Merge pull request #1249 from weiss:push-requirements

If an ACK timer is active while going into the 'wait_for_resume' state,
cancel that timer.

.travis.yml

@@ -2,7 +2,7 @@ language: erlang
 
 otp_release:
   - 17.5
-  - 18.2.1
+  - 18.3
 
 services:
   - riak
@@ -59,6 +59,7 @@ after_script:
   - find logs -name suite.log -exec cat '{}' ';'
 
 after_failure:
+  - find logs -name exunit.log -exec cat '{}' ';'
   # Try checking Riak database logs
   - tail -n 100000 /var/log/riak/*.log
   - find logs -name ejabberd.log -exec cat '{}' ';'

Makefile.in

@@ -184,7 +184,8 @@ install: all copy-files
 		-e "s*{{sysconfdir}}*@sysconfdir@*" \
 		-e "s*{{localstatedir}}*@localstatedir@*" \
 		-e "s*{{docdir}}*@docdir@*" \
-		-e "s*{{erl}}*@ERL@*" ejabberdctl.template \
+		-e "s*{{erl}}*@ERL@*" \
+		-e "s*{{epmd}}*@EPMD@*" ejabberdctl.template \
 		> ejabberdctl.example
 	[ -f $(ETCDIR)/ejabberdctl.cfg ] \
 		&& $(INSTALL) -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \

config/config.exs

@@ -4,7 +4,7 @@ use Mix.Config
 config :ejabberd,
   file: "config/ejabberd.yml",
   log_path: 'log/ejabberd.log'
- 
+
 # Customize Mnesia directory:
 config :mnesia,
   dir: 'mnesiadb/'

config/ejabberd.exs

@@ -0,0 +1,169 @@
+defmodule Ejabberd.ConfigFile do
+  use Ejabberd.Config
+
+  def start do
+    [loglevel: 4,
+     log_rotate_size: 10485760,
+     log_rotate_date: "",
+     log_rotate_count: 1,
+     log_rate_limit: 100,
+     auth_method: :internal,
+     max_fsm_queue: 1000,
+     language: "en",
+     allow_contrib_modules: true,
+     hosts: ["localhost"],
+     shaper: shaper,
+     acl: acl,
+     access: access]
+  end
+
+  defp shaper do
+    [normal: 1000,
+      fast: 50000,
+      max_fsm_queue: 1000]
+  end
+
+  defp acl do
+    [local:
+      [user_regexp: "", loopback: [ip: "127.0.0.0/8"]]]
+  end
+
+  defp access do
+    [max_user_sessions: [all: 10],
+     max_user_offline_messages: [admin: 5000, all: 100],
+     local: [local: :allow],
+     c2s: [blocked: :deny, all: :allow],
+     c2s_shaper: [admin: :none, all: :normal],
+     s2s_shaper: [all: :fast],
+     announce: [admin: :allow],
+     configure: [admin: :allow],
+     muc_admin: [admin: :allow],
+     muc_create: [local: :allow],
+     muc: [all: :allow],
+     pubsub_createnode: [local: :allow],
+     register: [all: :allow],
+     trusted_network: [loopback: :allow]]
+  end
+
+  listen :ejabberd_c2s do
+    @opts [
+      port: 5222,
+      max_stanza_size: 65536,
+      shaper: :c2s_shaper,
+      access: :c2s]
+  end
+
+  listen :ejabberd_s2s_in do
+    @opts [port: 5269]
+  end
+
+  listen :ejabberd_http do
+    @opts [
+      port: 5280,
+      web_admin: true,
+      http_poll: true,
+      http_bind: true,
+      captcha: true]
+  end
+
+  module :mod_adhoc do
+  end
+
+  module :mod_announce do
+    @opts [access: :announce]
+  end
+
+  module :mod_blocking do
+  end
+
+  module :mod_caps do
+  end
+
+  module :mod_carboncopy do
+  end
+
+  module :mod_client_state do
+    @opts [
+      drop_chat_states: true,
+      queue_presence: false]
+  end
+
+  module :mod_configure do
+  end
+
+  module :mod_disco do
+  end
+
+  module :mod_irc do
+  end
+
+  module :mod_http_bind do
+  end
+
+  module :mod_last do
+  end
+
+  module :mod_muc do
+    @opts [
+      access: :muc,
+      access_create: :muc_create,
+      access_persistent: :muc_create,
+      access_admin: :muc_admin]
+  end
+
+  module :mod_offline do
+    @opts [access_max_user_messages: :max_user_offline_messages]
+  end
+
+  module :mod_ping do
+  end
+
+  module :mod_privacy do
+  end
+
+  module :mod_private do
+  end
+
+  module :mod_pubsub do
+    @opts [
+      access_createnode: :pubsub_createnode,
+      ignore_pep_from_offline: true,
+      last_item_cache: true,
+      plugins: ["flat", "hometree", "pep"]]
+  end
+
+  module :mod_register do
+    @opts [welcome_message: [
+      subject: "Welcome!",
+      body: "Hi.\nWelcome to this XMPP Server",
+      ip_access: :trusted_network,
+      access: :register]]
+  end
+
+  module :mod_roster do
+  end
+
+  module :mod_shared_roster do
+  end
+
+  module :mod_stats do
+  end
+
+  module :mod_time do
+  end
+
+  module :mod_version do
+  end
+
+  # Example of how to define a hook, called when the event
+  # specified is triggered.
+  #
+  # @event: Name of the event
+  # @opts: Params are optional. Available: :host and :priority.
+  #        If missing, defaults are used. (host: :global | priority: 50)
+  # @callback Could be an anonymous function or a callback from a module,
+  #           use the &ModuleName.function/arity format for that.
+  hook :register_user, [host: "localhost"], fn(user, server) ->
+    info("User registered: #{user} on #{server}")
+  end
+end

config/ejabberd.yml

@@ -0,0 +1,667 @@
+###
+###               ejabberd configuration file
+###
+###
+
+### The parameters used in this configuration file are explained in more detail
+### in the ejabberd Installation and Operation Guide.
+### Please consult the Guide in case of doubts, it is included with
+### your copy of ejabberd, and is also available online at
+### http://www.process-one.net/en/ejabberd/docs/
+
+### The configuration file is written in YAML.
+### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
+### However, ejabberd treats different literals as different types:
+###
+### - unquoted or single-quoted strings. They are called "atoms".
+###   Example: dog, 'Jupiter', '3.14159', YELLOW
+###
+### - numeric literals. Example: 3, -45.0, .0
+###
+### - quoted or folded strings.
+###   Examples of quoted string: "Lizzard", "orange".
+###   Example of folded string:
+###   > Art thou not Romeo,
+###     and a Montague?
+
+###   =======
+###   LOGGING
+
+##
+## loglevel: Verbosity of log files generated by ejabberd.
+## 0: No ejabberd log at all (not recommended)
+## 1: Critical
+## 2: Error
+## 3: Warning
+## 4: Info
+## 5: Debug
+##
+loglevel: 4
+
+##
+## rotation: Describe how to rotate logs. Either size and/or date can trigger
+## log rotation. Setting count to N keeps N rotated logs. Setting count to 0
+## does not disable rotation, it instead rotates the file and keeps no previous
+## versions around. Setting size to X rotate log when it reaches X bytes.
+## To disable rotation set the size to 0 and the date to ""
+## Date syntax is taken from the syntax newsyslog uses in newsyslog.conf.
+## Some examples:
+##  $D0     rotate every night at midnight
+##  $D23    rotate every day at 23:00 hr
+##  $W0D23  rotate every week on Sunday at 23:00 hr
+##  $W5D16  rotate every week on Friday at 16:00 hr
+##  $M1D0   rotate on the first day of every month at midnight
+##  $M5D6   rotate on every 5th day of the month at 6:00 hr
+##
+log_rotate_size: 10485760
+log_rotate_date: ""
+log_rotate_count: 1
+
+##
+## overload protection: If you want to limit the number of messages per second
+## allowed from error_logger, which is a good idea if you want to avoid a flood
+## of messages when system is overloaded, you can set a limit.
+## 100 is ejabberd's default.
+log_rate_limit: 100
+
+##
+## watchdog_admins: Only useful for developers: if an ejabberd process
+## consumes a lot of memory, send live notifications to these XMPP
+## accounts.
+##
+## watchdog_admins:
+##   - "bob@example.com"
+
+
+###   ================
+###   SERVED HOSTNAMES
+
+##
+## hosts: Domains served by ejabberd.
+## You can define one or several, for example:
+## hosts:
+##   - "example.net"
+##   - "example.com"
+##   - "example.org"
+##
+hosts:
+  - "localhost"
+
+##
+## route_subdomains: Delegate subdomains to other XMPP servers.
+## For example, if this ejabberd serves example.org and you want
+## to allow communication with an XMPP server called im.example.org.
+##
+## route_subdomains: s2s
+
+###   ===============
+###   LISTENING PORTS
+
+##
+## listen: The ports ejabberd will listen on, which service each is handled
+## by and what options to start it with.
+##
+listen:
+  -
+    port: 5222
+    module: ejabberd_c2s
+    ##
+    ## If TLS is compiled in and you installed a SSL
+    ## certificate, specify the full path to the
+    ## file and uncomment these lines:
+    ##
+    ## certfile: "/path/to/ssl.pem"
+    ## starttls: true
+    ##
+    ## To enforce TLS encryption for client connections,
+    ## use this instead of the "starttls" option:
+    ##
+    ## starttls_required: true
+    ##
+    ## Custom OpenSSL options
+    ##
+    ## protocol_options:
+    ##   - "no_sslv3"
+    ##   - "no_tlsv1"
+    max_stanza_size: 65536
+    shaper: c2s_shaper
+    access: c2s
+  -
+    port: 5269
+    module: ejabberd_s2s_in
+  ##
+  ## ejabberd_service: Interact with external components (transports, ...)
+  ##
+  ## -
+  ##   port: 8888
+  ##   module: ejabberd_service
+  ##   access: all
+  ##   shaper_rule: fast
+  ##   ip: "127.0.0.1"
+  ##   hosts:
+  ##     "icq.example.org":
+  ##       password: "secret"
+  ##     "sms.example.org":
+  ##       password: "secret"
+
+  ##
+  ## ejabberd_stun: Handles STUN Binding requests
+  ##
+  ## -
+  ##   port: 3478
+  ##   transport: udp
+  ##   module: ejabberd_stun
+
+  ##
+  ## To handle XML-RPC requests that provide admin credentials:
+  ##
+  ## -
+  ##   port: 4560
+  ##   module: ejabberd_xmlrpc
+  -
+    port: 5280
+    module: ejabberd_http
+    ## request_handlers:
+    ##   "/pub/archive": mod_http_fileserver
+    web_admin: true
+    http_poll: true
+    http_bind: true
+    ## register: true
+    captcha: true
+
+##
+## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+## Allowed values are: false optional required required_trusted
+## You must specify a certificate file.
+##
+## s2s_use_starttls: optional
+
+##
+## s2s_certfile: Specify a certificate file.
+##
+## s2s_certfile: "/path/to/ssl.pem"
+
+## Custom OpenSSL options
+##
+## s2s_protocol_options:
+##   - "no_sslv3"
+##   - "no_tlsv1"
+
+##
+## domain_certfile: Specify a different certificate for each served hostname.
+##
+## host_config:
+##   "example.org":
+##     domain_certfile: "/path/to/example_org.pem"
+##   "example.com":
+##     domain_certfile: "/path/to/example_com.pem"
+
+##
+## S2S whitelist or blacklist
+##
+## Default s2s policy for undefined hosts.
+##
+## s2s_access: s2s
+
+##
+## Outgoing S2S options
+##
+## Preferred address families (which to try first) and connect timeout
+## in milliseconds.
+##
+## outgoing_s2s_families:
+##   - ipv4
+##   - ipv6
+## outgoing_s2s_timeout: 10000
+
+###   ==============
+###   AUTHENTICATION
+
+##
+## auth_method: Method used to authenticate the users.
+## The default method is the internal.
+## If you want to use a different method,
+## comment this line and enable the correct ones.
+##
+auth_method: internal
+
+##
+## Store the plain passwords or hashed for SCRAM:
+## auth_password_format: plain
+## auth_password_format: scram
+##
+## Define the FQDN if ejabberd doesn't detect it:
+## fqdn: "server3.example.com"
+
+##
+## Authentication using external script
+## Make sure the script is executable by ejabberd.
+##
+## auth_method: external
+## extauth_program: "/path/to/authentication/script"
+
+##
+## Authentication using ODBC
+## Remember to setup a database in the next section.
+##
+## auth_method: odbc
+
+##
+## Authentication using PAM
+##
+## auth_method: pam
+## pam_service: "pamservicename"
+
+##
+## Authentication using LDAP
+##
+## auth_method: ldap
+##
+## List of LDAP servers:
+## ldap_servers:
+##   - "localhost"
+##
+## Encryption of connection to LDAP servers:
+## ldap_encrypt: none
+## ldap_encrypt: tls
+##
+## Port to connect to on LDAP servers:
+## ldap_port: 389
+## ldap_port: 636
+##
+## LDAP manager:
+## ldap_rootdn: "dc=example,dc=com"
+##
+## Password of LDAP manager:
+## ldap_password: "******"
+##
+## Search base of LDAP directory:
+## ldap_base: "dc=example,dc=com"
+##
+## LDAP attribute that holds user ID:
+## ldap_uids:
+##   - "mail": "%u@mail.example.org"
+##
+## LDAP filter:
+## ldap_filter: "(objectClass=shadowAccount)"
+
+##
+## Anonymous login support:
+##   auth_method: anonymous
+##   anonymous_protocol: sasl_anon | login_anon | both
+##   allow_multiple_connections: true | false
+##
+## host_config:
+##   "public.example.org":
+##     auth_method: anonymous
+##     allow_multiple_connections: false
+##     anonymous_protocol: sasl_anon
+##
+## To use both anonymous and internal authentication:
+##
+## host_config:
+##   "public.example.org":
+##     auth_method:
+##       - internal
+##       - anonymous
+
+###   ==============
+###   DATABASE SETUP
+
+## ejabberd by default uses the internal Mnesia database,
+## so you do not necessarily need this section.
+## This section provides configuration examples in case
+## you want to use other database backends.
+## Please consult the ejabberd Guide for details on database creation.
+
+##
+## MySQL server:
+##
+## odbc_type: mysql
+## odbc_server: "server"
+## odbc_database: "database"
+## odbc_username: "username"
+## odbc_password: "password"
+##
+## If you want to specify the port:
+## odbc_port: 1234
+
+##
+## PostgreSQL server:
+##
+## odbc_type: pgsql
+## odbc_server: "server"
+## odbc_database: "database"
+## odbc_username: "username"
+## odbc_password: "password"
+##
+## If you want to specify the port:
+## odbc_port: 1234
+##
+## If you use PostgreSQL, have a large database, and need a
+## faster but inexact replacement for "select count(*) from users"
+##
+## pgsql_users_number_estimate: true
+
+##
+## ODBC compatible or MSSQL server:
+##
+## odbc_type: odbc
+## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
+
+##
+## Number of connections to open to the database for each virtual host
+##
+## odbc_pool_size: 10
+
+##
+## Interval to make a dummy SQL request to keep the connections to the
+## database alive. Specify in seconds: for example 28800 means 8 hours
+##
+## odbc_keepalive_interval: undefined
+
+###   ===============
+###   TRAFFIC SHAPERS
+
+shaper:
+  ##
+  ## The "normal" shaper limits traffic speed to 1000 B/s
+  ##
+  normal: 1000
+
+  ##
+  ## The "fast" shaper limits traffic speed to 50000 B/s
+  ##
+  fast: 50000
+
+##
+## This option specifies the maximum number of elements in the queue
+## of the FSM. Refer to the documentation for details.
+##
+max_fsm_queue: 1000
+
+###.   ====================
+###'   ACCESS CONTROL LISTS
+acl:
+  ##
+  ## The 'admin' ACL grants administrative privileges to XMPP accounts.
+  ## You can put here as many accounts as you want.
+  ##
+  ## admin:
+  ##   user:
+  ##     - "aleksey": "localhost"
+  ##     - "ermine": "example.org"
+  ##
+  ## Blocked users
+  ##
+  ## blocked:
+  ##   user:
+  ##     - "baduser": "example.org"
+  ##     - "test"
+
+  ## Local users: don't modify this.
+  ##
+  local:
+    user_regexp: ""
+
+  ##
+  ## More examples of ACLs
+  ##
+  ## jabberorg:
+  ##   server:
+  ##     - "jabber.org"
+  ## aleksey:
+  ##   user:
+  ##     - "aleksey": "jabber.ru"
+  ## test:
+  ##   user_regexp: "^test"
+  ##   user_glob: "test*"
+
+  ##
+  ## Loopback network
+  ##
+  loopback:
+    ip:
+      - "127.0.0.0/8"
+
+  ##
+  ## Bad XMPP servers
+  ##
+  ## bad_servers:
+  ##   server:
+  ##     - "xmpp.zombie.org"
+  ##     - "xmpp.spam.com"
+
+##
+## Define specific ACLs in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     acl:
+##       admin:
+##         user:
+##           - "bob-local": "localhost"
+
+###   ============
+###   ACCESS RULES
+access:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions:
+    all: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    admin: 5000
+    all: 100
+  ## This rule allows access only for local users:
+  local:
+    local: allow
+  ## Only non-blocked users can use c2s connections:
+  c2s:
+    blocked: deny
+    all: allow
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    admin: none
+    all: normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper:
+    all: fast
+  ## Only admins can send announcement messages:
+  announce:
+    admin: allow
+  ## Only admins can use the configuration interface:
+  configure:
+    admin: allow
+  ## Admins of this server are also admins of the MUC service:
+  muc_admin:
+    admin: allow
+  ## Only accounts of the local ejabberd server can create rooms:
+  muc_create:
+    local: allow
+  ## All users are allowed to use the MUC service:
+  muc:
+    all: allow
+  ## Only accounts on the local ejabberd server can create Pubsub nodes:
+  pubsub_createnode:
+    local: allow
+  ## In-band registration allows registration of any possible username.
+  ## To disable in-band registration, replace 'allow' with 'deny'.
+  register:
+    all: allow
+  ## Only allow to register from localhost
+  trusted_network:
+    loopback: allow
+  ## Do not establish S2S connections with bad servers
+  ## s2s:
+  ##   bad_servers: deny
+  ##   all: allow
+
+## By default the frequency of account registrations from the same IP
+## is limited to 1 account every 10 minutes. To disable, specify: infinity
+## registration_timeout: 600
+
+##
+## Define specific Access Rules in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     access:
+##       c2s:
+##         admin: allow
+##         all: deny
+##       register:
+##         all: deny
+
+###   ================
+###   DEFAULT LANGUAGE
+
+##
+## language: Default language used for server messages.
+##
+language: "en"
+
+##
+## Set a different default language in a virtual host.
+##
+## host_config:
+##   "localhost":
+##     language: "ru"
+
+###   =======
+###   CAPTCHA
+
+##
+## Full path to a script that generates the image.
+##
+## captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"
+
+##
+## Host for the URL and port where ejabberd listens for CAPTCHA requests.
+##
+## captcha_host: "example.org:5280"
+
+##
+## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
+##
+## captcha_limit: 5
+
+###   =======
+###   MODULES
+
+##
+## Modules enabled in all ejabberd virtual hosts.
+##
+modules:
+  mod_adhoc: {}
+  ## mod_admin_extra: {}
+  mod_announce: # recommends mod_adhoc
+    access: announce
+  mod_blocking: {} # requires mod_privacy
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state:
+    drop_chat_states: true
+    queue_presence: false
+  mod_configure: {} # requires mod_adhoc
+  mod_disco: {}
+  ## mod_echo: {}
+  mod_irc: {}
+  mod_http_bind: {}
+  ## mod_http_fileserver:
+  ##   docroot: "/var/www"
+  ##   accesslog: "/var/log/ejabberd/access.log"
+  mod_last: {}
+  mod_muc:
+    ## host: "conference.@HOST@"
+    access: muc
+    access_create: muc_create
+    access_persistent: muc_create
+    access_admin: muc_admin
+  ## mod_muc_log: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  ## mod_pres_counter:
+  ##   count: 5
+  ##   interval: 60
+  mod_privacy: {}
+  mod_private: {}
+  ## mod_proxy65: {}
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    ## reduces resource comsumption, but XEP incompliant
+    ignore_pep_from_offline: true
+    ## XEP compliant, but increases resource comsumption
+    ## ignore_pep_from_offline: false
+    last_item_cache: false
+    plugins:
+      - "flat"
+      - "hometree"
+      - "pep" # pep requires mod_caps
+  mod_register:
+    ##
+    ## Protect In-Band account registrations with CAPTCHA.
+    ##
+    ## captcha_protected: true
+
+    ##
+    ## Set the minimum informational entropy for passwords.
+    ##
+    ## password_strength: 32
+
+    ##
+    ## After successful registration, the user receives
+    ## a message with this subject and body.
+    ##
+    welcome_message:
+      subject: "Welcome!"
+      body: |-
+        Hi.
+        Welcome to this XMPP server.
+
+    ##
+    ## When a user registers, send a notification to
+    ## these XMPP accounts.
+    ##
+    ## registration_watchers:
+    ##   - "admin1@example.org"
+
+    ##
+    ## Only clients in the server machine can register accounts
+    ##
+    ip_access: trusted_network
+
+    ##
+    ## Local c2s or remote s2s users cannot register accounts
+    ##
+    ## access_from: deny
+
+    access: register
+  mod_roster: {}
+  mod_shared_roster: {}
+  mod_stats: {}
+  mod_time: {}
+  mod_vcard: {}
+  mod_version: {}
+
+##
+## Enable modules with custom options in a specific virtual host
+##
+## host_config:
+##   "localhost":
+##     modules:
+##       mod_echo:
+##         host: "mirror.localhost"
+
+##
+## Enable modules management via ejabberdctl for installation and
+## uninstallation of public/private contributed modules
+## (enabled by default)
+##
+
+allow_contrib_modules: true
+
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8

configure.ac

@@ -30,6 +30,7 @@ fi
 
 AC_PATH_TOOL(ERL, erl, , [${extra_erl_path}$PATH])
 AC_PATH_TOOL(ERLC, erlc, , [${extra_erl_path}$PATH])
+AC_PATH_TOOL(EPMD, epmd, , [${extra_erl_path}$PATH])
 
 AC_ERLANG_NEED_ERL
 AC_ERLANG_NEED_ERLC

contrib/extract_translations/extract_translations.erl

@@ -242,9 +242,7 @@ print_usage() ->
 print_po_header(File) ->
     MsgProps = get_msg_header_props(File),
     {Language, [LastT | AddT]} = prepare_props(MsgProps),
-    application:load(ejabberd),
-    {ok, Version} = application:get_key(ejabberd, vsn),
-    print_po_header(Version, Language, LastT, AddT).
+    print_po_header(Language, LastT, AddT).
 
 get_msg_header_props(File) ->
     {ok, F} = file:open(File, [read]),
@@ -274,12 +272,11 @@ prepare_props(MsgProps) ->
     Authors = proplists:get_all_values("Author:", MsgProps),
     {Language, Authors}.
 
-print_po_header(Version, Language, LastTranslator, AdditionalTranslatorsList) ->
+print_po_header(Language, LastTranslator, AdditionalTranslatorsList) ->
     AdditionalTranslatorsString = build_additional_translators(AdditionalTranslatorsList),
     HeaderString =
 	"msgid \"\"\n"
 	"msgstr \"\"\n"
-	"\"Project-Id-Version: " ++ Version ++ "\\n\"\n"
 	++ "\"X-Language: " ++ Language ++ "\\n\"\n"
 	"\"Last-Translator: " ++ LastTranslator ++ "\\n\"\n"
 	++ AdditionalTranslatorsString ++

contrib/extract_translations/prepare-translation.sh

@@ -157,7 +157,7 @@ extract_lang_srcmsg2po ()
 	echo $MSGS_PATH
 
 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$PO_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $PO_PATH.1 > $PO_PATH.2
 	msguniq --sort-by-file $PO_PATH.2 --output-file=$PO_PATH
 	
@@ -176,7 +176,7 @@ extract_lang_src2pot ()
 	echo "" >>$MSGS_PATH
 
 	cd $SRC_DIR
-	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa /lib/ejabberd/include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
+	$ERL -pa $EXTRACT_DIR -pa $EBIN_DIR -pa $EJA_SRC_DIR -pa ../include -noinput -noshell -s extract_translations -s init stop -extra -srcmsg2po . $MSGS_PATH >$POT_PATH.1
 	sed -e 's/ \[\]$/ \"\"/g;' $POT_PATH.1 > $POT_PATH.2
 
 	#msguniq --sort-by-file $POT_PATH.2 $EJA_MSGS_DIR --output-file=$POT_PATH

ejabberd.service.template

@@ -12,6 +12,13 @@ ExecStop=@ctlscriptpath@/ejabberdctl stop
 ExecReload=@ctlscriptpath@/ejabberdctl reload_config
 Type=oneshot
 RemainAfterExit=yes
+# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target

ejabberd.yml.example

@@ -147,6 +147,15 @@ listen:
   ##   access: all
   ##   shaper_rule: fast
   ##   ip: "127.0.0.1"
+  ##   privilege_access: 
+  ##      roster: "both"
+  ##      message: "outgoing"
+  ##      presence: "roster"
+  ##   delegations:
+  ##      "urn:xmpp:mam:1":
+  ##        filtering: ["node"]
+  ##      "http://jabber.org/protocol/pubsub":
+  ##        filtering: []
   ##   hosts:
   ##     "icq.example.org":
   ##       password: "secret"
@@ -254,10 +263,10 @@ auth_method: internal
 ## extauth_program: "/path/to/authentication/script"
 
 ##
-## Authentication using ODBC
+## Authentication using SQL
 ## Remember to setup a database in the next section.
 ##
-## auth_method: odbc
+## auth_method: sql
 
 ##
 ## Authentication using PAM
@@ -330,26 +339,26 @@ auth_method: internal
 ##
 ## MySQL server:
 ##
-## odbc_type: mysql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: mysql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234
 
 ##
 ## PostgreSQL server:
 ##
-## odbc_type: pgsql
-## odbc_server: "server"
-## odbc_database: "database"
-## odbc_username: "username"
-## odbc_password: "password"
+## sql_type: pgsql
+## sql_server: "server"
+## sql_database: "database"
+## sql_username: "username"
+## sql_password: "password"
 ##
 ## If you want to specify the port:
-## odbc_port: 1234
+## sql_port: 1234
 ##
 ## If you use PostgreSQL, have a large database, and need a
 ## faster but inexact replacement for "select count(*) from users"
@@ -359,25 +368,25 @@ auth_method: internal
 ##
 ## SQLite:
 ##
-## odbc_type: sqlite
-## odbc_database: "/path/to/database.db"
+## sql_type: sqlite
+## sql_database: "/path/to/database.db"
 
 ##
 ## ODBC compatible or MSSQL server:
 ##
-## odbc_type: odbc
-## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
+## sql_type: odbc
+## sql_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
 
 ##
 ## Number of connections to open to the database for each virtual host
 ##
-## odbc_pool_size: 10
+## sql_pool_size: 10
 
 ##
 ## Interval to make a dummy SQL request to keep the connections to the
 ## database alive. Specify in seconds: for example 28800 means 8 hours
 ##
-## odbc_keepalive_interval: undefined
+## sql_keepalive_interval: undefined
 
 ###.  ===============
 ###'  TRAFFIC SHAPERS
@@ -408,14 +417,14 @@ acl:
   ##
   ## admin:
   ##   user:
-  ##     - "aleksey": "localhost"
-  ##     - "ermine": "example.org"
+  ##     - "aleksey@localhost"
+  ##     - "ermine@example.org"
   ##
   ## Blocked users
   ##
   ## blocked:
   ##   user:
-  ##     - "baduser": "example.org"
+  ##     - "baduser@example.org"
   ##     - "test"
 
   ## Local users: don't modify this.
@@ -431,7 +440,7 @@ acl:
   ##     - "jabber.org"
   ## aleksey:
   ##   user:
-  ##     - "aleksey": "jabber.ru"
+  ##     - "aleksey@jabber.ru"
   ## test:
   ##   user_regexp: "^test"
   ##   user_glob: "test*"
@@ -459,61 +468,61 @@ acl:
 ##     acl:
 ##       admin:
 ##         user:
-##           - "bob-local": "localhost"
+##           - "bob-local@localhost"
+
+###.  ============
+###'  SHAPER RULES
+
+shaper_rules:
+  ## Maximum number of simultaneous sessions allowed for a single user:
+  max_user_sessions: 10
+  ## Maximum number of offline messages that users can have:
+  max_user_offline_messages:
+    - 5000: admin
+    - 100
+  ## For C2S connections, all users except admins use the "normal" shaper
+  c2s_shaper:
+    - none: admin
+    - normal
+  ## All S2S connections use the "fast" shaper
+  s2s_shaper: fast
 
 ###.  ============
 ###'  ACCESS RULES
-access:
-  ## Maximum number of simultaneous sessions allowed for a single user:
-  max_user_sessions: 
-    all: 10
-  ## Maximum number of offline messages that users can have:
-  max_user_offline_messages: 
-    admin: 5000
-    all: 100
+access_rules:
   ## This rule allows access only for local users:
-  local: 
-    local: allow
+  local:
+    - allow: local
   ## Only non-blocked users can use c2s connections:
-  c2s: 
-    blocked: deny
-    all: allow
-  ## For C2S connections, all users except admins use the "normal" shaper
-  c2s_shaper: 
-    admin: none
-    all: normal
-  ## All S2S connections use the "fast" shaper
-  s2s_shaper: 
-    all: fast
+  c2s:
+    - deny: blocked
+    - allow
   ## Only admins can send announcement messages:
-  announce: 
-    admin: allow
+  announce:
+    - allow: admin
   ## Only admins can use the configuration interface:
   configure: 
-    admin: allow
-  ## Admins of this server are also admins of the MUC service:
-  muc_admin: 
-    admin: allow
+    - allow: admin
   ## Only accounts of the local ejabberd server can create rooms:
   muc_create: 
-    local: allow
-  ## All users are allowed to use the MUC service:
-  muc: 
-    all: allow
+    - allow: local
   ## Only accounts on the local ejabberd server can create Pubsub nodes:
   pubsub_createnode: 
-    local: allow
+    - allow: local
   ## In-band registration allows registration of any possible username.
   ## To disable in-band registration, replace 'allow' with 'deny'.
   register: 
-    all: allow
+    - allow
   ## Only allow to register from localhost
   trusted_network: 
-    loopback: allow
+    - allow: loopback
   ## Do not establish S2S connections with bad servers
   ## s2s: 
-  ##   bad_servers: deny
-  ##   all: allow
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - deny:
+  ##     - ip: "XXX.XXX.XXX.XXX/32"
+  ##   - allow
 
 ## By default the frequency of account registrations from the same IP
 ## is limited to 1 account every 10 minutes. To disable, specify: infinity
@@ -526,10 +535,10 @@ access:
 ##   "localhost":
 ##     access:
 ##       c2s:
-##         admin: allow
-##         all: deny
+##         - allow: admin
+##         - deny
 ##       register:
-##         all: deny
+##         - deny
 
 ###.  ================
 ###'  DEFAULT LANGUAGE
@@ -580,6 +589,7 @@ modules:
   mod_carboncopy: {}
   mod_client_state: {}
   mod_configure: {} # requires mod_adhoc
+  ##mod_delegation: {} # for xep0356
   mod_disco: {}
   ## mod_echo: {}
   mod_irc: {}
@@ -590,10 +600,12 @@ modules:
   mod_last: {}
   mod_muc: 
     ## host: "conference.@HOST@"
-    access: muc
+    access:
+      - allow
+    access_admin:
+      - allow: admin
     access_create: muc_create
     access_persistent: muc_create
-    access_admin: muc_admin
   ## mod_muc_log: {}
   ## mod_multicast: {}
   mod_offline: 

ejabberdctl.template

@@ -13,7 +13,7 @@ ERLANG_NODE=ejabberd@localhost
 SCRIPT_DIR=`cd ${0%/*} && pwd`
 ERL={{erl}}
 IEX={{bindir}}/iex
-EPMD={{bindir}}/epmd
+EPMD={{epmd}}
 INSTALLUSER={{installuser}}
 ERL_LIBS={{libdir}}
 
@@ -83,18 +83,9 @@ if [ "$EJABBERD_DOC_PATH" = "" ] ; then
 fi
 if [ "$ERLANG_NODE_ARG" != "" ] ; then
     ERLANG_NODE=$ERLANG_NODE_ARG
-    NODE=${ERLANG_NODE%@*}
 fi
-if [ "{{release}}" != "true" ] ; then
-    if [ "$EJABBERDDIR" = "" ] ; then
-        EJABBERDDIR={{libdir}}/ejabberd
-    fi
-    if [ "$EJABBERD_PRIV_PATH" = "" ] ; then
-        EJABBERD_PRIV_PATH=$EJABBERDDIR/priv
-    fi
-    if [ "$EJABBERD_BIN_PATH" = "" ] ; then
-        EJABBERD_BIN_PATH=$EJABBERD_PRIV_PATH/bin
-    fi
+if [ "{{release}}" != "true" -a "$EJABBERD_BIN_PATH" = "" ] ; then
+    EJABBERD_BIN_PATH={{libdir}}/ejabberd/priv/bin
 fi
 EJABBERD_LOG_PATH=$LOGS_DIR/ejabberd.log
 DATETIME=`date "+%Y%m%d-%H%M%S"`
@@ -141,8 +132,8 @@ fi
 [ -z "$date" ] || EJABBERD_OPTS="${EJABBERD_OPTS} log_rotate_date '$date'"
 [ -z "$EJABBERD_OPTS" ] || EJABBERD_OPTS="-ejabberd ${EJABBERD_OPTS}"
 
-[ -d $SPOOL_DIR ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
-cd $SPOOL_DIR
+[ -d "$SPOOL_DIR" ] || $EXEC_CMD "mkdir -p $SPOOL_DIR"
+cd "$SPOOL_DIR"
 
 # export global variables
 export EJABBERD_CONFIG_PATH
@@ -199,8 +190,8 @@ start()
 debug()
 {
     debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
          -remsh $ERLANG_NODE \
          -hidden \
          $KERNEL_OPTS \
@@ -213,15 +204,15 @@ debug()
 iexdebug()
 {
     debugwarning
-    TTY=`tty | sed -e  's/.*\///g'`
     # Elixir shell is hidden as default
-    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"debug-${TTY}-${ERLANG_NODE}\"` \
+    NID=$(uid debug)
+    CMD="`shell_escape \"$IEX\" \"$IEXNAME\" \"$NID\"` \
          -remsh $ERLANG_NODE \
          --erl `shell_escape \"$KERNEL_OPTS\"` \
          --erl `shell_escape \"$ERLANG_OPTS\"` \
          --erl `shell_escape \"${ARGS[@]}\"` \
          --erl `shell_escape_str \"$@\"`"
-    $EXEC_CMD "$CMD"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }
 
 # start interactive server
@@ -251,7 +242,7 @@ iexlive()
          --erl `shell_escape \"$ERLANG_OPTS\"` \
          --erl `shell_escape \"${ARGS[@]}\"` \
          --erl `shell_escape_str \"$@\"`"
-    $EXEC_CMD "$CMD"
+    $EXEC_CMD "ERL_PATH=\"$ERL\" $CMD"
 }
 
 # start server in the foreground
@@ -319,27 +310,27 @@ livewarning()
 
 etop()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
+    NID=$(uid top)
     $EXEC_CMD "$ERL \
-      $NAME debug-${TTY}-${ERLANG_NODE} \
+      $NAME $NID \
       -hidden -s etop -s erlang halt -output text -node $ERLANG_NODE"
 }
 
 ping()
 {
-    TTY=`tty | sed -e  's/.*\///g'`
-    if [ "$1" = "${1%.*}" ] ; then
+    [ -z "$1" ] && PEER=${ERLANG_NODE} || PEER=$1
+    if [ "$PEER" = "${PEER%.*}" ] ; then
         PING_NAME="-sname"
         PING_NODE=$(hostname -s)
     else
         PING_NAME="-name"
         PING_NODE=$(hostname)
     fi
+    NID=$(uid ping ${PING_NODE})
     $EXEC_CMD "$ERL \
-      $PING_NAME ping-${TTY}@${PING_NODE} \
-      -hidden \
-      $KERNEL_OPTS $ERLANG_OPTS \
-      -eval 'io:format(\"~p~n\",[net_adm:ping('\"'\"'$1'\"'\"')])' \
+      $PING_NAME $NID \
+      -hidden $KERNEL_OPTS $ERLANG_OPTS \
+      -eval 'io:format(\"~p~n\",[net_adm:ping('\"'\"'$PEER'\"'\"')])' \
       -s erlang halt -output text -noinput"
 }
 
@@ -367,97 +358,42 @@ help()
 # common control function
 ctl()
 {
-    # Control number of connections identifiers
-    # using flock if available. Expects a linux-style
-    # flock that can lock a file descriptor.
-    MAXCONNID=100
-    CONNLOCKDIR={{localstatedir}}/lock/ejabberdctl
-    FLOCK=/usr/bin/flock
-    if [ ! -x "$FLOCK" ] || [ ! -d "$CONNLOCKDIR" ] ; then
-        JOT=/usr/bin/jot
-        if [ ! -x "$JOT" ] ; then
-            # no flock or jot, simply invoke ctlexec()
-            CTL_CONN="ctl-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        else
-            # no flock, but at least there is jot
-            RAND=`jot -r 1 0 $MAXCONNID`
-            CTL_CONN="ctl-${RAND}-${ERLANG_NODE}"
-            ctlexec $CTL_CONN "$@"
-            result=$?
-        fi
-    else
-        # we have flock so we get a lock
-        # on one of a limited number of
-        # conn names -- this allows
-        # concurrent invocations using a bound
-        # number of atoms
-        for N in `seq 1 $MAXCONNID`; do
-            CTL_CONN="ctl-$N-${ERLANG_NODE}"
-            CTL_LOCKFILE="$CONNLOCKDIR/$CTL_CONN"
-            (
-                exec 8>"$CTL_LOCKFILE"
-                if flock --nb 8; then
-                    ctlexec $CTL_CONN "$@"
-                    ssresult=$?
-                    # segregate from possible flock exit(1)
-                    ssresult=`expr $ssresult \* 10`
-                    exit $ssresult
-                else
-                    exit 1
-                fi
-            )
-            result=$?
-            if [ $result -eq 1 ] ; then
-                # means we errored out in flock
-                # rather than in the exec - stay in the loop
-                # trying other conn names...
-                badlock=1
-            else
-                badlock=""
-                break;
-            fi
-        done
-        result=`expr $result / 10`
-    fi
-
-    if [ "$badlock" ] ;then
-        echo "Ran out of connections to try. Your ejabberd processes" >&2
-        echo "may be stuck or this is a very busy server. For very"   >&2
-        echo "busy servers, consider raising MAXCONNID in ejabberdctl">&2
-        exit 1;
-    fi
-
-    case $result in
-        0) :;;
-        1) :;;
-        2) help;;
-        3) help;;
-    esac
-    return $result
-}
-
-ctlexec()
-{
-    CONN_NAME=$1; shift
-    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$CONN_NAME\"` \
+    NID=$(uid ctl)
+    CMD="`shell_escape \"$ERL\" \"$NAME\" \"$NID\"` \
          -noinput -hidden $KERNEL_OPTS -s ejabberd_ctl \
          -extra `shell_escape \"$ERLANG_NODE\"` $EJABBERD_NO_TIMEOUT \
          `shell_escape \"$@\"`"
     $EXEC_CMD "$CMD"
+    result=$?
+    case $result in
+        2) help;;
+        3) help;;
+        *) :;;
+    esac
+    return $result
+}
+
+uid()
+{
+    uuid=$(uuidgen 2>/dev/null)
+    [ -z "$uuid" -a -f /proc/sys/kernel/random/uuid ] && uuid=$(</proc/sys/kernel/random/uuid)
+    [ -z "$uuid" ] && uuid=$(printf "%X" $RANDOM$(date +%M%S)$$)
+    uuid=${uuid%%-*}
+    [ $# -eq 0 ] && echo ${uuid}-${ERLANG_NODE}
+    [ $# -eq 1 ] && echo ${uuid}-${1}-${ERLANG_NODE}
+    [ $# -eq 2 ] && echo ${uuid}-${1}@${2}
 }
 
 # stop epmd if there is no other running node
 stop_epmd()
 {
-    $EPMD -names 2>/dev/null | grep -q name || $EPMD -kill >/dev/null
+    "$EPMD" -names 2>/dev/null | grep -q name || "$EPMD" -kill >/dev/null
 }
 
 # make sure node not already running and node name unregistered
 check_start()
 {
-    $EPMD -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
+    "$EPMD" -names 2>/dev/null | grep -q " ${ERLANG_NODE%@*} " && {
         ps ux | grep -v grep | grep -q " $ERLANG_NODE " && {
             echo "ERROR: The ejabberd node '$ERLANG_NODE' is already running."
             exit 4
@@ -468,7 +404,7 @@ check_start()
                 echo "Shutdown all other erlang nodes, and call 'epmd -kill'."
                 exit 5
             } || {
-                $EPMD -kill >/dev/null
+                "$EPMD" -kill >/dev/null
             }
         }
     }
@@ -502,9 +438,9 @@ case "${ARGS[0]}" in
     'live') live;;
     'iexlive') iexlive;;
     'foreground') foreground;;
-    'ping'*) ping ${ARGS# ping};;
+    'ping'*) ping ${ARGS[1]};;
     'etop') etop;;
     'started') wait_for_status 0 30 2;; # wait 30x2s before timeout
-    'stopped') wait_for_status 3 15 2 && stop_epmd;; # wait 15x2s before timeout
+    'stopped') wait_for_status 3 30 2 && stop_epmd;; # wait 30x2s before timeout
     *) ctl "${ARGS[@]}";;
 esac

include/ejabberd_commands.hrl

@@ -26,28 +26,54 @@
                  {tuple, [rterm()]} | {list, rterm()} |
                  rescode | restuple.
 
