmds ++ UserCmds, Opts),
+          end, [], Opts),
    Cmds.

-is_admin(_Name, noauth) ->
-    false;
-is_admin(_Name, admin) ->
+%% This is used to allow mixing command policy (like open, user, admin, restricted), with command entry
+expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds) when is_list(L) ->
+    lists:foldl(fun(open, Acc) -> OpenCmds ++ Acc;
+                   (user, Acc) -> UserCmds ++ Acc;
+                   (admin, Acc) -> AdminCmds ++ Acc;
+                   (restricted, Acc) -> RestrictedCmds ++ Acc;
+                   (Command, Acc) when is_atom(Command) ->
+                        [Command|Acc]
+                end, [], L).
+
+oauth_token_user(noauth) ->
+    undefined;
+oauth_token_user(admin) ->
+    undefined;
+oauth_token_user({User, Server, _, _}) ->
+    jid:make(User, Server, <<>>).
+
+is_admin(_Name, admin, _Extra) ->
    true;
-is_admin(_Name, {_User, _Server, _, false}) ->
+is_admin(_Name, {_User, _Server, _, false}, _Extra) ->
    false;
-is_admin(Name, {User, Server, _, true} = Auth) ->
+is_admin(Name, Auth, Extra) ->
+    {ACLInfo, Server} = case Auth of
+			    {U, S, _, _} ->
+				{Extra#{usr=>jid:split(jid:make(U, S, <<>>))}, S};
+			    _ ->
+				{Extra, global}
+	      end,
    AdminAccess = ejabberd_config:get_option(
                    commands_admin_access,
-                    fun(A) when is_atom(A) -> A end,
+		    fun(V) -> V end,
                    none),
-    case acl:match_rule(Server, AdminAccess,
-                        jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(AdminAccess, ACLInfo, Server) of
        allow ->
            case catch check_auth(get_command_definition(Name), Auth) of
                {ok, _, _} -> true;
+		no_auth_provided -> true;
                _ -> false
            end;
        deny -> false
    end.

-opt_type(commands_admin_access) ->
-    fun(A) when is_atom(A) -> A end;
+opt_type(commands_admin_access) -> fun acl:access_rules_validator/1;
 opt_type(commands) ->
    fun(V) when is_list(V) -> V end;
 opt_type(_) -> [commands, commands_admin_access].
@@ -30,13 +30,17 @@
 	 add_global_option/2, add_local_option/2,
 	 get_global_option/2, get_local_option/2,
         get_global_option/3, get_local_option/3,
-         get_option/2, get_option/3, add_option/2,
+         get_option/2, get_option/3, add_option/2, has_option/1,
         get_vh_by_auth_method/1, is_file_readable/1,
         get_version/0, get_myhosts/0, get_mylang/0,
+         get_ejabberd_config_path/0, is_using_elixir_config/0,
         prepare_opt_val/4, convert_table_to_binary/5,
-         transform_options/1, collect_options/1,
-         convert_to_yaml/1, convert_to_yaml/2,
-         env_binary_to_list/2, opt_type/1, may_hide_data/1]).
+         transform_options/1, collect_options/1, default_db/2,
+         convert_to_yaml/1, convert_to_yaml/2, v_db/2,
+         env_binary_to_list/2, opt_type/1, may_hide_data/1,
+	 is_elixir_enabled/0]).
+
+-export([start/2]).

 -include("ejabberd.hrl").
 -include("logger.hrl").
@@ -52,8 +56,48 @@

 %% @type macro_value() = term().

-
 start() ->
+    mnesia_init(),
+    Config = get_ejabberd_config_path(),
+    State0 = read_file(Config),
+    State1 = hosts_to_start(State0),
+    State2 = validate_opts(State1),
+    %% This start time is used by mod_last:
+    UnixTime = p1_time_compat:system_time(seconds),
+    SharedKey = case erlang:get_cookie() of
+                    nocookie ->
+                        p1_sha:sha(randoms:get_string());
+                    Cookie ->
+                        p1_sha:sha(jlib:atom_to_binary(Cookie))
+                end,
+    State3 = set_option({node_start, global}, UnixTime, State2),
+    State4 = set_option({shared_key, global}, SharedKey, State3),
+    set_opts(State4).
+
+%% When starting ejabberd for testing, we sometimes want to start a
+%% subset of hosts from the one define in the config file.
+%% This function override the host list read from config file by the
+%% one we provide.
+%% Hosts to start are defined in an ejabberd application environment
+%% variable 'hosts' to make it easy to ignore some host in config
+%% file.
+hosts_to_start(State) ->
+    case application:get_env(ejabberd, hosts) of
+        undefined ->
+            %% Start all hosts as defined in config file
+            State;
+        {ok, Hosts} ->
+            set_hosts_in_options(Hosts, State)
+    end.
+
+%% @private
+%% At the moment, these functions are mainly used to setup unit tests.
+-spec start(Hosts :: [binary()], Opts :: [acl:acl() | local_config()]) -> ok.
+start(Hosts, Opts) ->
+    mnesia_init(),
+    set_opts(set_hosts_in_options(Hosts, #state{opts = Opts})).
+
+mnesia_init() ->
    case catch mnesia:table_info(local_config, storage_type) of
        disc_copies ->
            mnesia:delete_table(local_config);
@@ -64,21 +108,7 @@ start() ->
 			[{ram_copies, [node()]},
 			 {local_content, true},
 			 {attributes, record_info(fields, local_config)}]),
-    mnesia:add_table_copy(local_config, node(), ram_copies),
-    Config = get_ejabberd_config_path(),
-    State0 = read_file(Config),
-    State = validate_opts(State0),
-    %% This start time is used by mod_last:
-    UnixTime = p1_time_compat:system_time(seconds),
-    SharedKey = case erlang:get_cookie() of
-                    nocookie ->
-                        p1_sha:sha(randoms:get_string());
-                    Cookie ->
-                        p1_sha:sha(jlib:atom_to_binary(Cookie))
-                end,
-    State1 = set_option({node_start, global}, UnixTime, State),
-    State2 = set_option({shared_key, global}, SharedKey, State1),
-    set_opts(State2).
+    mnesia:add_table_copy(local_config, node(), ram_copies).

 %% @doc Get the filename of the ejabberd configuration file.
 %% The filename can be specified with: erl -config "/path/to/ejabberd.yml".
@@ -112,14 +142,25 @@ get_env_config() ->
 %% @doc Read the ejabberd configuration file.
 %% It also includes additional configuration files and replaces macros.
 %% This function will crash if finds some error in the configuration file.
-%% @spec (File::string()) -> #state{}.
+%% @spec (File::string()) -> #state{}
 read_file(File) ->
    read_file(File, [{replace_macros, true},
                     {include_files, true},
                     {include_modules_configs, true}]).

 read_file(File, Opts) ->
-    Terms1 = get_plain_terms_file(File, Opts),
+    Terms1 = case is_elixir_enabled() of
+		 true ->
+		     case 'Elixir.Ejabberd.ConfigUtil':is_elixir_config(File) of
+			 true ->
+			     'Elixir.Ejabberd.Config':init(File),
+			     'Elixir.Ejabberd.Config':get_ejabberd_opts();
+			 false ->
+			     get_plain_terms_file(File, Opts)
+		     end;
+		 false ->
+		     get_plain_terms_file(File, Opts)
+	     end,
    Terms_macros = case proplists:get_bool(replace_macros, Opts) of
                       true -> replace_macros(Terms1);
                       false -> Terms1
@@ -192,13 +233,11 @@ env_binary_to_list(Application, Parameter) ->
 %% in which the options 'include_config_file' were parsed
 %% and the terms in those files were included.
 %% @spec(iolist()) -> [term()]
-get_plain_terms_file(File) ->
-    get_plain_terms_file(File, [{include_files, true}]).
-
 get_plain_terms_file(File, Opts) when is_binary(File) ->
    get_plain_terms_file(binary_to_list(File), Opts);
 get_plain_terms_file(File1, Opts) ->
    File = get_absolute_path(File1),
+    DontStopOnError = lists:member(dont_halt_on_error, Opts),
    case consult(File) of
 	{ok, Terms} ->
            BinTerms1 = strings_to_binary(Terms),
@@ -218,9 +257,21 @@ get_plain_terms_file(File1, Opts) ->
                false ->
                    BinTerms
            end;
-	{error, Reason} ->
+  {error, enoent, Reason} ->
+      case DontStopOnError of
+          true ->
+              ?WARNING_MSG(Reason, []),
+              [];
+          _ ->
 	    ?ERROR_MSG(Reason, []),
 	    exit_or_halt(Reason)
+      end;
+	{error, Reason} ->
+	    ?ERROR_MSG(Reason, []),
+      case DontStopOnError of
+          true -> [];
+          _ -> exit_or_halt(Reason)
+      end
    end.

 consult(File) ->
@@ -234,17 +285,29 @@ consult(File) ->
                {error, Err} ->
                    Msg1 = "Cannot load " ++ File ++ ": ",
                    Msg2 = fast_yaml:format_error(Err),
+                    case Err of
+                        enoent ->
+                            {error, enoent, Msg1 ++ Msg2};
+                        _ ->
                    {error, Msg1 ++ Msg2}
+                    end
            end;
        _ ->
            case file:consult(File) of
                {ok, Terms} ->
                    {ok, Terms};
+                {error, enoent} ->
+                    {error, enoent};
                {error, {LineNumber, erl_parse, _ParseMessage} = Reason} ->
                    {error, describe_config_problem(File, Reason, LineNumber)};
                {error, Reason} ->
+                    case Reason of
+                        enoent ->
+                            {error, enoent, describe_config_problem(File, Reason)};
+                        _ ->
                    {error, describe_config_problem(File, Reason)}
            end
+            end
    end.

 parserl(<<"> ", Term/binary>>) ->
@@ -268,7 +331,9 @@ get_absolute_path(File) ->
 	    File;
 	relative ->
 	    {ok, Dir} = file:get_cwd(),
-	    filename:absname_join(Dir, File)
+	    filename:absname_join(Dir, File);
+	volumerelative ->
+	    filename:absname(File)
    end.


@@ -277,7 +342,7 @@ search_hosts(Term, State) ->
 	{host, Host} ->
 	    if
 		State#state.hosts == [] ->
-		    add_hosts_to_option([Host], State);
+		    set_hosts_in_options([Host], State);
 		true ->
 		    ?ERROR_MSG("Can't load config file: "
 			       "too many hosts definitions", []),
@@ -286,7 +351,7 @@ search_hosts(Term, State) ->
 	{hosts, Hosts} ->
 	    if
 		State#state.hosts == [] ->
-		    add_hosts_to_option(Hosts, State);
+		    set_hosts_in_options(Hosts, State);
 		true ->
 		    ?ERROR_MSG("Can't load config file: "
 			       "too many hosts definitions", []),
@@ -296,9 +361,12 @@ search_hosts(Term, State) ->
 	    State
    end.

-add_hosts_to_option(Hosts, State) ->
+set_hosts_in_options(Hosts, State) ->
    PrepHosts = normalize_hosts(Hosts),
-    set_option({hosts, global}, PrepHosts, State#state{hosts = PrepHosts}).
+    NewOpts = lists:filter(fun({local_config,{hosts,global},_}) -> false;
+                               (_) -> true
+                            end, State#state.opts),
+    set_option({hosts, global}, PrepHosts, State#state{hosts = PrepHosts, opts = NewOpts}).

 normalize_hosts(Hosts) ->
    normalize_hosts(Hosts,[]).
@@ -408,7 +476,7 @@ maps_to_lists(IMap) ->
              end, [], IMap).

 merge_configs(Terms, ResMap) ->
-    lists:foldl(fun({Name, Val}, Map) when is_list(Val) ->
+    lists:foldl(fun({Name, Val}, Map) when is_list(Val), Name =/= auth_method ->
                        Old = maps:get(Name, Map, #{}),
                        New = lists:foldl(fun(SVal, OMap) ->
                                                  NVal = if Name == host_config orelse Name == append_host_config ->
@@ -442,8 +510,8 @@ include_config_files(Terms) ->
                       include_config_file(File, Opts)
               end, lists:flatten(FileOpts)),

-    M1 = merge_configs(transform_terms(Terms1), #{}),
-    M2 = merge_configs(transform_terms(Terms2), M1),
+    M1 = merge_configs(Terms1, #{}),
+    M2 = merge_configs(Terms2, M1),
    maps_to_lists(M2).

 transform_include_option({include_config_file, File}) when is_list(File) ->
@@ -457,7 +525,7 @@ transform_include_option({include_config_file, Filename, Options}) ->
    {Filename, Options}.

 include_config_file(Filename, Options) ->
-    Included_terms = get_plain_terms_file(Filename),
+    Included_terms = get_plain_terms_file(Filename, [{include_files, true}, dont_halt_on_error]),
    Disallow = proplists:get_value(disallow, Options, []),
    Included_terms2 = delete_disallowed(Disallow, Included_terms),
    Allow_only = proplists:get_value(allow_only, Options, all),
@@ -620,14 +688,42 @@ process_host_term(Term, Host, State, Action) ->
        {hosts, _} ->
            State;
 	{Opt, Val} when Action == set ->
-	    set_option({Opt, Host}, Val, State);
+	    set_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
        {Opt, Val} when Action == append ->
-            append_option({Opt, Host}, Val, State);
+            append_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
        Opt ->
            ?WARNING_MSG("Ignore invalid (outdated?) option ~p", [Opt]),
            State
    end.

+rename_option(Option) when is_atom(Option) ->
+    case atom_to_list(Option) of
+	"odbc_" ++ T ->
+	    NewOption = list_to_atom("sql_" ++ T),
+	    ?WARNING_MSG("Option '~s' is obsoleted, use '~s' instead",
+			 [Option, NewOption]),
+	    NewOption;
+	_ ->
+	    Option
+    end;
+rename_option(Option) ->
+    Option.
+
+change_val(auth_method, Val) ->
+    prepare_opt_val(auth_method, Val,
+		    fun(V) ->
+			    L = if is_list(V) -> V;
+				   true -> [V]
+				end,
+			    lists:map(
+			      fun(odbc) -> sql;
+				 (internal) -> mnesia;
+				 (A) when is_atom(A) -> A
+			      end, L)
+		    end, [mnesia]);
+change_val(_Opt, Val) ->
+    Val.
+
 set_option(Opt, Val, State) ->
    State#state{opts = [#local_config{key = Opt, value = Val} |
                        State#state.opts]}.
@@ -686,24 +782,32 @@ add_option(Opt, Val) ->
 -spec prepare_opt_val(any(), any(), check_fun(), any()) -> any().

 prepare_opt_val(Opt, Val, F, Default) ->
-    Res = case F of
-              {Mod, Fun} ->
-                  catch Mod:Fun(Val);
-              _ ->
-                  catch F(Val)
-          end,
-    case Res of
-        {'EXIT', _} ->
-            ?INFO_MSG("Configuration problem:~n"
-                      "** Option: ~s~n"
-                      "** Invalid value: ~s~n"
-                      "** Using as fallback: ~s",
-                      [format_term(Opt),
-                       format_term(Val),
-                       format_term(Default)]),
-            Default;
-        _ ->
-            Res
+    Call = case F of
+	       {Mod, Fun} ->
+		   fun() -> Mod:Fun(Val) end;
+	       _ ->
+		   fun() -> F(Val) end
+	   end,
+    try Call() of
+	Res ->
+	    Res
+    catch {replace_with, NewRes} ->
+	    NewRes;
+	  {invalid_syntax, Error} ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback: ~s",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default),
+			  Error]),
+	    Default;
+	  _:_ ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default)]),
+	    Default
    end.

 -type check_fun() :: fun((any()) -> any()) | {module(), atom()}.
@@ -756,9 +860,61 @@ get_option(Opt, F, Default) ->
            end
    end.

+-spec has_option(atom() | {atom(), global | binary()}) -> any().
+has_option(Opt) ->
+    get_option(Opt, fun(_) -> true end, false).
+
+init_module_db_table(Modules) ->
+    catch ets:new(module_db, [named_table, public, bag]),
+    %% Dirty hack for mod_pubsub
+    ets:insert(module_db, {mod_pubsub, mnesia}),
+    ets:insert(module_db, {mod_pubsub, sql}),
+    lists:foreach(
+      fun(M) ->
+	      case re:split(atom_to_list(M), "_", [{return, list}]) of
+		  [_] ->
+		      ok;
+		  Parts ->
+		      [Suffix|T] = lists:reverse(Parts),
+		      BareMod = string:join(lists:reverse(T), "_"),
+		      ets:insert(module_db, {list_to_atom(BareMod),
+					     list_to_atom(Suffix)})
+	      end
+      end, Modules).
+
+-spec v_db(module(), atom()) -> atom().
+
+v_db(Mod, internal) -> v_db(Mod, mnesia);
+v_db(Mod, odbc) -> v_db(Mod, sql);
+v_db(Mod, Type) ->
+    case ets:match_object(module_db, {Mod, Type}) of
+	[_|_] -> Type;
+	[] -> erlang:error(badarg)
+    end.
+
+-spec default_db(binary(), module()) -> atom().
+
+default_db(Host, Module) ->
+    case ejabberd_config:get_option(
+	   {default_db, Host}, fun(T) when is_atom(T) -> T end) of
+	undefined ->
+	    mnesia;
+	DBType ->
+	    try
+		v_db(Module, DBType)
+	    catch error:badarg ->
+		    ?WARNING_MSG("Module '~s' doesn't support database '~s' "
+				 "defined in option 'default_db', using "
+				 "'mnesia' as fallback", [Module, DBType]),
+		    mnesia
+	    end
+    end.
+
 get_modules_with_options() ->
    {ok, Mods} = application:get_key(ejabberd, modules),
    ExtMods = [Name || {Name, _Details} <- ext_mod:installed()],
+    AllMods = [?MODULE|ExtMods++Mods],
+    init_module_db_table(AllMods),
    lists:foldl(
      fun(Mod, D) ->
 	      case catch Mod:opt_type('') of
@@ -770,23 +926,30 @@ get_modules_with_options() ->
 		  {'EXIT', {undef, _}} ->
 		      D
 	      end
-      end, dict:new(), [?MODULE|ExtMods++Mods]).
+      end, dict:new(), AllMods).

 validate_opts(#state{opts = Opts} = State) ->
    ModOpts = get_modules_with_options(),
-    NewOpts = lists:filter(
-		fun(#local_config{key = {Opt, _Host}, value = Val}) ->
+    NewOpts = lists:filtermap(
+		fun(#local_config{key = {Opt, _Host}, value = Val} = In) ->
 			case dict:find(Opt, ModOpts) of
 			    {ok, [Mod|_]} ->
 				VFun = Mod:opt_type(Opt),
-				case catch VFun(Val) of
-				    {'EXIT', _} ->
+				try VFun(Val) of
+				    _ ->
+					true
+				catch {replace_with, NewVal} ->
+					{true, In#local_config{value = NewVal}};
+				      {invalid_syntax, Error} ->
+					?ERROR_MSG("ignoring option '~s' with "
+						   "invalid value: ~p: ~s",
+						   [Opt, Val, Error]),
+					false;
+				      _:_ ->
 					?ERROR_MSG("ignoring option '~s' with "
 						   "invalid value: ~p",
 						   [Opt, Val]),
-					false;
-				    _ ->
-					true
+					false
 				end;
 			    _ ->
 				?ERROR_MSG("unknown option '~s' will be likely"
@@ -798,11 +961,25 @@ validate_opts(#state{opts = Opts} = State) ->

 -spec get_vh_by_auth_method(atom()) -> [binary()].

-%% Return the list of hosts handled by a given module
+%% Return the list of hosts with a given auth method
 get_vh_by_auth_method(AuthMethod) ->
-    mnesia:dirty_select(local_config,
-			[{#local_config{key = {auth_method, '$1'},
-					value=AuthMethod},[],['$1']}]).
+    Cfgs = mnesia:dirty_match_object(local_config,
+				     #local_config{key = {auth_method, '_'},
+						   _ = '_'}),
+    lists:flatmap(
+      fun(#local_config{key = {auth_method, Host}, value = M}) ->
+	      Methods = if not is_list(M) -> [M];
+			   true -> M
+			end,
+	      case lists:member(AuthMethod, Methods) of
+		  true when Host == global ->
+		      get_myhosts();
+		  true ->
+		      [Host];
+		  false ->
+		      []
+	      end
+      end, Cfgs).

 %% @spec (Path::string()) -> true | false
 is_file_readable(Path) ->
@@ -836,20 +1013,20 @@ get_mylang() ->
      fun iolist_to_binary/1,
      <<"en">>).

-replace_module(mod_announce_odbc) -> {mod_announce, odbc};
-replace_module(mod_blocking_odbc) -> {mod_blocking, odbc};
-replace_module(mod_caps_odbc) -> {mod_caps, odbc};
-replace_module(mod_irc_odbc) -> {mod_irc, odbc};
-replace_module(mod_last_odbc) -> {mod_last, odbc};
-replace_module(mod_muc_odbc) -> {mod_muc, odbc};
-replace_module(mod_offline_odbc) -> {mod_offline, odbc};
-replace_module(mod_privacy_odbc) -> {mod_privacy, odbc};
-replace_module(mod_private_odbc) -> {mod_private, odbc};
-replace_module(mod_roster_odbc) -> {mod_roster, odbc};
-replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, odbc};
-replace_module(mod_vcard_odbc) -> {mod_vcard, odbc};
-replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, odbc};
-replace_module(mod_pubsub_odbc) -> {mod_pubsub, odbc};
+replace_module(mod_announce_odbc) -> {mod_announce, sql};
+replace_module(mod_blocking_odbc) -> {mod_blocking, sql};
+replace_module(mod_caps_odbc) -> {mod_caps, sql};
+replace_module(mod_irc_odbc) -> {mod_irc, sql};
+replace_module(mod_last_odbc) -> {mod_last, sql};
+replace_module(mod_muc_odbc) -> {mod_muc, sql};
+replace_module(mod_offline_odbc) -> {mod_offline, sql};
+replace_module(mod_privacy_odbc) -> {mod_privacy, sql};
+replace_module(mod_private_odbc) -> {mod_private, sql};
+replace_module(mod_roster_odbc) -> {mod_roster, sql};
+replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, sql};
+replace_module(mod_vcard_odbc) -> {mod_vcard, sql};
+replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, sql};
+replace_module(mod_pubsub_odbc) -> {mod_pubsub, sql};
 replace_module(Module) ->
    case is_elixir_module(Module) of
        true  -> expand_elixir_module(Module);
@@ -878,6 +1055,23 @@ replace_modules(Modules) ->
 %% Elixir module naming
 %% ====================

+-ifdef(ELIXIR_ENABLED).
+is_elixir_enabled() ->
+    true.
+-else.
+is_elixir_enabled() ->
+    false.
+-endif.
+
+is_using_elixir_config() ->
+    case is_elixir_enabled() of
+	true ->
+	    Config = get_ejabberd_config_path(),
+	    'Elixir.Ejabberd.ConfigUtil':is_elixir_config(Config);
+       false ->
+	    false
+    end.
+
 %% If module name start with uppercase letter, this is an Elixir module:
 is_elixir_module(Module) ->
    case atom_to_list(Module) of
@@ -954,7 +1148,7 @@ transform_terms(Terms) ->
            mod_last,
            ejabberd_s2s,
            ejabberd_listener,
-            ejabberd_odbc_sup,
+            ejabberd_sql_sup,
            shaper,
            ejabberd_s2s_out,
            acl,
@@ -57,6 +57,8 @@
 -include("ejabberd.hrl").
 -include("logger.hrl").

+-define(DEFAULT_VERSION, 1000000).
+

 %%-----------------------------
 %% Module
@@ -69,7 +71,7 @@ start() ->
                                 [SNode3 | Args3] ->
                                     [SNode3, 60000, Args3];
                                 _ ->
-                                     print_usage(),
+                                     print_usage(?DEFAULT_VERSION),
                                     halt(?STATUS_USAGE)
                             end,
    SNode1 = case string:tokens(SNode, "@") of
@@ -93,6 +95,9 @@ start() ->
                           [Node, Reason]),
                     %% TODO: show minimal start help
                     ?STATUS_BADRPC;
+                 {invalid_version, V} ->
+                     print("Invalid API version number: ~p~n", [V]),
+                     ?STATUS_ERROR;
                 S ->
                     S
             end,
@@ -126,11 +131,17 @@ unregister_commands(CmdDescs, Module, Function) ->
 %% Process
 %%-----------------------------

+
 -spec process([string()]) -> non_neg_integer().
+process(Args) ->
+    process(Args, ?DEFAULT_VERSION).
+
+
+-spec process([string()], non_neg_integer()) -> non_neg_integer().

 %% The commands status, stop and restart are defined here to ensure
 %% they are usable even if ejabberd is completely stopped.
-process(["status"]) ->
+process(["status"], _Version) ->
    {InternalStatus, ProvidedStatus} = init:get_status(),
    print("The node ~p is ~p with status: ~p~n",
 	   [node(), InternalStatus, ProvidedStatus]),
@@ -146,24 +157,24 @@ process(["status"]) ->
            ?STATUS_SUCCESS
    end;

-process(["stop"]) ->
+process(["stop"], _Version) ->
    %%ejabberd_cover:stop(),
    init:stop(),
    ?STATUS_SUCCESS;

-process(["restart"]) ->
+process(["restart"], _Version) ->
    init:restart(),
    ?STATUS_SUCCESS;

-process(["mnesia"]) ->
+process(["mnesia"], _Version) ->
    print("~p~n", [mnesia:system_info(all)]),
    ?STATUS_SUCCESS;

-process(["mnesia", "info"]) ->
+process(["mnesia", "info"], _Version) ->
    mnesia:info(),
    ?STATUS_SUCCESS;

-process(["mnesia", Arg]) ->
+process(["mnesia", Arg], _Version) ->
    case catch mnesia:system_info(list_to_atom(Arg)) of
 	{'EXIT', Error} -> print("Error: ~p~n", [Error]);
 	Return -> print("~p~n", [Return])
@@ -172,23 +183,23 @@ process(["mnesia", Arg]) ->

 %% The arguments --long and --dual are not documented because they are
 %% automatically selected depending in the number of columns of the shell
-process(["help" | Mode]) ->
+process(["help" | Mode], Version) ->
    {MaxC, ShCode} = get_shell_info(),
    case Mode of
 	[] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--dual"] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--long"] ->
-	    print_usage(long, MaxC, ShCode),
+	    print_usage(long, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--tags"] ->
-	    print_usage_tags(MaxC, ShCode),
+	    print_usage_tags(MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["--tags", Tag] ->
-	    print_usage_tags(Tag, MaxC, ShCode),
+	    print_usage_tags(Tag, MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["help"] ->
 	    print_usage_help(MaxC, ShCode),
@@ -196,13 +207,22 @@ process(["help" | Mode]) ->
 	[CmdString | _] ->
 	    CmdStringU = ejabberd_regexp:greplace(
                           list_to_binary(CmdString), <<"-">>, <<"_">>),
-	    print_usage_commands(binary_to_list(CmdStringU), MaxC, ShCode),
+	    print_usage_commands2(binary_to_list(CmdStringU), MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS
    end;

-process(Args) ->
+process(["--version", Arg | Args], _) ->
+    Version =
+	try
+	    list_to_integer(Arg)
+	catch _:_ ->
+		throw({invalid_version, Arg})
+	end,
+    process(Args, Version);
+
+process(Args, Version) ->
    AccessCommands = get_accesscommands(),
-    {String, Code} = process2(Args, AccessCommands),
+    {String, Code} = process2(Args, AccessCommands, Version),
    case String of
 	[] -> ok;
 	_ ->
@@ -211,18 +231,25 @@ process(Args) ->
    Code.