+-type oauth_scope() :: atom().
+
+%% ejabberd_commands OAuth ReST ACL definition:
+%% Two fields exist that are used to control access on a command from ReST API:
+%% 1. Policy
+%% If policy is:
+%%  - restricted: command is not exposed as OAuth Rest API.
+%%  - admin: Command is allowed for user that have Admin Rest command enabled by access rule: commands_admin_access
+%%  - user: Command might be called by any server user.
+%%  - open: Command can be called by anyone.
+%%
+%% Policy is just used to control who can call the command. A specific additional access rules can be performed, as
+%% defined by access option.
+%% Access option can be a list of:
+%% - {Module, accessName, DefaultValue}: Reference and existing module access to limit who can use the command.
+%% - AccessRule name: direct name of the access rule to check in config file.
+%% TODO: Access option could be atom command (not a list). In the case, User performing the command, will be added as first parameter
+%% to command, so that the command can perform additional check.
+
 -record(ejabberd_commands,
 	{name                    :: atom(),
          tags = []               :: [atom()] | '_' | '$2',
          desc = ""               :: string() | '_' | '$3',
          longdesc = ""           :: string() | '_',
-	 module                  :: atom(),
-         function                :: atom(),
+	 version = 0             :: integer(),
+	 module                  :: atom() | '_',
+         function                :: atom() | '_',
          args = []               :: [aterm()] | '_' | '$1' | '$2',
          policy = restricted     :: open | restricted | admin | user,
+        %% access is: [accessRuleName] or [{Module, AccessOption, DefaultAccessRuleName}]
+         access = []             :: [{atom(),atom(),atom()}|atom()],
          result = {res, rescode} :: rterm() | '_' | '$2',
          args_desc = none        :: none | [string()] | '_',
          result_desc = none      :: none | string() | '_',
          args_example = none     :: none | [any()] | '_',
          result_example = none   :: any()}).
 
+%% TODO Fix me: Type is not up to date
 -type ejabberd_commands() :: #ejabberd_commands{name :: atom(),
                                                 tags :: [atom()],
                                                 desc :: string(),
                                                 longdesc :: string(),
+                                                version :: integer(),
                                                 module :: atom(),
                                                 function :: atom(),
                                                 args :: [aterm()],
+                                                policy :: open | restricted | admin | user,
+                                                access :: [{atom(),atom(),atom()}|atom()],
                                                 result :: rterm()}.
 
 %% @type ejabberd_commands() = #ejabberd_commands{

include/ejabberd_http.hrl

@@ -23,8 +23,7 @@
 	 path = []         :: [binary()],
 	 q = []            :: [{binary() | nokey, binary()}],
 	 us = {<<>>, <<>>} :: {binary(), binary()},
-	 auth              :: {binary(), binary()} |
-	 {auth_jid, {binary(), binary()}, jlib:jid()},
+	 auth              :: {binary(), binary()} | {oauth, binary(), []} | undefined,
 	 lang = <<"">>     :: binary(),
 	 data = <<"">>     :: binary(),
 	 ip                :: {inet:ip_address(), inet:port_number()},

include/ejabberd_oauth.hrl

@@ -0,0 +1,26 @@
+%%%----------------------------------------------------------------------
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License along
+%%% with this program; if not, write to the Free Software Foundation, Inc.,
+%%% 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+%%%
+%%%----------------------------------------------------------------------
+
+-record(oauth_token, {
+          token = <<"">>           :: binary() | '_',
+          us = {<<"">>, <<"">>}    :: {binary(), binary()} | '_',
+          scope = []               :: [binary()] | '_',
+          expire                   :: integer() | '$1'
+         }).

include/ejabberd_service.hrl

@@ -0,0 +1,20 @@
+-include("ejabberd.hrl").
+-include("logger.hrl").
+-include("jlib.hrl").
+
+-type filter_attr() :: {binary(), [binary()]}.
+
+-record(state,
+        {socket                    :: ejabberd_socket:socket_state(),
+         sockmod = ejabberd_socket :: ejabberd_socket | ejabberd_frontend_socket,
+         streamid = <<"">>         :: binary(),
+         host_opts = dict:new()    :: ?TDICT,
+         host = <<"">>             :: binary(),
+         access                    :: atom(),
+         check_from = true         :: boolean(),
+         server_hosts = ?MYHOSTS   :: [binary()],
+         privilege_access          :: [attr()],
+         delegations               :: [filter_attr()],
+         last_pres = dict:new()    :: ?TDICT}).
+
+-type(state() :: #state{} ).

include/ejabberd_sm.hrl

@@ -1,12 +1,13 @@
 -ifndef(EJABBERD_SM_HRL).
 -define(EJABBERD_SM_HRL, true).
 
--record(session, {sid, usr, us, priority, info}).
+-record(session, {sid, usr, us, priority, info = []}).
 -record(session_counter, {vhost, count}).
 -type sid() :: {erlang:timestamp(), pid()}.
 -type ip() :: {inet:ip_address(), inet:port_number()} | undefined.
 -type info() :: [{conn, atom()} | {ip, ip()} | {node, atom()}
-                 | {oor, boolean()} | {auth_module, atom()}].
+                 | {oor, boolean()} | {auth_module, atom()}
+                 | {num_stanzas_in, non_neg_integer()}].
 -type prio() :: undefined | integer().
 
 -endif.

include/ejabberd_sql_pt.hrl

@@ -23,9 +23,9 @@
 
 -define(SQL_UPSERT_MARK, sql_upsert__mark_).
 -define(SQL_UPSERT(Host, Table, Fields),
-        ejabberd_odbc:sql_query(Host, ?SQL_UPSERT_MARK(Table, Fields))).
+        ejabberd_sql:sql_query(Host, ?SQL_UPSERT_MARK(Table, Fields))).
 -define(SQL_UPSERT_T(Table, Fields),
-        ejabberd_odbc:sql_query_t(?SQL_UPSERT_MARK(Table, Fields))).
+        ejabberd_sql:sql_query_t(?SQL_UPSERT_MARK(Table, Fields))).
 
 -record(sql_query, {hash, format_query, format_res, args, loc}).
 

include/logger.hrl

@@ -34,3 +34,10 @@
 
 -define(CRITICAL_MSG(Format, Args),
 	lager:critical(Format, Args)).
+
+%% Use only when trying to troubleshoot test problem with ExUnit
+-define(EXUNIT_LOG(Format, Args),
+        case lists:keyfind(logger, 1, application:loaded_applications()) of
+            false -> ok;
+            _ -> 'Elixir.Logger':bare_log(error, io_lib:format(Format, Args), [?MODULE])
+        end).

include/mod_announce.hrl

@@ -0,0 +1,5 @@
+-record(motd, {server = <<"">> :: binary(),
+               packet = #xmlel{} :: xmlel()}).
+
+-record(motd_users, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
+                     dummy = [] :: [] | '_'}).

include/mod_caps.hrl

@@ -0,0 +1,4 @@
+-record(caps_features,
+	{node_pair = {<<"">>, <<"">>} :: {binary(), binary()},
+	 features  = []               :: [binary()] | pos_integer()
+	}).

include/mod_carboncopy.hrl

@@ -0,0 +1,4 @@
+-type matchspec_atom() :: '_' | '$1' | '$2' | '$3'.
+-record(carboncopy, {us       :: {binary(), binary()} | matchspec_atom(), 
+		     resource :: binary() | matchspec_atom(),
+		     version  :: binary() | matchspec_atom()}).

include/mod_irc.hrl

@@ -0,0 +1,15 @@
+-type conn_param() :: {binary(), binary(), inet:port_number(), binary()} |
+                      {binary(), binary(), inet:port_number()} |
+                      {binary(), binary()} |
+                      {binary()}.
+
+-type irc_data() :: [{username, binary()} | {connections_params, [conn_param()]}].
+
+-record(irc_connection,
+        {jid_server_host = {#jid{}, <<"">>, <<"">>} :: {jid(), binary(), binary()},
+         pid = self()                               :: pid()}).
+
+-record(irc_custom,
+        {us_host = {{<<"">>, <<"">>}, <<"">>} :: {{binary(), binary()},
+                                                  binary()},
+         data = [] :: irc_data()}).

include/mod_last.hrl

@@ -0,0 +1,3 @@
+-record(last_activity, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                        timestamp = 0 :: non_neg_integer(),
+                        status = <<"">> :: binary()}).

include/mod_mam.hrl

@@ -0,0 +1,15 @@
+-record(archive_msg,
+	{us = {<<"">>, <<"">>}                :: {binary(), binary()} | '$2',
+	 id = <<>>                            :: binary() | '_',
+	 timestamp = p1_time_compat:timestamp() :: erlang:timestamp() | '_' | '$1',
+	 peer = {<<"">>, <<"">>, <<"">>}      :: ljid() | '_' | '$3' | undefined,
+	 bare_peer = {<<"">>, <<"">>, <<"">>} :: ljid() | '_' | '$3',
+	 packet = #xmlel{}                    :: xmlel() | '_',
+	 nick = <<"">>                        :: binary(),
+	 type = chat                          :: chat | groupchat}).
+
+-record(archive_prefs,
+	{us = {<<"">>, <<"">>} :: {binary(), binary()},
+	 default = never       :: never | always | roster,
+	 always = []           :: [ljid()],
+	 never = []            :: [ljid()]}).

include/mod_muc_room.hrl

@@ -53,6 +53,7 @@
     members_by_default                   = true :: boolean(),
     members_only                         = false :: boolean(),
     allow_user_invites                   = false :: boolean(),
+    allow_subscription                   = false :: boolean(),
     password_protected                   = false :: boolean(),
     password                             = <<"">> :: binary(),
     anonymous                            = true :: boolean(),
@@ -76,9 +77,15 @@
     jid :: jid(),
     nick :: binary(),
     role :: role(),
+    %%is_subscriber = false :: boolean(),
+    %%subscriptions = [] :: [binary()],
     last_presence :: xmlel()
 }).
 
+-record(subscriber, {jid :: jid(),
+		     nick = <<>> :: binary(),
+		     nodes = [] :: [binary()]}).
+
 -record(activity,
 {
     message_time    = 0 :: integer(),
@@ -98,6 +105,8 @@
     jid                     = #jid{} :: jid(),
     config                  = #config{} :: config(),
     users                   = (?DICT):new() :: ?TDICT,
+    subscribers             = (?DICT):new() :: ?TDICT,
+    subscriber_nicks        = (?DICT):new() :: ?TDICT,
     last_voice_request_time = treap:empty() :: treap:treap(),
     robots                  = (?DICT):new() :: ?TDICT,
     nicks                   = (?DICT):new() :: ?TDICT,

include/mod_private.hrl

@@ -0,0 +1,4 @@
+-record(private_storage,
+        {usns = {<<"">>, <<"">>, <<"">>} :: {binary(), binary(), binary() |
+                                             '$1' | '_'},
+         xml = #xmlel{} :: xmlel() | '_' | '$1'}).

include/mod_shared_roster.hrl

@@ -0,0 +1,5 @@
+-record(sr_group, {group_host = {<<"">>, <<"">>} :: {'$1' | binary(), '$2' | binary()},
+                   opts = [] :: list() | '_' | '$2'}).
+
+-record(sr_user, {us = {<<"">>, <<"">>} :: {binary(), binary()},
+                  group_host = {<<"">>, <<"">>} :: {binary(), binary()}}).

include/mod_vcard.hrl

@@ -0,0 +1,8 @@
+-record(vcard_search,
+	{us, user, luser, fn, lfn, family, lfamily, given,
+	 lgiven, middle, lmiddle, nickname, lnickname, bday,
+	 lbday, ctry, lctry, locality, llocality, email, lemail,
+	 orgname, lorgname, orgunit, lorgunit}).
+
+-record(vcard, {us = {<<"">>, <<"">>} :: {binary(), binary()} | binary(),
+                vcard = #xmlel{} :: xmlel()}).

include/mod_vcard_xupdate.hrl

@@ -0,0 +1,2 @@
+-record(vcard_xupdate, {us = {<<>>, <<>>} :: {binary(), binary()},
+                        hash = <<>>       :: binary()}).

include/ns.hrl

@@ -164,3 +164,13 @@
 -define(NS_MIX_NODES_PARTICIPANTS, <<"urn:xmpp:mix:nodes:participants">>).
 -define(NS_MIX_NODES_SUBJECT, <<"urn:xmpp:mix:nodes:subject">>).
 -define(NS_MIX_NODES_CONFIG, <<"urn:xmpp:mix:nodes:config">>).
+-define(NS_PRIVILEGE, <<"urn:xmpp:privilege:1">>).
+-define(NS_DELEGATION, <<"urn:xmpp:delegation:1">>).
+-define(NS_MUCSUB, <<"urn:xmpp:mucsub:0">>).
+-define(NS_MUCSUB_NODES_PRESENCE, <<"urn:xmpp:mucsub:nodes:presence">>).
+-define(NS_MUCSUB_NODES_MESSAGES, <<"urn:xmpp:mucsub:nodes:messages">>).
+-define(NS_MUCSUB_NODES_PARTICIPANTS, <<"urn:xmpp:mucsub:nodes:participants">>).
+-define(NS_MUCSUB_NODES_AFFILIATIONS, <<"urn:xmpp:mucsub:nodes:affiliations">>).
+-define(NS_MUCSUB_NODES_SUBJECT, <<"urn:xmpp:mucsub:nodes:subject">>).
+-define(NS_MUCSUB_NODES_CONFIG, <<"urn:xmpp:mucsub:nodes:config">>).
+-define(NS_MUCSUB_NODES_SYSTEM, <<"urn:xmpp:mucsub:nodes:system">>).

include/pubsub.hrl

@@ -65,7 +65,7 @@
 %% note: pos_integer() should always be used, but we allow anything else coded
 %% as binary, so one can have a custom implementation of nodetree with custom
 %% indexing (see nodetree_virtual). this also allows to use any kind of key for
-%% indexing nodes, as this can be usefull with external backends such as odbc.
+%% indexing nodes, as this can be usefull with external backends such as sql.
 
 -type(itemId() :: binary()).
 %% @type itemId() = string().
@@ -93,7 +93,12 @@
 
 -type(subOptions() :: [mod_pubsub:subOption(),...]).
 
+-type(pubOption() ::
+    {Option::binary(),
+     Values::[binary()]
+}).
 
+-type(pubOptions() :: [mod_pubsub:pubOption()]).
 
 -type(affiliation() :: 'none'
                      | 'owner'

lib/ct_formatter.ex

@@ -0,0 +1,130 @@
+defmodule ExUnit.CTFormatter do
+  @moduledoc false
+
+  use GenEvent
+
+  import ExUnit.Formatter, only: [format_time: 2, format_test_failure: 5,
+                                  format_test_case_failure: 5]
+
+  def init(opts) do
+    file = File.open! "exunit.log", [:append]
+    # We do not print filter in log file as exclusion of test with tag
+    # pending: true is always done
+    config = %{
+      file: file,
+      seed: opts[:seed],
+      trace: opts[:trace],
+      colors: Keyword.put_new(opts[:colors], :enabled, false),
+      width: 80,
+      tests_counter: 0,
+      failures_counter: 0,
+      skipped_counter: 0,
+      invalids_counter: 0
+    }
+    {:ok, config}
+  end
+
+  def handle_event({:suite_started, _opts}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:suite_finished, run_us, load_us}, config) do
+    print_suite(config, run_us, load_us)
+    File.close config[:file]
+    :remove_handler
+  end
+
+  def handle_event({:test_started, %ExUnit.Test{} = test}, config) do
+    if config.tests_counter == 0, do: IO.binwrite config[:file], "== Running #{test.case} ==\n\n"
+    {:ok, config}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: nil} = _test}, config) do
+    IO.binwrite config[:file], "."
+    {:ok, %{config | tests_counter: config.tests_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:skip, _}} = _test}, config) do
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     skipped_counter: config.skipped_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:invalid, _}} = _test}, config) do
+    IO.binwrite config[:file], "?"
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     invalids_counter: config.invalids_counter + 1}}
+  end
+
+  def handle_event({:test_finished, %ExUnit.Test{state: {:failed, failures}} = test}, config) do
+    formatted = format_test_failure(test, failures, config.failures_counter + 1,
+                                    config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    print_logs(test.logs)
+
+    {:ok, %{config | tests_counter: config.tests_counter + 1,
+                     failures_counter: config.failures_counter + 1}}
+  end
+
+  def handle_event({:case_started, %ExUnit.TestCase{}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: nil}}, config) do
+    {:ok, config}
+  end
+
+  def handle_event({:case_finished, %ExUnit.TestCase{state: {:failed, failures}} = test_case}, config) do
+    formatted = format_test_case_failure(test_case, failures, config.failures_counter + 1,
+                                         config.width, &formatter(&1, &2, config))
+    print_failure(formatted, config)
+    {:ok, %{config | failures_counter: config.failures_counter + 1}}
+  end
+
+  ## Printing
+
+  defp print_suite(config, run_us, load_us) do
+    IO.binwrite config[:file], "\n\n"
+    IO.binwrite config[:file], format_time(run_us, load_us)
+    IO.binwrite config[:file], "\n\n"
+
+    # singular/plural
+    test_pl = pluralize(config.tests_counter, "test", "tests")
+    failure_pl = pluralize(config.failures_counter, "failure", "failures")
+
+    message =
+      "#{config.tests_counter} #{test_pl}, #{config.failures_counter} #{failure_pl}"
+      |> if_true(config.skipped_counter > 0, & &1 <> ", #{config.skipped_counter} skipped")
+      |> if_true(config.invalids_counter > 0, & &1 <> ", #{config.invalids_counter} invalid")
+
+    cond do
+      config.failures_counter > 0 -> IO.binwrite config[:file], message
+      config.invalids_counter > 0 -> IO.binwrite config[:file], message
+      true                        -> IO.binwrite config[:file], message
+    end
+
+    IO.binwrite config[:file], "\nRandomized with seed #{config.seed}\n\n\n\n"
+  end
+
+  defp if_true(value, false, _fun), do: value
+  defp if_true(value, true, fun), do: fun.(value)
+
+  defp print_failure(formatted, config) do
+    IO.binwrite config[:file], "\n"
+    IO.binwrite config[:file], formatted
+    IO.binwrite config[:file], "\n"
+  end
+
+  defp formatter(_,  msg, _config),
+    do: msg
+
+  defp pluralize(1, singular, _plural), do: singular
+  defp pluralize(_, _singular, plural), do: plural
+
+  defp print_logs(""), do: nil
+
+  defp print_logs(output) do
+    indent = "\n     "
+    output = String.replace(output, "\n", indent)
+    IO.puts(["     The following output was logged:", indent | output])
+  end
+end

lib/ejabberd/config/attr.ex

@@ -0,0 +1,119 @@
+defmodule Ejabberd.Config.Attr do
+  @moduledoc """
+  Module used to work with the attributes parsed from
+  an elixir block (do...end).
+
+  Contains functions for extracting attrs from a block
+  and validation.
+  """
+
+  @type attr :: {atom(), any()}
+
+  @attr_supported [
+    active:
+      [type: :boolean, default: true],
+    git:
+      [type: :string, default: ""],
+    name:
+      [type: :string, default: ""],
+    opts:
+      [type: :list, default: []],
+    dependency:
+      [type: :list, default: []]
+  ]
+
+  @doc """
+  Takes a block with annotations and extracts the list
+  of attributes.
+  """
+  @spec extract_attrs_from_block_with_defaults(any()) :: [attr]
+  def extract_attrs_from_block_with_defaults(block) do
+    block
+    |> extract_attrs_from_block
+    |> put_into_list_if_not_already
+    |> insert_default_attrs_if_missing
+  end
+
+  @doc """
+  Takes an attribute or a list of attrs and validate them.
+
+  Returns a {:ok, attr} or {:error, attr, cause} for each of the attributes.
+  """
+  @spec validate([attr]) :: [{:ok, attr}] | [{:error, attr, atom()}]
+  def validate(attrs) when is_list(attrs), do: Enum.map(attrs, &valid_attr?/1)
+  def validate(attr), do: validate([attr]) |> List.first
+
+  @doc """
+  Returns the type of an attribute, given its name.
+  """
+  @spec get_type_for_attr(atom()) :: atom()
+  def get_type_for_attr(attr_name) do
+    @attr_supported
+    |> Keyword.get(attr_name)
+    |> Keyword.get(:type)
+  end
+
+  @doc """
+  Returns the default value for an attribute, given its name.
+  """
+  @spec get_default_for_attr(atom()) :: any()
+  def get_default_for_attr(attr_name) do
+    @attr_supported
+    |> Keyword.get(attr_name)
+    |> Keyword.get(:default)
+  end
+
+  # Private API
+
+  # Given an elixir block (do...end) returns a list with the annotations
+  # or a single annotation.
+  @spec extract_attrs_from_block(any()) :: [attr] | attr
+  defp extract_attrs_from_block({:__block__, [], attrs}), do: Enum.map(attrs, &extract_attrs_from_block/1)
+  defp extract_attrs_from_block({:@, _, [attrs]}), do: extract_attrs_from_block(attrs)
+  defp extract_attrs_from_block({attr_name, _, [value]}), do: {attr_name, value}
+  defp extract_attrs_from_block(nil), do: []
+
+  # In case extract_attrs_from_block returns a single attribute,
+  # then put it into a list. (Ensures attrs are always into a list).
+  @spec put_into_list_if_not_already([attr] | attr) :: [attr]
+  defp put_into_list_if_not_already(attrs) when is_list(attrs), do: attrs
+  defp put_into_list_if_not_already(attr), do: [attr]
+
+  # Given a list of attributes, it inserts the missing attribute with their
+  # default value.
+  @spec insert_default_attrs_if_missing([attr]) :: [attr]
+  defp insert_default_attrs_if_missing(attrs) do
+    Enum.reduce @attr_supported, attrs, fn({attr_name, _}, acc) ->
+      case Keyword.has_key?(acc, attr_name) do
+        true -> acc
+        false -> Keyword.put(acc, attr_name, get_default_for_attr(attr_name))
+      end
+    end
+  end
+
+  # Given an attribute, validates it and return a tuple with
+  # {:ok, attr} or {:error, attr, cause}
+  @spec valid_attr?(attr) :: {:ok, attr} | {:error, attr, atom()}
+  defp valid_attr?({attr_name, param} = attr) do
+    case Keyword.get(@attr_supported, attr_name) do
+      nil -> {:error, attr, :attr_not_supported}
+      [{:type, param_type} | _] -> case is_of_type?(param, param_type) do
+        true -> {:ok, attr}
+        false -> {:error, attr, :type_not_supported}
+      end
+    end
+  end
+
+  # Given an attribute value and a type, it returns a true
+  # if the value its of the type specified, false otherwise.
+
+  # Usefoul for checking if an attr value respects the type
+  # specified for the annotation.
+  @spec is_of_type?(any(), atom()) :: boolean()
+  defp is_of_type?(param, type) when type == :boolean and is_boolean(param), do: true
+  defp is_of_type?(param, type) when type == :string and is_bitstring(param), do: true
+  defp is_of_type?(param, type) when type == :list and is_list(param), do: true
+  defp is_of_type?(param, type) when type == :atom and is_atom(param), do: true
+  defp is_of_type?(_param, type) when type == :any, do: true
+  defp is_of_type?(_, _), do: false
+end

lib/ejabberd/config/config.ex

@@ -0,0 +1,145 @@
+defmodule Ejabberd.Config do
+  @moduledoc """
+  Base module for configuration file.
+
+  Imports macros for the config DSL and contains functions
+  for working/starting the configuration parsed.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.EjabberdLogger
+
+  defmacro __using__(_opts) do
+    quote do
+      import Ejabberd.Config, only: :macros
+      import Ejabberd.Logger
+
+      @before_compile Ejabberd.Config
+    end
+  end
+
+  # Validate the modules parsed and log validation errors at compile time.
+  # Could be also possible to interrupt the compilation&execution by throwing
+  # an exception if necessary.
+  def __before_compile__(_env) do
+    get_modules_parsed_in_order
+    |> EjabberdModule.validate
+    |> EjabberdLogger.log_errors
+  end
+
+  @doc """
+  Given the path of the config file, it evaluates it.
+  """
+  def init(file_path, force \\ false) do
+    init_already_executed = Ejabberd.Config.Store.get(:module_name) != []
+
+    case force do
+      true ->
+        Ejabberd.Config.Store.stop
+        Ejabberd.Config.Store.start_link
+        do_init(file_path)
+      false ->
+        if not init_already_executed, do: do_init(file_path)
+    end
+  end
+
+  @doc """
+  Returns a list with all the opts, formatted for ejabberd.
+  """
+  def get_ejabberd_opts do
+    get_general_opts
+    |> Dict.put(:modules, get_modules_parsed_in_order())
+    |> Dict.put(:listeners, get_listeners_parsed_in_order())
+    |> Ejabberd.Config.OptsFormatter.format_opts_for_ejabberd
+  end
+
+  @doc """
+  Register the hooks defined inside the elixir config file.
+  """
+  def start_hooks do
+    get_hooks_parsed_in_order()
+    |> Enum.each(&Ejabberd.Config.EjabberdHook.start/1)
+  end
+
+  ###
+  ### MACROS
+  ###
+
+  defmacro listen(module, do: block) do
+    attrs = Attr.extract_attrs_from_block_with_defaults(block)
+
+    quote do
+      Ejabberd.Config.Store.put(:listeners, %EjabberdModule{
+        module: unquote(module),
+        attrs: unquote(attrs)
+      })
+    end
+  end
+
+  defmacro module(module, do: block) do
+    attrs = Attr.extract_attrs_from_block_with_defaults(block)
+
+    quote do
+      Ejabberd.Config.Store.put(:modules, %EjabberdModule{
+        module: unquote(module),
+        attrs: unquote(attrs)
+      })
+    end
+  end
+
+  defmacro hook(hook_name, opts, fun) do
+    quote do
+      Ejabberd.Config.Store.put(:hooks, %Ejabberd.Config.EjabberdHook{
+        hook: unquote(hook_name),
+        opts: unquote(opts),
+        fun: unquote(fun)
+      })
+    end
+  end
+
+  # Private API
+
+  defp do_init(file_path) do
+    # File evaluation
+    Code.eval_file(file_path) |> extract_and_store_module_name()
+
+    # Getting start/0 config
+    Ejabberd.Config.Store.get(:module_name)
+    |> case do
+      nil -> IO.puts "[ ERR ] Configuration module not found."
+      [module] -> call_start_func_and_store_data(module)
+    end
+
+    # Fetching git modules and install them
+    get_modules_parsed_in_order()
+    |> EjabberdModule.fetch_git_repos
+  end
+
+  # Returns the modules from the store
+  defp get_modules_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:modules) |> Enum.reverse
+
+  # Returns the listeners from the store
+  defp get_listeners_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:listeners) |> Enum.reverse
+
+  defp get_hooks_parsed_in_order,
+    do: Ejabberd.Config.Store.get(:hooks) |> Enum.reverse
+
+  # Returns the general config options
+  defp get_general_opts,
+    do: Ejabberd.Config.Store.get(:general) |> List.first
+
+  # Gets the general ejabberd options calling
+  # the start/0 function and stores them.
+  defp call_start_func_and_store_data(module) do
+    opts = apply(module, :start, [])
+    Ejabberd.Config.Store.put(:general, opts)
+  end
+
+  # Stores the configuration module name
+  defp extract_and_store_module_name({{:module, mod, _bytes, _}, _}) do
+    Ejabberd.Config.Store.put(:module_name, mod)
+  end
+end

lib/ejabberd/config/ejabberd_hook.ex

@@ -0,0 +1,23 @@
+defmodule Ejabberd.Config.EjabberdHook do
+  @moduledoc """
+  Module containing functions for manipulating
+  ejabberd hooks.
+  """
+
+  defstruct hook: nil, opts: [], fun: nil
+
+  alias Ejabberd.Config.EjabberdHook
+
+  @type t :: %EjabberdHook{}
+
+  @doc """
+  Register a hook to ejabberd.
+  """
+  @spec start(EjabberdHook.t) :: none
+  def start(%EjabberdHook{hook: hook, opts: opts, fun: fun}) do
+    host = Keyword.get(opts, :host, :global)
+    priority = Keyword.get(opts, :priority, 50)
+
+    :ejabberd_hooks.add(hook, host, fun, priority)
+  end
+end

lib/ejabberd/config/ejabberd_module.ex

@@ -0,0 +1,70 @@
+defmodule Ejabberd.Config.EjabberdModule do
+  @moduledoc """
+  Module representing a module block in the configuration file.
+  It offers functions for validation and for starting the modules.
+
+  Warning: The name is EjabberdModule to not collide with
+  the already existing Elixir.Module.
+  """
+
+  @type t :: %{module: atom, attrs: [Attr.t]}
+
+  defstruct [:module, :attrs]
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.Validation
+
+  @doc """
+  Given a list of modules / single module
+  it runs different validators on them.
+
+  For each module, returns a {:ok, mod} or {:error, mod, errors}
+  """
+  def validate(modules) do
+    Validation.validate(modules)
+  end
+
+  @doc """
+  Given a list of modules, it takes only the ones with
+  a git attribute and tries to fetch the repo,
+  then, it install them through :ext_mod.install/1
+  """
+  @spec fetch_git_repos([EjabberdModule.t]) :: none()
+  def fetch_git_repos(modules) do
+    modules
+    |> Enum.filter(&is_git_module?/1)
+    |> Enum.each(&fetch_and_install_git_module/1)
+  end
+
+  # Private API
+
+  defp is_git_module?(%EjabberdModule{attrs: attrs}) do
+    case Keyword.get(attrs, :git) do
+      "" -> false
+      repo -> String.match?(repo, ~r/((git|ssh|http(s)?)|(git@[\w\.]+))(:(\/\/)?)([\w\.@\:\/\-~]+)(\.git)(\/)?/)
+    end
+  end
+
+  defp fetch_and_install_git_module(%EjabberdModule{attrs: attrs}) do
+    repo = Keyword.get(attrs, :git)
+    mod_name = case Keyword.get(attrs, :name) do
+      "" -> infer_mod_name_from_git_url(repo)
+      name -> name
+    end
+
+    path = "#{:ext_mod.modules_dir()}/sources/ejabberd-contrib\/#{mod_name}"
+    fetch_and_store_repo_source_if_not_exists(path, repo)
+    :ext_mod.install(mod_name) # Have to check if overwrites an already present mod
+  end
+
+  defp fetch_and_store_repo_source_if_not_exists(path, repo) do
+    unless File.exists?(path) do
+      IO.puts "[info] Fetching: #{repo}"
+      :os.cmd('git clone #{repo} #{path}')
+    end
+  end
+
+  defp infer_mod_name_from_git_url(repo),
+    do: String.split(repo, "/") |> List.last |> String.replace(".git", "")
+end

lib/ejabberd/config/logger/ejabberd_logger.ex

@@ -0,0 +1,32 @@
+defmodule Ejabberd.Config.EjabberdLogger do
+  @moduledoc """
+  Module used to log validation errors given validated modules
+  given validated modules.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Given a list of modules validated, in the form of {:ok, mod} or
+  {:error, mod, errors}, it logs to the user the errors found.
+  """
+  @spec log_errors([EjabberdModule.t]) :: [EjabberdModule.t]
+  def log_errors(modules_validated) when is_list(modules_validated) do
+    Enum.each modules_validated, &do_log_errors/1
+    modules_validated
+  end
+
+  defp do_log_errors({:ok, _mod}), do: nil
+  defp do_log_errors({:error, _mod, errors}), do: Enum.each errors, &do_log_errors/1
+  defp do_log_errors({:attribute, errors}), do: Enum.each errors, &log_attribute_error/1
+  defp do_log_errors({:dependency, errors}), do: Enum.each errors, &log_dependency_error/1
+
+  defp log_attribute_error({{attr_name, val}, :attr_not_supported}), do:
+    IO.puts "[ WARN ] Annotation @#{attr_name} is not supported."
+
+  defp log_attribute_error({{attr_name, val}, :type_not_supported}), do:
+    IO.puts "[ WARN ] Annotation @#{attr_name} with value #{inspect val} is not supported (type mismatch)."
+
+  defp log_dependency_error({module, :not_found}), do:
+    IO.puts "[ WARN ] Module #{inspect module} was not found, but is required as a dependency."
+end

lib/ejabberd/config/opts_formatter.ex

@@ -0,0 +1,46 @@
+defmodule Ejabberd.Config.OptsFormatter do
+  @moduledoc """
+  Module for formatting options parsed into the format
+  ejabberd uses.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Takes a keyword list with keys corresponding to
+  the keys requested by the ejabberd config (ex: modules: mods)
+  and formats them to be correctly evaluated by ejabberd.
+
+  Look at how Config.get_ejabberd_opts/0 is constructed for
+  more informations.
+  """
+  @spec format_opts_for_ejabberd([{atom(), any()}]) :: list()
+  def format_opts_for_ejabberd(opts) do
+    opts
+    |> format_attrs_for_ejabberd
+  end
+
+  defp format_attrs_for_ejabberd(opts) when is_list(opts),
+    do: Enum.map opts, &format_attrs_for_ejabberd/1
+
+  defp format_attrs_for_ejabberd({:listeners, mods}),
+    do: {:listen, format_listeners_for_ejabberd(mods)}
+
+  defp format_attrs_for_ejabberd({:modules, mods}),
+    do: {:modules, format_mods_for_ejabberd(mods)}
+
+  defp format_attrs_for_ejabberd({key, opts}) when is_atom(key),
+    do: {key, opts}
+
+  defp format_mods_for_ejabberd(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      {mod, attrs[:opts]}
+    end
+  end
+
+  defp format_listeners_for_ejabberd(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      Keyword.put(attrs[:opts], :module, mod)
+    end
+  end
+end