 %% @spec (Args::[string()], AccessCommands) -> {String::string(), Code::integer()}
-process2(["--auth", User, Server, Pass | Args], AccessCommands) ->
-    process2(Args, {list_to_binary(User), list_to_binary(Server), list_to_binary(Pass), true}, AccessCommands);
 process2(Args, AccessCommands) ->
-    process2(Args, admin, AccessCommands).
+    process2(Args, AccessCommands, ?DEFAULT_VERSION).

-process2(Args, Auth, AccessCommands) ->
-    case try_run_ctp(Args, Auth, AccessCommands) of
+%% @spec (Args::[string()], AccessCommands, Version) -> {String::string(), Code::integer()}
+process2(["--auth", User, Server, Pass | Args], AccessCommands, Version) ->
+    process2(Args, AccessCommands, {list_to_binary(User), list_to_binary(Server),
+				    list_to_binary(Pass), true}, Version);
+process2(Args, AccessCommands, Version) ->
+    process2(Args, AccessCommands, noauth, Version).
+
+
+
+process2(Args, AccessCommands, Auth, Version) ->
+    case try_run_ctp(Args, Auth, AccessCommands, Version) of
 	{String, wrong_command_arguments}
          when is_list(String) ->
 	    io:format(lists:flatten(["\n" | String]++["\n"])),
 	    [CommandString | _] = Args,
-            process(["help" | [CommandString]]),
+            process(["help" | [CommandString]], Version),
 	    {lists:flatten(String), ?STATUS_ERROR};
 	{String, Code}
          when is_list(String) and is_integer(Code) ->
@@ -246,29 +273,29 @@ get_accesscommands() ->
 %%-----------------------------

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_run_ctp(Args, Auth, AccessCommands) ->
+try_run_ctp(Args, Auth, AccessCommands, Version) ->
    try ejabberd_hooks:run_fold(ejabberd_ctl_process, false, [Args]) of
 	false when Args /= [] ->
-	    try_call_command(Args, Auth, AccessCommands);
+	    try_call_command(Args, Auth, AccessCommands, Version);
 	false ->
-	    print_usage(),
+	    print_usage(Version),
 	    {"", ?STATUS_USAGE};
 	Status ->
 	    {"", Status}
    catch
 	exit:Why ->
-	    print_usage(),
+	    print_usage(Version),
 	    {io_lib:format("Error in ejabberd ctl process: ~p", [Why]), ?STATUS_USAGE};
 	Error:Why ->
            %% In this case probably ejabberd is not started, so let's show Status
-            process(["status"]),
+            process(["status"], Version),
            print("~n", []),
 	    {io_lib:format("Error in ejabberd ctl process: '~p' ~p", [Error, Why]), ?STATUS_USAGE}
    end.

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_call_command(Args, Auth, AccessCommands) ->
-    try call_command(Args, Auth, AccessCommands) of
+try_call_command(Args, Auth, AccessCommands, Version) ->
+    try call_command(Args, Auth, AccessCommands, Version) of
 	{error, command_unknown} ->
 	    {io_lib:format("Error: command ~p not known.", [hd(Args)]), ?STATUS_ERROR};
 	{error, wrong_command_arguments} ->
@@ -276,24 +303,28 @@ try_call_command(Args, Auth, AccessCommands) ->
 	Res ->
 	    Res
    catch
+	throw:Error ->
+	    {io_lib:format("~p", [Error]), ?STATUS_ERROR};
 	A:Why ->
 	    Stack = erlang:get_stacktrace(),
 	    {io_lib:format("Problem '~p ~p' occurred executing the command.~nStacktrace: ~p", [A, Why, Stack]), ?STATUS_ERROR}
    end.

 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()} | {error, ErrorType}
-call_command([CmdString | Args], Auth, AccessCommands) ->
+call_command([CmdString | Args], Auth, AccessCommands, Version) ->
    CmdStringU = ejabberd_regexp:greplace(
                   list_to_binary(CmdString), <<"-">>, <<"_">>),
    Command = list_to_atom(binary_to_list(CmdStringU)),
-    case ejabberd_commands:get_command_format(Command, Auth) of
+    case ejabberd_commands:get_command_format(Command, Auth, Version) of
 	{error, command_unknown} ->
 	    {error, command_unknown};
 	{ArgsFormat, ResultFormat} ->
 	    case (catch format_args(Args, ArgsFormat)) of
 		ArgsFormatted when is_list(ArgsFormatted) ->
-		    Result = ejabberd_commands:execute_command(AccessCommands, Auth, Command,
-							       ArgsFormatted),
+		    Result = ejabberd_commands:execute_command(AccessCommands,
+							       Auth, Command,
+							       ArgsFormatted,
+							       Version),
 		    format_result(Result, ResultFormat);
 		{'EXIT', {function_clause,[{lists,zip,[A1, A2], _} | _]}} ->
 		    {NumCompa, TextCompa} =
@@ -343,6 +374,12 @@ format_arg2(Arg, Parse)->
 format_result({error, ErrorAtom}, _) ->
    {io_lib:format("Error: ~p", [ErrorAtom]), make_status(error)};

+%% An error should always be allowed to return extended error to help with API.
+%% Extended error is of the form:
+%%  {error, type :: atom(), code :: int(), Desc :: string()}
+format_result({error, ErrorAtom, Code, _Msg}, _) ->
+    {io_lib:format("Error: ~p", [ErrorAtom]), make_status(Code)};
+
 format_result(Atom, {_Name, atom}) ->
    io_lib:format("~p", [Atom]);

@@ -402,10 +439,12 @@ format_result(404, {_Name, _}) ->

 make_status(ok) -> ?STATUS_SUCCESS;
 make_status(true) -> ?STATUS_SUCCESS;
+make_status(Code) when is_integer(Code), Code > 255 -> ?STATUS_ERROR;
+make_status(Code) when is_integer(Code), Code > 0 -> Code;
 make_status(_Error) -> ?STATUS_ERROR.

-get_list_commands() ->
-    try ejabberd_commands:list_commands() of
+get_list_commands(Version) ->
+    try ejabberd_commands:list_commands(Version) of
 	Commands ->
 	    [tuple_command_help(Command)
 	     || {N,_,_}=Command <- Commands,
@@ -458,10 +497,10 @@ get_list_ctls() ->
 -define(U2, "\e[24m").
 -define(U(S), case ShCode of true -> [?U1, S, ?U2]; false -> S end).

-print_usage() ->
+print_usage(Version) ->
    {MaxC, ShCode} = get_shell_info(),
-    print_usage(dual, MaxC, ShCode).
-print_usage(HelpMode, MaxC, ShCode) ->
+    print_usage(dual, MaxC, ShCode, Version).
+print_usage(HelpMode, MaxC, ShCode, Version) ->
    AllCommands =
 	[
 	 {"status", [], "Get ejabberd status"},
@@ -469,12 +508,11 @@ print_usage(HelpMode, MaxC, ShCode) ->
 	 {"restart", [], "Restart ejabberd"},
 	 {"help", ["[--tags [tag] | com?*]"], "Show help (try: ejabberdctl help help)"},
 	 {"mnesia", ["[info]"], "show information of Mnesia system"}] ++
-	get_list_commands() ++
+	get_list_commands(Version) ++
 	get_list_ctls(),

    print(
-       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--auth ",
-	?U("user"), " ", ?U("host"), " ", ?U("password"), "] ",
+       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--version ", ?U("api_version"), "] ",
 	?U("command"), " [", ?U("options"), "]\n"
 	"\n"
 	"Available commands in this ejabberd node:\n"], []),
@@ -598,9 +636,9 @@ format_command_lines(CALD, _MaxCmdLen, MaxC, ShCode, long) ->
 %% Print Tags
 %%-----------------------------

-print_usage_tags(MaxC, ShCode) ->
+print_usage_tags(MaxC, ShCode, Version) ->
    print("Available tags and commands:", []),
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
    lists:foreach(
      fun({Tag, Commands} = _TagCommands) ->
 	      print(["\n\n  ", ?B(Tag), "\n     "], []),
@@ -611,10 +649,10 @@ print_usage_tags(MaxC, ShCode) ->
      TagsCommands),
    print("\n\n", []).

-print_usage_tags(Tag, MaxC, ShCode) ->
+print_usage_tags(Tag, MaxC, ShCode, Version) ->
    print(["Available commands with tag ", ?B(Tag), ":", "\n"], []),
    HelpMode = long,
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
    CommandsNames = case lists:keysearch(Tag, 1, TagsCommands) of
 			{value, {Tag, CNs}} -> CNs;
 			false -> []
@@ -622,7 +660,7 @@ print_usage_tags(Tag, MaxC, ShCode) ->
    CommandsList = lists:map(
 		     fun(NameString) ->
 			     C = ejabberd_commands:get_command_definition(
-                                   list_to_atom(NameString)),
+                                   list_to_atom(NameString), Version),
 			     #ejabberd_commands{name = Name,
 						args = Args,
 						desc = Desc} = C,
@@ -673,20 +711,20 @@ print_usage_help(MaxC, ShCode) ->
 %%-----------------------------

 %% @spec (CmdSubString::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_commands(CmdSubString, MaxC, ShCode) ->
+print_usage_commands2(CmdSubString, MaxC, ShCode, Version) ->
    %% Get which command names match this substring
-    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands()],
+    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands(Version)],
    Cmds = filter_commands(AllCommandsNames, CmdSubString),
    case Cmds of
-    	[] -> io:format("Error: not command found that match: ~p~n", [CmdSubString]);
-	_ -> print_usage_commands2(lists:sort(Cmds), MaxC, ShCode)
+    	[] -> io:format("Error: no command found that match: ~p~n", [CmdSubString]);
+	_ -> print_usage_commands3(lists:sort(Cmds), MaxC, ShCode, Version)
    end.

-print_usage_commands2(Cmds, MaxC, ShCode) ->
+print_usage_commands3(Cmds, MaxC, ShCode, Version) ->
    %% Then for each one print it
    lists:mapfoldl(
      fun(Cmd, Remaining) ->
-	      print_usage_command(Cmd, MaxC, ShCode),
+	      print_usage_command(Cmd, MaxC, ShCode, Version),
 	      case Remaining > 1 of
 		  true -> print([" ", lists:duplicate(MaxC, 126), " \n"], []);
 		  false -> ok
@@ -716,16 +754,16 @@ filter_commands_regexp(All, Glob) ->
      All).

 %% @spec (Cmd::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_command(Cmd, MaxC, ShCode) ->
+print_usage_command(Cmd, MaxC, ShCode, Version) ->
    Name = list_to_atom(Cmd),
-    case ejabberd_commands:get_command_definition(Name) of
+    case ejabberd_commands:get_command_definition(Name, Version) of
 	command_not_found ->
 	    io:format("Error: command ~p not known.~n", [Cmd]);
 	C ->
-	    print_usage_command(Cmd, C, MaxC, ShCode)
+	    print_usage_command2(Cmd, C, MaxC, ShCode)
    end.

-print_usage_command(Cmd, C, MaxC, ShCode) ->
+print_usage_command2(Cmd, C, MaxC, ShCode) ->
    #ejabberd_commands{
 		     tags = TagsAtoms,
 		     desc = Desc,
@@ -145,9 +145,14 @@ init({SockMod, Socket}, Opts) ->
    DefinedHandlers = gen_mod:get_opt(
                        request_handlers, Opts,
                        fun(Hs) ->
+                                Hs1 = lists:map(fun
+                                  ({Mod, Path}) when is_atom(Mod) -> {Path, Mod};
+                                  ({Path, Mod}) -> {Path, Mod}
+                                end, Hs),
+
                                [{str:tokens(
                                    iolist_to_binary(Path), <<"/">>),
-                                  Mod} || {Path, Mod} <- Hs]
+                                  Mod} || {Path, Mod} <- Hs1]
                        end, []),
    RequestHandlers = DefinedHandlers ++ Captcha ++ Register ++
        Admin ++ Bind ++ XMLRPC,
@@ -753,6 +758,7 @@ code_to_phrase(503) -> <<"Service Unavailable">>;
 code_to_phrase(504) -> <<"Gateway Timeout">>;
 code_to_phrase(505) -> <<"HTTP Version Not Supported">>.

+-spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined.
 parse_auth(<<"Basic ", Auth64/binary>>) ->
    Auth = jlib:decode_base64(Auth64),
    %% Auth should be a string with the format: user@server:password
@@ -762,7 +768,8 @@ parse_auth(<<"Basic ", Auth64/binary>>) ->
            undefined;
        Pos ->
            {User, <<$:, Pass/binary>>} = erlang:split_binary(Auth, Pos-1),
-            {User, Pass}
+            PassUtf8 = unicode:characters_to_binary(binary_to_list(Pass), utf8),
+            {User, PassUtf8}
    end;
 parse_auth(<<"Bearer ", SToken/binary>>) ->
    Token = str:strip(SToken),
@@ -338,8 +338,9 @@ handle_session_start(Pid, XmppDomain, Sid, Rid, Attrs,
 init([Sid, Key, IP, HOpts]) ->
    ?DEBUG("started: ~p", [{Sid, Key, IP}]),
    Opts1 = ejabberd_c2s_config:get_c2s_limits(),
-    SOpts = lists:filtermap(fun({stream_managment, _}) -> true;
+    SOpts = lists:filtermap(fun({stream_management, _}) -> true;
                               ({max_ack_queue, _}) -> true;
+                               ({ack_timeout, _}) -> true;
                               ({resume_timeout, _}) -> true;
                               ({max_resume_timeout, _}) -> true;
                               ({resend_on_timeout, _}) -> true;
@@ -112,8 +112,9 @@ socket_handoff(LocalPath, Request, Socket, SockMod, Buf, Opts) ->
 %%% Internal

 init([{#ws{ip = IP, http_opts = HOpts}, _} = WS]) ->
-    SOpts = lists:filtermap(fun({stream_managment, _}) -> true;
+    SOpts = lists:filtermap(fun({stream_management, _}) -> true;
                               ({max_ack_queue, _}) -> true;
+                               ({ack_timeout, _}) -> true;
                               ({resume_timeout, _}) -> true;
                               ({max_resume_timeout, _}) -> true;
                               ({resend_on_timeout, _}) -> true;
@@ -32,7 +32,7 @@
 %% API
 -export([start_link/0]).

-export([route/3, route_iq/4, route_iq/5,
+-export([route/3, route_iq/4, route_iq/5, process_iq/3,
 	 process_iq_reply/3, register_iq_handler/4,
 	 register_iq_handler/5, register_iq_response_handler/4,
 	 register_iq_response_handler/5, unregister_iq_handler/2,
@@ -74,7 +74,7 @@ start_link() ->
 process_iq(From, To, Packet) ->
    IQ = jlib:iq_query_info(Packet),
    case IQ of
-      #iq{xmlns = XMLNS} ->
+      #iq{xmlns = XMLNS, lang = Lang} ->
 	  Host = To#jid.lserver,
 	  case ets:lookup(?IQTABLE, {XMLNS, Host}) of
 	    [{_, Module, Function}] ->
@@ -87,8 +87,10 @@ process_iq(From, To, Packet) ->
 		gen_iq_handler:handle(Host, Module, Function, Opts,
 				      From, To, IQ);
 	    [] ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_FEATURE_NOT_IMPLEMENTED),
+		Txt = <<"No module is handling this query">>,
+		Err = jlib:make_error_reply(
+			Packet,
+			?ERRT_FEATURE_NOT_IMPLEMENTED(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end;
      reply ->
@@ -166,8 +168,10 @@ refresh_iq_handlers() ->
    ejabberd_local ! refresh_iq_handlers.

 bounce_resource_packet(From, To, Packet) ->
+    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+    Txt = <<"No available resource found">>,
    Err = jlib:make_error_reply(Packet,
-				?ERR_ITEM_NOT_FOUND),
+				?ERRT_ITEM_NOT_FOUND(Lang, Txt)),
    ejabberd_router:route(To, From, Err),
    stop.

@@ -178,6 +182,7 @@ bounce_resource_packet(From, To, Packet) ->
 init([]) ->
    lists:foreach(fun (Host) ->
 			  ejabberd_router:register_route(Host,
+							 Host,
 							 {apply, ?MODULE,
 							  route}),
 			  ejabberd_hooks:add(local_send_to_resource_hook, Host,
@@ -266,7 +271,16 @@ do_route(From, To, Packet) ->
 	   #xmlel{name = Name} = Packet,
 	   case Name of
 	     <<"iq">> -> process_iq(From, To, Packet);
-	     <<"message">> -> ok;
+	     <<"message">> ->
+		 #xmlel{attrs = Attrs} = Packet,
+		 case fxml:get_attr_s(<<"type">>, Attrs) of
+		   <<"headline">> -> ok;
+		   <<"error">> -> ok;
+		   _ ->
+		       Err = jlib:make_error_reply(Packet,
+						   ?ERR_SERVICE_UNAVAILABLE),
+		       ejabberd_router:route(To, From, Err)
+		 end;
 	     <<"presence">> -> ok;
 	     _ -> ok
 	   end;
@@ -50,6 +50,7 @@
 %% "ejabberd.log" in current directory.
 %% Note: If the directory where to place the ejabberd log file to not exist,
 %% it is not created and no log file will be generated.
+%% @spec () -> string()
 get_log_path() ->
    case ejabberd_config:env_binary_to_list(ejabberd, log_path) of
 	{ok, Path} ->
@@ -99,7 +100,33 @@ get_string_env(Name, Default) ->
            Default
    end.

+%% @spec () -> ok
 start() ->
+    StartedApps = application:which_applications(5000),
+    case lists:keyfind(logger, 1, StartedApps) of
+        %% Elixir logger is started. We assume everything is in place
+        %% to use lager to Elixir logger bridge.
+        {logger, _, _} ->
+            error_logger:info_msg("Ignoring ejabberd logger options, using Elixir Logger.", []),
+            %% Do not start lager, we rely on Elixir Logger
+            do_start_for_logger();
+        _ ->
+            do_start()
+    end.
+
+do_start_for_logger() ->
+    application:load(sasl),
+    application:set_env(sasl, sasl_error_logger, false),
+    application:load(lager),
+    application:set_env(lager, error_logger_redirect, false),
+    application:set_env(lager, error_logger_whitelist, ['Elixir.Logger.ErrorHandler']),
+    application:set_env(lager, crash_log, false),
+    application:set_env(lager, handlers, [{elixir_logger_backend, [{level, info}]}]),
+    ejabberd:start_app(lager),
+    ok.
+
+%% Start lager
+do_start() ->
    application:load(sasl),
    application:set_env(sasl, sasl_error_logger, false),
    application:load(lager),
@@ -126,10 +153,12 @@ start() ->
    ejabberd:start_app(lager),
    ok.

+%% @spec () -> ok
 reopen_log() ->
    %% Lager detects external log rotation automatically.
    ok.

+%% @spec () -> ok
 rotate_log() ->
    lager_crash_log ! rotate,
    lists:foreach(
@@ -139,8 +168,9 @@ rotate_log() ->
              ok
      end, gen_event:which_handlers(lager_event)).

+%% @spec () -> {loglevel(), atom(), string()}
 get() ->
-    case lager:get_loglevel(lager_console_backend) of
+    case get_lager_loglevel() of
        none -> {0, no_log, "No log"};
        emergency -> {1, critical, "Critical"};
        alert -> {1, critical, "Critical"};
@@ -152,6 +182,7 @@ get() ->
        debug -> {5, debug, "Debug"}
    end.

+%% @spec (loglevel() | {loglevel(), list()}) -> {module, module()}
 set(LogLevel) when is_integer(LogLevel) ->
    LagerLogLevel = case LogLevel of
                        0 -> none;
@@ -162,7 +193,7 @@ set(LogLevel) when is_integer(LogLevel) ->
                        5 -> debug;
 			E ->  throw({wrong_loglevel, E})
                    end,
-    case lager:get_loglevel(lager_console_backend) of
+    case get_lager_loglevel() of
        LagerLogLevel ->
            ok;
        _ ->
@@ -172,6 +203,8 @@ set(LogLevel) when is_integer(LogLevel) ->
                      lager:set_loglevel(H, LagerLogLevel);
                 (lager_console_backend = H) ->
                      lager:set_loglevel(H, LagerLogLevel);
+                 (elixir_logger_backend = H) ->
+                      lager:set_loglevel(H, LagerLogLevel);
                 (_) ->
                      ok
              end, gen_event:which_handlers(lager_event))
@@ -180,3 +213,22 @@ set(LogLevel) when is_integer(LogLevel) ->
 set({_LogLevel, _}) ->
    error_logger:error_msg("custom loglevels are not supported for 'lager'"),
    {module, lager}.
+
+get_lager_loglevel() ->
+    Handlers = get_lager_handlers(),
+    lists:foldl(fun(lager_console_backend, _Acc) ->
+                        lager:get_loglevel(lager_console_backend);
+                   (elixir_logger_backend, _Acc) ->
+                        lager:get_loglevel(elixir_logger_backend);
+                   (_, Acc) ->
+                        Acc
+                end,
+                none, Handlers).
+
+get_lager_handlers() ->
+    case catch gen_event:which_handlers(lager_event) of
+        {'EXIT',noproc} ->
+            [];
+        Result ->
+            Result
+    end.
@@ -47,6 +47,8 @@
         process/2,
         opt_type/1]).

+-export([oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1, oauth_list_scopes/0]).
+
 -include("jlib.hrl").

 -include("ejabberd.hrl").
@@ -54,27 +56,116 @@

 -include("ejabberd_http.hrl").
 -include("ejabberd_web_admin.hrl").
+-include("ejabberd_oauth.hrl").

-record(oauth_token, {
-          token = {<<"">>, <<"">>} :: {binary(), binary()},
-          us = {<<"">>, <<"">>}    :: {binary(), binary()},
-          scope = []               :: [binary()],
-          expire                   :: integer()
-         }).
+-include("ejabberd_commands.hrl").

-define(EXPIRE, 3600).
+
+%% There are two ways to obtain an oauth token:
+%%   * Using the web form/api results in the token being generated in behalf of the user providing the user/pass
+%%   * Using the command line and oauth_issue_token command, the token is generated in behalf of ejabberd' sysadmin
+%%    (as it has access to ejabberd command line).
+
+-define(EXPIRE, 4294967).

 start() ->
-    init_db(mnesia, ?MYNAME),
+    DBMod = get_db_backend(),
+    DBMod:init(),
+    MaxSize =
+        ejabberd_config:get_option(
+          oauth_cache_size,
+          fun(I) when is_integer(I), I>0 -> I end,
+          1000),
+    LifeTime =
+        ejabberd_config:get_option(
+          oauth_cache_life_time,
+          fun(I) when is_integer(I), I>0 -> I end,
+          timer:hours(1) div 1000),
+    cache_tab:new(oauth_token,
+		  [{max_size, MaxSize}, {life_time, LifeTime}]),
    Expire = expire(),
    application:set_env(oauth2, backend, ejabberd_oauth),
    application:set_env(oauth2, expiry_time, Expire),
    application:start(oauth2),
    ChildSpec = {?MODULE, {?MODULE, start_link, []},
-		 temporary, 1000, worker, [?MODULE]},
+		 transient, 1000, worker, [?MODULE]},
    supervisor:start_child(ejabberd_sup, ChildSpec),
+    ejabberd_commands:register_commands(get_commands_spec()),
    ok.

+
+get_commands_spec() ->
+    [
+     #ejabberd_commands{name = oauth_issue_token, tags = [oauth],
+                        desc = "Issue an oauth token for the given jid",
+                        module = ?MODULE, function = oauth_issue_token,
+                        args = [{jid, string},{ttl, integer}, {scopes, string}],
+                        policy = restricted,
+                        args_example = ["user@server.com", "connected_users_number;muc_online_rooms"],
+                        args_desc = ["Jid for which issue token",
+				     "Time to live of generated token in seconds",
+				     "List of scopes to allow, separated by ';'"],
+                        result = {result, {tuple, [{token, string}, {scopes, string}, {expires_in, string}]}}
+                       },
+     #ejabberd_commands{name = oauth_list_tokens, tags = [oauth],
+                        desc = "List oauth tokens, their user and scope, and how many seconds remain until expirity",
+                        module = ?MODULE, function = oauth_list_tokens,
+                        args = [],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}}
+                       },
+     #ejabberd_commands{name = oauth_list_scopes, tags = [oauth],
+                        desc = "List scopes that can be granted to tokens generated through the command line, together with the commands they allow",
+                        module = ?MODULE, function = oauth_list_scopes,
+                        args = [],
+                        policy = restricted,
+                        result = {scopes, {list, {scope, {tuple, [{scope, string}, {commands, string}]}}}}
+                       },
+     #ejabberd_commands{name = oauth_revoke_token, tags = [oauth],
+                        desc = "Revoke authorization for a token",
+                        module = ?MODULE, function = oauth_revoke_token,
+                        args = [{token, string}],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}},
+                        result_desc = "List of remaining tokens"
+                       }
+    ].
+
+oauth_issue_token(Jid, TTLSeconds, ScopesString) ->
+    Scopes = [list_to_binary(Scope) || Scope <- string:tokens(ScopesString, ";")],
+    case jid:from_string(list_to_binary(Jid)) of
+        #jid{luser =Username, lserver = Server} ->
+            case oauth2:authorize_password({Username, Server},  Scopes, admin_generated) of
+                {ok, {_Ctx,Authorization}} ->
+                    {ok, {_AppCtx2, Response}} = oauth2:issue_token(Authorization, [{expiry_time, TTLSeconds}]),
+                    {ok, AccessToken} = oauth2_response:access_token(Response),
+                    {ok, VerifiedScope} = oauth2_response:scope(Response),
+                    {AccessToken, VerifiedScope, integer_to_list(TTLSeconds) ++ " seconds"};
+                {error, Error} ->
+                    {error, Error}
+            end;
+        error ->
+            {error, "Invalid JID: " ++ Jid}
+    end.
+
+oauth_list_tokens() ->
+    Tokens = mnesia:dirty_match_object(#oauth_token{_ = '_'}),
+    {MegaSecs, Secs, _MiniSecs} = os:timestamp(),
+    TS = 1000000 * MegaSecs + Secs,
+    [{Token, jid:to_string(jid:make(U,S,<<>>)), Scope, integer_to_list(Expires - TS) ++ " seconds"} ||
+        #oauth_token{token=Token, scope=Scope, us= {U,S},expire=Expires} <- Tokens].
+
+
+oauth_revoke_token(Token) ->
+    ok = mnesia:dirty_delete(oauth_token, list_to_binary(Token)),
+    oauth_list_tokens().
+
+oauth_list_scopes() ->
+    [ {Scope, string:join([atom_to_list(Cmd) || Cmd <- Cmds], ",")}   || {Scope, Cmds} <- dict:to_list(get_cmd_scopes())].
+
+
+
+
 start_link() ->
    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).