lib/ejabberd/config/store.ex

@@ -0,0 +1,55 @@
+defmodule Ejabberd.Config.Store do
+  @moduledoc """
+    Module used for storing the modules parsed from
+    the configuration file.
+
+    Example:
+      - Store.put(:modules, mod1)
+      - Store.put(:modules, mod2)
+
+      - Store.get(:modules) :: [mod1, mod2]
+
+    Be carefoul: when retrieving data you get them
+    in the order inserted into the store, which normally
+    is the reversed order of how the modules are specified
+    inside the configuration file. To resolve this just use
+    a Enum.reverse/1.
+  """
+
+  @name __MODULE__
+
+  def start_link do
+    Agent.start_link(fn -> %{} end, name: @name)
+  end
+
+  @doc """
+  Stores a value based on the key. If the key already exists,
+  then it inserts the new element, maintaining all the others.
+  It uses a list for this.
+  """
+  @spec put(atom, any) :: :ok
+  def put(key, val) do
+    Agent.update @name, &Map.update(&1, key, [val], fn coll ->
+      [val | coll]
+    end)
+  end
+
+  @doc """
+  Gets a value based on the key passed.
+  Returns always a list.
+  """
+  @spec get(atom) :: [any]
+  def get(key) do
+    Agent.get @name, &Map.get(&1, key, [])
+  end
+
+  @doc """
+  Stops the store.
+  It uses Agent.stop underneath, so be aware that exit
+  could be called.
+  """
+  @spec stop() :: :ok
+  def stop do
+    Agent.stop @name
+  end
+end

lib/ejabberd/config/validator/validation.ex

@@ -0,0 +1,40 @@
+defmodule Ejabberd.Config.Validation do
+  @moduledoc """
+  Module used to validate a list of modules.
+  """
+
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+  @type mod_validation_result :: {:ok, EjabberdModule.t} | {:error, EjabberdModule.t, map}
+
+  alias Ejabberd.Config.EjabberdModule
+  alias Ejabberd.Config.Attr
+  alias Ejabberd.Config.Validator
+  alias Ejabberd.Config.ValidatorUtility
+
+  @doc """
+  Given a module or a list of modules it runs validators on them
+  and returns {:ok, mod} or {:error, mod, errors}, for each
+  of them.
+  """
+  @spec validate([EjabberdModule.t] | EjabberdModule.t) :: [mod_validation_result]
+  def validate(modules) when is_list(modules), do: Enum.map(modules, &do_validate(modules, &1))
+  def validate(module), do: validate([module])
+
+  # Private API
+
+  @spec do_validate([EjabberdModule.t], EjabberdModule.t) :: mod_validation_result
+  defp do_validate(modules, mod) do
+    {modules, mod, %{}}
+    |> Validator.Attrs.validate
+    |> Validator.Dependencies.validate
+    |> resolve_validation_result
+  end
+
+  @spec resolve_validation_result(mod_validation) :: mod_validation_result
+  defp resolve_validation_result({_modules, mod, errors}) do
+    case errors do
+      err when err == %{} -> {:ok, mod}
+      err -> {:error, mod, err}
+    end
+  end
+end

lib/ejabberd/config/validator/validator_attrs.ex

@@ -0,0 +1,28 @@
+defmodule Ejabberd.Config.Validator.Attrs do
+  @moduledoc """
+  Validator module used to validate attributes.
+  """
+
+  # TODO: Duplicated from validator.ex !!!
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+
+  import Ejabberd.Config.ValidatorUtility
+  alias Ejabberd.Config.Attr
+
+  @doc """
+  Given a module (with the form used for validation)
+  it runs Attr.validate/1 on each attribute and
+  returns the validation tuple with the errors updated, if found.
+  """
+  @spec validate(mod_validation) :: mod_validation
+  def validate({modules, mod, errors}) do
+    errors = Enum.reduce mod.attrs, errors, fn(attr, err) ->
+      case Attr.validate(attr) do
+        {:ok, attr} -> err
+        {:error, attr, cause} -> put_error(err, :attribute, {attr, cause})
+      end
+    end
+
+    {modules, mod, errors}
+  end
+end

lib/ejabberd/config/validator/validator_dependencies.ex

@@ -0,0 +1,30 @@
+defmodule Ejabberd.Config.Validator.Dependencies do
+  @moduledoc """
+  Validator module used to validate dependencies specified
+  with the @dependency annotation.
+  """
+
+  # TODO: Duplicated from validator.ex !!!
+  @type mod_validation :: {[EjabberdModule.t], EjabberdModule.t, map}
+  import Ejabberd.Config.ValidatorUtility
+
+  @doc """
+  Given a module (with the form used for validation)
+  it checks if the @dependency annotation is respected and
+  returns the validation tuple with the errors updated, if found.
+  """
+  @spec validate(mod_validation) :: mod_validation
+  def validate({modules, mod, errors}) do
+    module_names = extract_module_names(modules)
+    dependencies = mod.attrs[:dependency]
+
+    errors = Enum.reduce dependencies, errors, fn(req_module, err) ->
+      case req_module in module_names do
+        true -> err
+        false -> put_error(err, :dependency, {req_module, :not_found})
+      end
+    end
+
+    {modules, mod, errors}
+  end
+end

lib/ejabberd/config/validator/validator_utility.ex

@@ -0,0 +1,30 @@
+defmodule Ejabberd.Config.ValidatorUtility do
+  @moduledoc """
+  Module used as a base validator for validation modules.
+  Imports utility functions for working with validation structures.
+  """
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @doc """
+  Inserts an error inside the errors collection, for the given key.
+  If the key doesn't exists then it creates an empty collection
+  and inserts the value passed.
+  """
+  @spec put_error(map, atom, any) :: map
+  def put_error(errors, key, val) do
+    Map.update errors, key, [val], fn coll ->
+      [val | coll]
+    end
+  end
+
+  @doc """
+  Given a list of modules it extracts and returns a list
+  of the module names (which are Elixir.Module).
+  """
+  @spec extract_module_names(EjabberdModule.t) :: [atom]
+  def extract_module_names(modules) when is_list(modules) do
+    modules
+    |> Enum.map(&Map.get(&1, :module))
+  end
+end

lib/ejabberd/config_util.ex

@@ -0,0 +1,18 @@
+defmodule Ejabberd.ConfigUtil do
+  @moduledoc """
+  Module containing utility functions for
+  the config file.
+  """
+
+  @doc """
+  Returns true when the config file is based on elixir.
+  """
+  @spec is_elixir_config(list) :: boolean
+  def is_elixir_config(filename) when is_list(filename) do
+    is_elixir_config(to_string(filename))
+  end
+
+  def is_elixir_config(filename) do
+    String.ends_with?(filename, "exs")
+  end
+end

lib/ejabberd/module.ex

@@ -0,0 +1,19 @@
+defmodule Ejabberd.Module do
+
+  defmacro __using__(opts) do
+    logger_enabled = Keyword.get(opts, :logger, true)
+
+    quote do
+      @behaviour :gen_mod
+      import Ejabberd.Module
+
+      unquote(if logger_enabled do
+        quote do: import Ejabberd.Logger
+      end)
+    end
+  end
+
+  # gen_mod callbacks
+  def depends(_host, _opts), do: []
+  def mod_opt_type(_), do: []
+end

lib/mix/tasks/deps.tree.ex

@@ -0,0 +1,94 @@
+defmodule Mix.Tasks.Ejabberd.Deps.Tree do
+  use Mix.Task
+
+  alias Ejabberd.Config.EjabberdModule
+
+  @shortdoc "Lists all ejabberd modules and their dependencies"
+
+  @moduledoc """
+  Lists all ejabberd modules and their dependencies.
+
+  The project must have ejabberd as a dependency.
+  """
+
+  def run(_argv) do
+    # First we need to start manually the store to be available
+    # during the compilation of the config file.
+    Ejabberd.Config.Store.start_link
+    Ejabberd.Config.init(:ejabberd_config.get_ejabberd_config_path())
+
+    Mix.shell.info "ejabberd modules"
+
+    Ejabberd.Config.Store.get(:modules)
+    |> Enum.reverse # Because of how mods are stored inside the store
+    |> format_mods
+    |> Mix.shell.info
+  end
+
+  defp format_mods(mods) when is_list(mods) do
+    deps_tree = build_dependency_tree(mods)
+    mods_used_as_dependency = get_mods_used_as_dependency(deps_tree)
+
+    keep_only_mods_not_used_as_dep(deps_tree, mods_used_as_dependency)
+    |> format_mods_into_string
+  end
+
+  defp build_dependency_tree(mods) do
+    Enum.map mods, fn %EjabberdModule{module: mod, attrs: attrs} ->
+      deps = attrs[:dependency]
+      build_dependency_tree(mods, mod, deps)
+    end
+  end
+
+  defp build_dependency_tree(mods, mod, []), do: %{module: mod, dependency: []}
+  defp build_dependency_tree(mods, mod, deps) when is_list(deps) do
+    dependencies = Enum.map deps, fn dep ->
+      dep_deps = get_dependencies_of_mod(mods, dep)
+      build_dependency_tree(mods, dep, dep_deps)
+    end
+
+    %{module: mod, dependency: dependencies}
+  end
+
+  defp get_mods_used_as_dependency(mods) when is_list(mods) do
+    Enum.reduce mods, [], fn(mod, acc) ->
+      case mod do
+        %{dependency: []} -> acc
+        %{dependency: deps} -> get_mod_names(deps) ++ acc
+      end
+    end
+  end
+
+  defp get_mod_names([]), do: []
+  defp get_mod_names(mods) when is_list(mods), do: Enum.map(mods, &get_mod_names/1) |> List.flatten
+  defp get_mod_names(%{module: mod, dependency: deps}), do: [mod | get_mod_names(deps)]
+
+  defp keep_only_mods_not_used_as_dep(mods, mods_used_as_dep) do
+    Enum.filter mods, fn %{module: mod} ->
+      not mod in mods_used_as_dep
+    end
+  end
+
+  defp get_dependencies_of_mod(deps, mod_name) do
+    Enum.find(deps, &(Map.get(&1, :module) == mod_name))
+    |> Map.get(:attrs)
+    |> Keyword.get(:dependency)
+  end
+
+  defp format_mods_into_string(mods), do: format_mods_into_string(mods, 0)
+  defp format_mods_into_string([], _indentation), do: ""
+  defp format_mods_into_string(mods, indentation) when is_list(mods) do
+    Enum.reduce mods, "", fn(mod, acc) ->
+      acc <> format_mods_into_string(mod, indentation)
+    end
+  end
+
+  defp format_mods_into_string(%{module: mod, dependency: deps}, 0) do
+    "\n├── #{mod}" <> format_mods_into_string(deps,  2)
+  end
+
+  defp format_mods_into_string(%{module: mod, dependency: deps}, indentation) do
+    spaces = Enum.reduce 0..indentation, "", fn(_, acc) -> " " <> acc end
+    "\n│#{spaces}└── #{mod}" <> format_mods_into_string(deps, indentation + 4)
+  end
+end

lib/mod_presence_demo.ex

@@ -1,21 +1,20 @@
 defmodule ModPresenceDemo do
-  import Ejabberd.Logger # this allow using info, error, etc for logging
-  @behaviour :gen_mod
+  use Ejabberd.Module
 
   def start(host, _opts) do
     info('Starting ejabberd module Presence Demo')
-    Ejabberd.Hooks.add(:set_presence_hook, host, __ENV__.module, :on_presence, 50)
+    Ejabberd.Hooks.add(:set_presence_hook, host, __MODULE__, :on_presence, 50)
     :ok
   end
-  
+
   def stop(host) do
     info('Stopping ejabberd module Presence Demo')
-    Ejabberd.Hooks.delete(:set_presence_hook, host, __ENV__.module, :on_presence, 50)
+    Ejabberd.Hooks.delete(:set_presence_hook, host, __MODULE__, :on_presence, 50)
     :ok
   end
-  
+
   def on_presence(user, _server, _resource, _packet) do
     info('Receive presence for #{user}')
     :none
-  end 
+  end
 end

mix.exs

@@ -3,7 +3,7 @@ defmodule Ejabberd.Mixfile do
 
   def project do
     [app: :ejabberd,
-     version: "16.02.0",
+     version: "16.08.0",
      description: description,
      elixir: "~> 1.2",
      elixirc_paths: ["lib"],
@@ -11,6 +11,8 @@ defmodule Ejabberd.Mixfile do
      compilers: [:asn1] ++ Mix.compilers,
      erlc_options: erlc_options,
      erlc_paths: ["asn1", "src"],
+     # Elixir tests are starting the part of ejabberd they need
+     aliases: [test: "test --no-start"],
      package: package,
      deps: deps]
   end
@@ -27,7 +29,7 @@ defmodule Ejabberd.Mixfile do
      included_applications: [:lager, :mnesia, :p1_utils, :cache_tab,
                              :fast_tls, :stringprep, :fast_xml,
                              :stun, :fast_yaml, :ezlib, :iconv,
-                             :esip, :jiffy, :p1_oauth2, :p1_xmlrpc, :eredis,
+                             :esip, :jiffy, :p1_oauth2, :eredis,
                              :p1_mysql, :p1_pgsql, :sqlite3]]
   end
 
@@ -38,7 +40,7 @@ defmodule Ejabberd.Mixfile do
   end
 
   defp deps do
-    [{:lager, "~> 3.0"},
+    [{:lager, "~> 3.2"},
      {:p1_utils, "~> 1.0"},
      {:cache_tab, "~> 1.0"},
      {:stringprep, "~> 1.0"},
@@ -49,14 +51,19 @@ defmodule Ejabberd.Mixfile do
      {:esip, "~> 1.0"},
      {:jiffy, "~> 0.14.7"},
      {:p1_oauth2, "~> 0.6.1"},
-     {:p1_xmlrpc, "~> 1.15"},
      {:p1_mysql, "~> 1.0"},
-     {:p1_pgsql, "~> 1.0"},
+     {:p1_pgsql, "~> 1.1"},
      {:sqlite3, "~> 1.1"},
      {:ezlib, "~> 1.0"},
      {:iconv, "~> 1.0"},
      {:eredis, "~> 1.0"},
-     {:exrm, "~> 1.0.0-rc7", only: :dev}]
+     {:exrm, "~> 1.0.0", only: :dev},
+     # relx is used by exrm. Lock version as for now, ejabberd doesn not compile fine with
+     # version 3.20:
+     {:relx, "~> 3.21", only: :dev},
+     {:ex_doc, ">= 0.0.0", only: :dev},
+     {:meck, "~> 0.8.4", only: :test},
+     {:moka, github: "processone/moka", tag: "1.0.5c", only: :test}]
   end
 
   defp package do

mix.lock

@@ -1,26 +1,30 @@
-%{"bbmustache": {:hex, :bbmustache, "1.0.4"},
-  "cache_tab": {:hex, :cache_tab, "1.0.2"},
-  "cf": {:hex, :cf, "0.2.1"},
-  "eredis": {:hex, :eredis, "1.0.8"},
-  "erlware_commons": {:hex, :erlware_commons, "0.19.0"},
-  "esip": {:hex, :esip, "1.0.2"},
-  "exrm": {:hex, :exrm, "1.0.3"},
-  "ezlib": {:hex, :ezlib, "1.0.1"},
-  "fast_tls": {:hex, :fast_tls, "1.0.1"},
-  "fast_xml": {:hex, :fast_xml, "1.1.11"},
-  "fast_yaml": {:hex, :fast_yaml, "1.0.3"},
-  "getopt": {:hex, :getopt, "0.8.2"},
-  "goldrush": {:hex, :goldrush, "0.1.7"},
-  "iconv": {:hex, :iconv, "1.0.0"},
-  "jiffy": {:hex, :jiffy, "0.14.7"},
-  "lager": {:hex, :lager, "3.0.2"},
-  "p1_mysql": {:hex, :p1_mysql, "1.0.1"},
-  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1"},
-  "p1_pgsql": {:hex, :p1_pgsql, "1.1.0"},
-  "p1_utils": {:hex, :p1_utils, "1.0.3"},
-  "p1_xmlrpc": {:hex, :p1_xmlrpc, "1.15.1"},
-  "providers": {:hex, :providers, "1.6.0"},
-  "relx": {:hex, :relx, "3.18.0"},
-  "sqlite3": {:hex, :sqlite3, "1.1.5"},
-  "stringprep": {:hex, :stringprep, "1.0.3"},
-  "stun": {:hex, :stun, "1.0.1"}}
+%{"bbmustache": {:hex, :bbmustache, "1.0.4", "7ba94f971c5afd7b6617918a4bb74705e36cab36eb84b19b6a1b7ee06427aa38", [:rebar], []},
+  "cache_tab": {:hex, :cache_tab, "1.0.4", "3fd2b1ab40c36e7830a4e09e836c6b0fa89191cd4e5fd471873e4eb42f5cd37c", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "cf": {:hex, :cf, "0.2.1", "69d0b1349fd4d7d4dc55b7f407d29d7a840bf9a1ef5af529f1ebe0ce153fc2ab", [:rebar3], []},
+  "earmark": {:hex, :earmark, "1.0.1", "2c2cd903bfdc3de3f189bd9a8d4569a075b88a8981ded9a0d95672f6e2b63141", [:mix], []},
+  "eredis": {:hex, :eredis, "1.0.8", "ab4fda1c4ba7fbe6c19c26c249dc13da916d762502c4b4fa2df401a8d51c5364", [:rebar], []},
+  "erlware_commons": {:hex, :erlware_commons, "0.21.0", "a04433071ad7d112edefc75ac77719dd3e6753e697ac09428fc83d7564b80b15", [:rebar3], [{:cf, "0.2.1", [hex: :cf, optional: false]}]},
+  "esip": {:hex, :esip, "1.0.8", "69885a6c07964aabc6c077fe1372aa810a848bd3d9a415b160dabdce9c7a79b5", [:rebar3], [{:fast_tls, "1.0.7", [hex: :fast_tls, optional: false]}, {:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}, {:stun, "1.0.7", [hex: :stun, optional: false]}]},
+  "ex_doc": {:hex, :ex_doc, "0.13.0", "aa2f8fe4c6136a2f7cfc0a7e06805f82530e91df00e2bff4b4362002b43ada65", [:mix], [{:earmark, "~> 1.0", [hex: :earmark, optional: false]}]},
+  "exrm": {:hex, :exrm, "1.0.8", "5aa8990cdfe300282828b02cefdc339e235f7916388ce99f9a1f926a9271a45d", [:mix], [{:relx, "~> 3.5", [hex: :relx, optional: false]}]},
+  "ezlib": {:hex, :ezlib, "1.0.1", "add8b2770a1a70c174aaea082b4a8668c0c7fdb03ee6cc81c6c68d3a6c3d767d", [:rebar3], []},
+  "fast_tls": {:hex, :fast_tls, "1.0.7", "9b72ecfcdcad195ab072c196fab8334f49d8fea76bf1a51f536d69e7527d902a", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "fast_xml": {:hex, :fast_xml, "1.1.15", "6d23eb7f874e1357cf80a48d75a7bd0c8f6318029dc4b70122e9f54911f57f83", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "fast_yaml": {:hex, :fast_yaml, "1.0.6", "3fe6feb7935ae8028b337e53e1db29e73ad3bca8041108f6a8f73b7175ece75c", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "getopt": {:hex, :getopt, "0.8.2", "b17556db683000ba50370b16c0619df1337e7af7ecbf7d64fbf8d1d6bce3109b", [:rebar], []},
+  "goldrush": {:hex, :goldrush, "0.1.8", "2024ba375ceea47e27ea70e14d2c483b2d8610101b4e852ef7f89163cdb6e649", [:rebar3], []},
+  "iconv": {:hex, :iconv, "1.0.2", "a0792f06ab4b5ea1b5bb49789405739f1281a91c44cf3879cb70e4d777666217", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "jiffy": {:hex, :jiffy, "0.14.7", "9f33b893edd6041ceae03bc1e50b412e858cc80b46f3d7535a7a9940a79a1c37", [:rebar, :make], []},
+  "lager": {:hex, :lager, "3.2.1", "eef4e18b39e4195d37606d9088ea05bf1b745986cf8ec84f01d332456fe88d17", [:rebar3], [{:goldrush, "0.1.8", [hex: :goldrush, optional: false]}]},
+  "meck": {:hex, :meck, "0.8.4", "59ca1cd971372aa223138efcf9b29475bde299e1953046a0c727184790ab1520", [:rebar, :make], []},
+  "moka": {:git, "https://github.com/processone/moka.git", "3eed3a6dd7dedb70a6cd18f86c7561a18626eb3b", [tag: "1.0.5c"]},
+  "p1_mysql": {:hex, :p1_mysql, "1.0.1", "d2be1cfc71bb4f1391090b62b74c3f5cb8e7a45b0076b8cb290cd6b2856c581b", [:rebar3], []},
+  "p1_oauth2": {:hex, :p1_oauth2, "0.6.1", "4e021250cc198c538b097393671a41e7cebf463c248980320e038fe0316eb56b", [:rebar3], []},
+  "p1_pgsql": {:hex, :p1_pgsql, "1.1.0", "ca525c42878eac095e5feb19563acc9915c845648f48fdec7ba6266c625d4ac7", [:rebar3], []},
+  "p1_utils": {:hex, :p1_utils, "1.0.5", "3e698354fdc1fea5491d991457b0cb986c0a00a47d224feb841dc3ec82b9f721", [:rebar3], []},
+  "providers": {:hex, :providers, "1.6.0", "db0e2f9043ae60c0155205fcd238d68516331d0e5146155e33d1e79dc452964a", [:rebar3], [{:getopt, "0.8.2", [hex: :getopt, optional: false]}]},
+  "relx": {:hex, :relx, "3.21.0", "91e1ea9f09b4edfda8461901f4b5c5e0226e43ec161e147eeab29f7761df6eb5", [:rebar3], [{:bbmustache, "1.0.4", [hex: :bbmustache, optional: false]}, {:cf, "0.2.1", [hex: :cf, optional: false]}, {:erlware_commons, "0.21.0", [hex: :erlware_commons, optional: false]}, {:getopt, "0.8.2", [hex: :getopt, optional: false]}, {:providers, "1.6.0", [hex: :providers, optional: false]}]},
+  "samerlib": {:git, "https://github.com/processone/samerlib", "fbbba035b1548ac4e681df00d61bf609645333a0", [tag: "0.8.0c"]},
+  "sqlite3": {:hex, :sqlite3, "1.1.5", "794738b6d07b6d36ec6d42492cb9d629bad9cf3761617b8b8d728e765db19840", [:rebar3], []},
+  "stringprep": {:hex, :stringprep, "1.0.6", "1cf1c439eb038aa590da5456e019f86afbfbfeb5a2d37b6e5f873041624c6701", [:rebar3], [{:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]},
+  "stun": {:hex, :stun, "1.0.7", "904dc6f26a3c30c54881c4c3003699f2a4968067ee6b3aecdf9895aad02df75e", [:rebar3], [{:fast_tls, "1.0.7", [hex: :fast_tls, optional: false]}, {:p1_utils, "1.0.5", [hex: :p1_utils, optional: false]}]}}

rebar.config

@@ -7,18 +7,17 @@
 %%% Created :  1 May 2013 by Evgeniy Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------
 
-{deps, [{lager, ".*", {git, "https://github.com/basho/lager", {tag, "3.0.2"}}},
-        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.3"}}},
-        {cache_tab, ".*", {git, "https://github.com/processone/cache_tab", {tag, "1.0.2"}}},
-        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.1"}}},
-        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.2"}}},
-        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.3"}}},
-        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.1"}}},
-        {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.2"}}},
-        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.3"}}},
+{deps, [{lager, ".*", {git, "https://github.com/basho/lager", {tag, "3.2.1"}}},
+        {p1_utils, ".*", {git, "https://github.com/processone/p1_utils", {tag, "1.0.5"}}},
+        {cache_tab, ".*", {git, "https://github.com/processone/cache_tab", {tag, "1.0.4"}}},
+        {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.7"}}},
+        {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.6"}}},
+        {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.15"}}},
+        {stun, ".*", {git, "https://github.com/processone/stun", {tag, "1.0.7"}}},
+        {esip, ".*", {git, "https://github.com/processone/esip", {tag, "1.0.8"}}},
+        {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.6"}}},
         {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.7"}}},
         {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.1"}}},
-        {p1_xmlrpc, ".*", {git, "https://github.com/processone/p1_xmlrpc", {tag, "1.15.1"}}},
         {luerl, ".*", {git, "https://github.com/rvirding/luerl", {tag, "v0.2"}}},
         {if_var_true, mysql, {p1_mysql, ".*", {git, "https://github.com/processone/p1_mysql",
                                                {tag, "1.0.1"}}}},
@@ -30,19 +29,25 @@
                                            {tag, "1.0.0"}}}},
         {if_var_true, zlib, {ezlib, ".*", {git, "https://github.com/processone/ezlib",
                                            {tag, "1.0.1"}}}},
-        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
-                                              "908a24fda4a46776a5135db60ca071e3d783f9f6"}}},  % for riak_pb-2.1.0.7
         {if_var_true, riak, {riakc, ".*", {git, "https://github.com/basho/riak-erlang-client",
                                            "527722d12d0433b837cdb92a60900c2cb5df8942"}}},
+        %% Forces correct dependency for riakc and allow using newer meck version)
+        {if_var_true, riak, {hamcrest, ".*", {git, "https://github.com/hyperthunk/hamcrest-erlang",
+                                              "13f9bfb9b27d216e8e033b0e0a9a29097ed923dd"}}},  % for riak_pb-2.1.0.7
+        {if_var_true, riak, {protobuffs, ".*", {git, "https://github.com/basho/erlang_protobuffs",
+                                                "6e7fc924506e2dc166a6170e580ce1d95ebbd5bd"}}},  % for riak_pb-2.1.0.7 with correct meck dependency
+        %% Elixir support, needed to run tests
         {if_var_true, elixir, {elixir, ".*", {git, "https://github.com/elixir-lang/elixir",
-                                              {tag, "v1.1.1"}}}},
+                                              {tag, {if_version_above, "17", "v1.2.6", "v1.1.1"}}}}},
         %% TODO: When modules are fully migrated to new structure and mix, we will not need anymore rebar_elixir_plugin
         {if_var_true, elixir, {rebar_elixir_plugin, ".*",
                                {git, "https://github.com/processone/rebar_elixir_plugin", "0.1.0"}}},
         {if_var_true, iconv, {iconv, ".*", {git, "https://github.com/processone/iconv",
-                                            {tag, "1.0.0"}}}},
-        {if_var_true, tools, {meck, "0.8.2", {git, "https://github.com/eproxus/meck",
-                                              {tag, "0.8.2"}}}},
+                                            {tag, "1.0.2"}}}},
+        {if_var_true, tools, {meck, "0.8.*", {git, "https://github.com/eproxus/meck",
+                                              {tag, "0.8.4"}}}},
+        {if_var_true, tools, {moka, ".*", {git, "https://github.com/processone/moka.git",
+                                           {tag, "1.0.5c"}}}},
         {if_var_true, redis, {eredis, ".*", {git, "https://github.com/wooga/eredis",
                                              {tag, "v1.0.8"}}}}]}.
 
@@ -62,13 +67,14 @@
                   ezlib,
                   iconv]}}.
 
-{erl_first_files, ["src/ejabberd_config.erl"]}.
+{erl_first_files, ["src/ejabberd_config.erl", "src/gen_mod.erl"]}.
 
 {erl_opts, [nowarn_deprecated_function,
             {if_var_false, debug, no_debug_info},
             {if_var_true, debug, debug_info},
             {if_var_true, roster_gateway_workaround, {d, 'ROSTER_GATWAY_WORKAROUND'}},
             {if_var_match, db_type, mssql, {d, 'mssql'}},
+            {if_var_true, elixir, {d, 'ELIXIR_ENABLED'}},
             {if_var_true, erlang_deprecated_types, {d, 'ERL_DEPRECATED_TYPES'}},
             {if_var_true, hipe, native},
             {src_dirs, [asn1, src,
@@ -107,11 +113,12 @@
                    {if_var_false, iconv, "(\"iconv\":_/_)"},
                    {if_var_false, odbc, "(\"odbc\":_/_)"},
                    {if_var_false, sqlite, "(\"sqlite3\":_/_)"},
+                   {if_var_false, elixir, "(\"Elixir.Logger.*\":_/_)"},
                    {if_var_false, redis, "(\"eredis\":_/_)"}]}.
 
 {eunit_compile_opts, [{i, "tools"}]}.
 
-{cover_enabled, true}.
+{if_version_above, "17", {cover_enabled, true}}.
 {cover_export_enabled, true}.
 
 {post_hook_configure, [{"fast_tls", []},

rebar.config.script

@@ -19,7 +19,7 @@ ModCfg0 = fun(F, Cfg, [Key|Tail], Op, Default) ->
                          [{Key, F(F, OldVal, Tail, Op, Default)} | PartCfg]
                  end
          end,
-ModCfg = fun(Cfg, Keys, Op, Default) -> ModCfg0(ModCfg0, Cfg, Keys, Op, Default) end.
+ModCfg = fun(Cfg, Keys, Op, Default) -> ModCfg0(ModCfg0, Cfg, Keys, Op, Default) end,
 
 Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config")) of
           {ok, Terms} ->
@@ -28,15 +28,50 @@ Cfg = case file:consult(filename:join(filename:dirname(SCRIPT), "vars.config"))
               []
       end,
 
+ProcessSingleVar = fun(F, Var, Tail) ->
+			   case F(F, [Var], []) of
+			       [] -> Tail;
+			       [Val] -> [Val | Tail]
+			   end
+		   end,
+
 ProcessVars = fun(_F, [], Acc) ->
                       lists:reverse(Acc);
+                 (F, [{Type, Ver, Value} | Tail], Acc) when
+                        Type == if_version_above orelse
+                        Type == if_version_below ->
+		      SysVer = erlang:system_info(otp_release),
+		      Include = if Type == if_version_above ->
+					SysVer > Ver;
+				   true ->
+					SysVer < Ver
+				end,
+		      if Include ->
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
+			 true ->
+                              F(F, Tail, Acc)
+		      end;
+                 (F, [{Type, Ver, Value, ElseValue} | Tail], Acc) when
+                        Type == if_version_above orelse
+                        Type == if_version_below ->
+		      SysVer = erlang:system_info(otp_release),
+		      Include = if Type == if_version_above ->
+					SysVer > Ver;
+				   true ->
+					SysVer < Ver
+				end,
+		      if Include ->
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
+			 true ->
+                              F(F, Tail, ProcessSingleVar(F, ElseValue, Acc))
+		      end;
                  (F, [{Type, Var, Value} | Tail], Acc) when
                         Type == if_var_true orelse
                         Type == if_var_false ->
                       Flag = Type == if_var_true,
                       case proplists:get_bool(Var, Cfg) of
                           V when V == Flag ->
-                              F(F, Tail, [Value | Acc]);
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
                           _ ->
                               F(F, Tail, Acc)
                       end;
@@ -45,7 +80,7 @@ ProcessVars = fun(_F, [], Acc) ->
                         Type == if_var_no_match ->
                       case proplists:get_value(Var, Cfg) of
                           V when V == Match ->
-                              F(F, Tail, [Value | Acc]);
+                              F(F, Tail, ProcessSingleVar(F, Value, Acc));
                           _ ->
                               F(F, Tail, Acc)
                       end;
@@ -122,8 +157,8 @@ Conf5 = case lists:keytake(floating_deps, 1, Conf3) of
         end,
 
 %% When running Travis test, upload test coverage result to coveralls:
-Conf6 = case os:getenv("TRAVIS") of
-            "true" ->
+Conf6 = case {lists:keyfind(cover_enabled, 1, Conf5), os:getenv("TRAVIS")} of
+            {{cover_enabled, true}, "true"} ->
                 JobId = os:getenv("TRAVIS_JOB_ID"),
                 CfgTemp = ModCfg(Conf5, [deps], fun(V) -> [{coveralls, ".*", {git, "https://github.com/markusn/coveralls-erl.git", "master"}}|V] end, []),
                 ModCfg(CfgTemp, [post_hooks], fun(V) -> V ++ [{ct, "echo '\n%%! -pa ebin/ deps/coveralls/ebin\nmain(_)->{ok,F}=file:open(\"erlang.json\",[write]),io:fwrite(F,\"~s\",[coveralls:convert_file(\"logs/all.coverdata\", \""++JobId++"\", \"travis-ci\")]).' > getcover.erl"},
@@ -132,7 +167,7 @@ Conf6 = case os:getenv("TRAVIS") of
                 Conf5
         end,
 
-%io:format("ejabberd configuration:~n  ~p~n", [Conf5]),
+%io:format("ejabberd configuration:~n  ~p~n", [Conf6]),
 
 Conf6.
 

sql/lite.sql

@@ -313,3 +313,10 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sm_sid ON sm(usec, pid);
 CREATE INDEX i_sm_node ON sm(node);
 CREATE INDEX i_sm_username ON sm(username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL PRIMARY KEY,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);

sql/mssql.sql

@@ -362,8 +362,8 @@ WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW
 CREATE TABLE [dbo].[users] (
         [username] [varchar] (250) NOT NULL,
         [password] [text] NOT NULL,
-        [serverkey] [text] NOT NULL,
-        [salt] [text] NOT NULL,
+        [serverkey] [text] NOT NULL DEFAULT '',
+        [salt] [text] NOT NULL DEFAULT '',
         [iterationcount] [smallint] NOT NULL DEFAULT 0,
         [created_at] [datetime] NOT NULL DEFAULT GETDATE(),
  CONSTRAINT [users_PRIMARY] PRIMARY KEY CLUSTERED 
@@ -480,3 +480,13 @@ ON DELETE CASCADE;
 
 ALTER TABLE [dbo].[pubsub_state] CHECK CONSTRAINT [pubsub_state_ibfk_1];
 
+CREATE TABLE [dbo].[oauth_token] (
+    [token] [varchar] (250) NOT NULL,
+    [jid] [text] NOT NULL,
+    [scope] [text] NOT NULL,
+    [expire] [bigint] NOT NULL,
+ CONSTRAINT [oauth_token_PRIMARY] PRIMARY KEY CLUSTERED 
+(
+        [token] ASC
+)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON)
+) TEXTIMAGE_ON [PRIMARY];

sql/mysql.sql

@@ -19,15 +19,15 @@
 CREATE TABLE users (
     username varchar(191) PRIMARY KEY,
     password text NOT NULL,
-    serverkey text NOT NULL DEFAULT '',
-    salt text NOT NULL DEFAULT '',
+    serverkey varchar(64) NOT NULL DEFAULT '',
+    salt varchar(64) NOT NULL DEFAULT '',
     iterationcount integer NOT NULL DEFAULT 0,
     created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
 -- Add support for SCRAM auth to a database created before ejabberd 16.03:
--- ALTER TABLE users ADD COLUMN serverkey text NOT NULL DEFAULT '';
--- ALTER TABLE users ADD COLUMN salt text NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN serverkey varchar(64) NOT NULL DEFAULT '';
+-- ALTER TABLE users ADD COLUMN salt varchar(64) NOT NULL DEFAULT '';
 -- ALTER TABLE users ADD COLUMN iterationcount integer NOT NULL DEFAULT 0;
 
 CREATE TABLE last (
@@ -275,7 +275,7 @@ CREATE UNIQUE INDEX i_pubsub_subscription_opt ON pubsub_subscription_opt(subid(3
 CREATE TABLE muc_room (
     name text NOT NULL,
     host text NOT NULL,
-    opts text NOT NULL,
+    opts mediumtext NOT NULL,
     created_at timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 
@@ -328,3 +328,10 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sid ON sm(usec, pid(75));
 CREATE INDEX i_node ON sm(node(75));
 CREATE INDEX i_username ON sm(username);
+
+CREATE TABLE oauth_token (
+    token varchar(191) NOT NULL PRIMARY KEY,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

sql/pg.sql

@@ -330,3 +330,12 @@ CREATE TABLE sm (
 CREATE UNIQUE INDEX i_sm_sid ON sm USING btree (usec, pid);
 CREATE INDEX i_sm_node ON sm USING btree (node);
 CREATE INDEX i_sm_username ON sm USING btree (username);
+
+CREATE TABLE oauth_token (
+    token text NOT NULL,
+    jid text NOT NULL,
+    scope text NOT NULL,
+    expire bigint NOT NULL
+);
+
+CREATE UNIQUE INDEX i_oauth_token_token ON oauth_token USING btree (token);

src/acl.erl

@@ -29,10 +29,14 @@
 
 -author('alexey@process-one.net').
 
--export([start/0, to_record/3, add/3, add_list/3,
-	 add_local/3, add_list_local/3, load_from_config/0,
-	 match_rule/3, match_acl/3, transform_options/1,
-	 opt_type/1]).
+-export([add_access/3, clear/0]).
+-export([start/0, add/3, add_list/3, add_local/3, add_list_local/3,
+	 load_from_config/0, match_rule/3, any_rules_allowed/3,
+	 transform_options/1, opt_type/1, acl_rule_matches/3,
+	 acl_rule_verify/1, access_matches/3,
+	 transform_access_rules_config/1,
+	 parse_ip_netmask/1,
+	 access_rules_validator/1, shaper_rules_validator/1]).
 
 -include("ejabberd.hrl").
 -include("logger.hrl").
@@ -43,6 +47,7 @@
                  rules = [] :: [access_rule()]}).
 
 -type regexp() :: binary().
+-type iprange() :: {inet:ip_address(), integer()} | binary().
 -type glob() :: binary().
 -type access_name() :: atom().
 -type access_rule() :: {atom(), any()}.
@@ -61,7 +66,7 @@
                    {user_glob, {glob(), host()} | glob()} |
                    {server_glob, glob()} |
                    {resource_glob, glob()} |
-                   {ip, {inet:ip_address(), integer()}} |
+                   {ip, iprange()} |
                    {node_glob, {glob(), glob()}}.
 
 -type acl() :: #acl{aclname :: aclname(),
@@ -89,12 +94,6 @@ start() ->
     load_from_config(),
     ok.
 