@@ -91,15 +182,8 @@ handle_cast(_Msg, State) -> {noreply, State}.
 handle_info(clean, State) ->
    {MegaSecs, Secs, MiniSecs} = os:timestamp(),
    TS = 1000000 * MegaSecs + Secs,
-    F = fun() ->
-		Ts = mnesia:select(
-		       oauth_token,
-		       [{#oauth_token{expire = '$1', _ = '_'},
-			 [{'<', '$1', TS}],
-			 ['$_']}]),
-		lists:foreach(fun mnesia:delete_object/1, Ts)
-        end,
-    mnesia:async_dirty(F),
+    DBMod = get_db_backend(),
+    DBMod:clean(TS),
    erlang:send_after(trunc(expire() * 1000 * (1 + MiniSecs / 1000000)),
                      self(), clean),
    {noreply, State};
@@ -110,35 +194,30 @@ terminate(_Reason, _State) -> ok.
 code_change(_OldVsn, State, _Extra) -> {ok, State}.


-init_db(mnesia, _Host) ->
-    mnesia:create_table(oauth_token,
-                        [{disc_copies, [node()]},
-                         {attributes,
-                          record_info(fields, oauth_token)}]),
-    mnesia:add_table_copy(oauth_token, node(), disc_copies);
-init_db(_, _) ->
-    ok.
-
-
 get_client_identity(Client, Ctx) -> {ok, {Ctx, {client, Client}}}.

 verify_redirection_uri(_, _, Ctx) -> {ok, Ctx}.

-authenticate_user({User, Server}, {password, Password} = Ctx) ->
+authenticate_user({User, Server}, Ctx) ->
    case jid:make(User, Server, <<"">>) of
        #jid{} = JID ->
            Access =
                ejabberd_config:get_option(
                  {oauth_access, JID#jid.lserver},
-                  fun(A) when is_atom(A) -> A end,
+		  fun(A) -> A end,
                  none),
            case acl:match_rule(JID#jid.lserver, Access, JID) of
                allow ->
-                    case ejabberd_auth:check_password(User, Server, Password) of
-                        true ->
-                            {ok, {Ctx, {user, User, Server}}};
-                        false ->
-                            {error, badpass}
+                    case Ctx of
+                        {password, Password} ->
+                            case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
+                                true ->
+                                    {ok, {Ctx, {user, User, Server}}};
+                                false ->
+                                    {error, badpass}
+                            end;
+                        admin_generated ->
+                            {ok, {Ctx, {user, User, Server}}}
                    end;
                deny ->
                    {error, badpass}
@@ -150,8 +229,8 @@ authenticate_user({User, Server}, {password, Password} = Ctx) ->
 authenticate_client(Client, Ctx) -> {ok, {Ctx, {client, Client}}}.

 verify_resowner_scope({user, _User, _Server}, Scope, Ctx) ->
-    Cmds = ejabberd_commands:get_commands(),
-    Cmds1 = [sasl_auth | Cmds],
+    Cmds = ejabberd_commands:get_exposed_commands(),
+    Cmds1 = ['ejabberd:user', 'ejabberd:admin', sasl_auth | Cmds],
    RegisteredScope = [atom_to_binary(C, utf8) || C <- Cmds1],
    case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
                                   oauth2_priv_set:new(RegisteredScope)) of
@@ -164,64 +243,133 @@ verify_resowner_scope(_, _, _) ->
    {error, badscope}.


+get_cmd_scopes() ->
+    ScopeMap = lists:foldl(fun(Cmd, Accum) ->
+                        case ejabberd_commands:get_command_policy_and_scope(Cmd) of
+                            {ok, Policy, Scopes} when Policy =/= restricted ->
+                                lists:foldl(fun(Scope, Accum2) ->
+                                                    dict:append(Scope, Cmd, Accum2)
+                                            end, Accum, Scopes);
+                            _ -> Accum
+                        end end, dict:new(), ejabberd_commands:get_exposed_commands()),
+    ScopeMap.
+
+%% This is callback for oauth tokens generated through the command line.  Only open and admin commands are
+%% made available.
+%verify_client_scope({client, ejabberd_ctl}, Scope, Ctx) ->
+%    RegisteredScope = dict:fetch_keys(get_cmd_scopes()),
+%    case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
+%                                   oauth2_priv_set:new(RegisteredScope)) of
+%        true ->
+%            {ok, {Ctx, Scope}};
+%        false ->
+%            {error, badscope}
+%    end.
+
+
+
+
+-spec seconds_since_epoch(integer()) -> non_neg_integer().
+seconds_since_epoch(Diff) ->
+    {Mega, Secs, _} = os:timestamp(),
+    Mega * 1000000 + Secs + Diff.
+
+
 associate_access_code(_AccessCode, _Context, AppContext) ->
    %put(?ACCESS_CODE_TABLE, AccessCode, Context),
    {ok, AppContext}.

 associate_access_token(AccessToken, Context, AppContext) ->
-    {user, User, Server} =
-        proplists:get_value(<<"resource_owner">>, Context, <<"">>),
+    {user, User, Server} = proplists:get_value(<<"resource_owner">>, Context, <<"">>),
+    Expire = case proplists:get_value(expiry_time, AppContext, undefined) of
+        undefined ->
+            proplists:get_value(<<"expiry_time">>, Context, 0);
+        ExpiresIn ->
+            %% There is no clean way in oauth2 lib to actually override the TTL of the generated token.
+            %% It always pass the global configured value.  Here we use the app context to pass the per-case
+            %% ttl if we want to override it.
+            seconds_since_epoch(ExpiresIn)
+    end,
+    {user, User, Server} = proplists:get_value(<<"resource_owner">>, Context, <<"">>),
    Scope = proplists:get_value(<<"scope">>, Context, []),
-    Expire = proplists:get_value(<<"expiry_time">>, Context, 0),
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
    R = #oauth_token{
      token = AccessToken,
-      us = {LUser, LServer},
+      us = {jid:nodeprep(User), jid:nodeprep(Server)},
      scope = Scope,
      expire = Expire
     },
-    mnesia:dirty_write(R),
+    store(R),
    {ok, AppContext}.

 associate_refresh_token(_RefreshToken, _Context, AppContext) ->
    %put(?REFRESH_TOKEN_TABLE, RefreshToken, Context),
    {ok, AppContext}.

-
-check_token(User, Server, Scope, Token) ->
+check_token(User, Server, ScopeList, Token) ->
    LUser = jid:nodeprep(User),
    LServer = jid:nameprep(Server),
-    case catch mnesia:dirty_read(oauth_token, Token) of
-        [#oauth_token{us = {LUser, LServer},
-                      scope = TokenScope,
-                      expire = Expire}] ->
+    case lookup(Token) of
+        {ok, #oauth_token{us = {LUser, LServer},
+                          scope = TokenScope,
+                          expire = Expire}} ->
            {MegaSecs, Secs, _} = os:timestamp(),
            TS = 1000000 * MegaSecs + Secs,
-            oauth2_priv_set:is_member(
-              Scope, oauth2_priv_set:new(TokenScope)) andalso
-                Expire > TS;
-        _ ->
-            false
-    end.
-
-check_token(Scope, Token) ->
-    case catch mnesia:dirty_read(oauth_token, Token) of
-        [#oauth_token{us = {LUser, LServer},
-                      scope = TokenScope,
-                      expire = Expire}] ->
-            {MegaSecs, Secs, _} = os:timestamp(),
-            TS = 1000000 * MegaSecs + Secs,
-            case oauth2_priv_set:is_member(
-                   Scope, oauth2_priv_set:new(TokenScope)) andalso
-                Expire > TS of
-                true -> {ok, LUser, LServer};
-                false -> false
+            if
+                Expire > TS ->
+                    TokenScopeSet = oauth2_priv_set:new(TokenScope),
+                    lists:any(fun(Scope) ->
+                                      oauth2_priv_set:is_member(Scope, TokenScopeSet) end,
+                              ScopeList);
+                true ->
+                    {false, expired}
            end;
        _ ->
-            false
+            {false, not_found}
    end.

+check_token(ScopeList, Token) ->
+    case lookup(Token) of
+        {ok, #oauth_token{us = US,
+                          scope = TokenScope,
+                          expire = Expire}} ->
+            {MegaSecs, Secs, _} = os:timestamp(),
+            TS = 1000000 * MegaSecs + Secs,
+            if
+                Expire > TS ->
+                    TokenScopeSet = oauth2_priv_set:new(TokenScope),
+                    case lists:any(fun(Scope) ->
+                                           oauth2_priv_set:is_member(Scope, TokenScopeSet) end,
+                                   ScopeList) of
+                        true -> {ok, user, US};
+                        false -> {false, no_matching_scope}
+                    end;
+                true ->
+                    {false, expired}
+            end;
+        _ ->
+            {false, not_found}
+    end.
+
+
+store(R) ->
+    cache_tab:insert(
+      oauth_token, R#oauth_token.token, R,
+      fun() ->
+              DBMod = get_db_backend(),
+              DBMod:store(R)
+      end).
+
+lookup(Token) ->
+    cache_tab:lookup(
+      oauth_token, Token,
+      fun() ->
+              DBMod = get_db_backend(),
+              case DBMod:lookup(Token) of
+                  #oauth_token{} = R -> {ok, R};
+                  _ -> error
+              end
+      end).
+

 expire() ->
    ejabberd_config:get_option(
@@ -250,12 +398,9 @@ process(_Handlers,
        ?XAE(<<"form">>,
             [{<<"action">>, <<"authorization_token">>},
              {<<"method">>, <<"post">>}],
-             [?LABEL(<<"username">>, [?CT(<<"User">>), ?C(<<": ">>)]),
+             [?LABEL(<<"username">>, [?CT(<<"User (jid)">>), ?C(<<": ">>)]),
              ?INPUTID(<<"text">>, <<"username">>, <<"">>),
              ?BR,
-              ?LABEL(<<"server">>, [?CT(<<"Server">>), ?C(<<": ">>)]),
-              ?INPUTID(<<"text">>, <<"server">>, <<"">>),
-              ?BR,
              ?LABEL(<<"password">>, [?CT(<<"Password">>), ?C(<<": ">>)]),
              ?INPUTID(<<"password">>, <<"password">>, <<"">>),
              ?INPUT(<<"hidden">>, <<"response_type">>, ResponseType),
@@ -264,6 +409,15 @@ process(_Handlers,
              ?INPUT(<<"hidden">>, <<"scope">>, Scope),
              ?INPUT(<<"hidden">>, <<"state">>, State),
              ?BR,
+              ?LABEL(<<"ttl">>, [?CT(<<"Token TTL">>), ?CT(<<": ">>)]),
+              ?XAE(<<"select">>, [{<<"name">>, <<"ttl">>}],
+                   [
+                   ?XAC(<<"option">>, [{<<"value">>, <<"3600">>}],<<"1 Hour">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"86400">>}],<<"1 Day">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"2592000">>}],<<"1 Month">>),
+                   ?XAC(<<"option">>, [{<<"selected">>, <<"selected">>},{<<"value">>, <<"31536000">>}],<<"1 Year">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"315360000">>}],<<"10 Years">>)]),
+              ?BR,
              ?INPUTT(<<"submit">>, <<"">>, <<"Accept">>)
             ]),
    Top =
@@ -307,11 +461,16 @@ process(_Handlers,
    ClientId = proplists:get_value(<<"client_id">>, Q, <<"">>),
    RedirectURI = proplists:get_value(<<"redirect_uri">>, Q, <<"">>),
    SScope = proplists:get_value(<<"scope">>, Q, <<"">>),
-    Username = proplists:get_value(<<"username">>, Q, <<"">>),
-    Server = proplists:get_value(<<"server">>, Q, <<"">>),
+    StringJID = proplists:get_value(<<"username">>, Q, <<"">>),
+    #jid{user = Username, server = Server} = jid:from_string(StringJID),
    Password = proplists:get_value(<<"password">>, Q, <<"">>),
    State = proplists:get_value(<<"state">>, Q, <<"">>),
    Scope = str:tokens(SScope, <<" ">>),
+    TTL = proplists:get_value(<<"ttl">>, Q, <<"">>),
+    ExpiresIn = case TTL of
+                    <<>> -> undefined;
+                    _ -> jlib:binary_to_integer(TTL)
+                end,
    case oauth2:authorize_password({Username, Server},
                                   ClientId,
                                   RedirectURI,
@@ -319,10 +478,18 @@ process(_Handlers,
                                   {password, Password}) of
        {ok, {_AppContext, Authorization}} ->
            {ok, {_AppContext2, Response}} =
-                oauth2:issue_token(Authorization, none),
+                oauth2:issue_token(Authorization, [{expiry_time, ExpiresIn} || ExpiresIn /= undefined ]),
            {ok, AccessToken} = oauth2_response:access_token(Response),
            {ok, Type} = oauth2_response:token_type(Response),
-            {ok, Expires} = oauth2_response:expires_in(Response),
+            %%Ugly: workardound to return the correct expirity time, given than oauth2 lib doesn't really have
+            %%per-case expirity time.
+            Expires = case ExpiresIn of
+                          undefined ->
+                             {ok, Ex} = oauth2_response:expires_in(Response),
+                             Ex;
+                          _ ->
+                            ExpiresIn
+                      end,
            {ok, VerifiedScope} = oauth2_response:scope(Response),
            %oauth2_wrq:redirected_access_token_response(ReqData,
            %                                            RedirectURI,
@@ -351,11 +518,82 @@ process(_Handlers,
                   }],
             ejabberd_web:make_xhtml([?XC(<<"h1">>, <<"302 Found">>)])}
    end;
+process(_Handlers,
+	#request{method = 'POST', q = Q, lang = _Lang,
+		 path = [_, <<"token">>]}) ->
+    case proplists:get_value(<<"grant_type">>, Q, <<"">>) of
+      <<"password">> ->
+        SScope = proplists:get_value(<<"scope">>, Q, <<"">>),
+        StringJID = proplists:get_value(<<"username">>, Q, <<"">>),
+        #jid{user = Username, server = Server} = jid:from_string(StringJID),
+        Password = proplists:get_value(<<"password">>, Q, <<"">>),
+        Scope = str:tokens(SScope, <<" ">>),
+        TTL = proplists:get_value(<<"ttl">>, Q, <<"">>),
+        ExpiresIn = case TTL of
+                        <<>> -> undefined;
+                        _ -> jlib:binary_to_integer(TTL)
+                    end,
+        case oauth2:authorize_password({Username, Server},
+                                       Scope,
+                                       {password, Password}) of
+            {ok, {_AppContext, Authorization}} ->
+                {ok, {_AppContext2, Response}} =
+                    oauth2:issue_token(Authorization, [{expiry_time, ExpiresIn} || ExpiresIn /= undefined ]),
+                {ok, AccessToken} = oauth2_response:access_token(Response),
+                {ok, Type} = oauth2_response:token_type(Response),
+                %%Ugly: workardound to return the correct expirity time, given than oauth2 lib doesn't really have
+                %%per-case expirity time.
+                Expires = case ExpiresIn of
+                              undefined ->
+                                 {ok, Ex} = oauth2_response:expires_in(Response),
+                                 Ex;
+                              _ ->
+                                ExpiresIn
+                          end,
+                {ok, VerifiedScope} = oauth2_response:scope(Response),
+                json_response(200, {[
+                   {<<"access_token">>, AccessToken},
+                   {<<"token_type">>, Type},
+                   {<<"scope">>, str:join(VerifiedScope, <<" ">>)},
+                   {<<"expires_in">>, Expires}]});
+            {error, Error} when is_atom(Error) ->
+                json_error(400, <<"invalid_grant">>, Error)
+        end;
+        _OtherGrantType ->
+            json_error(400, <<"unsupported_grant_type">>, unsupported_grant_type)
+  end;
+
 process(_Handlers, _Request) ->
    ejabberd_web:error(not_found).

+-spec get_db_backend() -> module().
+
+get_db_backend() ->
+    DBType = ejabberd_config:get_option(
+               oauth_db_type,
+               fun(T) -> ejabberd_config:v_db(?MODULE, T) end,
+               mnesia),
+    list_to_atom("ejabberd_oauth_" ++ atom_to_list(DBType)).


+%% Headers as per RFC 6749
+json_response(Code, Body) ->
+    {Code, [{<<"Content-Type">>, <<"application/json;charset=UTF-8">>},
+           {<<"Cache-Control">>, <<"no-store">>},
+           {<<"Pragma">>, <<"no-cache">>}],
+     jiffy:encode(Body)}.
+
+%% OAauth error are defined in:
+%% https://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-5.2
+json_error(Code, Error, Reason) ->
+    Desc = json_error_desc(Reason),
+    Body = {[{<<"error">>, Error},
+             {<<"error_description">>, Desc}]},
+    json_response(Code, Body).
+
+json_error_desc(access_denied)          -> <<"Access denied">>;
+json_error_desc(unsupported_grant_type) -> <<"Unsupported grant type">>;
+json_error_desc(invalid_scope)          -> <<"Invalid scope">>.

 web_head() ->
    [?XA(<<"meta">>, [{<<"http-equiv">>, <<"X-UA-Compatible">>},
@@ -469,7 +707,7 @@ css() ->
            text-decoration: underline;
          }

-      .container > .section { 
+      .container > .section {
          background: #424A55;
      }

@@ -486,5 +724,11 @@ logo() ->
 opt_type(oauth_expire) ->
    fun(I) when is_integer(I), I >= 0 -> I end;
 opt_type(oauth_access) ->
-    fun(A) when is_atom(A) -> A end;
-opt_type(_) -> [oauth_expire, oauth_access].
+    fun acl:access_rules_validator/1;
+opt_type(oauth_db_type) ->
+    fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
+opt_type(oauth_cache_life_time) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(oauth_cache_size) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(_) -> [oauth_expire, oauth_access, oauth_db_type].
@@ -0,0 +1,65 @@
+%%%-------------------------------------------------------------------
+%%% File    : ejabberd_oauth_mnesia.erl
+%%% Author  : Alexey Shchepin <alexey@process-one.net>
+%%% Purpose : OAUTH2 mnesia backend
+%%% Created : 20 Jul 2016 by Alexey Shchepin <alexey@process-one.net>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License
+%%% along with this program; if not, write to the Free Software
+%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+%%% 02111-1307 USA
+%%%
+%%%-------------------------------------------------------------------
+
+-module(ejabberd_oauth_mnesia).
+
+-export([init/0,
+         store/1,
+         lookup/1,
+         clean/1]).
+
+-include("ejabberd_oauth.hrl").
+
+init() ->
+    mnesia:create_table(oauth_token,
+                        [{disc_copies, [node()]},
+                         {attributes,
+                          record_info(fields, oauth_token)}]),
+    mnesia:add_table_copy(oauth_token, node(), disc_copies),
+    ok.
+
+store(R) ->
+    mnesia:dirty_write(R).
+
+lookup(Token) ->
+    case catch mnesia:dirty_read(oauth_token, Token) of
+        [R] ->
+            R;
+        _ ->
+            false
+    end.
+
+clean(TS) ->
+    F = fun() ->
+		Ts = mnesia:select(
+		       oauth_token,
+		       [{#oauth_token{expire = '$1', _ = '_'},
+			 [{'<', '$1', TS}],
+			 ['$_']}]),
+		lists:foreach(fun mnesia:delete_object/1, Ts)
+        end,
+    mnesia:async_dirty(F).
+
@@ -0,0 +1,78 @@
+%%%-------------------------------------------------------------------
+%%% File    : ejabberd_oauth_sql.erl
+%%% Author  : Alexey Shchepin <alexey@process-one.net>
+%%% Purpose : OAUTH2 SQL backend
+%%% Created : 27 Jul 2016 by Alexey Shchepin <alexey@process-one.net>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License
+%%% along with this program; if not, write to the Free Software
+%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+%%% 02111-1307 USA
+%%%
+%%%-------------------------------------------------------------------
+
+-module(ejabberd_oauth_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
+
+-export([init/0,
+         store/1,
+         lookup/1,
+         clean/1]).
+
+-include("ejabberd_oauth.hrl").
+-include("ejabberd.hrl").
+-include("ejabberd_sql_pt.hrl").
+-include("jlib.hrl").
+
+init() ->
+    ok.
+
+store(R) ->
+    Token = R#oauth_token.token,
+    {User, Server} = R#oauth_token.us,
+    SJID = jid:to_string({User, Server, <<"">>}),
+    Scope = str:join(R#oauth_token.scope, <<" ">>),
+    Expire = R#oauth_token.expire,
+    ?SQL_UPSERT(
+       ?MYNAME,
+       "oauth_token",
+       ["!token=%(Token)s",
+        "jid=%(SJID)s",
+        "scope=%(Scope)s",
+        "expire=%(Expire)d"]).
+
+lookup(Token) ->
+    case ejabberd_sql:sql_query(
+           ?MYNAME,
+           ?SQL("select @(jid)s, @(scope)s, @(expire)d"
+                " from oauth_token where token=%(Token)s")) of
+        {selected, [{SJID, Scope, Expire}]} ->
+            JID = jid:from_string(SJID),
+            US = {JID#jid.luser, JID#jid.lserver},
+            #oauth_token{token = Token,
+                         us = US,
+                         scope = str:tokens(Scope, <<" ">>),
+                         expire = Expire};
+        _ ->
+            false
+    end.
+
+clean(TS) ->
+    ejabberd_sql:sql_query(
+      ?MYNAME,
+      ?SQL("delete from oauth_token where expire < %(TS)d")).
+
@@ -28,8 +28,8 @@

 %%% Not implemented:
 %%% - write mod_piefxis with ejabberdctl commands
-%%% - Export from mod_offline_odbc.erl
-%%% - Export from mod_private_odbc.erl
+%%% - Export from mod_offline_sql.erl
+%%% - Export from mod_private_sql.erl
 %%% - XEP-227: 6. Security Considerations
 %%% - Other schemas of XInclude are not tested, and may not be imported correctly.
 %%% - If a host has many users, split that host in XML files with 50 users each.
@@ -80,7 +80,6 @@ import_file(FileName) ->
    import_file(FileName, #state{}).

 -spec import_file(binary(), state()) -> ok | {error, atom()}.
-
 import_file(FileName, State) ->
    case file:open(FileName, [read, binary]) of
 	{ok, Fd} ->
@@ -97,72 +96,14 @@ import_file(FileName, State) ->
            {error, Reason}
    end.

-%%%==================================
-%%%% Process Elements
-%%%==================================
-%%%% Process Element
-%%%==================================
-%%%% Add user
-%% @spec (El::xmlel(), Domain::string(), User::binary(), Password::binary() | none)
-%%       -> ok | {error, ErrorText::string()}
-%% @doc Add a new user to the database.
-%% If user already exists, it will be only updated.
 -spec export_server(binary()) -> any().
-
-%% @spec (User::string(), Password::string(), Domain::string())
-%%       -> ok | {atomic, exists} | {error, not_allowed}
-%% @doc  Create a new user
 export_server(Dir) ->
    export_hosts(?MYHOSTS, Dir).

-%%%==================================
-%%%% Populate user
-%% @spec (User::string(), Domain::string(), El::xml())
-%%      -> ok | {error, not_found}
-%%
-%% @doc  Add a new user from a XML file with a roster list.
-%%
-%% Example of a file:
-%% ```
-%% <?xml version='1.0' encoding='UTF-8'?>
-%% <server-data xmlns='http://www.xmpp.org/extensions/xep-0227.html#ns'>
-%%   <host jid='localhost'>
-%%     <user name='juliet' password='s3crEt'>
-%%       <query xmlns='jabber:iq:roster'>
-%%         <item jid='romeo@montague.net'
-%%               name='Romeo'
-%%               subscription='both'>
-%%           <group>Friends</group>
-%%         </item>
-%%       </query>
-%%     </user>
-%%   </host>
-%%  </server-data>
-%% '''
 -spec export_host(binary(), binary()) -> any().
-
 export_host(Dir, Host) ->
    export_hosts([Host], Dir).

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with vCard tags values
-%% @ret  ok | {error, not_found}
-%% @doc  Read vcards from the XML and send it to the server
-%%
-%% Example:
-%% ```
-%% <?xml version='1.0' encoding='UTF-8'?>
-%% <server-data xmlns='http://www.xmpp.org/extensions/xep-0227.html#ns'>
-%%   <host jid='localhost'>
-%%     <user name='admin' password='s3crEt'>
-%%       <vCard xmlns='vcard-temp'>
-%%         <FN>Admin</FN>
-%%       </vCard>
-%%     </user>
-%%   </host>
-%% </server-data>
-%% '''
 %%%===================================================================
 %%% Internal functions
 %%%===================================================================
@@ -194,11 +135,6 @@ export_hosts(Hosts, Dir) ->
            {error, Reason}
    end.