--spec to_record(binary(), atom(), aclspec()) -> acl().
-
-to_record(Host, ACLName, ACLSpec) ->
-    #acl{aclname = {ACLName, Host},
-	 aclspec = normalize_spec(ACLSpec)}.
-
 -spec add(binary(), aclname(), aclspec()) -> ok | {error, any()}.
 
 add(Host, ACLName, ACLSpec) ->
@@ -185,6 +184,10 @@ load_from_config() ->
                        {acl, Host}, fun(V) -> V end, []),
               AccessRules = ejabberd_config:get_option(
                               {access, Host}, fun(V) -> V end, []),
+              AccessRulesNew = ejabberd_config:get_option(
+				 {access_rules, Host}, fun(V) -> V end, []),
+              ShaperRules = ejabberd_config:get_option(
+				 {shaper_rules, Host}, fun(V) -> V end, []),
               lists:foreach(
                 fun({ACLName, SpecList}) ->
                         lists:foreach(
@@ -198,12 +201,29 @@ load_from_config() ->
                                   add(Host, ACLName, {ACLType, ACLSpecs})
                           end, lists:flatten(SpecList))
                 end, ACLs),
+              lists:foreach(
+                fun({Access, Rules}) ->
+			NRules = lists:map(fun({ACL, Type}) ->
+					     {Type, [{acl, ACL}]}
+				     end, Rules),
+                        add_access(Host, Access, NRules ++ [{deny, [all]}])
+                end, AccessRules),
               lists:foreach(
                 fun({Access, Rules}) ->
                         add_access(Host, Access, Rules)
-                end, AccessRules)
+                end, AccessRulesNew),
+              lists:foreach(
+                fun({Access, Rules}) ->
+                        add_access(Host, Access, Rules)
+                end, ShaperRules)
       end, Hosts).
 
+%% Delete all previous set ACLs and Access rules
+clear() ->
+    mnesia:clear_table(acl),
+    mnesia:clear_table(access),
+    ok.
+
 b(S) ->
     iolist_to_binary(S).
 
@@ -216,23 +236,33 @@ nameprep(S) ->
 resourceprep(S) ->
     jid:resourceprep(b(S)).
 
+split_user_server(Str, NormFunUsr, NormFunSrv) ->
+    case binary:split(Str, <<"@">>) of
+	[U, S] ->
+	    {NormFunUsr(U), NormFunSrv(S)};
+	_ ->
+	    NormFunUsr(Str)
+    end.
+
 normalize_spec(Spec) ->
     case Spec of
         all -> all;
         none -> none;
+        {acl, N} -> {acl, N};
         {user, {U, S}} -> {user, {nodeprep(U), nameprep(S)}};
-        {user, U} -> {user, nodeprep(U)};
+        {user, U} -> {user, split_user_server(U, fun nodeprep/1, fun nameprep/1)};
         {shared_group, {G, H}} -> {shared_group, {b(G), nameprep(H)}};
-        {shared_group, G} -> {shared_group, b(G)};
+        {shared_group, G} -> {shared_group, split_user_server(G, fun b/1, fun nameprep/1)};
         {user_regexp, {UR, S}} -> {user_regexp, {b(UR), nameprep(S)}};
-        {user_regexp, UR} -> {user_regexp, b(UR)};
+        {user_regexp, UR} -> {user_regexp, split_user_server(UR, fun b/1, fun nameprep/1)};
         {node_regexp, {UR, SR}} -> {node_regexp, {b(UR), b(SR)}};
         {user_glob, {UR, S}} -> {user_glob, {b(UR), nameprep(S)}};
-        {user_glob, UR} -> {user_glob, b(UR)};
+        {user_glob, UR} -> {user_glob, split_user_server(UR, fun b/1, fun nameprep/1)};
         {node_glob, {UR, SR}} -> {node_glob, {b(UR), b(SR)}};
         {server, S} -> {server, nameprep(S)};
         {resource, R} -> {resource, resourceprep(R)};
         {server_regexp, SR} -> {server_regexp, b(SR)};
+        {resource_regexp, R} -> {resource_regexp, b(R)};
         {server_glob, S} -> {server_glob, b(S)};
         {resource_glob, R} -> {resource_glob, b(R)};
         {ip, {Net, Mask}} -> {ip, {Net, Mask}};
@@ -246,107 +276,215 @@ normalize_spec(Spec) ->
             end
     end.
 
+-spec any_rules_allowed(global | binary(), access_name(),
+                           jid() | ljid() | inet:ip_address()) -> boolean().
+
+any_rules_allowed(Host, Access, Entity) ->
+    lists:any(fun (Rule) ->
+                      allow == acl:match_rule(Host, Rule, Entity)
+              end,
+              Access).
+
 -spec match_rule(global | binary(), access_name(),
                  jid() | ljid() | inet:ip_address()) -> any().
 
-match_rule(_Host, all, _JID) ->
-    allow;
-match_rule(_Host, none, _JID) ->
-    deny;
+match_rule(Host, Access, IP) when tuple_size(IP) == 4;
+    tuple_size(IP) == 8 ->
+    access_matches(Access, #{ip => IP}, Host);
 match_rule(Host, Access, JID) ->
-    GAccess = ets:lookup(access, {Access, global}),
-    LAccess = if Host /= global ->
-                      ets:lookup(access, {Access, Host});
-                 true ->
-                      []
-              end,
-    case GAccess ++ LAccess of
-        [] ->
-            deny;
-        AccessList ->
-            Rules = lists:flatmap(
-                      fun(#access{rules = Rs}) ->
-                              Rs
-                      end, AccessList),
-            match_acls(Rules, JID, Host)
-    end.
+    access_matches(Access, #{usr => jid:tolower(JID)}, Host).
 
-match_acls([], _, _Host) -> deny;
-match_acls([{ACL, Access} | ACLs], JID, Host) ->
-    case match_acl(ACL, JID, Host) of
-      true -> Access;
-      _ -> match_acls(ACLs, JID, Host)
-    end.
+-spec acl_rule_verify(aclspec()) -> boolean().
 
--spec match_acl(atom(),
-                jid() | ljid() | inet:ip_address(),
-                binary()) -> boolean().
-
-match_acl(all, _JID, _Host) ->
+acl_rule_verify(all) ->
     true;
-match_acl(none, _JID, _Host) ->
+acl_rule_verify(none) ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D}, Mask}})
+    when is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    A >= 0, A =< 255, B >= 0, B =< 255, C >= 0, C =< 255, D >= 0, D =< 255,
+    is_integer(Mask), Mask >= 0, Mask =< 32 ->
+    true;
+acl_rule_verify({ip, {{A,B,C,D,E,F,G,H}, Mask}}) when
+    is_integer(A), is_integer(B), is_integer(C), is_integer(D),
+    is_integer(E), is_integer(F), is_integer(G), is_integer(H),
+    A >= 0, A =< 65535, B >= 0, B =< 65535, C >= 0, C =< 65535, D >= 0, D =< 65535,
+    E >= 0, E =< 65535, F >= 0, F =< 65535, G >= 0, G =< 65535, H >= 0, H =< 65535,
+    is_integer(Mask), Mask >= 0, Mask =< 64 ->
+    true;
+acl_rule_verify({user, {U, S}}) when is_binary(U), is_binary(S) ->
+    true;
+acl_rule_verify({user, U}) when is_binary(U) ->
+    true;
+acl_rule_verify({server, S}) when is_binary(S) ->
+    true;
+acl_rule_verify({resource, R}) when is_binary(R) ->
+    true;
+acl_rule_verify({shared_group, {G, H}}) when is_binary(G), is_binary(H) ->
+    true;
+acl_rule_verify({shared_group, G}) when is_binary(G) ->
+    true;
+acl_rule_verify({user_regexp, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_regexp, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_regexp, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_regexp, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_regexp, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify({user_glob, {UR, S}}) when is_binary(UR), is_binary(S) ->
+    true;
+acl_rule_verify({user_glob, UR}) when is_binary(UR) ->
+    true;
+acl_rule_verify({server_glob, SR}) when is_binary(SR) ->
+    true;
+acl_rule_verify({resource_glob, RR}) when is_binary(RR) ->
+    true;
+acl_rule_verify({node_glob, {UR, SR}}) when is_binary(UR), is_binary(SR) ->
+    true;
+acl_rule_verify(_Spec) ->
+    false.
+invalid_syntax(Msg, Data) ->
+    throw({invalid_syntax, iolist_to_binary(io_lib:format(Msg, Data))}).
+
+acl_rules_verify([{acl, Name} | Rest], true) when is_atom(Name) ->
+    acl_rules_verify(Rest, true);
+acl_rules_verify([{acl, Name} = Rule | _Rest], false) when is_atom(Name) ->
+    invalid_syntax(<<"Using acl: rules not allowed: ~p">>, [Rule]);
+acl_rules_verify([Rule | Rest], AllowAcl) ->
+    case acl_rule_verify(Rule) of
+	false ->
+	    invalid_syntax(<<"Invalid rule: ~p">>, [Rule]);
+	true ->
+	    acl_rules_verify(Rest, AllowAcl)
+    end;
+acl_rules_verify([], _AllowAcl) ->
+    true;
+acl_rules_verify(Rules, _AllowAcl) ->
+    invalid_syntax(<<"Not a acl rules list: ~p">>, [Rules]).
+
+
+
+all_acl_rules_matches([], _Data, _Host) ->
     false;
-match_acl(ACL, IP, Host) when tuple_size(IP) == 4;
-                              tuple_size(IP) == 8 ->
-    lists:any(
-      fun(#acl{aclspec = {ip, {Net, Mask}}}) ->
-              is_ip_match(IP, Net, Mask);
-         (_) ->
-              false
-      end, get_aclspecs(ACL, Host));
-match_acl(ACL, JID, Host) ->
-    {User, Server, Resource} = jid:tolower(JID),
-    lists:any(
-      fun(#acl{aclspec = Spec}) ->
-              case Spec of
-                  all -> true;
-                  {user, {U, S}} -> U == User andalso S == Server;
-                  {user, U} ->
-                      U == User andalso
-                          lists:member(Server, ?MYHOSTS);
-                  {server, S} -> S == Server;
-                  {resource, R} -> R == Resource;
-                  {shared_group, {G, H}} ->
-                      Mod = loaded_shared_roster_module(H),
-                      Mod:is_user_in_group({User, Server}, G, H);
-                  {shared_group, G} ->
-                      Mod = loaded_shared_roster_module(Host),
-                      Mod:is_user_in_group({User, Server}, G, Host);
-                  {user_regexp, {UR, S}} ->
-                      S == Server andalso is_regexp_match(User, UR);
-                  {user_regexp, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_regexp_match(User, UR);
-                  {server_regexp, SR} ->
-                      is_regexp_match(Server, SR);
-                  {resource_regexp, RR} ->
-                      is_regexp_match(Resource, RR);
-                  {node_regexp, {UR, SR}} ->
-                      is_regexp_match(Server, SR) andalso
-                          is_regexp_match(User, UR);
-                  {user_glob, {UR, S}} ->
-                      S == Server andalso is_glob_match(User, UR);
-                  {user_glob, UR} ->
-                      lists:member(Server, ?MYHOSTS)
-                          andalso is_glob_match(User, UR);
-                  {server_glob, SR} -> is_glob_match(Server, SR);
-                  {resource_glob, RR} ->
-                      is_glob_match(Resource, RR);
-                  {node_glob, {UR, SR}} ->
-                      is_glob_match(Server, SR) andalso
-                          is_glob_match(User, UR);
-                  WrongSpec ->
-                      ?ERROR_MSG("Wrong ACL expression: ~p~nCheck your "
-                                 "config file and reload it with the override_a"
-                                 "cls option enabled",
-                                 [WrongSpec]),
-                      false
-              end
-      end,
-      get_aclspecs(ACL, Host)).
+all_acl_rules_matches(Rules, Data, Host) ->
+    all_acl_rules_matches2(Rules, Data, Host).
+
+all_acl_rules_matches2([Rule | Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    all_acl_rules_matches2(Tail, Data, Host);
+	false ->
+	    false
+    end;
+all_acl_rules_matches2([], _Data, _Host) ->
+    true.
+
+any_acl_rules_matches([], _Data, _Host) ->
+    false;
+any_acl_rules_matches([Rule|Tail], Data, Host) ->
+    case acl_rule_matches(Rule, Data, Host) of
+	true ->
+	    true;
+	false ->
+	    any_acl_rules_matches(Tail, Data, Host)
+    end.
+
+-spec acl_rule_matches(aclspec(), any(), global|binary()) -> boolean().
+
+acl_rule_matches(all, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, all}, _Data, _Host) ->
+    true;
+acl_rule_matches({acl, Name}, Data, Host) ->
+    ACLs = get_aclspecs(Name, Host),
+    RawACLs = lists:map(fun(#acl{aclspec = R}) -> R end, ACLs),
+    any_acl_rules_matches(RawACLs, Data, Host);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := {IP, _Port}}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({ip, {Net, Mask}}, #{ip := IP}, _Host) ->
+    is_ip_match(IP, Net, Mask);
+acl_rule_matches({user, {U, S}}, #{usr := {U, S, _}}, _Host) ->
+    true;
+acl_rule_matches({user, U}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS);
+acl_rule_matches({server, S}, #{usr := {_, S, _}}, _Host) ->
+    true;
+acl_rule_matches({resource, R}, #{usr := {_, _, R}}, _Host) ->
+    true;
+acl_rule_matches({shared_group, {G, H}}, #{usr := {U, S, _}}, _Host) ->
+    Mod = loaded_shared_roster_module(H),
+    Mod:is_user_in_group({U, S}, G, H);
+acl_rule_matches({shared_group, G}, #{usr := {U, S, _}}, Host) ->
+    Mod = loaded_shared_roster_module(Host),
+    Mod:is_user_in_group({U, S}, G, Host);
+acl_rule_matches({user_regexp, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR);
+acl_rule_matches({user_regexp, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_regexp_match(U, UR);
+acl_rule_matches({server_regexp, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_regexp_match(S, SR);
+acl_rule_matches({resource_regexp, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_regexp_match(R, RR);
+acl_rule_matches({node_regexp, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_regexp_match(U, UR) andalso is_regexp_match(S, SR);
+acl_rule_matches({user_glob, {UR, S}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR);
+acl_rule_matches({user_glob, UR}, #{usr := {U, S, _}}, _Host) ->
+    lists:member(S, ?MYHOSTS) andalso is_glob_match(U, UR);
+acl_rule_matches({server_glob, SR}, #{usr := {_, S, _}}, _Host) ->
+    is_glob_match(S, SR);
+acl_rule_matches({resource_glob, RR}, #{usr := {_, _, R}}, _Host) ->
+    is_glob_match(R, RR);
+acl_rule_matches({node_glob, {UR, SR}}, #{usr := {U, S, _}}, _Host) ->
+    is_glob_match(U, UR) andalso is_glob_match(S, SR);
+acl_rule_matches(_ACL, _Data, _Host) ->
+    false.
+
+-spec access_matches(atom()|list(), any(), global|binary()) -> any().
+access_matches(all, _Data, _Host) ->
+    allow;
+access_matches(none, _Data, _Host) ->
+    deny;
+access_matches(Name, Data, Host) when is_atom(Name) ->
+    GAccess = ets:lookup(access, {Name, global}),
+    LAccess =
+	if Host /= global -> ets:lookup(access, {Name, Host});
+	    true -> []
+	end,
+    case GAccess ++ LAccess of
+	[] ->
+	    deny;
+	AccessList ->
+	    Rules = lists:flatmap(
+		fun(#access{rules = Rs}) ->
+		    Rs
+		end, AccessList),
+	    access_rules_matches(Rules, Data, Host)
+    end;
+access_matches(Rules, Data, Host) when is_list(Rules) ->
+    access_rules_matches(Rules, Data, Host).
+
+
+-spec access_rules_matches(list(), any(), global|binary()) -> any().
+
+access_rules_matches(AR, Data, Host) ->
+    access_rules_matches(AR, Data, Host, deny).
+
+access_rules_matches([{Type, Acls} | Rest], Data, Host, Default) ->
+    case all_acl_rules_matches(Acls, Data, Host) of
+	false ->
+	    access_rules_matches(Rest, Data, Host, Default);
+	true ->
+	    Type
+    end;
+access_rules_matches([], _Data, _Host, Default) ->
+    Default.
 
 get_aclspecs(ACL, Host) ->
-      ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).
+    ets:lookup(acl, {ACL, Host}) ++ ets:lookup(acl, {ACL, global}).
 
 is_regexp_match(String, RegExp) ->
     case ejabberd_regexp:run(String, RegExp) of
@@ -418,6 +556,63 @@ parse_ip_netmask(S) ->
       _ -> error
     end.
 
+transform_access_rules_config(Config) when is_list(Config) ->
+    lists:map(fun transform_access_rules_config2/1, lists:flatten(Config));
+transform_access_rules_config(Config) ->
+    transform_access_rules_config([Config]).
+
+transform_access_rules_config2(Type) when is_integer(Type); is_atom(Type) ->
+    {Type, [all]};
+transform_access_rules_config2({Type, ACL}) when is_atom(ACL) ->
+    {Type, [{acl, ACL}]};
+transform_access_rules_config2({Res, Rules}) when is_list(Rules) ->
+    T = lists:map(fun({Type, Args}) when is_list(Args) ->
+			  normalize_spec({Type, hd(lists:flatten(Args))});
+		     (V) -> normalize_spec(V)
+		  end, lists:flatten(Rules)),
+    {Res, T};
+transform_access_rules_config2({Res, Rule}) ->
+    {Res, [Rule]}.
+
+access_rules_validator(Name) when is_atom(Name) ->
+    Name;
+access_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(allow) -> true;
+					  (deny) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+
+shaper_rules_validator(Name) when is_atom(Name) ->
+    Name;
+shaper_rules_validator(Rules0) ->
+    Rules = transform_access_rules_config(Rules0),
+    access_shaper_rules_validator(Rules, fun(V) when is_atom(V) -> true;
+					  (V2) when is_integer(V2) -> true;
+					  (_) -> false
+				       end),
+    throw({replace_with, Rules}).
+
+access_shaper_rules_validator([{Type, Acls} = Rule | Rest], RuleTypeCheck) ->
+    case RuleTypeCheck(Type) of
+	true ->
+	    case acl_rules_verify(Acls, true) of
+		true ->
+		    access_shaper_rules_validator(Rest, RuleTypeCheck);
+		Err ->
+		    Err
+	    end;
+	false ->
+	    invalid_syntax(<<"Invalid rule type: ~p in rule ~p">>, [Type, Rule])
+    end;
+access_shaper_rules_validator([], _RuleTypeCheck) ->
+    true;
+access_shaper_rules_validator(Value, _RuleTypeCheck) ->
+    invalid_syntax(<<"Not a rule definition: ~p">>, [Value]).
+
+
 transform_options(Opts) ->
     Opts1 = lists:foldl(fun transform_options/2, [], Opts),
     {ACLOpts, Opts2} = lists:mapfoldl(
@@ -432,6 +627,18 @@ transform_options(Opts) ->
                                (O, Acc) ->
                                     {[], [O|Acc]}
                             end, [], Opts2),
+    {NewAccessOpts, Opts4} = lists:mapfoldl(
+                            fun({access_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts3),
+    {ShaperOpts, Opts5} = lists:mapfoldl(
+                            fun({shaper_rules, Os}, Acc) ->
+                                    {Os, Acc};
+                               (O, Acc) ->
+                                    {[], [O|Acc]}
+                            end, [], Opts4),
     ACLOpts1 = ejabberd_config:collect_options(lists:flatten(ACLOpts)),
     AccessOpts1 = case ejabberd_config:collect_options(
                          lists:flatten(AccessOpts)) of
@@ -445,7 +652,21 @@ transform_options(Opts) ->
                    [] -> [];
                    L2 -> [{acl, L2}]
                end,
-    ACLOpts2 ++ AccessOpts1 ++ Opts3.
+    NewAccessOpts1 = case lists:map(
+			    fun({NAName, Os}) ->
+				    {NAName, transform_access_rules_config(Os)}
+			    end, lists:flatten(NewAccessOpts)) of
+			 [] -> [];
+			 L3 -> [{access_rules, L3}]
+		     end,
+    ShaperOpts1 = case lists:map(
+			    fun({SName, Ss}) ->
+				    {SName, transform_access_rules_config(Ss)}
+			    end, lists:flatten(ShaperOpts)) of
+			 [] -> [];
+			 L4 -> [{shaper_rules, L4}]
+		     end,
+    ACLOpts2 ++ AccessOpts1 ++ NewAccessOpts1 ++ ShaperOpts1 ++ Opts5.
 
 transform_options({acl, Name, Type}, Opts) ->
     T = case Type of
@@ -466,7 +687,8 @@ transform_options({acl, Name, Type}, Opts) ->
             {server_regexp, SR} -> {server_regexp, [b(SR)]};
             {server_glob, S} -> {server_glob, [b(S)]};
             {ip, S} -> {ip, [b(S)]};
-            {resource_glob, R} -> {resource_glob, [b(R)]}
+            {resource_glob, R} -> {resource_glob, [b(R)]};
+            {resource_regexp, R} -> {resource_regexp, [b(R)]}
         end,
     [{acl, [{Name, [T]}]}|Opts];
 transform_options({access, Name, Rules}, Opts) ->
@@ -476,5 +698,7 @@ transform_options(Opt, Opts) ->
     [Opt|Opts].
 
 opt_type(access) -> fun (V) -> V end;
+opt_type(access_rules) -> fun (V) -> V end;
+opt_type(shaper_rules) -> fun (V) -> V end;
 opt_type(acl) -> fun (V) -> V end;
-opt_type(_) -> [access, acl].
+opt_type(_) -> [access, acl, access_rules, shaper_rules].

src/adhoc.erl

@@ -41,13 +41,7 @@
 %% Parse an ad-hoc request.  Return either an adhoc_request record or
 %% an {error, ErrorType} tuple.
 %%
--spec(parse_request/1 ::
-(
-  IQ :: iq_request())
-    -> adhoc_response()
-    %%
-     | {error, _}
-).
+-spec parse_request(IQ :: iq_request()) -> adhoc_response() | {error, _}.
 
 parse_request(#iq{type = set, lang = Lang, sub_el = SubEl, xmlns = ?NS_COMMANDS}) ->
     ?DEBUG("entering parse_request...", []),
@@ -68,7 +62,9 @@ parse_request(#iq{type = set, lang = Lang, sub_el = SubEl, xmlns = ?NS_COMMANDS}
         xdata     = XData,
         others    = Others
     };
-parse_request(_) -> {error, ?ERR_BAD_REQUEST}.
+parse_request(#iq{lang = Lang}) ->
+    Text = <<"Failed to parse ad-hoc command request">>,
+    {error, ?ERRT_BAD_REQUEST(Lang, Text)}.
 
 %% Borrowed from mod_vcard.erl
 find_xdata_el(#xmlel{children = SubEls}) ->
@@ -86,12 +82,9 @@ find_xdata_el1([_ | Els]) -> find_xdata_el1(Els).
 %% record, filling in values for language, node and session id from
 %% the request.
 %%
--spec(produce_response/2 ::
-(
-  Adhoc_Request  :: adhoc_request(),
-  Adhoc_Response :: adhoc_response())
-    -> Xmlel::xmlel()
-).
+-spec produce_response(Adhoc_Request :: adhoc_request(),
+		       Adhoc_Response :: adhoc_response()) ->
+			      Xmlel::xmlel().
 
 %% Produce a <command/> node to use as response from an adhoc_response
 %% record.
@@ -102,11 +95,7 @@ produce_response(#adhoc_request{lang = Lang, node = Node, sessionid = SessionID}
     }).
 
 %%
--spec(produce_response/1 ::
-(
-  Adhoc_Response::adhoc_response())
-    -> Xmlel::xmlel()
-).
+-spec produce_response(Adhoc_Response::adhoc_response()) -> Xmlel::xmlel().
 
 produce_response(
   #adhoc_response{

src/cyrsasl.erl

@@ -88,13 +88,8 @@ start() ->
     ok.
 
 %%
--spec(register_mechanism/3 ::
-(
-  Mechanim     :: mechanism(),
-  Module       :: module(),
-  PasswordType :: password_type())
-    -> any()
-).
+-spec register_mechanism(Mechanim :: mechanism(), Module :: module(),
+			 PasswordType :: password_type()) -> any().
 
 register_mechanism(Mechanism, Module, PasswordType) ->
     case is_disabled(Mechanism) of
@@ -139,11 +134,7 @@ check_credentials(_State, Props) ->
       _LUser -> ok
     end.
 
--spec(listmech/1 ::
-(
-  Host ::binary())
-    -> Mechanisms::mechanisms()
-).
+-spec listmech(Host ::binary()) -> Mechanisms::mechanisms().
 
 listmech(Host) ->
     Mechs = ets:select(sasl_mechanism,
@@ -213,12 +204,7 @@ server_step(State, ClientIn) ->
 %% Remove the anonymous mechanism from the list if not enabled for the given
 %% host
 %%
--spec(filter_anonymous/2 ::
-(
-  Host  :: binary(),
-  Mechs :: mechanisms())
-    -> mechanisms()
-).
+-spec filter_anonymous(Host :: binary(), Mechs :: mechanisms()) -> mechanisms().
 
 filter_anonymous(Host, Mechs) ->
     case ejabberd_auth_anonymous:is_sasl_anonymous_enabled(Host) of
@@ -226,11 +212,7 @@ filter_anonymous(Host, Mechs) ->
       false -> Mechs -- [<<"ANONYMOUS">>]
     end.
 
--spec(is_disabled/1 ::
-(
-  Mechanism :: mechanism())
-    -> boolean()
-).
+-spec is_disabled(Mechanism :: mechanism()) -> boolean().
 
 is_disabled(Mechanism) ->
     Disabled = ejabberd_config:get_option(

src/cyrsasl_anonymous.erl

@@ -45,9 +45,8 @@ mech_new(Host, _GetPassword, _CheckPassword, _CheckPasswordDigest) ->
 
 mech_step(#state{server = Server} = S, ClientIn) ->
     User = iolist_to_binary([randoms:get_string(),
-                             randoms:get_string(),
-                             randoms:get_string()]),
+                             jlib:integer_to_binary(p1_time_compat:unique_integer([positive]))]),
     case ejabberd_auth:is_user_exists(User, Server) of
         true  -> mech_step(S, ClientIn);
-        false -> {ok, [{username, User}, {auth_module, ejabberd_auth_anonymous}]}
+        false -> {ok, [{username, User}, {authzid, User}, {auth_module, ejabberd_auth_anonymous}]}
     end.

src/cyrsasl_digest.erl

@@ -53,11 +53,11 @@
                 check_password = fun(_, _, _, _, _) -> false end :: check_password_fun(),
                 auth_module :: atom(),
                 host = <<"">> :: binary(),
-                hostfqdn = <<"">> :: binary()}).
+                hostfqdn = <<"">> :: binary() | [binary()]}).
 
 start(_Opts) ->
     Fqdn = get_local_fqdn(),
-    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~s",
+    ?INFO_MSG("FQDN used to check DIGEST-MD5 SASL authentication: ~p",
 	      [Fqdn]),
     cyrsasl:register_mechanism(<<"DIGEST-MD5">>, ?MODULE,
 			       digest).
@@ -183,16 +183,16 @@ is_digesturi_valid(DigestURICase, JabberDomain,
     DigestURI = stringprep:tolower(DigestURICase),
     case catch str:tokens(DigestURI, <<"/">>) of
 	[<<"xmpp">>, Host] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (Host == JabberDomain) or IsHostFqdn;
 	[<<"xmpp">>, Host, ServName] ->
-	    IsHostFqdn = is_host_fqdn(binary_to_list(Host), binary_to_list(JabberFQDN)),
+	    IsHostFqdn = is_host_fqdn(Host, JabberFQDN),
 	    (ServName == JabberDomain) and IsHostFqdn;
 	_ ->
 	    false
     end.
 
-is_host_fqdn(Host, [Letter | _Tail] = Fqdn) when not is_list(Letter) ->
+is_host_fqdn(Host, Fqdn) when is_binary(Fqdn) ->
     Host == Fqdn;
 is_host_fqdn(_Host, []) ->
     false;
@@ -204,6 +204,7 @@ is_host_fqdn(Host, [Fqdn | FqdnTail]) when Host /= Fqdn ->
 get_local_fqdn() ->
     case catch get_local_fqdn2() of
       Str when is_binary(Str) -> Str;
+      List when is_list(List) -> List;
       _ ->
 	  <<"unknown-fqdn, please configure fqdn "
 	    "option in ejabberd.yml!">>
@@ -211,9 +212,11 @@ get_local_fqdn() ->
 
 get_local_fqdn2() ->
     case ejabberd_config:get_option(
-           fqdn, fun iolist_to_binary/1) of
+           fqdn, fun(X) -> X end) of
         ConfiguredFqdn when is_binary(ConfiguredFqdn) ->
             ConfiguredFqdn;
+        [A | _] = ConfiguredFqdns when is_binary(A) ->
+            ConfiguredFqdns;
         undefined ->
             {ok, Hostname} = inet:gethostname(),
             {ok, {hostent, Fqdn, _, _, _, _}} =

src/cyrsasl_oauth.erl

@@ -51,7 +51,7 @@ mech_step(State, ClientIn) ->
                     {ok,
                      [{username, User}, {authzid, AuthzId},
                       {auth_module, ejabberd_oauth}]};
-                false ->
+                _ ->
                     {error, <<"not-authorized">>, User}
             end;
         _ -> {error, <<"bad-protocol">>}

src/ejabberd_admin.erl

@@ -87,6 +87,7 @@ get_commands_spec() ->
 			args = [], result = {res, rescode}},
      #ejabberd_commands{name = reopen_log, tags = [logs, server],
 			desc = "Reopen the log files",
+			policy = admin,
 			module = ?MODULE, function = reopen_log,
 			args = [], result = {res, rescode}},
      #ejabberd_commands{name = rotate_log, tags = [logs, server],
@@ -129,6 +130,7 @@ get_commands_spec() ->
 
      #ejabberd_commands{name = register, tags = [accounts],
 			desc = "Register a user",
+			policy = admin,
 			module = ?MODULE, function = register,
 			args = [{user, binary}, {host, binary}, {password, binary}],
 			result = {res, restuple}},
@@ -166,7 +168,7 @@ get_commands_spec() ->
      #ejabberd_commands{name = list_cluster, tags = [cluster],
 			desc = "List nodes that are part of the cluster handled by Node",
 			module = ?MODULE, function = list_cluster,
-			args = [], 
+			args = [],
 			result = {nodes, {list, {node, atom}}}},
 
      #ejabberd_commands{name = import_file, tags = [mnesia],
@@ -192,20 +194,16 @@ get_commands_spec() ->
 			module = ejabberd_piefxis, function = export_host,
 			args = [{dir, string}, {host, string}], result = {res, rescode}},
 
-     #ejabberd_commands{name = export_odbc, tags = [mnesia, odbc],
+     #ejabberd_commands{name = delete_mnesia, tags = [mnesia, sql],
                         desc = "Export all tables as SQL queries to a file",
-                        module = ejd2odbc, function = export,
-                        args = [{host, string}, {file, string}], result = {res, rescode}},
-     #ejabberd_commands{name = delete_mnesia, tags = [mnesia, odbc],
-                        desc = "Export all tables as SQL queries to a file",
-                        module = ejd2odbc, function = delete,
+                        module = ejd2sql, function = delete,
                         args = [{host, string}], result = {res, rescode}},
-     #ejabberd_commands{name = convert_to_scram, tags = [odbc],
+     #ejabberd_commands{name = convert_to_scram, tags = [sql],
 			desc = "Convert the passwords in 'users' ODBC table to SCRAM",
-			module = ejabberd_auth_odbc, function = convert_to_scram,
+			module = ejabberd_auth_sql, function = convert_to_scram,
 			args = [{host, binary}], result = {res, rescode}},
 
-     #ejabberd_commands{name = import_prosody, tags = [mnesia, odbc, riak],
+     #ejabberd_commands{name = import_prosody, tags = [mnesia, sql, riak],
 			desc = "Import data from Prosody",
 			module = prosody2ejabberd, function = from_dir,
 			args = [{dir, string}], result = {res, rescode}},
@@ -224,11 +222,11 @@ get_commands_spec() ->
 			desc = "Delete offline messages older than DAYS",
 			module = ?MODULE, function = delete_old_messages,
 			args = [{days, integer}], result = {res, rescode}},
-	 
-     #ejabberd_commands{name = export2odbc, tags = [mnesia],
+
+     #ejabberd_commands{name = export2sql, tags = [mnesia],
 			desc = "Export virtual host information from Mnesia tables to SQL files",
-			module = ejd2odbc, function = export,
-			args = [{host, string}, {directory, string}],
+			module = ejd2sql, function = export,
+			args = [{host, string}, {file, string}],
 			result = {res, rescode}},
      #ejabberd_commands{name = set_master, tags = [mnesia],
 			desc = "Set master node of the clustered Mnesia tables",
@@ -382,13 +380,12 @@ register(User, Host, Password) ->
 	{atomic, ok} ->
 	    {ok, io_lib:format("User ~s@~s successfully registered", [User, Host])};
 	{atomic, exists} ->
-	    String = io_lib:format("User ~s@~s already registered at node ~p",
-				   [User, Host, node()]),
-	    {exists, String};
+	    Msg = io_lib:format("User ~s@~s already registered", [User, Host]),
+	    {error, conflict, 10090, Msg};
 	{error, Reason} ->
 	    String = io_lib:format("Can't register user ~s@~s at node ~p: ~p",
 				   [User, Host, node(), Reason]),
-	    {cannot_register, String}
+	    {error, cannot_register, 10001, String}
     end.
 
 unregister(User, Host) ->

src/ejabberd_app.erl

@@ -45,6 +45,7 @@ start(normal, _Args) ->
     write_pid_file(),
     jid:start(),
     start_apps(),
+    start_elixir_application(),
     ejabberd:check_app(ejabberd),
     randoms:start(),
     db_init(),
@@ -55,6 +56,7 @@ start(normal, _Args) ->
     ejabberd_admin:start(),
     gen_mod:start(),
     ext_mod:start(),
+    setup_if_elixir_conf_used(),
     ejabberd_config:start(),
     set_settings_from_config(),
     acl:start(),
@@ -63,6 +65,7 @@ start(normal, _Args) ->
     Sup = ejabberd_sup:start_link(),
     ejabberd_rdbms:start(),
     ejabberd_riak_sup:start(),
+    ejabberd_redis:start(),
     ejabberd_sm:start(),
     cyrsasl:start(),
     % Profiling
@@ -73,6 +76,8 @@ start(normal, _Args) ->
     ejabberd_oauth:start(),
     gen_mod:start_modules(),
     ejabberd_listener:start_listeners(),
+    ejabberd_service:start(),
+    register_elixir_config_hooks(),
     ?INFO_MSG("ejabberd ~s is started in the node ~p", [?VERSION, node()]),
     Sup;
 start(_, _) ->
@@ -83,9 +88,9 @@ start(_, _) ->
 %% before shutting down the processes of the application.
 prep_stop(State) ->
     ejabberd_listener:stop_listeners(),
-    gen_mod:stop_modules(),
     ejabberd_admin:stop(),
     broadcast_c2s_shutdown(),
+    gen_mod:stop_modules(),
     timer:sleep(5000),
     State.
 
@@ -236,3 +241,26 @@ opt_type(modules) ->
 		      Mods)
     end;
 opt_type(_) -> [cluster_nodes, loglevel, modules, net_ticktime].
+
+setup_if_elixir_conf_used() ->
+  case ejabberd_config:is_using_elixir_config() of
+    true -> 'Elixir.Ejabberd.Config.Store':start_link();
+    false -> ok
+  end.
+
+register_elixir_config_hooks() ->
+  case ejabberd_config:is_using_elixir_config() of
+    true -> 'Elixir.Ejabberd.Config':start_hooks();
+    false -> ok
+  end.
+
+start_elixir_application() ->
+    case ejabberd_config:is_elixir_enabled() of
+	true ->
+	    case application:ensure_started(elixir) of
+		ok -> ok;
+		{error, _Msg} -> ?ERROR_MSG("Elixir application not started.", [])
+	    end;
+	_ ->
+	    ok
+    end.

src/ejabberd_auth.erl

@@ -136,8 +136,8 @@ check_password(User, AuthzId, Server, Password, Digest,
 %%     {true, AuthModule} | false
 %% where
 %%   AuthModule = ejabberd_auth_anonymous | ejabberd_auth_external
-%%                 | ejabberd_auth_internal | ejabberd_auth_ldap
-%%                 | ejabberd_auth_odbc | ejabberd_auth_pam | ejabberd_auth_riak
+%%                 | ejabberd_auth_mnesia | ejabberd_auth_ldap
+%%                 | ejabberd_auth_sql | ejabberd_auth_pam | ejabberd_auth_riak
 -spec check_password_with_authmodule(binary(), binary(), binary(), binary()) -> false |
                                                                       {true, atom()}.
 