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with offline messages values
-%% @ret  ok | {error, not_found}
-%% @doc  Read off-line message from the XML and send it to the server
 export_host(Dir, FnH, Host) ->
    DFn = make_host_basefilename(Dir, FnH),
    case file:open(DFn, [raw, write]) of
@@ -223,11 +159,6 @@ export_host(Dir, FnH, Host) ->
            {error, Reason}
    end.

-%% @spec User   = String with the user name
-%%       Domain = String with a domain name
-%%       El     = Sub XML element with private storage values
-%% @ret  ok | {error, not_found}
-%% @doc  Private storage parsing
 export_users([{User, _S}|Users], Server, Fd) ->
    case export_user(User, Server, Fd) of
        ok ->
@@ -238,8 +169,6 @@ export_users([{User, _S}|Users], Server, Fd) ->
 export_users([], _Server, _Fd) ->
    ok.

-%%%==================================
-%%%% Utilities
 export_user(User, Server, Fd) ->
    Password = ejabberd_auth:get_password_s(User, Server),
    LServer = jid:nameprep(Server),
@@ -289,7 +218,6 @@ get_vcard(User, Server) ->
            []
    end.

-%%%==================================
 get_offline(User, Server) ->
    case mod_offline:get_offline_els(User, Server) of
        [] ->
@@ -306,7 +234,6 @@ get_offline(User, Server) ->
            [#xmlel{name = <<"offline-messages">>, children = NewEls}]
    end.

-%%%% Export hosts
 get_privacy(User, Server) ->
    case mod_privacy:get_user_lists(User, Server) of
        {ok, #privacy{default = Default,
@@ -333,7 +260,6 @@ get_privacy(User, Server) ->
            []
    end.

-%% @spec (Dir::string(), Hosts::[string()]) -> ok
 get_roster(User, Server) ->
    JID = jid:make(User, Server, <<>>),
    case mod_roster:get_roster(User, Server) of
@@ -576,8 +502,6 @@ process_roster(El, State = #state{user = U, server = S}) ->
            stop("Failed to write roster: ~p", [Err])
    end.

-%%%==================================
-%%%% Export server
 process_privacy(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_privacy:process_iq_set(
@@ -603,7 +527,6 @@ process_privacy(El, State = #state{user = U, server = S}) ->
            {ok, State}
    end.

-%% @spec (Dir::string()) -> ok
 process_private(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_private:process_sm_iq(
@@ -614,8 +537,6 @@ process_private(El, State = #state{user = U, server = S}) ->
            stop("Failed to write private: ~p", [Err])
    end.

-%%%==================================
-%%%% Export host
 process_vcard(El, State = #state{user = U, server = S}) ->
    JID = jid:make(U, S, <<"">>),
    case mod_vcard:process_sm_iq(
@@ -626,7 +547,6 @@ process_vcard(El, State = #state{user = U, server = S}) ->
            stop("Failed to write vcard: ~p", [Err])
    end.

-%% @spec (Dir::string(), Host::string()) -> ok
 process_offline_msg(El, State = #state{user = U, server = S}) ->
    FromS = fxml:get_attr_s(<<"from">>, El#xmlel.attrs),
    case jid:from_string(FromS) of
@@ -643,7 +563,6 @@ process_offline_msg(El, State = #state{user = U, server = S}) ->
            stop("Invalid 'from' = ~s", [FromS])
    end.

-%% @spec (Dir::string(), Fn::string(), Host::string()) -> ok
 process_presence(El, #state{user = U, server = S} = State) ->
    FromS = fxml:get_attr_s(<<"from">>, El#xmlel.attrs),
    case jid:from_string(FromS) of
@@ -35,10 +35,10 @@
 -include("logger.hrl").

 start() ->
-    file:delete(ejabberd_odbc:freetds_config()),
-    file:delete(ejabberd_odbc:odbc_config()),
-    file:delete(ejabberd_odbc:odbcinst_config()),
-    case lists:any(fun(H) -> needs_odbc(H) /= false end,
+    file:delete(ejabberd_sql:freetds_config()),
+    file:delete(ejabberd_sql:odbc_config()),
+    file:delete(ejabberd_sql:odbcinst_config()),
+    case lists:any(fun(H) -> needs_sql(H) /= false end,
                   ?MYHOSTS) of
        true ->
            start_hosts();
@@ -49,34 +49,34 @@ start() ->
 %% Start relationnal DB module on the nodes where it is needed
 start_hosts() ->
    lists:foreach(fun (Host) ->
-			  case needs_odbc(Host) of
-			    {true, App} -> start_odbc(Host, App);
+			  case needs_sql(Host) of
+			    {true, App} -> start_sql(Host, App);
 			    false -> ok
 			  end
 		  end,
 		  ?MYHOSTS).

-%% Start the ODBC module on the given host
-start_odbc(Host, App) ->
+%% Start the SQL module on the given host
+start_sql(Host, App) ->
    ejabberd:start_app(App),
    Supervisor_name = gen_mod:get_module_proc(Host,
-					      ejabberd_odbc_sup),
+					      ejabberd_sql_sup),
    ChildSpec = {Supervisor_name,
-		 {ejabberd_odbc_sup, start_link, [Host]}, transient,
-		 infinity, supervisor, [ejabberd_odbc_sup]},
+		 {ejabberd_sql_sup, start_link, [Host]}, transient,
+		 infinity, supervisor, [ejabberd_sql_sup]},
    case supervisor:start_child(ejabberd_sup, ChildSpec) of
      {ok, _PID} -> ok;
      _Error ->
 	  ?ERROR_MSG("Start of supervisor ~p failed:~n~p~nRetrying."
 		     "..~n",
 		     [Supervisor_name, _Error]),
-	  start_odbc(Host, App)
+	  start_sql(Host, App)
    end.

-%% Returns {true, App} if we have configured odbc for the given host
-needs_odbc(Host) ->
+%% Returns {true, App} if we have configured sql for the given host
+needs_sql(Host) ->
    LHost = jid:nameprep(Host),
-    case ejabberd_config:get_option({odbc_type, LHost},
+    case ejabberd_config:get_option({sql_type, LHost},
                                    fun(mysql) -> mysql;
                                       (pgsql) -> pgsql;
                                       (sqlite) -> sqlite;
@@ -91,11 +91,11 @@ needs_odbc(Host) ->
        undefined -> false
    end.

-opt_type(odbc_type) ->
+opt_type(sql_type) ->
    fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
 	(mssql) -> mssql;
 	(odbc) -> odbc
    end;
-opt_type(_) -> [odbc_type].
+opt_type(_) -> [sql_type].
@@ -141,6 +141,7 @@ handle_call({starttls, TLSSocket}, _From, State) ->
 handle_call({compress, Data}, _From,
 	    #state{socket = Socket, sock_mod = SockMod} =
 		State) ->
+    ejabberd:start_app(ezlib),
    {ok, ZlibSocket} = ezlib:enable_zlib(SockMod,
 						 Socket),
    if Data /= undefined -> do_send(State, Data);
@@ -0,0 +1,179 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created :  8 May 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(ejabberd_redis).
+
+-behaviour(gen_server).
+-behaviour(ejabberd_config).
+
+%% API
+-export([start/0, start_link/0, q/1, qp/1, opt_type/1]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+-define(SERVER, ?MODULE).
+-define(PROCNAME, 'ejabberd_redis_client').
+
+-include("logger.hrl").
+-include("ejabberd.hrl").
+
+-record(state, {}).
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+start() ->
+    case lists:any(
+	   fun(Host) ->
+		   is_redis_configured(Host)
+	   end, ?MYHOSTS) of
+	true ->
+	    Spec = {?MODULE, {?MODULE, start_link, []},
+		    permanent, 2000, worker, [?MODULE]},
+	    supervisor:start_child(ejabberd_sup, Spec);
+	false ->
+	    ok
+    end.
+
+q(Command) ->
+    try eredis:q(?PROCNAME, Command)
+    catch _:Reason -> {error, Reason}
+    end.
+
+qp(Pipeline) ->
+    try eredis:qp(?PROCNAME, Pipeline)
+    catch _:Reason -> {error, Reason}
+    end.
+
+%%%===================================================================
+%%% gen_server callbacks
+%%%===================================================================
+init([]) ->
+    process_flag(trap_exit, true),
+    connect(),
+    {ok, #state{}}.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(connect, State) ->
+    connect(),
+    {noreply, State};
+handle_info({'DOWN', _MRef, _Type, _Pid, Reason}, State) ->
+    ?INFO_MSG("Redis connection has failed: ~p", [Reason]),
+    connect(),
+    {noreply, State};
+handle_info({'EXIT', _, _}, State) ->
+    {noreply, State};
+handle_info(Info, State) ->
+    ?INFO_MSG("unexpected info = ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+is_redis_configured(Host) ->
+    ServerConfigured = ejabberd_config:has_option({redis_server, Host}),
+    PortConfigured = ejabberd_config:has_option({redis_port, Host}),
+    DBConfigured = ejabberd_config:has_option({redis_db, Host}),
+    PassConfigured = ejabberd_config:has_option({redis_password, Host}),
+    ReconnTimeoutConfigured = ejabberd_config:has_option(
+				{redis_reconnect_timeout, Host}),
+    ConnTimeoutConfigured = ejabberd_config:has_option(
+			      {redis_connect_timeout, Host}),
+    Modules = ejabberd_config:get_option(
+		{modules, Host},
+		fun(L) when is_list(L) -> L end, []),
+    SMConfigured = ejabberd_config:get_option(
+		     {sm_db_type, Host},
+		     fun(V) -> V end) == redis,
+    ModuleWithRedisDBConfigured =
+	lists:any(
+	  fun({Module, Opts}) ->
+		  gen_mod:db_type(Host, Opts, Module) == redis
+	  end, Modules),
+    ServerConfigured or PortConfigured or DBConfigured or PassConfigured or
+	ReconnTimeoutConfigured or ConnTimeoutConfigured or
+	SMConfigured or ModuleWithRedisDBConfigured.
+
+iolist_to_list(IOList) ->
+    binary_to_list(iolist_to_binary(IOList)).
+
+connect() ->
+    Server = ejabberd_config:get_option(redis_server,
+					fun iolist_to_list/1,
+					"localhost"),
+    Port = ejabberd_config:get_option(redis_port,
+				      fun(P) when is_integer(P),
+						  P>0, P<65536 ->
+					      P
+				      end, 6379),
+    DB = ejabberd_config:get_option(redis_db,
+				    fun(I) when is_integer(I), I >= 0 ->
+					    I
+				    end, 0),
+    Pass = ejabberd_config:get_option(redis_password,
+				      fun iolist_to_list/1,
+				      ""),
+    ReconnTimeout = timer:seconds(
+		      ejabberd_config:get_option(
+			redis_reconnect_timeout,
+			fun(I) when is_integer(I), I>0 -> I end,
+			1)),
+    ConnTimeout = timer:seconds(
+		    ejabberd_config:get_option(
+		      redis_connect_timeout,
+		      fun(I) when is_integer(I), I>0 -> I end,
+		      1)),
+    try case eredis:start_link(Server, Port, DB, Pass,
+			       ReconnTimeout, ConnTimeout) of
+	    {ok, Client} ->
+		?INFO_MSG("Connected to Redis at ~s:~p", [Server, Port]),
+		unlink(Client),
+		erlang:monitor(process, Client),
+		register(?PROCNAME, Client),
+		{ok, Client};
+	    {error, Why} ->
+		erlang:error(Why)
+	end
+    catch _:Reason ->
+	    Timeout = 10,
+	    ?ERROR_MSG("Redis connection at ~s:~p has failed: ~p; "
+		       "reconnecting in ~p seconds",
+		       [Server, Port, Reason, Timeout]),
+	    erlang:send_after(timer:seconds(Timeout), self(), connect)
+    end.
+
+opt_type(redis_connect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_db) ->
+    fun (I) when is_integer(I), I >= 0 -> I end;
+opt_type(redis_password) -> fun iolist_to_list/1;
+opt_type(redis_port) ->
+    fun (P) when is_integer(P), P > 0, P < 65536 -> P end;
+opt_type(redis_reconnect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_server) -> fun iolist_to_list/1;
+opt_type(_) ->
+    [redis_connect_timeout, redis_db, redis_password,
+     redis_port, redis_reconnect_timeout, redis_server].
@@ -28,7 +28,7 @@
 -behaviour(gen_server).

 %% API
-export([start_link/4, get_proc/1, make_bucket/1, put/2, put/3,
+-export([start_link/5, get_proc/1, make_bucket/1, put/2, put/3,
         get/2, get/3, get_by_index/4, delete/1, delete/2,
         count_by_index/3, get_by_index_range/5,
         get_keys/1, get_keys_by_index/3, is_connected/0,
@@ -68,12 +68,20 @@
 %%% API
 %%%===================================================================
 %% @private
-start_link(Num, Server, Port, _StartInterval) ->
-    gen_server:start_link({local, get_proc(Num)}, ?MODULE, [Server, Port], []).
+start_link(Num, Server, Port, _StartInterval, Options) ->
+    gen_server:start_link({local, get_proc(Num)}, ?MODULE, [Server, Port, Options], []).

 %% @private
 is_connected() ->
-    catch riakc_pb_socket:is_connected(get_random_pid()).
+    lists:all(
+      fun({_Id, Pid, _Type, _Modules}) when is_pid(Pid) ->
+	      case catch riakc_pb_socket:is_connected(get_riak_pid(Pid)) of
+		  true -> true;
+		  _ -> false
+	      end;
+	 (_) ->
+	      false
+      end, supervisor:which_children(ejabberd_riak_sup)).

 %% @private
 get_proc(I) ->
@@ -429,10 +437,8 @@ map_key(Obj, _, _) ->
 %%% gen_server API
 %%%===================================================================
 %% @private
-init([Server, Port]) ->
-    case riakc_pb_socket:start(
-           Server, Port,
-           [auto_reconnect]) of
+init([Server, Port, Options]) ->
+    case riakc_pb_socket:start(Server, Port, Options) of
        {ok, Pid} ->
            erlang:monitor(process, Pid),
            {ok, #state{pid = Pid}};
@@ -517,6 +523,9 @@ make_invalid_object(Val) ->

 get_random_pid() ->
    PoolPid = ejabberd_riak_sup:get_random_pid(),
+    get_riak_pid(PoolPid).
+
+get_riak_pid(PoolPid) ->
    case catch gen_server:call(PoolPid, get_pid) of
 	{ok, Pid} ->
 	    Pid;
@@ -70,8 +70,8 @@ is_riak_configured(Host) ->
 		{modules, Host},
 		fun(L) when is_list(L) -> L end, []),
    ModuleWithRiakDBConfigured = lists:any(
-				   fun({_Module, Opts}) ->
-					   gen_mod:db_type(Host, Opts) == riak
+				   fun({Module, Opts}) ->
+					   gen_mod:db_type(Host, Opts, Module) == riak
 				   end, Modules),
    ServerConfigured or PortConfigured
 	or AuthConfigured or ModuleWithRiakDBConfigured.
@@ -103,12 +103,27 @@ init([]) ->
    StartInterval = get_start_interval(),
    Server = get_riak_server(),
    Port = get_riak_port(),
+    CACertFile = get_riak_cacertfile(),
+    Username = get_riak_username(),
+    Password = get_riak_password(),
+    Options = lists:filter(
+		fun(X) -> X /= nil end,
+		[auto_reconnect,
+		 {keepalive, true},
+		 if CACertFile /= nil -> {cacertfile ,CACertFile};
+		    true -> nil
+		 end,
+		 if (Username /= nil) and (Password /= nil) ->
+			 {credentials, Username, Password};
+		    true -> nil
+		 end
+		]),
    {ok, {{one_for_one, PoolSize*10, 1},
 	  lists:map(
 	    fun(I) ->
 		    {ejabberd_riak:get_proc(I),
 		     {ejabberd_riak, start_link,
-                      [I, Server, Port, StartInterval*1000]},
+                      [I, Server, Port, StartInterval*1000, Options]},
 		     transient, 2000, worker, [?MODULE]}
 	    end, lists:seq(1, PoolSize))}}.

@@ -131,6 +146,27 @@ get_riak_server() ->
 	      binary_to_list(iolist_to_binary(S))
      end, ?DEFAULT_RIAK_HOST).

+get_riak_cacertfile() ->
+    ejabberd_config:get_option(
+      riak_cacertfile,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
+get_riak_username() ->
+    ejabberd_config:get_option(
+      riak_username,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
+get_riak_password() ->
+    ejabberd_config:get_option(
+      riak_password,
+      fun(S) ->
+	      binary_to_list(iolist_to_binary(S))
+      end, nil).
+
 get_riak_port() ->
    ejabberd_config:get_option(
      riak_port,
@@ -162,6 +198,9 @@ opt_type(riak_port) -> fun (_) -> true end;
 opt_type(riak_server) -> fun (_) -> true end;
 opt_type(riak_start_interval) ->
    fun (N) when is_integer(N), N >= 1 -> N end;
+opt_type(riak_cacertfile) -> fun iolist_to_binary/1;
+opt_type(riak_username) -> fun iolist_to_binary/1;
+opt_type(riak_password) -> fun iolist_to_binary/1;
 opt_type(_) ->
    [modules, riak_pool_size, riak_port, riak_server,
-     riak_start_interval].
+     riak_start_interval, riak_cacertfile, riak_username, riak_password].
@@ -36,7 +36,9 @@
 	 route_error/4,
 	 register_route/1,
 	 register_route/2,
+	 register_route/3,
 	 register_routes/1,
+	 host_of_route/1,
 	 unregister_route/1,
 	 unregister_routes/1,
 	 dirty_get_all_routes/0,
@@ -55,7 +57,7 @@

 -type local_hint() :: undefined | integer() | {apply, atom(), atom()}.

-record(route, {domain, pid, local_hint}).
+-record(route, {domain, server_host, pid, local_hint}).

 -record(state, {}).

@@ -94,19 +96,29 @@ route_error(From, To, ErrPacket, OrigPacket) ->
 -spec register_route(binary()) -> term().

 register_route(Domain) ->
-    register_route(Domain, undefined).
+    ?WARNING_MSG("~s:register_route/1 is deprected, "
+		 "use ~s:register_route/2 instead",
+		 [?MODULE, ?MODULE]),
+    register_route(Domain, ?MYNAME).

-spec register_route(binary(), local_hint()) -> term().
+-spec register_route(binary(), binary()) -> term().

-register_route(Domain, LocalHint) ->
-    case jid:nameprep(Domain) of
-      error -> erlang:error({invalid_domain, Domain});
-      LDomain ->
+register_route(Domain, ServerHost) ->
+    register_route(Domain, ServerHost, undefined).
+
+-spec register_route(binary(), binary(), local_hint()) -> term().
+
+register_route(Domain, ServerHost, LocalHint) ->
+    case {jid:nameprep(Domain), jid:nameprep(ServerHost)} of
+      {error, _} -> erlang:error({invalid_domain, Domain});
+      {_, error} -> erlang:error({invalid_domain, ServerHost});
+      {LDomain, LServerHost} ->
 	  Pid = self(),
 	  case get_component_number(LDomain) of
 	    undefined ->
 		F = fun () ->
 			    mnesia:write(#route{domain = LDomain, pid = Pid,
+						server_host = LServerHost,
 						local_hint = LocalHint})
 		    end,
 		mnesia:transaction(F);
@@ -115,46 +127,42 @@ register_route(Domain, LocalHint) ->
 			    case mnesia:wread({route, LDomain}) of
 			      [] ->
 				  mnesia:write(#route{domain = LDomain,
+						      server_host = LServerHost,
 						      pid = Pid,
 						      local_hint = 1}),
-				  lists:foreach(fun (I) ->
-							mnesia:write(#route{domain
-										=
-										LDomain,
-									    pid
-										=
-										undefined,
-									    local_hint
-										=
-										I})
-						end,
-						lists:seq(2, N));
+				  lists:foreach(
+				    fun (I) ->
+					    mnesia:write(
+					      #route{domain = LDomain,
+						     pid = undefined,
+						     server_host = LServerHost,
+						     local_hint = I})
+				    end,
+				    lists:seq(2, N));
 			      Rs ->
-				  lists:any(fun (#route{pid = undefined,
-							local_hint = I} =
-						     R) ->
-						    mnesia:write(#route{domain =
-									    LDomain,
-									pid =
-									    Pid,
-									local_hint
-									    =
-									    I}),
-						    mnesia:delete_object(R),
-						    true;
-						(_) -> false
-					    end,
-					    Rs)
+				  lists:any(
+				    fun (#route{pid = undefined,
+						local_hint = I} = R) ->
+					    mnesia:write(
+					      #route{domain = LDomain,
+						     pid = Pid,
+						     server_host = LServerHost,
+						     local_hint = I}),
+					    mnesia:delete_object(R),
+					    true;
+					(_) -> false
+				    end,
+				    Rs)
 			    end
 		    end,
 		mnesia:transaction(F)
 	  end
    end.

-spec register_routes([binary()]) -> ok.
+-spec register_routes([{binary(), binary()}]) -> ok.

 register_routes(Domains) ->
-    lists:foreach(fun (Domain) -> register_route(Domain)
+    lists:foreach(fun ({Domain, ServerHost}) -> register_route(Domain, ServerHost)
 		  end,
 		  Domains).

@@ -183,7 +191,9 @@ unregister_route(Domain) ->
 				of
 			      [R] ->
 				  I = R#route.local_hint,
+				  ServerHost = R#route.server_host,
 				  mnesia:write(#route{domain = LDomain,
+						      server_host = ServerHost,
 						      pid = undefined,
 						      local_hint = I}),
 				  mnesia:delete_object(R);
@@ -211,6 +221,20 @@ dirty_get_all_routes() ->
 dirty_get_all_domains() ->
    lists:usort(mnesia:dirty_all_keys(route)).

+-spec host_of_route(binary()) -> binary().
+
+host_of_route(Domain) ->
+    case jid:nameprep(Domain) of
+	error ->
+	    erlang:error({invalid_domain, Domain});
+	LDomain ->
+	    case mnesia:dirty_read(route, LDomain) of
+		[#route{server_host = ServerHost}|_] ->
+		    ServerHost;
+		[] ->
+		    erlang:error({unregistered_route, Domain})
+	    end
+    end.

 %%====================================================================
 %% gen_server callbacks
@@ -283,8 +307,11 @@ handle_info({'DOWN', _Ref, _Type, Pid, _Info}, State) ->
 				      if is_integer(E#route.local_hint) ->
 					     LDomain = E#route.domain,
 					     I = E#route.local_hint,
+					     ServerHost = E#route.server_host,
 					     mnesia:write(#route{domain =
 								     LDomain,
+								 server_host =
+								     ServerHost,
 								 pid =
 								     undefined,
 								 local_hint =
@@ -394,12 +421,10 @@ get_component_number(LDomain) ->
      undefined).

 update_tables() ->
-    case catch mnesia:table_info(route, attributes) of
-      [domain, node, pid] -> mnesia:delete_table(route);
-      [domain, pid] -> mnesia:delete_table(route);
-      [domain, pid, local_hint] -> ok;
-      [domain, pid, local_hint|_] -> mnesia:delete_table(route);
-      {'EXIT', _} -> ok
+    try
+	mnesia:transform_table(route, ignore, record_info(fields, route))
+    catch exit:{aborted, {no_exists, _}} ->
+	    ok
    end,
    case lists:member(local_route,
 		      mnesia:system_info(tables))
@@ -312,8 +312,10 @@ do_route(From, To, Packet) ->
 	    <<"error">> -> ok;
 	    <<"result">> -> ok;
 	    _ ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_SERVICE_UNAVAILABLE),
+		Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+		Txt = <<"No s2s connection found">>,
+		Err = jlib:make_error_reply(
+			Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end,
 	  false
@@ -471,28 +473,34 @@ send_element(Pid, El) ->
 %%% ejabberd commands

 get_commands_spec() ->
-    [#ejabberd_commands{name = incoming_s2s_number,
-			tags = [stats, s2s],
-			desc =
-			    "Number of incoming s2s connections on "
-			    "the node",
-                        policy = admin,
-			module = ?MODULE, function = incoming_s2s_number,
-			args = [], result = {s2s_incoming, integer}},
-     #ejabberd_commands{name = outgoing_s2s_number,
-			tags = [stats, s2s],
-			desc =
-			    "Number of outgoing s2s connections on "
-			    "the node",
-                        policy = admin,
-			module = ?MODULE, function = outgoing_s2s_number,
-			args = [], result = {s2s_outgoing, integer}}].
+    [#ejabberd_commands{
+        name = incoming_s2s_number,
+        tags = [stats, s2s],
+        desc = "Number of incoming s2s connections on the node",
+        policy = admin,
+        module = ?MODULE, function = incoming_s2s_number,
+        args = [], result = {s2s_incoming, integer}},
+     #ejabberd_commands{
+        name = outgoing_s2s_number,
+        tags = [stats, s2s],
+        desc = "Number of outgoing s2s connections on the node",
+        policy = admin,
+        module = ?MODULE, function = outgoing_s2s_number,
+        args = [], result = {s2s_outgoing, integer}}].

+%% TODO Move those stats commands to ejabberd stats command ?
 incoming_s2s_number() ->
-    length(supervisor:which_children(ejabberd_s2s_in_sup)).
+    supervisor_count(ejabberd_s2s_in_sup).

 outgoing_s2s_number() ->
-    length(supervisor:which_children(ejabberd_s2s_out_sup)).
+    supervisor_count(ejabberd_s2s_out_sup).
+
+supervisor_count(Supervisor) ->
+    case catch supervisor:which_children(Supervisor) of
+        {'EXIT', _} -> 0;
+        Result ->
+            length(Result)
+    end.

 %%%----------------------------------------------------------------------
 %%% Update Mnesia tables
@@ -537,7 +545,7 @@ allow_host2(MyServer, S2SHost) ->
 allow_host1(MyHost, S2SHost) ->
    Rule = ejabberd_config:get_option(
             s2s_access,
-             fun(A) when is_atom(A) -> A end,
+             fun(A) -> A end,
             all),
    JID = jid:make(<<"">>, S2SHost, <<"">>),
    case acl:match_rule(MyHost, Rule, JID) of
@@ -736,5 +744,5 @@ opt_type(route_subdomains) ->
 	(local) -> local
    end;
 opt_type(s2s_access) ->
-    fun (A) when is_atom(A) -> A end;
+    fun acl:access_rules_validator/1;
 opt_type(_) -> [route_subdomains, s2s_access].
--- a/Show More
+++ b/Show More