@@ -428,30 +428,21 @@ auth_modules() ->
 %% Return the list of authenticated modules for a given host
 auth_modules(Server) ->
     LServer = jid:nameprep(Server),
-    Default = case gen_mod:default_db(LServer) of
-		  mnesia -> internal;
-		  DBType -> DBType
-	      end,
+    Default = ejabberd_config:default_db(LServer, ?MODULE),
     Methods = ejabberd_config:get_option(
-                {auth_method, LServer},
-                fun(V) when is_list(V) ->
-                        true = lists:all(fun is_atom/1, V),
-                        V;
-                   (V) when is_atom(V) ->
-                        [V]
-                end, [Default]),
+                {auth_method, LServer}, opt_type(auth_method), [Default]),
     [jlib:binary_to_atom(<<"ejabberd_auth_",
                            (jlib:atom_to_binary(M))/binary>>)
      || M <- Methods].
 
 export(Server) ->
-    ejabberd_auth_internal:export(Server).
+    ejabberd_auth_mnesia:export(Server).
 
 import(Server) ->
-    ejabberd_auth_internal:import(Server).
+    ejabberd_auth_mnesia:import(Server).
 
 import(Server, mnesia, Passwd) ->
-    ejabberd_auth_internal:import(Server, mnesia, Passwd);
+    ejabberd_auth_mnesia:import(Server, mnesia, Passwd);
 import(Server, riak, Passwd) ->
     ejabberd_auth_riak:import(Server, riak, Passwd);
 import(_, _, _) ->
@@ -459,7 +450,7 @@ import(_, _, _) ->
 
 opt_type(auth_method) ->
     fun (V) when is_list(V) ->
-	    true = lists:all(fun is_atom/1, V), V;
-	(V) when is_atom(V) -> [V]
+	    lists:map(fun(M) -> ejabberd_config:v_db(?MODULE, M) end, V);
+	(V) -> [ejabberd_config:v_db(?MODULE, V)]
     end;
 opt_type(_) -> [auth_method].

src/ejabberd_auth_anonymous.erl

@@ -56,7 +56,7 @@
 %% Create the anonymous table if at least one virtual host has anonymous features enabled
 %% Register to login / logout events
 -record(anonymous, {us = {<<"">>, <<"">>} :: {binary(), binary()},
-                    sid = {p1_time_compat:timestamp(), self()} :: ejabberd_sm:sid()}).
+                    sid = ejabberd_sm:make_sid() :: ejabberd_sm:sid()}).
 
 start(Host) ->
     %% TODO: Check cluster mode

src/ejabberd_auth_external.erl

@@ -56,7 +56,7 @@ start(Host) ->
             "extauth"),
     extauth:start(Host, Cmd),
     check_cache_last_options(Host),
-    ejabberd_auth_internal:start(Host).
+    ejabberd_auth_mnesia:start(Host).
 
 check_cache_last_options(Server) ->
     case get_cache_option(Server) of
@@ -78,13 +78,15 @@ store_type() -> external.
 
 check_password(User, AuthzId, Server, Password) ->
     if AuthzId /= <<>> andalso AuthzId /= User ->
-        false;
-    true ->
-    case get_cache_option(Server) of
-          false -> check_password_extauth(User, AuthzId, Server, Password);
-      {true, CacheTime} ->
-    	  check_password_cache(User, AuthzId, Server, Password, CacheTime)
-        end
+	    false;
+       true ->
+	    case get_cache_option(Server) of
+	      false ->
+		  check_password_extauth(User, AuthzId, Server, Password);
+	      {true, CacheTime} ->
+		  check_password_cache(User, AuthzId, Server, Password,
+				       CacheTime)
+	    end
     end.
 
 check_password(User, AuthzId, Server, Password, _Digest,
@@ -94,7 +96,7 @@ check_password(User, AuthzId, Server, Password, _Digest,
 set_password(User, Server, Password) ->
     case extauth:set_password(User, Server, Password) of
       true ->
-	  set_password_internal(User, Server, Password), ok;
+	  set_password_mnesia(User, Server, Password), ok;
       _ -> {error, unknown_problem}
     end.
 
@@ -106,20 +108,20 @@ try_register(User, Server, Password) ->
     end.
 
 dirty_get_registered_users() ->
-    ejabberd_auth_internal:dirty_get_registered_users().
+    ejabberd_auth_mnesia:dirty_get_registered_users().
 
 get_vh_registered_users(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users(Server).
 
 get_vh_registered_users(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users(Server,
 						   Data).
 
 get_vh_registered_users_number(Server) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server).
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server).
 
 get_vh_registered_users_number(Server, Data) ->
-    ejabberd_auth_internal:get_vh_registered_users_number(Server,
+    ejabberd_auth_mnesia:get_vh_registered_users_number(Server,
 							  Data).
 
 %% The password can only be returned if cache is enabled, cached info exists and is fresh enough.
@@ -151,7 +153,7 @@ remove_user(User, Server) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server)
+		ejabberd_auth_mnesia:remove_user(User, Server)
 	  end
     end.
 
@@ -162,7 +164,7 @@ remove_user(User, Server, Password) ->
 	  case get_cache_option(Server) of
 	    false -> false;
 	    {true, _CacheTime} ->
-		ejabberd_auth_internal:remove_user(User, Server,
+		ejabberd_auth_mnesia:remove_user(User, Server,
 						   Password)
 	  end
     end.
@@ -197,7 +199,7 @@ check_password_cache(User, AuthzId, Server, Password,
 		     CacheTime) ->
     case get_last_access(User, Server) of
       online ->
-	  check_password_internal(User, AuthzId, Server, Password);
+	  check_password_mnesia(User, AuthzId, Server, Password);
       never ->
 	  check_password_external_cache(User, AuthzId, Server, Password);
       mod_last_required ->
@@ -210,7 +212,7 @@ check_password_cache(User, AuthzId, Server, Password,
 	  case is_fresh_enough(TimeStamp, CacheTime) of
 	    %% If no need to refresh, check password against Mnesia
 	    true ->
-		case check_password_internal(User, AuthzId, Server, Password) of
+		case check_password_mnesia(User, AuthzId, Server, Password) of
 		  %% If password valid in Mnesia, accept it
 		  true -> true;
 		  %% Else (password nonvalid in Mnesia), check in extauth and cache result
@@ -223,13 +225,13 @@ check_password_cache(User, AuthzId, Server, Password,
 	  end
     end.
 
-get_password_internal(User, Server) ->
-    ejabberd_auth_internal:get_password(User, Server).
+get_password_mnesia(User, Server) ->
+    ejabberd_auth_mnesia:get_password(User, Server).
 
 -spec get_password_cache(User::binary(), Server::binary(), CacheTime::integer()) -> Password::string() | false.
 get_password_cache(User, Server, CacheTime) ->
     case get_last_access(User, Server) of
-      online -> get_password_internal(User, Server);
+      online -> get_password_mnesia(User, Server);
       never -> false;
       mod_last_required ->
 	  ?ERROR_MSG("extauth is used, extauth_cache is enabled "
@@ -239,7 +241,7 @@ get_password_cache(User, Server, CacheTime) ->
 	  false;
       TimeStamp ->
 	  case is_fresh_enough(TimeStamp, CacheTime) of
-	    true -> get_password_internal(User, Server);
+	    true -> get_password_mnesia(User, Server);
 	    false -> false
 	  end
     end.
@@ -248,7 +250,7 @@ get_password_cache(User, Server, CacheTime) ->
 check_password_external_cache(User, AuthzId, Server, Password) ->
     case check_password_extauth(User, AuthzId, Server, Password) of
       true ->
-	  set_password_internal(User, Server, Password), true;
+	  set_password_mnesia(User, Server, Password), true;
       false -> false
     end.
 
@@ -256,21 +258,21 @@ check_password_external_cache(User, AuthzId, Server, Password) ->
 try_register_external_cache(User, Server, Password) ->
     case try_register_extauth(User, Server, Password) of
       {atomic, ok} = R ->
-	  set_password_internal(User, Server, Password), R;
+	  set_password_mnesia(User, Server, Password), R;
       _ -> {error, not_allowed}
     end.
 
 %% @spec (User, AuthzId, Server, Password) -> true | false
-check_password_internal(User, AuthzId, Server, Password) ->
-    ejabberd_auth_internal:check_password(User, AuthzId, Server,
+check_password_mnesia(User, AuthzId, Server, Password) ->
+    ejabberd_auth_mnesia:check_password(User, AuthzId, Server,
 					  Password).
 
 %% @spec (User, Server, Password) -> ok | {error, invalid_jid}
-set_password_internal(User, Server, Password) ->
+set_password_mnesia(User, Server, Password) ->
 %% @spec (TimeLast, CacheTime) -> true | false
 %%       TimeLast = online | never | integer()
 %%       CacheTime = integer() | false
-    ejabberd_auth_internal:set_password(User, Server,
+    ejabberd_auth_mnesia:set_password(User, Server,
 					Password).
 
 is_fresh_enough(TimeStampLast, CacheTime) ->

src/ejabberd_auth_ldap.erl

@@ -118,16 +118,15 @@ store_type() -> external.
 
 check_password(User, AuthzId, Server, Password) ->
     if AuthzId /= <<>> andalso AuthzId /= User ->
-        false;
-    true ->
-    if Password == <<"">> -> false;
+	    false;
        true ->
-	   case catch check_password_ldap(User, Server, Password)
-	       of
-	     {'EXIT', _} -> false;
-	     Result -> Result
-	   end
-        end
+	    if Password == <<"">> -> false;
+	       true ->
+		    case catch check_password_ldap(User, Server, Password) of
+		      {'EXIT', _} -> false;
+		      Result -> Result
+		    end
+	    end
     end.
 
 check_password(User, AuthzId, Server, Password, _Digest,

src/ejabberd_auth_mnesia.erl

@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_internal.erl
+%%% File    : ejabberd_auth_mnesia.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via mnesia
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------
 
--module(ejabberd_auth_internal).
+-module(ejabberd_auth_mnesia).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
 
 -behaviour(ejabberd_config).
 
@@ -43,6 +45,7 @@
 
 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").
 
 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                  password = <<"">> :: binary() | scram() | '_'}).
@@ -88,51 +91,48 @@ store_type() ->
 
 check_password(User, AuthzId, Server, Password) ->
     if AuthzId /= <<>> andalso AuthzId /= User ->
-        false;
-    true ->
-        LUser = jid:nodeprep(User),
-        LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Password}]
-	  when is_binary(Password) ->
-	  Password /= <<"">>;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  is_password_scram_valid(Password, Scram);
-      _ -> false
-        end
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Password}] when is_binary(Password) ->
+		  Password /= <<"">>;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  is_password_scram_valid(Password, Scram);
+	      _ -> false
+	    end
     end.
 
 check_password(User, AuthzId, Server, Password, Digest,
 	       DigestGen) ->
     if AuthzId /= <<>> andalso AuthzId /= User ->
-        false;
-    true ->
-        LUser = jid:nodeprep(User),
-        LServer = jid:nameprep(Server),
-    US = {LUser, LServer},
-    case catch mnesia:dirty_read({passwd, US}) of
-      [#passwd{password = Passwd}] when is_binary(Passwd) ->
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      [#passwd{password = Scram}]
-	  when is_record(Scram, scram) ->
-	  Passwd = jlib:decode_base64(Scram#scram.storedkey),
-	  DigRes = if Digest /= <<"">> ->
-			  Digest == DigestGen(Passwd);
-		      true -> false
-		   end,
-	  if DigRes -> true;
-	     true -> (Passwd == Password) and (Password /= <<"">>)
-	  end;
-      _ -> false
-        end
+	    false;
+       true ->
+	    LUser = jid:nodeprep(User),
+	    LServer = jid:nameprep(Server),
+	    US = {LUser, LServer},
+	    case catch mnesia:dirty_read({passwd, US}) of
+	      [#passwd{password = Passwd}] when is_binary(Passwd) ->
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      [#passwd{password = Scram}] when is_record(Scram, scram) ->
+		  Passwd = jlib:decode_base64(Scram#scram.storedkey),
+		  DigRes = if Digest /= <<"">> ->
+				   Digest == DigestGen(Passwd);
+			      true -> false
+			   end,
+		  if DigRes -> true;
+		     true -> (Passwd == Password) and (Password /= <<"">>)
+		  end;
+	      _ -> false
+	    end
     end.
 
 %% @spec (User::string(), Server::string(), Password::string()) ->
@@ -473,12 +473,22 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
     [{passwd,
       fun(Host, #passwd{us = {LUser, LServer}, password = Password})
+            when LServer == Host,
+                 is_binary(Password) ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
+         (Host, #passwd{us = {LUser, LServer}, password = #scram{} = Scram})
             when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+              StoredKey = Scram#scram.storedkey,
+              ServerKey = Scram#scram.serverkey,
+              Salt = Scram#scram.salt,
+              IterationCount = Scram#scram.iterationcount,
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password, serverkey, salt, "
+                    "iterationcount) "
+                    "values (%(LUser)s, %(StoredKey)s, %(ServerKey)s,"
+                    " %(Salt)s, %(IterationCount)d);")];
          (_Host, _R) ->
               []
       end}].

src/ejabberd_auth_riak.erl

@@ -25,6 +25,8 @@
 
 -module(ejabberd_auth_riak).
 
+-compile([{parse_transform, ejabberd_sql_pt}]).
+
 -author('alexey@process-one.net').
 
 -behaviour(ejabberd_auth).
@@ -42,6 +44,7 @@
 -export([passwd_schema/0]).
 
 -include("ejabberd.hrl").
+-include("ejabberd_sql_pt.hrl").
 
 -record(passwd, {us = {<<"">>, <<"">>} :: {binary(), binary()} | '$1',
                  password = <<"">> :: binary() | scram() | '_'}).
@@ -290,12 +293,10 @@ is_password_scram_valid(Password, Scram) ->
 export(_Server) ->
     [{passwd,
       fun(Host, #passwd{us = {LUser, LServer}, password = Password})
-            when LServer == Host ->
-              Username = ejabberd_odbc:escape(LUser),
-              Pass = ejabberd_odbc:escape(Password),
-              [[<<"delete from users where username='">>, Username, <<"';">>],
-               [<<"insert into users(username, password) "
-                  "values ('">>, Username, <<"', '">>, Pass, <<"');">>]];
+         when LServer == Host ->
+              [?SQL("delete from users where username=%(LUser)s;"),
+               ?SQL("insert into users(username, password) "
+                    "values (%(LUser)s, %(Password)s);")];
          (_Host, _R) ->
               []
       end}].

src/ejabberd_auth_sql.erl

@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_auth_odbc.erl
+%%% File    : ejabberd_auth_sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Authentification via ODBC
 %%% Created : 12 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
@@ -23,7 +23,9 @@
 %%%
 %%%----------------------------------------------------------------------
 
--module(ejabberd_auth_odbc).
+-module(ejabberd_auth_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
 
 -behaviour(ejabberd_config).
 
@@ -43,6 +45,7 @@
 
 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").
 
 -define(SALT_LENGTH, 16).
 
@@ -77,7 +80,7 @@ check_password(User, AuthzId, Server, Password) ->
        true ->
             case is_scrammed() of
                 true ->
-                    try odbc_queries:get_password_scram(LServer, LUser) of
+                    try sql_queries:get_password_scram(LServer, LUser) of
                         {selected,
                          [{StoredKey, ServerKey, Salt, IterationCount}]} ->
                             Scram =
@@ -85,7 +88,7 @@ check_password(User, AuthzId, Server, Password) ->
                                        serverkey = ServerKey,
                                        salt = Salt,
                                        iterationcount = IterationCount},
-                            is_password_scram_valid(Password, Scram);
+                            is_password_scram_valid_stored(Password, Scram, LUser, LServer);
                         {selected, []} ->
                             false; %% Account does not exist
                         {error, _Error} ->
@@ -95,7 +98,7 @@ check_password(User, AuthzId, Server, Password) ->
                             false %% Typical error is database not accessible
                     end;
                 false ->
-                    try odbc_queries:get_password(LServer, LUser) of
+                    try sql_queries:get_password(LServer, LUser) of
                         {selected, [{Password}]} ->
                             Password /= <<"">>;
                         {selected, [{_Password2}]} ->
@@ -127,7 +130,7 @@ check_password(User, AuthzId, Server, Password, Digest,
        true ->
             case is_scrammed() of
                 false ->
-                    try odbc_queries:get_password(LServer, LUser) of
+                    try sql_queries:get_password(LServer, LUser) of
                         %% Account exists, check if password is valid
                         {selected, [{Passwd}]} ->
                             DigRes = if Digest /= <<"">> ->
@@ -164,7 +167,7 @@ set_password(User, Server, Password) ->
             case is_scrammed() of
                 true ->
                     Scram = password_to_scram(Password),
-                    case catch odbc_queries:set_password_scram_t(
+                    case catch sql_queries:set_password_scram_t(
                                  LServer,
                                  LUser,
                                  Scram#scram.storedkey,
@@ -177,7 +180,7 @@ set_password(User, Server, Password) ->
                         Other -> {error, Other}
                     end;
                 false ->
-                    case catch odbc_queries:set_password_t(LServer,
+                    case catch sql_queries:set_password_t(LServer,
                                                            LUser, Password)
                         of
                         {atomic, ok} -> ok;
@@ -198,7 +201,7 @@ try_register(User, Server, Password) ->
             case is_scrammed() of
                 true ->
                     Scram = password_to_scram(Password),
-                    case catch odbc_queries:add_user_scram(
+                    case catch sql_queries:add_user_scram(
                                  LServer,
                                  LUser,
                                  Scram#scram.storedkey,
@@ -210,7 +213,7 @@ try_register(User, Server, Password) ->
                         _ -> {atomic, exists}
                     end;
                 false ->
-                    case catch odbc_queries:add_user(LServer, LUser,
+                    case catch sql_queries:add_user(LServer, LUser,
                                                      Password) of
                         {updated, 1} -> {atomic, ok};
                         _ -> {atomic, exists}
@@ -219,7 +222,7 @@ try_register(User, Server, Password) ->
     end.
 
 dirty_get_registered_users() ->
-    Servers = ejabberd_config:get_vh_by_auth_method(odbc),
+    Servers = ejabberd_config:get_vh_by_auth_method(sql),
     lists:flatmap(fun (Server) ->
 			  get_vh_registered_users(Server)
 		  end,
@@ -230,7 +233,7 @@ get_vh_registered_users(Server) ->
         error -> [];
         <<>> -> [];
         LServer ->
-            case catch odbc_queries:list_users(LServer) of
+            case catch sql_queries:list_users(LServer) of
                 {selected, Res} ->
                     [{U, LServer} || {U} <- Res];
                 _ -> []
@@ -242,7 +245,7 @@ get_vh_registered_users(Server, Opts) ->
         error -> [];
         <<>> -> [];
         LServer ->
-            case catch odbc_queries:list_users(LServer, Opts) of
+            case catch sql_queries:list_users(LServer, Opts) of
                 {selected, Res} ->
                     [{U, LServer} || {U} <- Res];
                 _ -> []
@@ -254,7 +257,7 @@ get_vh_registered_users_number(Server) ->
         error -> 0;
         <<>> -> 0;
         LServer ->
-            case catch odbc_queries:users_number(LServer) of
+            case catch sql_queries:users_number(LServer) of
                 {selected, [{Res}]} ->
                     Res;
                 _ -> 0
@@ -266,7 +269,7 @@ get_vh_registered_users_number(Server, Opts) ->
         error -> 0;
         <<>> -> 0;
         LServer ->
-            case catch odbc_queries:users_number(LServer, Opts) of
+            case catch sql_queries:users_number(LServer, Opts) of
                 {selected, [{Res}]} ->
                     Res;
                 _Other -> 0
@@ -283,7 +286,7 @@ get_password(User, Server) ->
        true ->
             case is_scrammed() of
                 true ->
-                    case catch odbc_queries:get_password_scram(
+                    case catch sql_queries:get_password_scram(
                                  LServer, LUser) of
                         {selected,
                          [{StoredKey, ServerKey, Salt, IterationCount}]} ->
@@ -294,7 +297,7 @@ get_password(User, Server) ->
                         _ -> false
                     end;
                 false ->
-                    case catch odbc_queries:get_password(LServer, LUser)
+                    case catch sql_queries:get_password(LServer, LUser)
                         of
                         {selected, [{Password}]} -> Password;
                         _ -> false
@@ -312,7 +315,7 @@ get_password_s(User, Server) ->
        true ->
             case is_scrammed() of
                 false ->
-                    case catch odbc_queries:get_password(LServer, LUser) of
+                    case catch sql_queries:get_password(LServer, LUser) of
                         {selected, [{Password}]} -> Password;
                         _ -> <<"">>
                     end;
@@ -329,7 +332,7 @@ is_user_exists(User, Server) ->
        (LUser == <<>>) or (LServer == <<>>) ->
             false;
        true ->
-	  try odbc_queries:get_password(LServer, LUser) of
+	  try sql_queries:get_password(LServer, LUser) of
 	    {selected, [{_Password}]} ->
 		true; %% Account exists
 	    {selected, []} ->
@@ -351,7 +354,7 @@ remove_user(User, Server) ->
        (LUser == <<>>) or (LServer == <<>>) ->
             error;
        true ->
-	  catch odbc_queries:del_user(LServer, LUser),
+	  catch sql_queries:del_user(LServer, LUser),
 	  ok
     end.
 
@@ -375,7 +378,7 @@ remove_user(User, Server, Password) ->
                     end;
                 false ->
                     F = fun () ->
-                                Result = odbc_queries:del_user_return_password(
+                                Result = sql_queries:del_user_return_password(
                                            LServer, LUser, Password),
                                 case Result of
                                     {selected, [{Password}]} -> ok;
@@ -383,7 +386,7 @@ remove_user(User, Server, Password) ->
                                     _ -> not_allowed
                                 end
                         end,
-                    {atomic, Result} = odbc_queries:sql_transaction(
+                    {atomic, Result} = sql_queries:sql_transaction(
                                          LServer, F),
                     Result
             end
@@ -414,6 +417,15 @@ password_to_scram(Password, IterationCount) ->
 	   salt = jlib:encode_base64(Salt),
 	   iterationcount = IterationCount}.
 
+is_password_scram_valid_stored(Pass, {scram,Pass,<<>>,<<>>,0}, LUser, LServer) ->
+    ?INFO_MSG("Apparently, SQL auth method and scram password formatting are "
+	"enabled, but the password of user '~s' in the 'users' table is not "
+	"scrammed. You may want to execute this command: "
+	"ejabberdctl convert_to_scram ~s", [LUser, LServer]),
+    false;
+is_password_scram_valid_stored(Password, Scram, _, _) ->
+    is_password_scram_valid(Password, Scram).
+
 is_password_scram_valid(Password, Scram) ->
     IterationCount = Scram#scram.iterationcount,
     Salt = jlib:decode_base64(Scram#scram.salt),
@@ -425,19 +437,15 @@ is_password_scram_valid(Password, Scram) ->
 
 -define(BATCH_SIZE, 1000).
 
-set_password_scram_t(Username,
+set_password_scram_t(LUser,
                      StoredKey, ServerKey, Salt, IterationCount) ->
-    odbc_queries:update_t(<<"users">>,
-                          [<<"username">>,
-                           <<"password">>,
-                           <<"serverkey">>,
-                           <<"salt">>,
-                           <<"iterationcount">>],
-                          [Username, StoredKey,
-                           ServerKey, Salt,
-                           IterationCount],
-                          [<<"username='">>, Username,
-                           <<"'">>]).
+    ?SQL_UPSERT_T(
+       "users",
+       ["!username=%(LUser)s",
+        "password=%(StoredKey)s",
+        "serverkey=%(ServerKey)s",
+        "salt=%(Salt)s",
+        "iterationcount=%(IterationCount)d"]).
 
 convert_to_scram(Server) ->
     LServer = jid:nameprep(Server),
@@ -447,31 +455,31 @@ convert_to_scram(Server) ->
             {error, {incorrect_server_name, Server}};
         true ->
             F = fun () ->
-                        case ejabberd_odbc:sql_query_t(
-                               [<<"select username, password from users where "
-                                 "iterationcount=0 limit ">>,
-                                integer_to_binary(?BATCH_SIZE),
-                                <<";">>]) of
-                            {selected, [<<"username">>, <<"password">>], []} ->
+                        BatchSize = ?BATCH_SIZE,
+                        case ejabberd_sql:sql_query_t(
+                               ?SQL("select @(username)s, @(password)s"
+                                    " from users"
+                                    " where iterationcount=0"
+                                    " limit %(BatchSize)d")) of
+                            {selected, []} ->
                                 ok;
-                            {selected, [<<"username">>, <<"password">>], Rs} ->
+                            {selected, Rs} ->
                                 lists:foreach(
-                                  fun([LUser, Password]) ->
-                                          Username = ejabberd_odbc:escape(LUser),
+                                  fun({LUser, Password}) ->
                                           Scram = password_to_scram(Password),
                                           set_password_scram_t(
-                                            Username,
-                                            ejabberd_odbc:escape(Scram#scram.storedkey),
-                                            ejabberd_odbc:escape(Scram#scram.serverkey),
-                                            ejabberd_odbc:escape(Scram#scram.salt),
-                                            integer_to_binary(Scram#scram.iterationcount)
+                                            LUser,
+                                            Scram#scram.storedkey,
+                                            Scram#scram.serverkey,
+                                            Scram#scram.salt,
+                                            Scram#scram.iterationcount
                                            )
                                   end, Rs),
                                 continue;
                             Err -> {bad_reply, Err}
                         end
                 end,
-            case odbc_queries:sql_transaction(LServer, F) of
+            case sql_queries:sql_transaction(LServer, F) of
                 {atomic, ok} -> ok;
                 {atomic, continue} -> convert_to_scram(Server);
                 {atomic, Error} -> {error, Error};

src/ejabberd_commands.erl

@@ -90,7 +90,8 @@
 %%%    PowFloat = math:pow(Base, Exponent),
 %%%    round(PowFloat).</pre>
 %%%
-%%% Since this function will be called by ejabberd_commands, it must be exported.
+%%% Since this function will be called by ejabberd_commands, it must
+%%% be exported.
 %%% Add to your module:
 %%% <pre>-export([calc_power/2]).</pre>
 %%%
@@ -201,24 +202,36 @@
 %%% TODO: consider this feature:
 %%% All commands are catched. If an error happens, return the restuple:
 %%%   {error, flattened error string}
-%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc) need to allows this.
-%%% And ejabberd_xmlrpc must be prepared to handle such an unexpected response.
+%%% This means that ecomm call APIs (ejabberd_ctl, ejabberd_xmlrpc)
+%%% need to allows this. And ejabberd_xmlrpc must be prepared to
+%%% handle such an unexpected response.
 
 
 -module(ejabberd_commands).
 -author('badlop@process-one.net').
 
+-define(DEFAULT_VERSION, 1000000).
+
 -export([init/0,
 	 list_commands/0,
+	 list_commands/1,
 	 get_command_format/1,
-         get_command_format/2,
+	 get_command_format/2,
+	 get_command_format/3,
+         get_command_policy_and_scope/1,
 	 get_command_definition/1,
+	 get_command_definition/2,
 	 get_tags_commands/0,
-         get_commands/0,
+	 get_tags_commands/1,
+         get_exposed_commands/0,
 	 register_commands/1,
-	 unregister_commands/1,
+   unregister_commands/1,
+   expose_commands/1,
 	 execute_command/2,
-         execute_command/4,
+	 execute_command/3,
+	 execute_command/4,
+	 execute_command/5,
+	 execute_command/6,
          opt_type/1,
          get_commands_spec/0
 	]).
@@ -226,6 +239,7 @@
 -include("ejabberd_commands.hrl").
 -include("ejabberd.hrl").
 -include("logger.hrl").
+-include_lib("stdlib/include/ms_transform.hrl").
 
 -define(POLICY_ACCESS, '$policy').
 
@@ -260,23 +274,27 @@ get_commands_spec() ->
                            args_example = ["/home/me/docs/api.html", "mod_admin", "java,json"],
                            result_example = ok}].
 init() ->
-    ets:new(ejabberd_commands, [named_table, set, public,
-				{keypos, #ejabberd_commands.name}]),
+    mnesia:create_table(ejabberd_commands,
+                        [{ram_copies, [node()]},
+                         {local_content, true},
+                         {attributes, record_info(fields, ejabberd_commands)},
+                         {type, bag}]),
+    mnesia:add_table_copy(ejabberd_commands, node(), ram_copies),
     register_commands(get_commands_spec()).
 
 -spec register_commands([ejabberd_commands()]) -> ok.
 
 %% @doc Register ejabberd commands.
-%% If a command is already registered, a warning is printed and the old command is preserved.
+%% If a command is already registered, a warning is printed and the
+%% old command is preserved.
+%% A registered command is not directly available to be called through
+%% ejabberd ReST API. It need to be exposed to be available through API.
 register_commands(Commands) ->
     lists:foreach(
       fun(Command) ->
-	      case ets:insert_new(ejabberd_commands, Command) of
-		  true ->
-		      ok;
-		  false ->
-		      ?DEBUG("This command is already defined:~n~p", [Command])
-	      end
+              %% XXX check if command exists
+              mnesia:dirty_write(Command)
+              %% ?DEBUG("This command is already defined:~n~p", [Command])
       end,
       Commands).
 
@@ -286,147 +304,297 @@ register_commands(Commands) ->
 unregister_commands(Commands) ->
     lists:foreach(
       fun(Command) ->
-	      ets:delete_object(ejabberd_commands, Command)
+	      mnesia:dirty_delete_object(Command)
       end,
       Commands).
 
+%% @doc Expose command through ejabberd ReST API.
+%% Pass a list of command names or policy to expose.
+-spec expose_commands([ejabberd_commands()|atom()|open|user|admin|restricted]) -> ok | {error, atom()}.
+
+expose_commands(Commands) ->
+    Names = lists:map(fun(#ejabberd_commands{name = Name}) ->
+                              Name;
+                         (Name) when is_atom(Name) ->
+                              Name
+                      end,
+                      Commands),
+
+    case ejabberd_config:add_local_option(commands, [{add_commands, Names}]) of
+        {aborted, Reason} ->
+            {error, Reason};
+        {atomic, Result} ->
+            Result
+    end.
+
 -spec list_commands() -> [{atom(), [aterm()], string()}].
 
 %% @doc Get a list of all the available commands, arguments and description.
 list_commands() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    _ = '_'}),
-    [{A, B, C} || [A, B, C] <- Commands].
+    list_commands(?DEFAULT_VERSION).
 
--spec list_commands_policy() -> [{atom(), [aterm()], string(), atom()}].
+-spec list_commands(integer()) -> [{atom(), [aterm()], string()}].
 
-%% @doc Get a list of all the available commands, arguments, description, and
-%% policy.
-list_commands_policy() ->
-    Commands = ets:match(ejabberd_commands,
-			 #ejabberd_commands{name = '$1',
-					    args = '$2',
-					    desc = '$3',
-					    policy = '$4',
-					    _ = '_'}),
-    [{A, B, C, D} || [A, B, C, D] <- Commands].
+%% @doc Get a list of all the available commands, arguments and
+%% description in a given API verion.
+list_commands(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc} || #ejabberd_commands{name = Name,
+                                              args = Args,
+                                              desc = Desc} <- Commands].
 
--spec get_command_format(atom()) -> {[aterm()], rterm()} | {error, command_unknown}.
+
+-spec list_commands_policy(integer()) ->
+				  [{atom(), [aterm()], string(), atom()}].
+
+%% @doc Get a list of all the available commands, arguments,
+%% description, and policy in a given API version.
+list_commands_policy(Version) ->
+    Commands = get_commands_definition(Version),
+    [{Name, Args, Desc, Policy} ||
+        #ejabberd_commands{name = Name,
+                           args = Args,
+                           desc = Desc,
+                           policy = Policy} <- Commands].
+
+-spec get_command_format(atom()) -> {[aterm()], rterm()}.
 
 %% @doc Get the format of arguments and result of a command.
 get_command_format(Name) ->
-    get_command_format(Name, noauth).
+    get_command_format(Name, noauth, ?DEFAULT_VERSION).
+get_command_format(Name, Version) when is_integer(Version) ->
+    get_command_format(Name, noauth, Version);
+get_command_format(Name, Auth)  ->
+    get_command_format(Name, Auth, ?DEFAULT_VERSION).
 
-get_command_format(Name, Auth) ->
-    Admin = is_admin(Name, Auth),
-    Matched = ets:match(ejabberd_commands,
-			#ejabberd_commands{name = Name,
-					   args = '$1',
-					   result = '$2',
-                                           policy = '$3',
-					   _ = '_'}),
-    case Matched of
-	[] ->
-	    {error, command_unknown};
-	[[Args, Result, user]] when Admin;
-                                    Auth == noauth ->
-	    {[{user, binary}, {server, binary} | Args], Result};
-	[[Args, Result, _]] ->
-	    {Args, Result}
+-spec get_command_format(atom(),
+			 {binary(), binary(), binary(), boolean()} |
+			 noauth | admin,
+			 integer()) ->
+				{[aterm()], rterm()}.
+
+get_command_format(Name, Auth, Version) ->
+    Admin = is_admin(Name, Auth, #{}),
+    #ejabberd_commands{args = Args,
+		       result = Result,
+                       policy = Policy} =
+        get_command_definition(Name, Version),
+    case Policy of
+        user when Admin;
+                  Auth == noauth ->
+            {[{user, binary}, {server, binary} | Args], Result};
+        _ ->
+            {Args, Result}
     end.
 
--spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
+-spec get_command_policy_and_scope(atom()) -> {ok, open|user|admin|restricted, [oauth_scope()]} | {error, command_not_found}.
+
+%% @doc return command policy.
+get_command_policy_and_scope(Name) ->
+    case get_command_definition(Name) of
+        #ejabberd_commands{policy = Policy} = Cmd ->
+            {ok, Policy, cmd_scope(Cmd)};
+        command_not_found ->
+            {error, command_not_found}
+    end.
+
+%% The oauth scopes for a command are the command name itself,
+%% also might include either 'ejabberd:user' or 'ejabberd:admin'
+cmd_scope(#ejabberd_commands{policy = Policy, name = Name}) ->
+    [erlang:atom_to_binary(Name,utf8)] ++ [<<"ejabberd:user">> || Policy == user] ++ [<<"ejabberd:admin">> || Policy == admin].
+
+
+-spec get_command_definition(atom()) -> ejabberd_commands().
 
 %% @doc Get the definition record of a command.
 get_command_definition(Name) ->
-    case ets:lookup(ejabberd_commands, Name) of
-	[E] -> E;
-	[] -> command_not_found
+    get_command_definition(Name, ?DEFAULT_VERSION).
+
+-spec get_command_definition(atom(), integer()) -> ejabberd_commands().
+
+%% @doc Get the definition record of a command in a given API version.
+get_command_definition(Name, Version) ->
+    case lists:reverse(
+           lists:sort(
+             mnesia:dirty_select(
+               ejabberd_commands,
+               ets:fun2ms(
+                 fun(#ejabberd_commands{name = N, version = V} = C)
+                       when N == Name, V =< Version ->
+                         {V, C}
+                 end)))) of
+        [{_, Command} | _ ] -> Command;
+        _E -> throw({error, unknown_command})
     end.
 
-%% @spec (Name::atom(), Arguments) -> ResultTerm | {error, command_unknown}
-%% @doc Execute a command.
-execute_command(Name, Arguments) ->
-    execute_command([], noauth, Name, Arguments).
+-spec get_commands_definition(integer()) -> [ejabberd_commands()].
 
--spec execute_command([{atom(), [atom()], [any()]}] | undefined,
-                      {binary(), binary(), binary(), boolean()} |
-                      noauth | admin,
-                      atom(),
-                      [any()]
+% @doc Returns all commands for a given API version
+get_commands_definition(Version) ->
+    L = lists:reverse(
+          lists:sort(
+            mnesia:dirty_select(
+              ejabberd_commands,
+              ets:fun2ms(
+                fun(#ejabberd_commands{name = Name, version = V} = C)
+                      when V =< Version ->
+                        {Name, V, C}
+                end)))),
+    F = fun({_Name, _V, Command}, []) ->
+                [Command];
+           ({Name, _V, _Command}, [#ejabberd_commands{name=Name}|_T] = Acc) ->
+                Acc;
+           ({_Name, _V, Command}, Acc) -> [Command | Acc]
+        end,
+    lists:foldl(F, [], L).
+
+%% @spec (Name::atom(), Arguments) -> ResultTerm
+%% where
+%%       Arguments = [any()]
+%% @doc Execute a command.
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided | access_rules_unauthorized
+execute_command(Name, Arguments) ->
+    execute_command(Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command(atom(),
+                      [any()],
+		      integer() |
+		      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin
                      ) -> any().
 
-%% @spec (AccessCommands, Auth, Name::atom(), Arguments) -> ResultTerm | {error, Error}
+%% @spec (Name::atom(), Arguments, integer() | Auth) -> ResultTerm
+%% where
+%%       Auth = {User::string(), Server::string(), Password::string(),
+%%               Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data |
+%% no_auth_provided
+execute_command(Name, Arguments, Version) when is_integer(Version) ->
+    execute_command([], noauth, Name, Arguments, Version);
+execute_command(Name, Arguments, Auth) ->
+    execute_command([], Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments) ->
+%%                                     ResultTerm | {error, Error}
 %% where
 %%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
 %%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
 %%            | noauth
 %%            | admin
-%%       Method = atom()
 %%       Arguments = [any()]
-%%       Error = command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
-execute_command(AccessCommands1, Auth1, Name, Arguments) ->
-    Auth = case is_admin(Name, Auth1) of
+%%
+%% @doc Execute a command
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided
+execute_command(AccessCommands, Auth, Name, Arguments) ->
+    execute_command(AccessCommands, Auth, Name, Arguments, ?DEFAULT_VERSION).
+
+-spec execute_command([{atom(), [atom()], [any()]}] | undefined,
+                      {binary(), binary(), binary(), boolean()} |
+                      noauth | admin,
+                      atom(),
+                      [any()],
+		      integer()
+                     ) -> any().
+
+%% @spec (AccessCommands, Auth, Name::atom(), Arguments, integer()) -> ResultTerm
+%% where
+%%       AccessCommands = [{Access, CommandNames, Arguments}] | undefined
+%%       Auth = {User::string(), Server::string(), Password::string(), Admin::boolean()}
+%%            | noauth
+%%            | admin
+%%       Arguments = [any()]
+%%
+%% @doc Execute a command in a given API version
+%% Can return the following exceptions:
+%% command_unknown | account_unprivileged | invalid_account_data | no_auth_provided | access_rules_unauthorized
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version) ->
+    execute_command(AccessCommands1, Auth1, Name, Arguments, Version, #{}).
+
+execute_command(AccessCommands1, Auth1, Name, Arguments, Version, CallerInfo) ->
+    Auth = case is_admin(Name, Auth1, CallerInfo) of
                true -> admin;
                false -> Auth1
            end,
-    case ets:lookup(ejabberd_commands, Name) of
-	[Command] ->
-            AccessCommands = get_access_commands(AccessCommands1),
-	    try check_access_commands(AccessCommands, Auth, Name, Command, Arguments) of
-		ok -> execute_command2(Auth, Command, Arguments)
-	    catch
-		{error, Error} -> {error, Error}
-	    end;
-	[] -> {error, command_unknown}
+    TokenJID = oauth_token_user(Auth1),
+    Command = get_command_definition(Name, Version),
+    AccessCommands = get_all_access_commands(AccessCommands1),
+
+    case check_access_commands(AccessCommands, Auth, Name, Command, Arguments, CallerInfo) of
+        ok -> execute_check_policy(Auth, TokenJID, Command, Arguments)
     end.
 
-execute_command2(
-  _Auth, #ejabberd_commands{policy = open} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  _Auth, #ejabberd_commands{policy = restricted} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  _Auth, #ejabberd_commands{policy = admin} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  admin, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  noauth, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, Arguments);
-execute_command2(
-  {User, Server, _, _}, #ejabberd_commands{policy = user} = Command, Arguments) ->
-    execute_command2(Command, [User, Server | Arguments]).
 
-execute_command2(Command, Arguments) ->
+execute_check_policy(
+  _Auth, _JID, #ejabberd_commands{policy = open} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  noauth, _JID, Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  _Auth, _JID, #ejabberd_commands{policy = restricted} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_policy(
+  _Auth, JID, #ejabberd_commands{policy = admin} = Command, Arguments) ->
+    execute_check_access(JID, Command, Arguments);
+execute_check_policy(
+  admin, JID, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_check_access(JID, Command, Arguments);
+execute_check_policy(
+  {User, Server, _, _}, JID, #ejabberd_commands{policy = user} = Command, Arguments) ->
+    execute_check_access(JID, Command, [User, Server | Arguments]).
+
+execute_check_access(_FromJID, #ejabberd_commands{access = []} = Command, Arguments) ->
+    do_execute_command(Command, Arguments);
+execute_check_access(undefined, _Command, _Arguments) ->
+    throw({error, access_rules_unauthorized});
+execute_check_access(FromJID, #ejabberd_commands{access = AccessRefs} = Command, Arguments) ->
+    %% TODO Review: Do we have smarter / better way to check rule on other Host than global ?
+    Host = global,
+    Rules = lists:map(fun({Mod, AccessName, Default}) ->
+                              gen_mod:get_module_opt(Host, Mod,
+                                                     AccessName, fun(A) -> A end, Default);
+                         (Default) ->
+                              Default
+                      end, AccessRefs),
+    case acl:any_rules_allowed(Host, Rules, FromJID) of
+        true ->
+            do_execute_command(Command, Arguments);
+        false ->
+            throw({error, access_rules_unauthorized})
+    end.
+
+do_execute_command(Command, Arguments) ->
     Module = Command#ejabberd_commands.module,
     Function = Command#ejabberd_commands.function,
     ?DEBUG("Executing command ~p:~p with Args=~p", [Module, Function, Arguments]),
-    try apply(Module, Function, Arguments) of
-	Response ->
-	    Response
-    catch
-	Problem ->
-	    {error, Problem}
-    end.
+    apply(Module, Function, Arguments).
 
 -spec get_tags_commands() -> [{string(), [string()]}].
 
 %% @spec () -> [{Tag::string(), [CommandName::string()]}]
 %% @doc Get all the tags and associated commands.
 get_tags_commands() ->
-    CommandTags = ets:match(ejabberd_commands,
-			    #ejabberd_commands{
-			      name = '$1',
-			      tags = '$2',
-			      _ = '_'}),
+    get_tags_commands(?DEFAULT_VERSION).
+
+-spec get_tags_commands(integer()) -> [{string(), [string()]}].
+
+%% @spec (integer) -> [{Tag::string(), [CommandName::string()]}]
+%% @doc Get all the tags and associated commands in a given API version
+get_tags_commands(Version) ->
+    CommandTags = [{Name, Tags} ||
+		      #ejabberd_commands{name = Name, tags = Tags}
+			  <- get_commands_definition(Version)],
     Dict = lists:foldl(
-	     fun([CommandNameAtom, CTags], D) ->
+	     fun({CommandNameAtom, CTags}, D) ->
 		     CommandName = atom_to_list(CommandNameAtom),
 		     case CTags of
 			 [] ->
@@ -445,7 +613,6 @@ get_tags_commands() ->
 	     CommandTags),
     orddict:to_list(Dict).
 
-
 %% -----------------------------
 %% Access verification
 %% -----------------------------
@@ -460,9 +627,9 @@ get_tags_commands() ->
 %% At least one AccessCommand must be satisfied.
 %% It may throw {error, Error} where:
 %% Error = account_unprivileged | invalid_account_data
-check_access_commands([], _Auth, _Method, _Command, _Arguments) ->
+check_access_commands([], _Auth, _Method, _Command, _Arguments, _CallerInfo) ->
     ok;
-check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
+check_access_commands(AccessCommands, Auth, Method, Command1, Arguments, CallerInfo) ->
     Command =
         case {Command1#ejabberd_commands.policy, Auth} of
             {user, {_, _, _, _}} ->
@@ -475,29 +642,31 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
                 Command1
         end,
     AccessCommandsAllowed =
-	lists:filter(
-	  fun({Access, Commands, ArgumentRestrictions}) ->
-		  case check_access(Command, Access, Auth) of
-		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
-					       Method, Arguments);
-		      false ->
-			  false
-		  end;
-	      ({Access, Commands}) ->
-		  ArgumentRestrictions = [],
-		  case check_access(Command, Access, Auth) of
-		      true ->
-			  check_access_command(Commands, Command, ArgumentRestrictions,
-					       Method, Arguments);
-		      false ->
-			  false
-		  end
-	  end,
-	  AccessCommands),
+        lists:filter(
+          fun({Access, Commands, ArgumentRestrictions}) ->
+                  case check_access(Command, Access, Auth, CallerInfo) of
+                      true ->
+                          check_access_command(Commands, Command,
+                                               ArgumentRestrictions,
+                                               Method, Arguments);
+                      false ->
+                          false
+                  end;
+             ({Access, Commands}) ->
+                  ArgumentRestrictions = [],
+                  case check_access(Command, Access, Auth, CallerInfo) of
+                      true ->
+                          check_access_command(Commands, Command,
+                                               ArgumentRestrictions,
+                                               Method, Arguments);
+                      false ->
+                          false
+                  end
+          end,
+          AccessCommands),
     case AccessCommandsAllowed of
-	[] -> throw({error, account_unprivileged});
-	L when is_list(L) -> ok
+        [] -> throw({error, account_unprivileged});
+        L when is_list(L) -> ok
     end.
 
 -spec check_auth(ejabberd_commands(), noauth) -> noauth_provided;
@@ -508,11 +677,11 @@ check_access_commands(AccessCommands, Auth, Method, Command1, Arguments) ->
 check_auth(_Command, noauth) ->
     no_auth_provided;
 check_auth(Command, {User, Server, {oauth, Token}, _}) ->
-    Scope = erlang:atom_to_binary(Command#ejabberd_commands.name, utf8),
-    case ejabberd_oauth:check_token(User, Server, Scope, Token) of
+    ScopeList = cmd_scope(Command),
+    case ejabberd_oauth:check_token(User, Server, ScopeList, Token) of
         true ->
             {ok, User, Server};
-        false ->
+        _ ->
             throw({error, invalid_account_data})
     end;
 check_auth(_Command, {User, Server, Password, _}) when is_binary(Password) ->
@@ -522,39 +691,48 @@ check_auth(_Command, {User, Server, Password, _}) when is_binary(Password) ->
         _ -> throw({error, invalid_account_data})
     end.
 
-check_access(Command, ?POLICY_ACCESS, _)
+check_access(Command, ?POLICY_ACCESS, _, _)
   when Command#ejabberd_commands.policy == open ->
     true;
-check_access(_Command, _Access, admin) ->
+check_access(_Command, _Access, admin, _) ->
     true;
-check_access(_Command, _Access, {_User, _Server, _, true}) ->
+check_access(_Command, _Access, {_User, _Server, _, true}, _) ->
     false;
-check_access(Command, Access, Auth)
+check_access(Command, Access, Auth, CallerInfo)
   when Access =/= ?POLICY_ACCESS;
        Command#ejabberd_commands.policy == open;
        Command#ejabberd_commands.policy == user ->
     case check_auth(Command, Auth) of
 	{ok, User, Server} ->
-	    check_access2(Access, User, Server);
+	    check_access2(Access, CallerInfo#{usr => jid:split(jid:make(User, Server, <<>>))}, Server);
+	no_auth_provided ->
+	    case Command#ejabberd_commands.policy of
+		user ->
+		    false;
+		_ ->
+		    check_access2(Access, CallerInfo, global)
+	    end;
 	_ ->
 	    false
     end;
-check_access(_Command, _Access, _Auth) ->
+check_access(_Command, _Access, _Auth, _CallerInfo) ->
     false.
 
-check_access2(?POLICY_ACCESS, _User, _Server) ->
+check_access2(?POLICY_ACCESS, _CallerInfo, _Server) ->
     true;
-check_access2(Access, User, Server) ->
+check_access2(Access, AccessInfo, Server) ->
     %% Check this user has access permission
-    case acl:match_rule(Server, Access, jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(Access, AccessInfo, Server) of
 	allow -> true;
 	deny -> false
     end.
 
-check_access_command(Commands, Command, ArgumentRestrictions, Method, Arguments) ->
+check_access_command(Commands, Command, ArgumentRestrictions,
+		     Method, Arguments) ->
     case Commands==all orelse lists:member(Method, Commands) of
-	true -> check_access_arguments(Command, ArgumentRestrictions, Arguments);
-	false -> false
+        true -> check_access_arguments(Command, ArgumentRestrictions,
+                                       Arguments);
+        false -> false
     end.
 
 check_access_arguments(Command, ArgumentRestrictions, Arguments) ->
@@ -577,18 +755,25 @@ tag_arguments(ArgsDefs, Args) ->
       Args).
 
 
-get_access_commands(undefined) ->
-    Cmds = get_commands(),
+%% Get commands for all version
+get_all_access_commands(AccessCommands) ->
+    get_access_commands(AccessCommands, ?DEFAULT_VERSION).
+
+get_access_commands(undefined, Version) ->
+    Cmds = get_exposed_commands(Version),
     [{?POLICY_ACCESS, Cmds, []}];
-get_access_commands(AccessCommands) ->
+get_access_commands(AccessCommands, _Version) ->
     AccessCommands.
 
-get_commands() ->
-    Opts = ejabberd_config:get_option(
+get_exposed_commands() ->
+    get_exposed_commands(?DEFAULT_VERSION).
+get_exposed_commands(Version) ->
+    Opts0 = ejabberd_config:get_option(
              commands,
              fun(V) when is_list(V) -> V end,
-             []),
-    CommandsList = list_commands_policy(),
+              []),
+    Opts = lists:map(fun(V) when is_tuple(V) -> [V]; (V) -> V end, Opts0),
+    CommandsList = list_commands_policy(Version),
     OpenCmds = [N || {N, _, _, open} <- CommandsList],
     RestrictedCmds = [N || {N, _, _, restricted} <- CommandsList],
     AdminCmds = [N || {N, _, _, admin} <- CommandsList],
@@ -596,50 +781,58 @@ get_commands() ->
     Cmds =
         lists:foldl(
           fun([{add_commands, L}], Acc) ->
-                  Cmds = case L of
-                             open -> OpenCmds;
-                             restricted -> RestrictedCmds;
-                             admin -> AdminCmds;
-                             user -> UserCmds;
-                             _ when is_list(L) -> L
-                         end,
+                  Cmds = expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds),
                   lists:usort(Cmds ++ Acc);
              ([{remove_commands, L}], Acc) ->
-                  Cmds = case L of
-                             open -> OpenCmds;
-                             restricted -> RestrictedCmds;
-                             admin -> AdminCmds;
-                             user -> UserCmds;
-                             _ when is_list(L) -> L
-                         end,
+                  Cmds = expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds),
                   Acc -- Cmds;
              (_, Acc) -> Acc
-          end, AdminCmds ++ UserCmds, Opts),
+          end, [], Opts),
     Cmds.
 
-is_admin(_Name, noauth) ->
-    false;
-is_admin(_Name, admin) ->
+%% This is used to allow mixing command policy (like open, user, admin, restricted), with command entry
+expand_commands(L, OpenCmds, UserCmds, AdminCmds, RestrictedCmds) when is_list(L) ->
+    lists:foldl(fun(open, Acc) -> OpenCmds ++ Acc;
+                   (user, Acc) -> UserCmds ++ Acc;
+                   (admin, Acc) -> AdminCmds ++ Acc;
+                   (restricted, Acc) -> RestrictedCmds ++ Acc;
+                   (Command, Acc) when is_atom(Command) ->
+                        [Command|Acc]
+                end, [], L).
+
+oauth_token_user(noauth) ->
+    undefined;
+oauth_token_user(admin) ->
+    undefined;
+oauth_token_user({User, Server, _, _}) ->
+    jid:make(User, Server, <<>>).
+
+is_admin(_Name, admin, _Extra) ->
     true;
-is_admin(_Name, {_User, _Server, _, false}) ->
+is_admin(_Name, {_User, _Server, _, false}, _Extra) ->
     false;
-is_admin(Name, {User, Server, _, true} = Auth) ->
+is_admin(Name, Auth, Extra) ->
+    {ACLInfo, Server} = case Auth of
+			    {U, S, _, _} ->
+				{Extra#{usr=>jid:split(jid:make(U, S, <<>>))}, S};
+			    _ ->
+				{Extra, global}
+	      end,
     AdminAccess = ejabberd_config:get_option(
                     commands_admin_access,
-                    fun(A) when is_atom(A) -> A end,
+		    fun(V) -> V end,
                     none),
-    case acl:match_rule(Server, AdminAccess,
-                        jid:make(User, Server, <<"">>)) of
+    case acl:access_matches(AdminAccess, ACLInfo, Server) of
         allow ->
             case catch check_auth(get_command_definition(Name), Auth) of
                 {ok, _, _} -> true;
+		no_auth_provided -> true;
                 _ -> false
             end;
         deny -> false
     end.
 
-opt_type(commands_admin_access) ->
-    fun(A) when is_atom(A) -> A end;
+opt_type(commands_admin_access) -> fun acl:access_rules_validator/1;
 opt_type(commands) ->
     fun(V) when is_list(V) -> V end;
 opt_type(_) -> [commands, commands_admin_access].

src/ejabberd_config.erl

@@ -30,13 +30,15 @@
 	 add_global_option/2, add_local_option/2,
 	 get_global_option/2, get_local_option/2,
          get_global_option/3, get_local_option/3,
-         get_option/2, get_option/3, add_option/2,
+         get_option/2, get_option/3, add_option/2, has_option/1,
          get_vh_by_auth_method/1, is_file_readable/1,
          get_version/0, get_myhosts/0, get_mylang/0,
+         get_ejabberd_config_path/0, is_using_elixir_config/0,
          prepare_opt_val/4, convert_table_to_binary/5,
-         transform_options/1, collect_options/1,
-         convert_to_yaml/1, convert_to_yaml/2,
-         env_binary_to_list/2, opt_type/1, may_hide_data/1]).
+         transform_options/1, collect_options/1, default_db/2,
+         convert_to_yaml/1, convert_to_yaml/2, v_db/2,
+         env_binary_to_list/2, opt_type/1, may_hide_data/1,
+	 is_elixir_enabled/0]).
 
 -export([start/2]).
 
@@ -90,10 +92,10 @@ hosts_to_start(State) ->
 
 %% @private
 %% At the moment, these functions are mainly used to setup unit tests.
--spec(start/2 :: (Hosts :: [binary()], Opts :: [acl:acl() | local_config()]) -> ok).
+-spec start(Hosts :: [binary()], Opts :: [acl:acl() | local_config()]) -> ok.
 start(Hosts, Opts) ->
     mnesia_init(),
-    set_opts(#state{hosts = Hosts, opts = Opts}).
+    set_opts(set_hosts_in_options(Hosts, #state{opts = Opts})).
 
 mnesia_init() ->
     case catch mnesia:table_info(local_config, storage_type) of
@@ -147,7 +149,18 @@ read_file(File) ->
                      {include_modules_configs, true}]).
 
 read_file(File, Opts) ->
-    Terms1 = get_plain_terms_file(File, Opts),
+    Terms1 = case is_elixir_enabled() of
+		 true ->
+		     case 'Elixir.Ejabberd.ConfigUtil':is_elixir_config(File) of
+			 true ->
+			     'Elixir.Ejabberd.Config':init(File),
+			     'Elixir.Ejabberd.Config':get_ejabberd_opts();
+			 false ->
+			     get_plain_terms_file(File, Opts)
+		     end;
+		 false ->
+		     get_plain_terms_file(File, Opts)
+	     end,
     Terms_macros = case proplists:get_bool(replace_macros, Opts) of
                        true -> replace_macros(Terms1);
                        false -> Terms1
@@ -220,13 +233,11 @@ env_binary_to_list(Application, Parameter) ->
 %% in which the options 'include_config_file' were parsed
 %% and the terms in those files were included.
 %% @spec(iolist()) -> [term()]
-get_plain_terms_file(File) ->
-    get_plain_terms_file(File, [{include_files, true}]).
-
 get_plain_terms_file(File, Opts) when is_binary(File) ->
     get_plain_terms_file(binary_to_list(File), Opts);
 get_plain_terms_file(File1, Opts) ->
     File = get_absolute_path(File1),
+    DontStopOnError = lists:member(dont_halt_on_error, Opts),
     case consult(File) of
 	{ok, Terms} ->
             BinTerms1 = strings_to_binary(Terms),
@@ -246,9 +257,21 @@ get_plain_terms_file(File1, Opts) ->
                 false ->
                     BinTerms
             end;
-	{error, Reason} ->
+  {error, enoent, Reason} ->
+      case DontStopOnError of
+          true ->
+              ?WARNING_MSG(Reason, []),
+              [];
+          _ ->
 	    ?ERROR_MSG(Reason, []),
 	    exit_or_halt(Reason)
+      end;
+	{error, Reason} ->
+	    ?ERROR_MSG(Reason, []),
+      case DontStopOnError of
+          true -> [];
+          _ -> exit_or_halt(Reason)
+      end
     end.
 
 consult(File) ->
@@ -262,17 +285,29 @@ consult(File) ->
                 {error, Err} ->
                     Msg1 = "Cannot load " ++ File ++ ": ",
                     Msg2 = fast_yaml:format_error(Err),
+                    case Err of
+                        enoent ->
+                            {error, enoent, Msg1 ++ Msg2};
+                        _ ->
                     {error, Msg1 ++ Msg2}
+                    end
             end;
         _ ->
             case file:consult(File) of
                 {ok, Terms} ->
                     {ok, Terms};
+                {error, enoent} ->
+                    {error, enoent};
                 {error, {LineNumber, erl_parse, _ParseMessage} = Reason} ->
                     {error, describe_config_problem(File, Reason, LineNumber)};
                 {error, Reason} ->
+                    case Reason of
+                        enoent ->
+                            {error, enoent, describe_config_problem(File, Reason)};
+                        _ ->
                     {error, describe_config_problem(File, Reason)}
             end
+            end
     end.
 
 parserl(<<"> ", Term/binary>>) ->
@@ -296,7 +331,9 @@ get_absolute_path(File) ->
 	    File;
 	relative ->
 	    {ok, Dir} = file:get_cwd(),
-	    filename:absname_join(Dir, File)
+	    filename:absname_join(Dir, File);
+	volumerelative ->
+	    filename:absname(File)
     end.
 
 
@@ -473,8 +510,8 @@ include_config_files(Terms) ->
                        include_config_file(File, Opts)
                end, lists:flatten(FileOpts)),
 
-    M1 = merge_configs(transform_terms(Terms1), #{}),
-    M2 = merge_configs(transform_terms(Terms2), M1),
+    M1 = merge_configs(Terms1, #{}),
+    M2 = merge_configs(Terms2, M1),
     maps_to_lists(M2).
 
 transform_include_option({include_config_file, File}) when is_list(File) ->
@@ -488,7 +525,7 @@ transform_include_option({include_config_file, Filename, Options}) ->
     {Filename, Options}.
 
 include_config_file(Filename, Options) ->
-    Included_terms = get_plain_terms_file(Filename),
+    Included_terms = get_plain_terms_file(Filename, [{include_files, true}, dont_halt_on_error]),
     Disallow = proplists:get_value(disallow, Options, []),
     Included_terms2 = delete_disallowed(Disallow, Included_terms),
     Allow_only = proplists:get_value(allow_only, Options, all),
@@ -651,14 +688,42 @@ process_host_term(Term, Host, State, Action) ->
         {hosts, _} ->
             State;
 	{Opt, Val} when Action == set ->
-	    set_option({Opt, Host}, Val, State);
+	    set_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
         {Opt, Val} when Action == append ->
-            append_option({Opt, Host}, Val, State);
+            append_option({rename_option(Opt), Host}, change_val(Opt, Val), State);
         Opt ->
             ?WARNING_MSG("Ignore invalid (outdated?) option ~p", [Opt]),
             State
     end.
 
+rename_option(Option) when is_atom(Option) ->
+    case atom_to_list(Option) of
+	"odbc_" ++ T ->
+	    NewOption = list_to_atom("sql_" ++ T),
+	    ?WARNING_MSG("Option '~s' is obsoleted, use '~s' instead",
+			 [Option, NewOption]),
+	    NewOption;
+	_ ->
+	    Option
+    end;
+rename_option(Option) ->
+    Option.
+
+change_val(auth_method, Val) ->
+    prepare_opt_val(auth_method, Val,
+		    fun(V) ->
+			    L = if is_list(V) -> V;
+				   true -> [V]
+				end,
+			    lists:map(
+			      fun(odbc) -> sql;
+				 (internal) -> mnesia;
+				 (A) when is_atom(A) -> A
+			      end, L)
+		    end, [mnesia]);
+change_val(_Opt, Val) ->
+    Val.
+
 set_option(Opt, Val, State) ->
     State#state{opts = [#local_config{key = Opt, value = Val} |
                         State#state.opts]}.
@@ -717,24 +782,32 @@ add_option(Opt, Val) ->
 -spec prepare_opt_val(any(), any(), check_fun(), any()) -> any().
 
 prepare_opt_val(Opt, Val, F, Default) ->
-    Res = case F of
-              {Mod, Fun} ->
-                  catch Mod:Fun(Val);
-              _ ->
-                  catch F(Val)
-          end,
-    case Res of
-        {'EXIT', _} ->
-            ?INFO_MSG("Configuration problem:~n"
-                      "** Option: ~s~n"
-                      "** Invalid value: ~s~n"
-                      "** Using as fallback: ~s",
-                      [format_term(Opt),
-                       format_term(Val),
-                       format_term(Default)]),
-            Default;
-        _ ->
-            Res
+    Call = case F of
+	       {Mod, Fun} ->
+		   fun() -> Mod:Fun(Val) end;
+	       _ ->
+		   fun() -> F(Val) end
+	   end,
+    try Call() of
+	Res ->
+	    Res
+    catch {replace_with, NewRes} ->
+	    NewRes;
+	  {invalid_syntax, Error} ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback: ~s",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default),
+			  Error]),
+	    Default;
+	  _:_ ->
+	    ?WARNING_MSG("incorrect value '~s' of option '~s', "
+			 "using '~s' as fallback",
+			 [format_term(Val),
+			  format_term(Opt),
+			  format_term(Default)]),
+	    Default
     end.
 
 -type check_fun() :: fun((any()) -> any()) | {module(), atom()}.
@@ -787,9 +860,61 @@ get_option(Opt, F, Default) ->
             end
     end.
 
+-spec has_option(atom() | {atom(), global | binary()}) -> any().
+has_option(Opt) ->
+    get_option(Opt, fun(_) -> true end, false).
+
+init_module_db_table(Modules) ->
+    catch ets:new(module_db, [named_table, public, bag]),
+    %% Dirty hack for mod_pubsub
+    ets:insert(module_db, {mod_pubsub, mnesia}),
+    ets:insert(module_db, {mod_pubsub, sql}),
+    lists:foreach(
+      fun(M) ->
+	      case re:split(atom_to_list(M), "_", [{return, list}]) of
+		  [_] ->
+		      ok;
+		  Parts ->
+		      [Suffix|T] = lists:reverse(Parts),
+		      BareMod = string:join(lists:reverse(T), "_"),
+		      ets:insert(module_db, {list_to_atom(BareMod),
+					     list_to_atom(Suffix)})
+	      end
+      end, Modules).
+
+-spec v_db(module(), atom()) -> atom().
+
+v_db(Mod, internal) -> v_db(Mod, mnesia);
+v_db(Mod, odbc) -> v_db(Mod, sql);
+v_db(Mod, Type) ->
+    case ets:match_object(module_db, {Mod, Type}) of
+	[_|_] -> Type;
+	[] -> erlang:error(badarg)
+    end.
+
+-spec default_db(binary(), module()) -> atom().
+
+default_db(Host, Module) ->
+    case ejabberd_config:get_option(
+	   {default_db, Host}, fun(T) when is_atom(T) -> T end) of
+	undefined ->
+	    mnesia;
+	DBType ->
+	    try
+		v_db(Module, DBType)
+	    catch error:badarg ->
+		    ?WARNING_MSG("Module '~s' doesn't support database '~s' "
+				 "defined in option 'default_db', using "
+				 "'mnesia' as fallback", [Module, DBType]),
+		    mnesia
+	    end
+    end.
+
 get_modules_with_options() ->
     {ok, Mods} = application:get_key(ejabberd, modules),
     ExtMods = [Name || {Name, _Details} <- ext_mod:installed()],
+    AllMods = [?MODULE|ExtMods++Mods],
+    init_module_db_table(AllMods),
     lists:foldl(
       fun(Mod, D) ->
 	      case catch Mod:opt_type('') of
@@ -801,23 +926,30 @@ get_modules_with_options() ->
 		  {'EXIT', {undef, _}} ->
 		      D
 	      end
-      end, dict:new(), [?MODULE|ExtMods++Mods]).
+      end, dict:new(), AllMods).
 
 validate_opts(#state{opts = Opts} = State) ->
     ModOpts = get_modules_with_options(),
-    NewOpts = lists:filter(
-		fun(#local_config{key = {Opt, _Host}, value = Val}) ->
+    NewOpts = lists:filtermap(
+		fun(#local_config{key = {Opt, _Host}, value = Val} = In) ->
 			case dict:find(Opt, ModOpts) of
 			    {ok, [Mod|_]} ->
 				VFun = Mod:opt_type(Opt),
-				case catch VFun(Val) of
-				    {'EXIT', _} ->
+				try VFun(Val) of
+				    _ ->
+					true
+				catch {replace_with, NewVal} ->
+					{true, In#local_config{value = NewVal}};
+				      {invalid_syntax, Error} ->
+					?ERROR_MSG("ignoring option '~s' with "
+						   "invalid value: ~p: ~s",
+						   [Opt, Val, Error]),
+					false;
+				      _:_ ->
 					?ERROR_MSG("ignoring option '~s' with "
 						   "invalid value: ~p",
 						   [Opt, Val]),
-					false;
-				    _ ->
-					true
+					false
 				end;
 			    _ ->
 				?ERROR_MSG("unknown option '~s' will be likely"
@@ -829,11 +961,25 @@ validate_opts(#state{opts = Opts} = State) ->
 
 -spec get_vh_by_auth_method(atom()) -> [binary()].
 
-%% Return the list of hosts handled by a given module
+%% Return the list of hosts with a given auth method
 get_vh_by_auth_method(AuthMethod) ->
-    mnesia:dirty_select(local_config,
-			[{#local_config{key = {auth_method, '$1'},
-					value=AuthMethod},[],['$1']}]).
+    Cfgs = mnesia:dirty_match_object(local_config,
+				     #local_config{key = {auth_method, '_'},
+						   _ = '_'}),
+    lists:flatmap(
+      fun(#local_config{key = {auth_method, Host}, value = M}) ->
+	      Methods = if not is_list(M) -> [M];
+			   true -> M
+			end,
+	      case lists:member(AuthMethod, Methods) of
+		  true when Host == global ->
+		      get_myhosts();
+		  true ->
+		      [Host];
+		  false ->
+		      []
+	      end
+      end, Cfgs).
 
 %% @spec (Path::string()) -> true | false
 is_file_readable(Path) ->
@@ -867,20 +1013,20 @@ get_mylang() ->
       fun iolist_to_binary/1,
       <<"en">>).
 
-replace_module(mod_announce_odbc) -> {mod_announce, odbc};
-replace_module(mod_blocking_odbc) -> {mod_blocking, odbc};
-replace_module(mod_caps_odbc) -> {mod_caps, odbc};
-replace_module(mod_irc_odbc) -> {mod_irc, odbc};
-replace_module(mod_last_odbc) -> {mod_last, odbc};
-replace_module(mod_muc_odbc) -> {mod_muc, odbc};
-replace_module(mod_offline_odbc) -> {mod_offline, odbc};
-replace_module(mod_privacy_odbc) -> {mod_privacy, odbc};
-replace_module(mod_private_odbc) -> {mod_private, odbc};
-replace_module(mod_roster_odbc) -> {mod_roster, odbc};
-replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, odbc};
-replace_module(mod_vcard_odbc) -> {mod_vcard, odbc};
-replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, odbc};
-replace_module(mod_pubsub_odbc) -> {mod_pubsub, odbc};
+replace_module(mod_announce_odbc) -> {mod_announce, sql};
+replace_module(mod_blocking_odbc) -> {mod_blocking, sql};
+replace_module(mod_caps_odbc) -> {mod_caps, sql};
+replace_module(mod_irc_odbc) -> {mod_irc, sql};
+replace_module(mod_last_odbc) -> {mod_last, sql};
+replace_module(mod_muc_odbc) -> {mod_muc, sql};
+replace_module(mod_offline_odbc) -> {mod_offline, sql};
+replace_module(mod_privacy_odbc) -> {mod_privacy, sql};
+replace_module(mod_private_odbc) -> {mod_private, sql};
+replace_module(mod_roster_odbc) -> {mod_roster, sql};
+replace_module(mod_shared_roster_odbc) -> {mod_shared_roster, sql};
+replace_module(mod_vcard_odbc) -> {mod_vcard, sql};
+replace_module(mod_vcard_xupdate_odbc) -> {mod_vcard_xupdate, sql};
+replace_module(mod_pubsub_odbc) -> {mod_pubsub, sql};
 replace_module(Module) ->
     case is_elixir_module(Module) of
         true  -> expand_elixir_module(Module);
@@ -909,6 +1055,23 @@ replace_modules(Modules) ->
 %% Elixir module naming
 %% ====================
 
+-ifdef(ELIXIR_ENABLED).
+is_elixir_enabled() ->
+    true.
+-else.
+is_elixir_enabled() ->
+    false.
+-endif.
+
+is_using_elixir_config() ->
+    case is_elixir_enabled() of
+	true ->
+	    Config = get_ejabberd_config_path(),
+	    'Elixir.Ejabberd.ConfigUtil':is_elixir_config(Config);
+       false ->
+	    false
+    end.
+
 %% If module name start with uppercase letter, this is an Elixir module:
 is_elixir_module(Module) ->
     case atom_to_list(Module) of
@@ -985,7 +1148,7 @@ transform_terms(Terms) ->
             mod_last,
             ejabberd_s2s,
             ejabberd_listener,
-            ejabberd_odbc_sup,
+            ejabberd_sql_sup,
             shaper,
             ejabberd_s2s_out,
             acl,

src/ejabberd_ctl.erl

@@ -57,6 +57,8 @@
 -include("ejabberd.hrl").
 -include("logger.hrl").
 
+-define(DEFAULT_VERSION, 1000000).
+
 
 %%-----------------------------
 %% Module
@@ -69,7 +71,7 @@ start() ->
                                  [SNode3 | Args3] ->
                                      [SNode3, 60000, Args3];
                                  _ ->
-                                     print_usage(),
+                                     print_usage(?DEFAULT_VERSION),
                                      halt(?STATUS_USAGE)
                              end,
     SNode1 = case string:tokens(SNode, "@") of
@@ -93,6 +95,9 @@ start() ->
                            [Node, Reason]),
                      %% TODO: show minimal start help
                      ?STATUS_BADRPC;
+                 {invalid_version, V} ->
+                     print("Invalid API version number: ~p~n", [V]),
+                     ?STATUS_ERROR;
                  S ->
                      S
              end,
@@ -126,11 +131,17 @@ unregister_commands(CmdDescs, Module, Function) ->
 %% Process
 %%-----------------------------
 
+
 -spec process([string()]) -> non_neg_integer().
+process(Args) ->
+    process(Args, ?DEFAULT_VERSION).
+
+
+-spec process([string()], non_neg_integer()) -> non_neg_integer().
 
 %% The commands status, stop and restart are defined here to ensure
 %% they are usable even if ejabberd is completely stopped.
-process(["status"]) ->
+process(["status"], _Version) ->
     {InternalStatus, ProvidedStatus} = init:get_status(),
     print("The node ~p is ~p with status: ~p~n",
 	   [node(), InternalStatus, ProvidedStatus]),
@@ -146,24 +157,24 @@ process(["status"]) ->
             ?STATUS_SUCCESS
     end;
 
-process(["stop"]) ->
+process(["stop"], _Version) ->
     %%ejabberd_cover:stop(),
     init:stop(),
     ?STATUS_SUCCESS;
 
-process(["restart"]) ->
+process(["restart"], _Version) ->
     init:restart(),
     ?STATUS_SUCCESS;
 
-process(["mnesia"]) ->
+process(["mnesia"], _Version) ->
     print("~p~n", [mnesia:system_info(all)]),
     ?STATUS_SUCCESS;
 
-process(["mnesia", "info"]) ->
+process(["mnesia", "info"], _Version) ->
     mnesia:info(),
     ?STATUS_SUCCESS;
 
-process(["mnesia", Arg]) ->
+process(["mnesia", Arg], _Version) ->
     case catch mnesia:system_info(list_to_atom(Arg)) of
 	{'EXIT', Error} -> print("Error: ~p~n", [Error]);
 	Return -> print("~p~n", [Return])
@@ -172,23 +183,23 @@ process(["mnesia", Arg]) ->
 
 %% The arguments --long and --dual are not documented because they are
 %% automatically selected depending in the number of columns of the shell
-process(["help" | Mode]) ->
+process(["help" | Mode], Version) ->
     {MaxC, ShCode} = get_shell_info(),
     case Mode of
 	[] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--dual"] ->
-	    print_usage(dual, MaxC, ShCode),
+	    print_usage(dual, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--long"] ->
-	    print_usage(long, MaxC, ShCode),
+	    print_usage(long, MaxC, ShCode, Version),
 	    ?STATUS_USAGE;
 	["--tags"] ->
-	    print_usage_tags(MaxC, ShCode),
+	    print_usage_tags(MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["--tags", Tag] ->
-	    print_usage_tags(Tag, MaxC, ShCode),
+	    print_usage_tags(Tag, MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS;
 	["help"] ->
 	    print_usage_help(MaxC, ShCode),
@@ -196,13 +207,22 @@ process(["help" | Mode]) ->
 	[CmdString | _] ->
 	    CmdStringU = ejabberd_regexp:greplace(
                            list_to_binary(CmdString), <<"-">>, <<"_">>),
-	    print_usage_commands(binary_to_list(CmdStringU), MaxC, ShCode),
+	    print_usage_commands2(binary_to_list(CmdStringU), MaxC, ShCode, Version),
 	    ?STATUS_SUCCESS
     end;
 
-process(Args) ->
+process(["--version", Arg | Args], _) ->
+    Version =
+	try
+	    list_to_integer(Arg)
+	catch _:_ ->
+		throw({invalid_version, Arg})
+	end,
+    process(Args, Version);
+
+process(Args, Version) ->
     AccessCommands = get_accesscommands(),
-    {String, Code} = process2(Args, AccessCommands),
+    {String, Code} = process2(Args, AccessCommands, Version),
     case String of
 	[] -> ok;
 	_ ->
@@ -211,18 +231,25 @@ process(Args) ->
     Code.
 
 %% @spec (Args::[string()], AccessCommands) -> {String::string(), Code::integer()}
-process2(["--auth", User, Server, Pass | Args], AccessCommands) ->
-    process2(Args, {list_to_binary(User), list_to_binary(Server), list_to_binary(Pass), true}, AccessCommands);
 process2(Args, AccessCommands) ->
-    process2(Args, noauth, AccessCommands).
+    process2(Args, AccessCommands, ?DEFAULT_VERSION).
 
-process2(Args, Auth, AccessCommands) ->
-    case try_run_ctp(Args, Auth, AccessCommands) of
+%% @spec (Args::[string()], AccessCommands, Version) -> {String::string(), Code::integer()}
+process2(["--auth", User, Server, Pass | Args], AccessCommands, Version) ->
+    process2(Args, AccessCommands, {list_to_binary(User), list_to_binary(Server),
+				    list_to_binary(Pass), true}, Version);
+process2(Args, AccessCommands, Version) ->
+    process2(Args, AccessCommands, noauth, Version).
+
+
+
+process2(Args, AccessCommands, Auth, Version) ->
+    case try_run_ctp(Args, Auth, AccessCommands, Version) of
 	{String, wrong_command_arguments}
           when is_list(String) ->
 	    io:format(lists:flatten(["\n" | String]++["\n"])),
 	    [CommandString | _] = Args,
-            process(["help" | [CommandString]]),
+            process(["help" | [CommandString]], Version),
 	    {lists:flatten(String), ?STATUS_ERROR};
 	{String, Code}
           when is_list(String) and is_integer(Code) ->
@@ -246,29 +273,29 @@ get_accesscommands() ->
 %%-----------------------------
 
 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_run_ctp(Args, Auth, AccessCommands) ->
+try_run_ctp(Args, Auth, AccessCommands, Version) ->
     try ejabberd_hooks:run_fold(ejabberd_ctl_process, false, [Args]) of
 	false when Args /= [] ->
-	    try_call_command(Args, Auth, AccessCommands);
+	    try_call_command(Args, Auth, AccessCommands, Version);
 	false ->
-	    print_usage(),
+	    print_usage(Version),
 	    {"", ?STATUS_USAGE};
 	Status ->
 	    {"", Status}
     catch
 	exit:Why ->
-	    print_usage(),
+	    print_usage(Version),
 	    {io_lib:format("Error in ejabberd ctl process: ~p", [Why]), ?STATUS_USAGE};
 	Error:Why ->
             %% In this case probably ejabberd is not started, so let's show Status
-            process(["status"]),
+            process(["status"], Version),
             print("~n", []),
 	    {io_lib:format("Error in ejabberd ctl process: '~p' ~p", [Error, Why]), ?STATUS_USAGE}
     end.
 
 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()}
-try_call_command(Args, Auth, AccessCommands) ->
-    try call_command(Args, Auth, AccessCommands) of
+try_call_command(Args, Auth, AccessCommands, Version) ->
+    try call_command(Args, Auth, AccessCommands, Version) of
 	{error, command_unknown} ->
 	    {io_lib:format("Error: command ~p not known.", [hd(Args)]), ?STATUS_ERROR};
 	{error, wrong_command_arguments} ->
@@ -276,24 +303,28 @@ try_call_command(Args, Auth, AccessCommands) ->
 	Res ->
 	    Res
     catch
+	throw:Error ->
+	    {io_lib:format("~p", [Error]), ?STATUS_ERROR};
 	A:Why ->
 	    Stack = erlang:get_stacktrace(),
 	    {io_lib:format("Problem '~p ~p' occurred executing the command.~nStacktrace: ~p", [A, Why, Stack]), ?STATUS_ERROR}
     end.
 
 %% @spec (Args::[string()], Auth, AccessCommands) -> string() | integer() | {string(), integer()} | {error, ErrorType}
-call_command([CmdString | Args], Auth, AccessCommands) ->
+call_command([CmdString | Args], Auth, AccessCommands, Version) ->
     CmdStringU = ejabberd_regexp:greplace(
                    list_to_binary(CmdString), <<"-">>, <<"_">>),
     Command = list_to_atom(binary_to_list(CmdStringU)),
-    case ejabberd_commands:get_command_format(Command, Auth) of
+    case ejabberd_commands:get_command_format(Command, Auth, Version) of
 	{error, command_unknown} ->
 	    {error, command_unknown};
 	{ArgsFormat, ResultFormat} ->
 	    case (catch format_args(Args, ArgsFormat)) of
 		ArgsFormatted when is_list(ArgsFormatted) ->
-		    Result = ejabberd_commands:execute_command(AccessCommands, Auth, Command,
-							       ArgsFormatted),
+		    Result = ejabberd_commands:execute_command(AccessCommands,
+							       Auth, Command,
+							       ArgsFormatted,
+							       Version),
 		    format_result(Result, ResultFormat);
 		{'EXIT', {function_clause,[{lists,zip,[A1, A2], _} | _]}} ->
 		    {NumCompa, TextCompa} =
@@ -343,6 +374,12 @@ format_arg2(Arg, Parse)->
 format_result({error, ErrorAtom}, _) ->
     {io_lib:format("Error: ~p", [ErrorAtom]), make_status(error)};
 
+%% An error should always be allowed to return extended error to help with API.
+%% Extended error is of the form:
+%%  {error, type :: atom(), code :: int(), Desc :: string()}
+format_result({error, ErrorAtom, Code, _Msg}, _) ->
+    {io_lib:format("Error: ~p", [ErrorAtom]), make_status(Code)};
+
 format_result(Atom, {_Name, atom}) ->
     io_lib:format("~p", [Atom]);
 
@@ -402,10 +439,12 @@ format_result(404, {_Name, _}) ->
 
 make_status(ok) -> ?STATUS_SUCCESS;
 make_status(true) -> ?STATUS_SUCCESS;
+make_status(Code) when is_integer(Code), Code > 255 -> ?STATUS_ERROR;
+make_status(Code) when is_integer(Code), Code > 0 -> Code;
 make_status(_Error) -> ?STATUS_ERROR.
 
-get_list_commands() ->
-    try ejabberd_commands:list_commands() of
+get_list_commands(Version) ->
+    try ejabberd_commands:list_commands(Version) of
 	Commands ->
 	    [tuple_command_help(Command)
 	     || {N,_,_}=Command <- Commands,
@@ -458,10 +497,10 @@ get_list_ctls() ->
 -define(U2, "\e[24m").
 -define(U(S), case ShCode of true -> [?U1, S, ?U2]; false -> S end).
 
-print_usage() ->
+print_usage(Version) ->
     {MaxC, ShCode} = get_shell_info(),
-    print_usage(dual, MaxC, ShCode).
-print_usage(HelpMode, MaxC, ShCode) ->
+    print_usage(dual, MaxC, ShCode, Version).
+print_usage(HelpMode, MaxC, ShCode, Version) ->
     AllCommands =
 	[
 	 {"status", [], "Get ejabberd status"},
@@ -469,12 +508,11 @@ print_usage(HelpMode, MaxC, ShCode) ->
 	 {"restart", [], "Restart ejabberd"},
 	 {"help", ["[--tags [tag] | com?*]"], "Show help (try: ejabberdctl help help)"},
 	 {"mnesia", ["[info]"], "show information of Mnesia system"}] ++
-	get_list_commands() ++
+	get_list_commands(Version) ++
 	get_list_ctls(),
 
     print(
-       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--auth ",
-	?U("user"), " ", ?U("host"), " ", ?U("password"), "] ",
+       ["Usage: ", ?B("ejabberdctl"), " [--no-timeout] [--node ", ?U("nodename"), "] [--version ", ?U("api_version"), "] ",
 	?U("command"), " [", ?U("options"), "]\n"
 	"\n"
 	"Available commands in this ejabberd node:\n"], []),
@@ -598,9 +636,9 @@ format_command_lines(CALD, _MaxCmdLen, MaxC, ShCode, long) ->
 %% Print Tags
 %%-----------------------------
 
-print_usage_tags(MaxC, ShCode) ->
+print_usage_tags(MaxC, ShCode, Version) ->
     print("Available tags and commands:", []),
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
     lists:foreach(
       fun({Tag, Commands} = _TagCommands) ->
 	      print(["\n\n  ", ?B(Tag), "\n     "], []),
@@ -611,10 +649,10 @@ print_usage_tags(MaxC, ShCode) ->
       TagsCommands),
     print("\n\n", []).
 
-print_usage_tags(Tag, MaxC, ShCode) ->
+print_usage_tags(Tag, MaxC, ShCode, Version) ->
     print(["Available commands with tag ", ?B(Tag), ":", "\n"], []),
     HelpMode = long,
-    TagsCommands = ejabberd_commands:get_tags_commands(),
+    TagsCommands = ejabberd_commands:get_tags_commands(Version),
     CommandsNames = case lists:keysearch(Tag, 1, TagsCommands) of
 			{value, {Tag, CNs}} -> CNs;
 			false -> []
@@ -622,7 +660,7 @@ print_usage_tags(Tag, MaxC, ShCode) ->
     CommandsList = lists:map(
 		     fun(NameString) ->
 			     C = ejabberd_commands:get_command_definition(
-                                   list_to_atom(NameString)),
+                                   list_to_atom(NameString), Version),
 			     #ejabberd_commands{name = Name,
 						args = Args,
 						desc = Desc} = C,
@@ -673,20 +711,20 @@ print_usage_help(MaxC, ShCode) ->
 %%-----------------------------
 
 %% @spec (CmdSubString::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_commands(CmdSubString, MaxC, ShCode) ->
+print_usage_commands2(CmdSubString, MaxC, ShCode, Version) ->
     %% Get which command names match this substring
-    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands()],
+    AllCommandsNames = [atom_to_list(Name) || {Name, _, _} <- ejabberd_commands:list_commands(Version)],
     Cmds = filter_commands(AllCommandsNames, CmdSubString),
     case Cmds of
-    	[] -> io:format("Error: not command found that match: ~p~n", [CmdSubString]);
-	_ -> print_usage_commands2(lists:sort(Cmds), MaxC, ShCode)
+    	[] -> io:format("Error: no command found that match: ~p~n", [CmdSubString]);
+	_ -> print_usage_commands3(lists:sort(Cmds), MaxC, ShCode, Version)
     end.
 
-print_usage_commands2(Cmds, MaxC, ShCode) ->
+print_usage_commands3(Cmds, MaxC, ShCode, Version) ->
     %% Then for each one print it
     lists:mapfoldl(
       fun(Cmd, Remaining) ->
-	      print_usage_command(Cmd, MaxC, ShCode),
+	      print_usage_command(Cmd, MaxC, ShCode, Version),
 	      case Remaining > 1 of
 		  true -> print([" ", lists:duplicate(MaxC, 126), " \n"], []);
 		  false -> ok
@@ -716,16 +754,16 @@ filter_commands_regexp(All, Glob) ->
       All).
 
 %% @spec (Cmd::string(), MaxC::integer(), ShCode::boolean()) -> ok
-print_usage_command(Cmd, MaxC, ShCode) ->
+print_usage_command(Cmd, MaxC, ShCode, Version) ->
     Name = list_to_atom(Cmd),
-    case ejabberd_commands:get_command_definition(Name) of
+    case ejabberd_commands:get_command_definition(Name, Version) of
 	command_not_found ->
 	    io:format("Error: command ~p not known.~n", [Cmd]);
 	C ->
-	    print_usage_command(Cmd, C, MaxC, ShCode)
+	    print_usage_command2(Cmd, C, MaxC, ShCode)
     end.
 
-print_usage_command(Cmd, C, MaxC, ShCode) ->
+print_usage_command2(Cmd, C, MaxC, ShCode) ->
     #ejabberd_commands{
 		     tags = TagsAtoms,
 		     desc = Desc,

src/ejabberd_http.erl

@@ -145,9 +145,14 @@ init({SockMod, Socket}, Opts) ->
     DefinedHandlers = gen_mod:get_opt(
                         request_handlers, Opts,
                         fun(Hs) ->
+                                Hs1 = lists:map(fun
+                                  ({Mod, Path}) when is_atom(Mod) -> {Path, Mod};
+                                  ({Path, Mod}) -> {Path, Mod}
+                                end, Hs),
+
                                 [{str:tokens(
                                     iolist_to_binary(Path), <<"/">>),
-                                  Mod} || {Path, Mod} <- Hs]
+                                  Mod} || {Path, Mod} <- Hs1]
                         end, []),
     RequestHandlers = DefinedHandlers ++ Captcha ++ Register ++
         Admin ++ Bind ++ XMLRPC,
@@ -753,6 +758,7 @@ code_to_phrase(503) -> <<"Service Unavailable">>;
 code_to_phrase(504) -> <<"Gateway Timeout">>;
 code_to_phrase(505) -> <<"HTTP Version Not Supported">>.
 
+-spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined.
 parse_auth(<<"Basic ", Auth64/binary>>) ->
     Auth = jlib:decode_base64(Auth64),
     %% Auth should be a string with the format: user@server:password
@@ -762,7 +768,8 @@ parse_auth(<<"Basic ", Auth64/binary>>) ->
             undefined;
         Pos ->
             {User, <<$:, Pass/binary>>} = erlang:split_binary(Auth, Pos-1),
-            {User, Pass}
+            PassUtf8 = unicode:characters_to_binary(binary_to_list(Pass), utf8),
+            {User, PassUtf8}
     end;
 parse_auth(<<"Bearer ", SToken/binary>>) ->
     Token = str:strip(SToken),

src/ejabberd_http_bind.erl

@@ -338,8 +338,9 @@ handle_session_start(Pid, XmppDomain, Sid, Rid, Attrs,
 init([Sid, Key, IP, HOpts]) ->
     ?DEBUG("started: ~p", [{Sid, Key, IP}]),
     Opts1 = ejabberd_c2s_config:get_c2s_limits(),
-    SOpts = lists:filtermap(fun({stream_managment, _}) -> true;
+    SOpts = lists:filtermap(fun({stream_management, _}) -> true;
                                ({max_ack_queue, _}) -> true;
+                               ({ack_timeout, _}) -> true;
                                ({resume_timeout, _}) -> true;
                                ({max_resume_timeout, _}) -> true;
                                ({resend_on_timeout, _}) -> true;

src/ejabberd_http_ws.erl

@@ -112,8 +112,9 @@ socket_handoff(LocalPath, Request, Socket, SockMod, Buf, Opts) ->
 %%% Internal
 
 init([{#ws{ip = IP, http_opts = HOpts}, _} = WS]) ->
-    SOpts = lists:filtermap(fun({stream_managment, _}) -> true;
+    SOpts = lists:filtermap(fun({stream_management, _}) -> true;
                                ({max_ack_queue, _}) -> true;
+                               ({ack_timeout, _}) -> true;
                                ({resume_timeout, _}) -> true;
                                ({max_resume_timeout, _}) -> true;
                                ({resend_on_timeout, _}) -> true;

src/ejabberd_local.erl

@@ -74,7 +74,7 @@ start_link() ->
 process_iq(From, To, Packet) ->
     IQ = jlib:iq_query_info(Packet),
     case IQ of
-      #iq{xmlns = XMLNS} ->
+      #iq{xmlns = XMLNS, lang = Lang} ->
 	  Host = To#jid.lserver,
 	  case ets:lookup(?IQTABLE, {XMLNS, Host}) of
 	    [{_, Module, Function}] ->
@@ -87,8 +87,10 @@ process_iq(From, To, Packet) ->
 		gen_iq_handler:handle(Host, Module, Function, Opts,
 				      From, To, IQ);
 	    [] ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_FEATURE_NOT_IMPLEMENTED),
+		Txt = <<"No module is handling this query">>,
+		Err = jlib:make_error_reply(
+			Packet,
+			?ERRT_FEATURE_NOT_IMPLEMENTED(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end;
       reply ->
@@ -166,8 +168,10 @@ refresh_iq_handlers() ->
     ejabberd_local ! refresh_iq_handlers.
 
 bounce_resource_packet(From, To, Packet) ->
+    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+    Txt = <<"No available resource found">>,
     Err = jlib:make_error_reply(Packet,
-				?ERR_ITEM_NOT_FOUND),
+				?ERRT_ITEM_NOT_FOUND(Lang, Txt)),
     ejabberd_router:route(To, From, Err),
     stop.
 
@@ -267,7 +271,16 @@ do_route(From, To, Packet) ->
 	   #xmlel{name = Name} = Packet,
 	   case Name of
 	     <<"iq">> -> process_iq(From, To, Packet);
-	     <<"message">> -> ok;
+	     <<"message">> ->
+		 #xmlel{attrs = Attrs} = Packet,
+		 case fxml:get_attr_s(<<"type">>, Attrs) of
+		   <<"headline">> -> ok;
+		   <<"error">> -> ok;
+		   _ ->
+		       Err = jlib:make_error_reply(Packet,
+						   ?ERR_SERVICE_UNAVAILABLE),
+		       ejabberd_router:route(To, From, Err)
+		 end;
 	     <<"presence">> -> ok;
 	     _ -> ok
 	   end;

src/ejabberd_oauth.erl

@@ -47,6 +47,8 @@
          process/2,
          opt_type/1]).
 
+-export([oauth_issue_token/3, oauth_list_tokens/0, oauth_revoke_token/1, oauth_list_scopes/0]).
+
 -include("jlib.hrl").
 
 -include("ejabberd.hrl").
@@ -54,27 +56,116 @@
 
 -include("ejabberd_http.hrl").
 -include("ejabberd_web_admin.hrl").
+-include("ejabberd_oauth.hrl").
 
--record(oauth_token, {
-          token = {<<"">>, <<"">>} :: {binary(), binary()},
-          us = {<<"">>, <<"">>}    :: {binary(), binary()},
-          scope = []               :: [binary()],
-          expire                   :: integer()
-         }).
+-include("ejabberd_commands.hrl").
 
--define(EXPIRE, 3600).
+
+%% There are two ways to obtain an oauth token:
+%%   * Using the web form/api results in the token being generated in behalf of the user providing the user/pass
+%%   * Using the command line and oauth_issue_token command, the token is generated in behalf of ejabberd' sysadmin
+%%    (as it has access to ejabberd command line).
+
+-define(EXPIRE, 4294967).
 
 start() ->
-    init_db(mnesia, ?MYNAME),
+    DBMod = get_db_backend(),
+    DBMod:init(),
+    MaxSize =
+        ejabberd_config:get_option(
+          oauth_cache_size,
+          fun(I) when is_integer(I), I>0 -> I end,
+          1000),
+    LifeTime =
+        ejabberd_config:get_option(
+          oauth_cache_life_time,
+          fun(I) when is_integer(I), I>0 -> I end,
+          timer:hours(1) div 1000),
+    cache_tab:new(oauth_token,
+		  [{max_size, MaxSize}, {life_time, LifeTime}]),
     Expire = expire(),
     application:set_env(oauth2, backend, ejabberd_oauth),
     application:set_env(oauth2, expiry_time, Expire),
     application:start(oauth2),
     ChildSpec = {?MODULE, {?MODULE, start_link, []},
-		 temporary, 1000, worker, [?MODULE]},
+		 transient, 1000, worker, [?MODULE]},
     supervisor:start_child(ejabberd_sup, ChildSpec),
+    ejabberd_commands:register_commands(get_commands_spec()),
     ok.
 
+
+get_commands_spec() ->
+    [
+     #ejabberd_commands{name = oauth_issue_token, tags = [oauth],
+                        desc = "Issue an oauth token for the given jid",
+                        module = ?MODULE, function = oauth_issue_token,
+                        args = [{jid, string},{ttl, integer}, {scopes, string}],
+                        policy = restricted,
+                        args_example = ["user@server.com", "connected_users_number;muc_online_rooms"],
+                        args_desc = ["Jid for which issue token",
+				     "Time to live of generated token in seconds",
+				     "List of scopes to allow, separated by ';'"],
+                        result = {result, {tuple, [{token, string}, {scopes, string}, {expires_in, string}]}}
+                       },
+     #ejabberd_commands{name = oauth_list_tokens, tags = [oauth],
+                        desc = "List oauth tokens, their user and scope, and how many seconds remain until expirity",
+                        module = ?MODULE, function = oauth_list_tokens,
+                        args = [],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}}
+                       },
+     #ejabberd_commands{name = oauth_list_scopes, tags = [oauth],
+                        desc = "List scopes that can be granted to tokens generated through the command line, together with the commands they allow",
+                        module = ?MODULE, function = oauth_list_scopes,
+                        args = [],
+                        policy = restricted,
+                        result = {scopes, {list, {scope, {tuple, [{scope, string}, {commands, string}]}}}}
+                       },
+     #ejabberd_commands{name = oauth_revoke_token, tags = [oauth],
+                        desc = "Revoke authorization for a token",
+                        module = ?MODULE, function = oauth_revoke_token,
+                        args = [{token, string}],
+                        policy = restricted,
+                        result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}},
+                        result_desc = "List of remaining tokens"
+                       }
+    ].
+
+oauth_issue_token(Jid, TTLSeconds, ScopesString) ->
+    Scopes = [list_to_binary(Scope) || Scope <- string:tokens(ScopesString, ";")],
+    case jid:from_string(list_to_binary(Jid)) of
+        #jid{luser =Username, lserver = Server} ->
+            case oauth2:authorize_password({Username, Server},  Scopes, admin_generated) of
+                {ok, {_Ctx,Authorization}} ->
+                    {ok, {_AppCtx2, Response}} = oauth2:issue_token(Authorization, [{expiry_time, TTLSeconds}]),
+                    {ok, AccessToken} = oauth2_response:access_token(Response),
+                    {ok, VerifiedScope} = oauth2_response:scope(Response),
+                    {AccessToken, VerifiedScope, integer_to_list(TTLSeconds) ++ " seconds"};
+                {error, Error} ->
+                    {error, Error}
+            end;
+        error ->
+            {error, "Invalid JID: " ++ Jid}
+    end.
+
+oauth_list_tokens() ->
+    Tokens = mnesia:dirty_match_object(#oauth_token{_ = '_'}),
+    {MegaSecs, Secs, _MiniSecs} = os:timestamp(),
+    TS = 1000000 * MegaSecs + Secs,
+    [{Token, jid:to_string(jid:make(U,S,<<>>)), Scope, integer_to_list(Expires - TS) ++ " seconds"} ||
+        #oauth_token{token=Token, scope=Scope, us= {U,S},expire=Expires} <- Tokens].
+
+
+oauth_revoke_token(Token) ->
+    ok = mnesia:dirty_delete(oauth_token, list_to_binary(Token)),
+    oauth_list_tokens().
+
+oauth_list_scopes() ->
+    [ {Scope, string:join([atom_to_list(Cmd) || Cmd <- Cmds], ",")}   || {Scope, Cmds} <- dict:to_list(get_cmd_scopes())].
+
+
+
+
 start_link() ->
     gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
 
@@ -91,15 +182,8 @@ handle_cast(_Msg, State) -> {noreply, State}.
 handle_info(clean, State) ->
     {MegaSecs, Secs, MiniSecs} = os:timestamp(),
     TS = 1000000 * MegaSecs + Secs,
-    F = fun() ->
-		Ts = mnesia:select(
-		       oauth_token,
-		       [{#oauth_token{expire = '$1', _ = '_'},
-			 [{'<', '$1', TS}],
-			 ['$_']}]),
-		lists:foreach(fun mnesia:delete_object/1, Ts)
-        end,
-    mnesia:async_dirty(F),
+    DBMod = get_db_backend(),
+    DBMod:clean(TS),
     erlang:send_after(trunc(expire() * 1000 * (1 + MiniSecs / 1000000)),
                       self(), clean),
     {noreply, State};
@@ -110,35 +194,30 @@ terminate(_Reason, _State) -> ok.
 code_change(_OldVsn, State, _Extra) -> {ok, State}.
 
 
-init_db(mnesia, _Host) ->
-    mnesia:create_table(oauth_token,
-                        [{disc_copies, [node()]},
-                         {attributes,
-                          record_info(fields, oauth_token)}]),
-    mnesia:add_table_copy(oauth_token, node(), disc_copies);
-init_db(_, _) ->
-    ok.
-
-
 get_client_identity(Client, Ctx) -> {ok, {Ctx, {client, Client}}}.
 
 verify_redirection_uri(_, _, Ctx) -> {ok, Ctx}.
 
-authenticate_user({User, Server}, {password, Password} = Ctx) ->
+authenticate_user({User, Server}, Ctx) ->
     case jid:make(User, Server, <<"">>) of
         #jid{} = JID ->
             Access =
                 ejabberd_config:get_option(
                   {oauth_access, JID#jid.lserver},
-                  fun(A) when is_atom(A) -> A end,
+		  fun(A) -> A end,
                   none),
             case acl:match_rule(JID#jid.lserver, Access, JID) of
                 allow ->
-                    case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
-                        true ->
-                            {ok, {Ctx, {user, User, Server}}};
-                        false ->
-                            {error, badpass}
+                    case Ctx of
+                        {password, Password} ->
+                            case ejabberd_auth:check_password(User, <<"">>, Server, Password) of
+                                true ->
+                                    {ok, {Ctx, {user, User, Server}}};
+                                false ->
+                                    {error, badpass}
+                            end;
+                        admin_generated ->
+                            {ok, {Ctx, {user, User, Server}}}
                     end;
                 deny ->
                     {error, badpass}
@@ -150,8 +229,8 @@ authenticate_user({User, Server}, {password, Password} = Ctx) ->
 authenticate_client(Client, Ctx) -> {ok, {Ctx, {client, Client}}}.
 
 verify_resowner_scope({user, _User, _Server}, Scope, Ctx) ->
-    Cmds = ejabberd_commands:get_commands(),
-    Cmds1 = [sasl_auth | Cmds],
+    Cmds = ejabberd_commands:get_exposed_commands(),
+    Cmds1 = ['ejabberd:user', 'ejabberd:admin', sasl_auth | Cmds],
     RegisteredScope = [atom_to_binary(C, utf8) || C <- Cmds1],
     case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
                                    oauth2_priv_set:new(RegisteredScope)) of
@@ -164,64 +243,133 @@ verify_resowner_scope(_, _, _) ->
     {error, badscope}.
 
 
+get_cmd_scopes() ->
+    ScopeMap = lists:foldl(fun(Cmd, Accum) ->
+                        case ejabberd_commands:get_command_policy_and_scope(Cmd) of
+                            {ok, Policy, Scopes} when Policy =/= restricted ->
+                                lists:foldl(fun(Scope, Accum2) ->
+                                                    dict:append(Scope, Cmd, Accum2)
+                                            end, Accum, Scopes);
+                            _ -> Accum
+                        end end, dict:new(), ejabberd_commands:get_exposed_commands()),
+    ScopeMap.
+
+%% This is callback for oauth tokens generated through the command line.  Only open and admin commands are
+%% made available.
+%verify_client_scope({client, ejabberd_ctl}, Scope, Ctx) ->
+%    RegisteredScope = dict:fetch_keys(get_cmd_scopes()),
+%    case oauth2_priv_set:is_subset(oauth2_priv_set:new(Scope),
+%                                   oauth2_priv_set:new(RegisteredScope)) of
+%        true ->
+%            {ok, {Ctx, Scope}};
+%        false ->
+%            {error, badscope}
+%    end.
+
+
+
+
+-spec seconds_since_epoch(integer()) -> non_neg_integer().
+seconds_since_epoch(Diff) ->
+    {Mega, Secs, _} = os:timestamp(),
+    Mega * 1000000 + Secs + Diff.
+
+
 associate_access_code(_AccessCode, _Context, AppContext) ->
     %put(?ACCESS_CODE_TABLE, AccessCode, Context),
     {ok, AppContext}.
 
 associate_access_token(AccessToken, Context, AppContext) ->
-    {user, User, Server} =
-        proplists:get_value(<<"resource_owner">>, Context, <<"">>),
+    {user, User, Server} = proplists:get_value(<<"resource_owner">>, Context, <<"">>),
+    Expire = case proplists:get_value(expiry_time, AppContext, undefined) of
+        undefined ->
+            proplists:get_value(<<"expiry_time">>, Context, 0);
+        ExpiresIn ->
+            %% There is no clean way in oauth2 lib to actually override the TTL of the generated token.
+            %% It always pass the global configured value.  Here we use the app context to pass the per-case
+            %% ttl if we want to override it.
+            seconds_since_epoch(ExpiresIn)
+    end,
+    {user, User, Server} = proplists:get_value(<<"resource_owner">>, Context, <<"">>),
     Scope = proplists:get_value(<<"scope">>, Context, []),
-    Expire = proplists:get_value(<<"expiry_time">>, Context, 0),
-    LUser = jid:nodeprep(User),
-    LServer = jid:nameprep(Server),
     R = #oauth_token{
       token = AccessToken,
-      us = {LUser, LServer},
+      us = {jid:nodeprep(User), jid:nodeprep(Server)},
       scope = Scope,
       expire = Expire
      },
-    mnesia:dirty_write(R),
+    store(R),
     {ok, AppContext}.
 
 associate_refresh_token(_RefreshToken, _Context, AppContext) ->
     %put(?REFRESH_TOKEN_TABLE, RefreshToken, Context),
     {ok, AppContext}.
 
-
-check_token(User, Server, Scope, Token) ->
+check_token(User, Server, ScopeList, Token) ->
     LUser = jid:nodeprep(User),
     LServer = jid:nameprep(Server),
-    case catch mnesia:dirty_read(oauth_token, Token) of
-        [#oauth_token{us = {LUser, LServer},
-                      scope = TokenScope,
-                      expire = Expire}] ->
+    case lookup(Token) of
+        {ok, #oauth_token{us = {LUser, LServer},
+                          scope = TokenScope,
+                          expire = Expire}} ->
             {MegaSecs, Secs, _} = os:timestamp(),
             TS = 1000000 * MegaSecs + Secs,
-            oauth2_priv_set:is_member(
-              Scope, oauth2_priv_set:new(TokenScope)) andalso
-                Expire > TS;
-        _ ->
-            false
-    end.
-
-check_token(Scope, Token) ->
-    case catch mnesia:dirty_read(oauth_token, Token) of
-        [#oauth_token{us = {LUser, LServer},
-                      scope = TokenScope,
-                      expire = Expire}] ->
-            {MegaSecs, Secs, _} = os:timestamp(),
-            TS = 1000000 * MegaSecs + Secs,
-            case oauth2_priv_set:is_member(
-                   Scope, oauth2_priv_set:new(TokenScope)) andalso
-                Expire > TS of
-                true -> {ok, LUser, LServer};
-                false -> false
+            if
+                Expire > TS ->
+                    TokenScopeSet = oauth2_priv_set:new(TokenScope),
+                    lists:any(fun(Scope) ->
+                                      oauth2_priv_set:is_member(Scope, TokenScopeSet) end,
+                              ScopeList);
+                true ->
+                    {false, expired}
             end;
         _ ->
-            false
+            {false, not_found}
     end.
 
+check_token(ScopeList, Token) ->
+    case lookup(Token) of
+        {ok, #oauth_token{us = US,
+                          scope = TokenScope,
+                          expire = Expire}} ->
+            {MegaSecs, Secs, _} = os:timestamp(),
+            TS = 1000000 * MegaSecs + Secs,
+            if
+                Expire > TS ->
+                    TokenScopeSet = oauth2_priv_set:new(TokenScope),
+                    case lists:any(fun(Scope) ->
+                                           oauth2_priv_set:is_member(Scope, TokenScopeSet) end,
+                                   ScopeList) of
+                        true -> {ok, user, US};
+                        false -> {false, no_matching_scope}
+                    end;
+                true ->
+                    {false, expired}
+            end;
+        _ ->
+            {false, not_found}
+    end.
+
+
+store(R) ->
+    cache_tab:insert(
+      oauth_token, R#oauth_token.token, R,
+      fun() ->
+              DBMod = get_db_backend(),
+              DBMod:store(R)
+      end).
+
+lookup(Token) ->
+    cache_tab:lookup(
+      oauth_token, Token,
+      fun() ->
+              DBMod = get_db_backend(),
+              case DBMod:lookup(Token) of
+                  #oauth_token{} = R -> {ok, R};
+                  _ -> error
+              end
+      end).
+
 
 expire() ->
     ejabberd_config:get_option(
@@ -250,12 +398,9 @@ process(_Handlers,
         ?XAE(<<"form">>,
              [{<<"action">>, <<"authorization_token">>},
               {<<"method">>, <<"post">>}],
-             [?LABEL(<<"username">>, [?CT(<<"User">>), ?C(<<": ">>)]),
+             [?LABEL(<<"username">>, [?CT(<<"User (jid)">>), ?C(<<": ">>)]),
               ?INPUTID(<<"text">>, <<"username">>, <<"">>),
               ?BR,
-              ?LABEL(<<"server">>, [?CT(<<"Server">>), ?C(<<": ">>)]),
-              ?INPUTID(<<"text">>, <<"server">>, <<"">>),
-              ?BR,
               ?LABEL(<<"password">>, [?CT(<<"Password">>), ?C(<<": ">>)]),
               ?INPUTID(<<"password">>, <<"password">>, <<"">>),
               ?INPUT(<<"hidden">>, <<"response_type">>, ResponseType),
@@ -264,6 +409,15 @@ process(_Handlers,
               ?INPUT(<<"hidden">>, <<"scope">>, Scope),
               ?INPUT(<<"hidden">>, <<"state">>, State),
               ?BR,
+              ?LABEL(<<"ttl">>, [?CT(<<"Token TTL">>), ?CT(<<": ">>)]),
+              ?XAE(<<"select">>, [{<<"name">>, <<"ttl">>}],
+                   [
+                   ?XAC(<<"option">>, [{<<"value">>, <<"3600">>}],<<"1 Hour">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"86400">>}],<<"1 Day">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"2592000">>}],<<"1 Month">>),
+                   ?XAC(<<"option">>, [{<<"selected">>, <<"selected">>},{<<"value">>, <<"31536000">>}],<<"1 Year">>),
+                   ?XAC(<<"option">>, [{<<"value">>, <<"315360000">>}],<<"10 Years">>)]),
+              ?BR,
               ?INPUTT(<<"submit">>, <<"">>, <<"Accept">>)
              ]),
     Top =
@@ -307,11 +461,16 @@ process(_Handlers,
     ClientId = proplists:get_value(<<"client_id">>, Q, <<"">>),
     RedirectURI = proplists:get_value(<<"redirect_uri">>, Q, <<"">>),
     SScope = proplists:get_value(<<"scope">>, Q, <<"">>),
-    Username = proplists:get_value(<<"username">>, Q, <<"">>),
-    Server = proplists:get_value(<<"server">>, Q, <<"">>),
+    StringJID = proplists:get_value(<<"username">>, Q, <<"">>),
+    #jid{user = Username, server = Server} = jid:from_string(StringJID),
     Password = proplists:get_value(<<"password">>, Q, <<"">>),
     State = proplists:get_value(<<"state">>, Q, <<"">>),
     Scope = str:tokens(SScope, <<" ">>),
+    TTL = proplists:get_value(<<"ttl">>, Q, <<"">>),
+    ExpiresIn = case TTL of
+                    <<>> -> undefined;
+                    _ -> jlib:binary_to_integer(TTL)
+                end,
     case oauth2:authorize_password({Username, Server},
                                    ClientId,
                                    RedirectURI,
@@ -319,10 +478,18 @@ process(_Handlers,
                                    {password, Password}) of
         {ok, {_AppContext, Authorization}} ->
             {ok, {_AppContext2, Response}} =
-                oauth2:issue_token(Authorization, none),
+                oauth2:issue_token(Authorization, [{expiry_time, ExpiresIn} || ExpiresIn /= undefined ]),
             {ok, AccessToken} = oauth2_response:access_token(Response),
             {ok, Type} = oauth2_response:token_type(Response),
-            {ok, Expires} = oauth2_response:expires_in(Response),
+            %%Ugly: workardound to return the correct expirity time, given than oauth2 lib doesn't really have
+            %%per-case expirity time.
+            Expires = case ExpiresIn of
+                          undefined ->
+                             {ok, Ex} = oauth2_response:expires_in(Response),
+                             Ex;
+                          _ ->
+                            ExpiresIn
+                      end,
             {ok, VerifiedScope} = oauth2_response:scope(Response),
             %oauth2_wrq:redirected_access_token_response(ReqData,
             %                                            RedirectURI,
@@ -351,11 +518,82 @@ process(_Handlers,
                    }],
              ejabberd_web:make_xhtml([?XC(<<"h1">>, <<"302 Found">>)])}
     end;
+process(_Handlers,
+	#request{method = 'POST', q = Q, lang = _Lang,
+		 path = [_, <<"token">>]}) ->
+    case proplists:get_value(<<"grant_type">>, Q, <<"">>) of
+      <<"password">> ->
+        SScope = proplists:get_value(<<"scope">>, Q, <<"">>),
+        StringJID = proplists:get_value(<<"username">>, Q, <<"">>),
+        #jid{user = Username, server = Server} = jid:from_string(StringJID),
+        Password = proplists:get_value(<<"password">>, Q, <<"">>),
+        Scope = str:tokens(SScope, <<" ">>),
+        TTL = proplists:get_value(<<"ttl">>, Q, <<"">>),
+        ExpiresIn = case TTL of
+                        <<>> -> undefined;
+                        _ -> jlib:binary_to_integer(TTL)
+                    end,
+        case oauth2:authorize_password({Username, Server},
+                                       Scope,
+                                       {password, Password}) of
+            {ok, {_AppContext, Authorization}} ->
+                {ok, {_AppContext2, Response}} =
+                    oauth2:issue_token(Authorization, [{expiry_time, ExpiresIn} || ExpiresIn /= undefined ]),
+                {ok, AccessToken} = oauth2_response:access_token(Response),
+                {ok, Type} = oauth2_response:token_type(Response),
+                %%Ugly: workardound to return the correct expirity time, given than oauth2 lib doesn't really have
+                %%per-case expirity time.
+                Expires = case ExpiresIn of
+                              undefined ->
+                                 {ok, Ex} = oauth2_response:expires_in(Response),
+                                 Ex;
+                              _ ->
+                                ExpiresIn
+                          end,
+                {ok, VerifiedScope} = oauth2_response:scope(Response),
+                json_response(200, {[
+                   {<<"access_token">>, AccessToken},
+                   {<<"token_type">>, Type},
+                   {<<"scope">>, str:join(VerifiedScope, <<" ">>)},
+                   {<<"expires_in">>, Expires}]});
+            {error, Error} when is_atom(Error) ->
+                json_error(400, <<"invalid_grant">>, Error)
+        end;
+        _OtherGrantType ->
+            json_error(400, <<"unsupported_grant_type">>, unsupported_grant_type)
+  end;
+
 process(_Handlers, _Request) ->
     ejabberd_web:error(not_found).
 
+-spec get_db_backend() -> module().
+
+get_db_backend() ->
+    DBType = ejabberd_config:get_option(
+               oauth_db_type,
+               fun(T) -> ejabberd_config:v_db(?MODULE, T) end,
+               mnesia),
+    list_to_atom("ejabberd_oauth_" ++ atom_to_list(DBType)).
 
 
+%% Headers as per RFC 6749
+json_response(Code, Body) ->
+    {Code, [{<<"Content-Type">>, <<"application/json;charset=UTF-8">>},
+           {<<"Cache-Control">>, <<"no-store">>},
+           {<<"Pragma">>, <<"no-cache">>}],
+     jiffy:encode(Body)}.
+
+%% OAauth error are defined in:
+%% https://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-5.2
+json_error(Code, Error, Reason) ->
+    Desc = json_error_desc(Reason),
+    Body = {[{<<"error">>, Error},
+             {<<"error_description">>, Desc}]},
+    json_response(Code, Body).
+
+json_error_desc(access_denied)          -> <<"Access denied">>;
+json_error_desc(unsupported_grant_type) -> <<"Unsupported grant type">>;
+json_error_desc(invalid_scope)          -> <<"Invalid scope">>.
 
 web_head() ->
     [?XA(<<"meta">>, [{<<"http-equiv">>, <<"X-UA-Compatible">>},
@@ -469,7 +707,7 @@ css() ->
             text-decoration: underline;
           }
 
-      .container > .section { 
+      .container > .section {
           background: #424A55;
       }
 
@@ -486,5 +724,11 @@ logo() ->
 opt_type(oauth_expire) ->
     fun(I) when is_integer(I), I >= 0 -> I end;
 opt_type(oauth_access) ->
-    fun(A) when is_atom(A) -> A end;
-opt_type(_) -> [oauth_expire, oauth_access].
+    fun acl:access_rules_validator/1;
+opt_type(oauth_db_type) ->
+    fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
+opt_type(oauth_cache_life_time) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(oauth_cache_size) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(_) -> [oauth_expire, oauth_access, oauth_db_type].

src/ejabberd_oauth_mnesia.erl

@@ -0,0 +1,65 @@
+%%%-------------------------------------------------------------------
+%%% File    : ejabberd_oauth_mnesia.erl
+%%% Author  : Alexey Shchepin <alexey@process-one.net>
+%%% Purpose : OAUTH2 mnesia backend
+%%% Created : 20 Jul 2016 by Alexey Shchepin <alexey@process-one.net>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License
+%%% along with this program; if not, write to the Free Software
+%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+%%% 02111-1307 USA
+%%%
+%%%-------------------------------------------------------------------
+
+-module(ejabberd_oauth_mnesia).
+
+-export([init/0,
+         store/1,
+         lookup/1,
+         clean/1]).
+
+-include("ejabberd_oauth.hrl").
+
+init() ->
+    mnesia:create_table(oauth_token,
+                        [{disc_copies, [node()]},
+                         {attributes,
+                          record_info(fields, oauth_token)}]),
+    mnesia:add_table_copy(oauth_token, node(), disc_copies),
+    ok.
+
+store(R) ->
+    mnesia:dirty_write(R).
+
+lookup(Token) ->
+    case catch mnesia:dirty_read(oauth_token, Token) of
+        [R] ->
+            R;
+        _ ->
+            false
+    end.
+
+clean(TS) ->
+    F = fun() ->
+		Ts = mnesia:select(
+		       oauth_token,
+		       [{#oauth_token{expire = '$1', _ = '_'},
+			 [{'<', '$1', TS}],
+			 ['$_']}]),
+		lists:foreach(fun mnesia:delete_object/1, Ts)
+        end,
+    mnesia:async_dirty(F).
+

src/ejabberd_oauth_sql.erl

@@ -0,0 +1,78 @@
+%%%-------------------------------------------------------------------
+%%% File    : ejabberd_oauth_sql.erl
+%%% Author  : Alexey Shchepin <alexey@process-one.net>
+%%% Purpose : OAUTH2 SQL backend
+%%% Created : 27 Jul 2016 by Alexey Shchepin <alexey@process-one.net>
+%%%
+%%%
+%%% ejabberd, Copyright (C) 2002-2016   ProcessOne
+%%%
+%%% This program is free software; you can redistribute it and/or
+%%% modify it under the terms of the GNU General Public License as
+%%% published by the Free Software Foundation; either version 2 of the
+%%% License, or (at your option) any later version.
+%%%
+%%% This program is distributed in the hope that it will be useful,
+%%% but WITHOUT ANY WARRANTY; without even the implied warranty of
+%%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%%% General Public License for more details.
+%%%
+%%% You should have received a copy of the GNU General Public License
+%%% along with this program; if not, write to the Free Software
+%%% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+%%% 02111-1307 USA
+%%%
+%%%-------------------------------------------------------------------
+
+-module(ejabberd_oauth_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
+
+-export([init/0,
+         store/1,
+         lookup/1,
+         clean/1]).
+
+-include("ejabberd_oauth.hrl").
+-include("ejabberd.hrl").
+-include("ejabberd_sql_pt.hrl").
+-include("jlib.hrl").
+
+init() ->
+    ok.
+
+store(R) ->
+    Token = R#oauth_token.token,
+    {User, Server} = R#oauth_token.us,
+    SJID = jid:to_string({User, Server, <<"">>}),
+    Scope = str:join(R#oauth_token.scope, <<" ">>),
+    Expire = R#oauth_token.expire,
+    ?SQL_UPSERT(
+       ?MYNAME,
+       "oauth_token",
+       ["!token=%(Token)s",
+        "jid=%(SJID)s",
+        "scope=%(Scope)s",
+        "expire=%(Expire)d"]).
+
+lookup(Token) ->
+    case ejabberd_sql:sql_query(
+           ?MYNAME,
+           ?SQL("select @(jid)s, @(scope)s, @(expire)d"
+                " from oauth_token where token=%(Token)s")) of
+        {selected, [{SJID, Scope, Expire}]} ->
+            JID = jid:from_string(SJID),
+            US = {JID#jid.luser, JID#jid.lserver},
+            #oauth_token{token = Token,
+                         us = US,
+                         scope = str:tokens(Scope, <<" ">>),
+                         expire = Expire};
+        _ ->
+            false
+    end.
+
+clean(TS) ->
+    ejabberd_sql:sql_query(
+      ?MYNAME,
+      ?SQL("delete from oauth_token where expire < %(TS)d")).
+

src/ejabberd_piefxis.erl

@@ -28,8 +28,8 @@
 
 %%% Not implemented:
 %%% - write mod_piefxis with ejabberdctl commands
-%%% - Export from mod_offline_odbc.erl
-%%% - Export from mod_private_odbc.erl
+%%% - Export from mod_offline_sql.erl
+%%% - Export from mod_private_sql.erl
 %%% - XEP-227: 6. Security Considerations
 %%% - Other schemas of XInclude are not tested, and may not be imported correctly.
 %%% - If a host has many users, split that host in XML files with 50 users each.

src/ejabberd_rdbms.erl

@@ -35,10 +35,10 @@
 -include("logger.hrl").
 
 start() ->
-    file:delete(ejabberd_odbc:freetds_config()),
-    file:delete(ejabberd_odbc:odbc_config()),
-    file:delete(ejabberd_odbc:odbcinst_config()),
-    case lists:any(fun(H) -> needs_odbc(H) /= false end,
+    file:delete(ejabberd_sql:freetds_config()),
+    file:delete(ejabberd_sql:odbc_config()),
+    file:delete(ejabberd_sql:odbcinst_config()),
+    case lists:any(fun(H) -> needs_sql(H) /= false end,
                    ?MYHOSTS) of
         true ->
             start_hosts();
@@ -49,34 +49,34 @@ start() ->
 %% Start relationnal DB module on the nodes where it is needed
 start_hosts() ->
     lists:foreach(fun (Host) ->
-			  case needs_odbc(Host) of
-			    {true, App} -> start_odbc(Host, App);
+			  case needs_sql(Host) of
+			    {true, App} -> start_sql(Host, App);
 			    false -> ok
 			  end
 		  end,
 		  ?MYHOSTS).
 
-%% Start the ODBC module on the given host
-start_odbc(Host, App) ->
+%% Start the SQL module on the given host
+start_sql(Host, App) ->
     ejabberd:start_app(App),
     Supervisor_name = gen_mod:get_module_proc(Host,
-					      ejabberd_odbc_sup),
+					      ejabberd_sql_sup),
     ChildSpec = {Supervisor_name,
-		 {ejabberd_odbc_sup, start_link, [Host]}, transient,
-		 infinity, supervisor, [ejabberd_odbc_sup]},
+		 {ejabberd_sql_sup, start_link, [Host]}, transient,
+		 infinity, supervisor, [ejabberd_sql_sup]},
     case supervisor:start_child(ejabberd_sup, ChildSpec) of
       {ok, _PID} -> ok;
       _Error ->
 	  ?ERROR_MSG("Start of supervisor ~p failed:~n~p~nRetrying."
 		     "..~n",
 		     [Supervisor_name, _Error]),
-	  start_odbc(Host, App)
+	  start_sql(Host, App)
     end.
 
-%% Returns {true, App} if we have configured odbc for the given host
-needs_odbc(Host) ->
+%% Returns {true, App} if we have configured sql for the given host
+needs_sql(Host) ->
     LHost = jid:nameprep(Host),
-    case ejabberd_config:get_option({odbc_type, LHost},
+    case ejabberd_config:get_option({sql_type, LHost},
                                     fun(mysql) -> mysql;
                                        (pgsql) -> pgsql;
                                        (sqlite) -> sqlite;
@@ -91,11 +91,11 @@ needs_odbc(Host) ->
         undefined -> false
     end.
 
-opt_type(odbc_type) ->
+opt_type(sql_type) ->
     fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
 	(mssql) -> mssql;
 	(odbc) -> odbc
     end;
-opt_type(_) -> [odbc_type].
+opt_type(_) -> [sql_type].

src/ejabberd_redis.erl

@@ -0,0 +1,179 @@
+%%%-------------------------------------------------------------------
+%%% @author Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%% @copyright (C) 2016, Evgeny Khramtsov
+%%% @doc
+%%%
+%%% @end
+%%% Created :  8 May 2016 by Evgeny Khramtsov <ekhramtsov@process-one.net>
+%%%-------------------------------------------------------------------
+-module(ejabberd_redis).
+
+-behaviour(gen_server).
+-behaviour(ejabberd_config).
+
+%% API
+-export([start/0, start_link/0, q/1, qp/1, opt_type/1]).
+
+%% gen_server callbacks
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2,
+	 terminate/2, code_change/3]).
+
+-define(SERVER, ?MODULE).
+-define(PROCNAME, 'ejabberd_redis_client').
+
+-include("logger.hrl").
+-include("ejabberd.hrl").
+
+-record(state, {}).
+
+%%%===================================================================
+%%% API
+%%%===================================================================
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+start() ->
+    case lists:any(
+	   fun(Host) ->
+		   is_redis_configured(Host)
+	   end, ?MYHOSTS) of
+	true ->
+	    Spec = {?MODULE, {?MODULE, start_link, []},
+		    permanent, 2000, worker, [?MODULE]},
+	    supervisor:start_child(ejabberd_sup, Spec);
+	false ->
+	    ok
+    end.
+
+q(Command) ->
+    try eredis:q(?PROCNAME, Command)
+    catch _:Reason -> {error, Reason}
+    end.
+
+qp(Pipeline) ->
+    try eredis:qp(?PROCNAME, Pipeline)
+    catch _:Reason -> {error, Reason}
+    end.
+
+%%%===================================================================
+%%% gen_server callbacks
+%%%===================================================================
+init([]) ->
+    process_flag(trap_exit, true),
+    connect(),
+    {ok, #state{}}.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(connect, State) ->
+    connect(),
+    {noreply, State};
+handle_info({'DOWN', _MRef, _Type, _Pid, Reason}, State) ->
+    ?INFO_MSG("Redis connection has failed: ~p", [Reason]),
+    connect(),
+    {noreply, State};
+handle_info({'EXIT', _, _}, State) ->
+    {noreply, State};
+handle_info(Info, State) ->
+    ?INFO_MSG("unexpected info = ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+is_redis_configured(Host) ->
+    ServerConfigured = ejabberd_config:has_option({redis_server, Host}),
+    PortConfigured = ejabberd_config:has_option({redis_port, Host}),
+    DBConfigured = ejabberd_config:has_option({redis_db, Host}),
+    PassConfigured = ejabberd_config:has_option({redis_password, Host}),
+    ReconnTimeoutConfigured = ejabberd_config:has_option(
+				{redis_reconnect_timeout, Host}),
+    ConnTimeoutConfigured = ejabberd_config:has_option(
+			      {redis_connect_timeout, Host}),
+    Modules = ejabberd_config:get_option(
+		{modules, Host},
+		fun(L) when is_list(L) -> L end, []),
+    SMConfigured = ejabberd_config:get_option(
+		     {sm_db_type, Host},
+		     fun(V) -> V end) == redis,
+    ModuleWithRedisDBConfigured =
+	lists:any(
+	  fun({Module, Opts}) ->
+		  gen_mod:db_type(Host, Opts, Module) == redis
+	  end, Modules),
+    ServerConfigured or PortConfigured or DBConfigured or PassConfigured or
+	ReconnTimeoutConfigured or ConnTimeoutConfigured or
+	SMConfigured or ModuleWithRedisDBConfigured.
+
+iolist_to_list(IOList) ->
+    binary_to_list(iolist_to_binary(IOList)).
+
+connect() ->
+    Server = ejabberd_config:get_option(redis_server,
+					fun iolist_to_list/1,
+					"localhost"),
+    Port = ejabberd_config:get_option(redis_port,
+				      fun(P) when is_integer(P),
+						  P>0, P<65536 ->
+					      P
+				      end, 6379),
+    DB = ejabberd_config:get_option(redis_db,
+				    fun(I) when is_integer(I), I >= 0 ->
+					    I
+				    end, 0),
+    Pass = ejabberd_config:get_option(redis_password,
+				      fun iolist_to_list/1,
+				      ""),
+    ReconnTimeout = timer:seconds(
+		      ejabberd_config:get_option(
+			redis_reconnect_timeout,
+			fun(I) when is_integer(I), I>0 -> I end,
+			1)),
+    ConnTimeout = timer:seconds(
+		    ejabberd_config:get_option(
+		      redis_connect_timeout,
+		      fun(I) when is_integer(I), I>0 -> I end,
+		      1)),
+    try case eredis:start_link(Server, Port, DB, Pass,
+			       ReconnTimeout, ConnTimeout) of
+	    {ok, Client} ->
+		?INFO_MSG("Connected to Redis at ~s:~p", [Server, Port]),
+		unlink(Client),
+		erlang:monitor(process, Client),
+		register(?PROCNAME, Client),
+		{ok, Client};
+	    {error, Why} ->
+		erlang:error(Why)
+	end
+    catch _:Reason ->
+	    Timeout = 10,
+	    ?ERROR_MSG("Redis connection at ~s:~p has failed: ~p; "
+		       "reconnecting in ~p seconds",
+		       [Server, Port, Reason, Timeout]),
+	    erlang:send_after(timer:seconds(Timeout), self(), connect)
+    end.
+
+opt_type(redis_connect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_db) ->
+    fun (I) when is_integer(I), I >= 0 -> I end;
+opt_type(redis_password) -> fun iolist_to_list/1;
+opt_type(redis_port) ->
+    fun (P) when is_integer(P), P > 0, P < 65536 -> P end;
+opt_type(redis_reconnect_timeout) ->
+    fun (I) when is_integer(I), I > 0 -> I end;
+opt_type(redis_server) -> fun iolist_to_list/1;
+opt_type(_) ->
+    [redis_connect_timeout, redis_db, redis_password,
+     redis_port, redis_reconnect_timeout, redis_server].

src/ejabberd_riak_sup.erl

@@ -70,8 +70,8 @@ is_riak_configured(Host) ->
 		{modules, Host},
 		fun(L) when is_list(L) -> L end, []),
     ModuleWithRiakDBConfigured = lists:any(
-				   fun({_Module, Opts}) ->
-					   gen_mod:db_type(Host, Opts) == riak
+				   fun({Module, Opts}) ->
+					   gen_mod:db_type(Host, Opts, Module) == riak
 				   end, Modules),
     ServerConfigured or PortConfigured
 	or AuthConfigured or ModuleWithRiakDBConfigured.

src/ejabberd_s2s.erl

@@ -312,8 +312,10 @@ do_route(From, To, Packet) ->
 	    <<"error">> -> ok;
 	    <<"result">> -> ok;
 	    _ ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_SERVICE_UNAVAILABLE),
+		Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+		Txt = <<"No s2s connection found">>,
+		Err = jlib:make_error_reply(
+			Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end,
 	  false
@@ -471,28 +473,34 @@ send_element(Pid, El) ->
 %%% ejabberd commands
 
 get_commands_spec() ->
-    [#ejabberd_commands{name = incoming_s2s_number,
-			tags = [stats, s2s],
-			desc =
-			    "Number of incoming s2s connections on "
-			    "the node",
-                        policy = admin,
-			module = ?MODULE, function = incoming_s2s_number,
-			args = [], result = {s2s_incoming, integer}},
-     #ejabberd_commands{name = outgoing_s2s_number,
-			tags = [stats, s2s],
-			desc =
-			    "Number of outgoing s2s connections on "
-			    "the node",
-                        policy = admin,
-			module = ?MODULE, function = outgoing_s2s_number,
-			args = [], result = {s2s_outgoing, integer}}].
+    [#ejabberd_commands{
+        name = incoming_s2s_number,
+        tags = [stats, s2s],
+        desc = "Number of incoming s2s connections on the node",
+        policy = admin,
+        module = ?MODULE, function = incoming_s2s_number,
+        args = [], result = {s2s_incoming, integer}},
+     #ejabberd_commands{
+        name = outgoing_s2s_number,
+        tags = [stats, s2s],
+        desc = "Number of outgoing s2s connections on the node",
+        policy = admin,
+        module = ?MODULE, function = outgoing_s2s_number,
+        args = [], result = {s2s_outgoing, integer}}].
 
+%% TODO Move those stats commands to ejabberd stats command ?
 incoming_s2s_number() ->
-    length(supervisor:which_children(ejabberd_s2s_in_sup)).
+    supervisor_count(ejabberd_s2s_in_sup).
 
 outgoing_s2s_number() ->
-    length(supervisor:which_children(ejabberd_s2s_out_sup)).
+    supervisor_count(ejabberd_s2s_out_sup).
+
+supervisor_count(Supervisor) ->
+    case catch supervisor:which_children(Supervisor) of
+        {'EXIT', _} -> 0;
+        Result ->
+            length(Result)
+    end.
 
 %%%----------------------------------------------------------------------
 %%% Update Mnesia tables
@@ -537,7 +545,7 @@ allow_host2(MyServer, S2SHost) ->
 allow_host1(MyHost, S2SHost) ->
     Rule = ejabberd_config:get_option(
              s2s_access,
-             fun(A) when is_atom(A) -> A end,
+             fun(A) -> A end,
              all),
     JID = jid:make(<<"">>, S2SHost, <<"">>),
     case acl:match_rule(MyHost, Rule, JID) of
@@ -736,5 +744,5 @@ opt_type(route_subdomains) ->
 	(local) -> local
     end;
 opt_type(s2s_access) ->
-    fun (A) when is_atom(A) -> A end;
+    fun acl:access_rules_validator/1;
 opt_type(_) -> [route_subdomains, s2s_access].

src/ejabberd_s2s_in.erl

@@ -325,7 +325,7 @@ wait_for_feature_request({xmlstreamelement, El},
                            {s2s_tls_compression, StateData#state.server},
                            fun(true) -> true;
                               (false) -> false
-                           end, true) of
+                           end, false) of
                         true -> lists:delete(compression_none, TLSOpts1);
                         false -> [compression_none | TLSOpts1]
                     end,

src/ejabberd_s2s_out.erl

@@ -192,7 +192,7 @@ init([From, Server, Type]) ->
                      {s2s_tls_compression, From},
                      fun(true) -> true;
                         (false) -> false
-                     end, true) of
+                     end, false) of
                   false -> [compression_none | TLSOpts4];
                   true -> TLSOpts4
               end,

src/ejabberd_service.erl

@@ -36,7 +36,7 @@
 -behaviour(?GEN_FSM).
 
 %% External exports
--export([start/2, start_link/2, send_text/2,
+-export([start/0, start/2, start_link/2, send_text/2,
 	 send_element/2, socket_type/0, transform_listen_option/2]).
 
 -export([init/1, wait_for_stream/2,
@@ -44,19 +44,10 @@
 	 handle_event/3, handle_sync_event/4, code_change/4,
 	 handle_info/3, terminate/3, print_state/1, opt_type/1]).
 
--include("ejabberd.hrl").
--include("logger.hrl").
+-include("ejabberd_service.hrl").
+-include("mod_privacy.hrl").
 
--include("jlib.hrl").
-
--record(state,
-	{socket                    :: ejabberd_socket:socket_state(),
-         sockmod = ejabberd_socket :: ejabberd_socket | ejabberd_frontend_socket,
-         streamid = <<"">>         :: binary(),
-         host_opts = dict:new()    :: ?TDICT,
-         host = <<"">>             :: binary(),
-         access                    :: atom(),
-	 check_from = true         :: boolean()}).
+-export([get_delegated_ns/1]).
 
 %-define(DBGFSM, true).
 
@@ -99,6 +90,15 @@
 %%%----------------------------------------------------------------------
 %%% API
 %%%----------------------------------------------------------------------
+
+%% for xep-0355
+%% table contans records like {namespace, fitering attributes, pid(),
+%% host, disco info for general case, bare jid disco info }
+
+start() ->
+  ets:new(delegated_namespaces, [named_table, public]),
+  ets:new(hooks_tmp, [named_table, public]).
+
 start(SockData, Opts) ->
     supervisor:start_child(ejabberd_service_sup,
 			   [SockData, Opts]).
@@ -109,6 +109,9 @@ start_link(SockData, Opts) ->
 
 socket_type() -> xml_stream.
 
+get_delegated_ns(FsmRef) ->
+    (?GEN_FSM):sync_send_all_state_event(FsmRef, {get_delegated_ns}).
+
 %%%----------------------------------------------------------------------
 %%% Callback functions from gen_fsm
 %%%----------------------------------------------------------------------
@@ -141,6 +144,21 @@ init([{SockMod, Socket}, Opts]) ->
 				p1_sha:sha(crypto:rand_bytes(20))),
 		       dict:from_list([{global, Pass}])
 	       end,
+    %% privilege access to entities data
+    PrivAccess = case lists:keysearch(privilege_access, 1, Opts) of
+		     {value, {_, PrivAcc}} -> PrivAcc;
+		     _ -> []
+		 end,
+    Delegations = case lists:keyfind(delegations, 1, Opts) of
+		      {delegations, Del} ->
+			  lists:foldl(
+			    fun({Ns, FiltAttr}, D) when Ns /= ?NS_DELEGATION ->
+				    Attr = proplists:get_value(filtering, FiltAttr, []),
+				    D ++ [{Ns, Attr}];
+			       (_Deleg, D) -> D
+			    end, [], Del);
+		      false -> []
+		  end,
     Shaper = case lists:keysearch(shaper_rule, 1, Opts) of
 	       {value, {_, S}} -> S;
 	       _ -> none
@@ -154,8 +172,9 @@ init([{SockMod, Socket}, Opts]) ->
     SockMod:change_shaper(Socket, Shaper),
     {ok, wait_for_stream,
      #state{socket = Socket, sockmod = SockMod,
-	    streamid = new_id(), host_opts = HostOpts,
-	    access = Access, check_from = CheckFrom}}.
+	    streamid = new_id(), host_opts = HostOpts, access = Access,
+	    check_from = CheckFrom, privilege_access = PrivAccess,
+	    delegations = Delegations}}.
 
 %%----------------------------------------------------------------------
 %% Func: StateName/2
@@ -224,9 +243,34 @@ wait_for_handshake({xmlstreamelement, El}, StateData) ->
 			    fun (H) ->
 				    ejabberd_router:register_route(H, ?MYNAME),
 				    ?INFO_MSG("Route registered for service ~p~n",
-					      [H])
+					      [H]),
+				    ejabberd_hooks:run(component_connected,
+			     		[H])
 			    end, dict:fetch_keys(StateData#state.host_opts)),
-			  {next_state, stream_established, StateData};
+
+			  mod_privilege:advertise_permissions(StateData),
+			  DelegatedNs = mod_delegation:advertise_delegations(StateData),
+
+			  RosterAccess = proplists:get_value(roster,
+							     StateData#state.privilege_access),
+
+			  case proplists:get_value(presence,
+						   StateData#state.privilege_access) of
+				<<"managed_entity">> ->
+				    mod_privilege:initial_presences(StateData),
+				    Fun = mod_privilege:process_presence(self()),
+				    add_hooks(user_send_packet, Fun);
+				<<"roster">> when (RosterAccess == <<"both">>) or
+						  (RosterAccess == <<"get">>) ->
+				    mod_privilege:initial_presences(StateData),
+				    Fun = mod_privilege:process_presence(self()),
+				    add_hooks(user_send_packet, Fun),
+				    Fun2 = mod_privilege:process_roster_presence(self()),
+				    add_hooks(s2s_receive_packet, Fun2);
+				_ -> ok
+			    end,
+			    {next_state, stream_established,
+			     StateData#state{delegations = DelegatedNs}};
 		      _ ->
 			  send_text(StateData, ?INVALID_HANDSHAKE_ERR),
 			  {stop, normal, StateData}
@@ -274,13 +318,16 @@ stream_established({xmlstreamelement, El}, StateData) ->
 	      <<"">> -> error;
 	      _ -> jid:from_string(To)
 	    end,
-    if ((Name == <<"iq">>) or (Name == <<"message">>) or
-	  (Name == <<"presence">>))
-	 and (ToJID /= error)
-	 and (FromJID /= error) ->
-	   ejabberd_router:route(FromJID, ToJID, NewEl);
+    if  (Name == <<"iq">>) and (ToJID /= error) and (FromJID /= error) ->
+	    mod_privilege:process_iq(StateData, FromJID, ToJID, NewEl);
+	(Name == <<"presence">>) and (ToJID /= error) and (FromJID /= error) ->
+	    ejabberd_router:route(FromJID, ToJID, NewEl);
+	(Name == <<"message">>) and (ToJID /= error) and (FromJID /= error) ->
+	    mod_privilege:process_message(StateData, FromJID, ToJID, NewEl);
        true ->
-	   Err = jlib:make_error_reply(NewEl, ?ERR_BAD_REQUEST),
+	   Lang = fxml:get_tag_attr_s(<<"xml:lang">>, El),
+	   Txt = <<"Incorrect stanza name or from/to JID">>,
+	   Err = jlib:make_error_reply(NewEl, ?ERRT_BAD_REQUEST(Lang, Txt)),
 	   send_element(StateData, Err),
 	   error
     end,
@@ -326,8 +373,11 @@ handle_event(_Event, StateName, StateData) ->
 %%          {stop, Reason, NewStateData}                          |
 %%          {stop, Reason, Reply, NewStateData}
 %%----------------------------------------------------------------------
-handle_sync_event(_Event, _From, StateName,
-		  StateData) ->
+handle_sync_event({get_delegated_ns}, _From, StateName, StateData) ->
+    Reply =  {StateData#state.host, StateData#state.delegations},
+    {reply, Reply, StateName, StateData};
+
+handle_sync_event(_Event, _From, StateName, StateData) ->
     Reply = ok, {reply, Reply, StateName, StateData}.
 
 code_change(_OldVsn, StateName, StateData, _Extra) ->
@@ -360,10 +410,42 @@ handle_info({route, From, To, Packet}, StateName,
 					      attrs = Attrs2, children = Els}),
 	  send_text(StateData, Text);
       deny ->
-	  Err = jlib:make_error_reply(Packet, ?ERR_NOT_ALLOWED),
+	  Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+	  Txt = <<"Denied by ACL">>,
+	  Err = jlib:make_error_reply(Packet, ?ERRT_NOT_ALLOWED(Lang, Txt)),
 	  ejabberd_router:route_error(To, From, Err, Packet)
     end,
     {next_state, StateName, StateData};
+
+handle_info({user_presence, Packet, From},
+	    stream_established, StateData) ->
+    To = jid:from_string(StateData#state.host),
+    PacketNew = jlib:replace_from_to(From, To, Packet),
+    send_element(StateData, PacketNew),
+    {next_state, stream_established, StateData};
+
+handle_info({roster_presence, Packet, From},
+	    stream_established, StateData) ->
+    %% check that current presence stanza is equivalent to last
+    PresenceNew = jlib:remove_attr(<<"to">>, Packet),
+    Dict = StateData#state.last_pres,
+    LastPresence =
+    try dict:fetch(From, Dict)
+    catch _:_ ->
+	      undefined
+    end,
+    case mod_privilege:compare_presences(LastPresence, PresenceNew) of
+	false ->
+	    #xmlel{attrs = Attrs} = PresenceNew,
+	    Presence = PresenceNew#xmlel{attrs = [{<<"to">>, StateData#state.host} | Attrs]},
+	    send_element(StateData, Presence),
+	    DictNew = dict:store(From, PresenceNew, Dict),
+	    StateDataNew = StateData#state{last_pres = DictNew},
+	    {next_state, stream_established, StateDataNew};
+	_ ->
+	    {next_state, stream_established, StateData}
+    end;
+
 handle_info(Info, StateName, StateData) ->
     ?ERROR_MSG("Unexpected info: ~p", [Info]),
     {next_state, StateName, StateData}.
@@ -378,9 +460,30 @@ terminate(Reason, StateName, StateData) ->
     case StateName of
       stream_established ->
 	  lists:foreach(fun (H) ->
-				ejabberd_router:unregister_route(H)
+				ejabberd_router:unregister_route(H),
+				ejabberd_hooks:run(component_disconnected,
+					[StateData#state.host, Reason])
 			end,
-			dict:fetch_keys(StateData#state.host_opts));
+			dict:fetch_keys(StateData#state.host_opts)),
+
+	  lists:foreach(fun({Ns, _FilterAttr}) ->
+				ets:delete(delegated_namespaces, Ns),
+				remove_iq_handlers(Ns)
+			end, StateData#state.delegations),
+
+	  RosterAccess = proplists:get_value(roster, StateData#state.privilege_access),
+	  case proplists:get_value(presence, StateData#state.privilege_access) of
+	      <<"managed_entity">> ->
+		  Fun = mod_privilege:process_presence(self()),
+		  remove_hooks(user_send_packet, Fun);
+	      <<"roster">> when (RosterAccess == <<"both">>) or
+				(RosterAccess == <<"get">>) ->
+		  Fun = mod_privilege:process_presence(self()),
+		  remove_hooks(user_send_packet, Fun),
+		  Fun2 = mod_privilege:process_roster_presence(self()),
+		  remove_hooks(s2s_receive_packet, Fun2);
+	      _ -> ok
+	  end;
       _ -> ok
     end,
     (StateData#state.sockmod):close(StateData#state.socket),
@@ -440,3 +543,19 @@ fsm_limit_opts(Opts) ->
 opt_type(max_fsm_queue) ->
     fun (I) when is_integer(I), I > 0 -> I end;
 opt_type(_) -> [max_fsm_queue].
+
+remove_iq_handlers(Ns) ->
+    lists:foreach(fun(Host) ->
+                      gen_iq_handler:remove_iq_handler(ejabberd_local, Host, Ns),
+                      gen_iq_handler:remove_iq_handler(ejabberd_sm, Host, Ns)
+                  end, ?MYHOSTS).
+
+add_hooks(Hook, Fun) ->
+  lists:foreach(fun(Host) ->
+                    ejabberd_hooks:add(Hook, Host,Fun, 100)
+                end, ?MYHOSTS).
+
+remove_hooks(Hook, Fun) ->
+  lists:foreach(fun(Host) ->
+                    ejabberd_hooks:delete(Hook, Host, Fun, 100)
+                end, ?MYHOSTS).

src/ejabberd_sm.erl

@@ -47,6 +47,8 @@
 	 set_presence/7,
 	 unset_presence/6,
 	 close_session_unset_presence/5,
+	 set_offline_info/5,
+	 get_offline_info/4,
 	 dirty_get_sessions_list/0,
 	 dirty_get_my_sessions_list/0,
 	 get_vh_session_list/1,
@@ -66,7 +68,8 @@
 	 get_max_user_sessions/2,
 	 get_all_pids/0,
 	 is_existing_resource/3,
-	 get_commands_spec/0
+	 get_commands_spec/0,
+	 make_sid/0
 	]).
 
 -export([init/1, handle_call/3, handle_cast/2,
@@ -159,8 +162,10 @@ check_in_subscription(Acc, User, Server, _JID, _Type, _Reason) ->
 -spec bounce_offline_message(jid(), jid(), xmlel()) -> stop.
 
 bounce_offline_message(From, To, Packet) ->
-    Err = jlib:make_error_reply(Packet,
-				?ERR_SERVICE_UNAVAILABLE),
+    Lang = fxml:get_tag_attr_s(<<"xml:lang">>, Packet),
+    Txt = <<"User session not found">>,
+    Err = jlib:make_error_reply(
+	    Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
     ejabberd_router:route(To, From, Err),
     stop.
 
@@ -175,14 +180,14 @@ get_user_resources(User, Server) ->
     LUser = jid:nodeprep(User),
     LServer = jid:nameprep(Server),
     Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
     [element(3, S#session.usr) || S <- clean_session_list(Ss)].
 
 -spec get_user_present_resources(binary(), binary()) -> [tuple()].
 
 get_user_present_resources(LUser, LServer) ->
     Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
     [{S#session.priority, element(3, S#session.usr)}
      || S <- clean_session_list(Ss), is_integer(S#session.priority)].
 
@@ -193,7 +198,7 @@ get_user_ip(User, Server, Resource) ->
     LServer = jid:nameprep(Server),
     LResource = jid:resourceprep(Resource),
     Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[] ->
 	    undefined;
 	Ss ->
@@ -208,7 +213,7 @@ get_user_info(User, Server, Resource) ->
     LServer = jid:nameprep(Server),
     LResource = jid:resourceprep(Resource),
     Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[] ->
 	    offline;
 	Ss ->
@@ -258,17 +263,45 @@ get_session_pid(User, Server, Resource) ->
     LServer = jid:nameprep(Server),
     LResource = jid:resourceprep(Resource),
     Mod = get_sm_backend(LServer),
-    case Mod:get_sessions(LUser, LServer, LResource) of
+    case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	[#session{sid = {_, Pid}}] -> Pid;
 	_ -> none
     end.
 
+-spec set_offline_info(sid(), binary(), binary(), binary(), info()) -> ok.
+
+set_offline_info(SID, User, Server, Resource, Info) ->
+    LUser = jid:nodeprep(User),
+    LServer = jid:nameprep(Server),
+    LResource = jid:resourceprep(Resource),
+    set_session(SID, LUser, LServer, LResource, undefined, [offline | Info]).
+
+-spec get_offline_info(erlang:timestamp(), binary(), binary(),
+                       binary()) -> none | info().
+
+get_offline_info(Time, User, Server, Resource) ->
+    LUser = jid:nodeprep(User),
+    LServer = jid:nameprep(Server),
+    LResource = jid:resourceprep(Resource),
+    Mod = get_sm_backend(LServer),
+    case Mod:get_sessions(LUser, LServer, LResource) of
+	[#session{sid = {Time, _}, info = Info}] ->
+	    case proplists:get_bool(offline, Info) of
+		true ->
+		    Info;
+		false ->
+		    none
+	    end;
+	_ ->
+	    none
+    end.
+
 -spec dirty_get_sessions_list() -> [ljid()].
 
 dirty_get_sessions_list() ->
     lists:flatmap(
       fun(Mod) ->
-	      [S#session.usr || S <- Mod:get_sessions()]
+	      [S#session.usr || S <- online(Mod:get_sessions())]
       end, get_sm_backends()).
 
 -spec dirty_get_my_sessions_list() -> [#session{}].
@@ -276,7 +309,7 @@ dirty_get_sessions_list() ->
 dirty_get_my_sessions_list() ->
     lists:flatmap(
       fun(Mod) ->
-	      [S || S <- Mod:get_sessions(),
+	      [S || S <- online(Mod:get_sessions()),
 		    node(element(2, S#session.sid)) == node()]
       end, get_sm_backends()).
 
@@ -285,14 +318,14 @@ dirty_get_my_sessions_list() ->
 get_vh_session_list(Server) ->
     LServer = jid:nameprep(Server),
     Mod = get_sm_backend(LServer),
-    [S#session.usr || S <- Mod:get_sessions(LServer)].
+    [S#session.usr || S <- online(Mod:get_sessions(LServer))].
 
 -spec get_all_pids() -> [pid()].
 
 get_all_pids() ->
     lists:flatmap(
       fun(Mod) ->
-	      [element(2, S#session.sid) || S <- Mod:get_sessions()]
+	      [element(2, S#session.sid) || S <- online(Mod:get_sessions())]
       end, get_sm_backends()).
 
 -spec get_vh_session_number(binary()) -> non_neg_integer().
@@ -300,7 +333,7 @@ get_all_pids() ->
 get_vh_session_number(Server) ->
     LServer = jid:nameprep(Server),
     Mod = get_sm_backend(LServer),
-    length(Mod:get_sessions(LServer)).
+    length(online(Mod:get_sessions(LServer))).
 
 register_iq_handler(Host, XMLNS, Module, Fun) ->
     ejabberd_sm ! {register_iq_handler, Host, XMLNS, Module, Fun}.
@@ -392,6 +425,16 @@ set_session(SID, User, Server, Resource, Priority, Info) ->
     Mod:set_session(#session{sid = SID, usr = USR, us = US,
 			     priority = Priority, info = Info}).
 
+-spec online([#session{}]) -> [#session{}].
+
+online(Sessions) ->
+    lists:filter(fun is_online/1, Sessions).
+
+-spec is_online(#session{}) -> boolean().
+
+is_online(#session{info = Info}) ->
+    not proplists:get_bool(offline, Info).
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 do_route(From, To, {broadcast, _} = Packet) ->
@@ -406,7 +449,7 @@ do_route(From, To, {broadcast, _} = Packet) ->
         _ ->
             {U, S, R} = jid:tolower(To),
 	    Mod = get_sm_backend(S),
-	    case Mod:get_sessions(U, S, R) of
+	    case online(Mod:get_sessions(U, S, R)) of
                 [] ->
                     ?DEBUG("packet dropped~n", []);
                 Ss ->
@@ -423,6 +466,7 @@ do_route(From, To, #xmlel{} = Packet) ->
     #jid{user = User, server = Server,
 	 luser = LUser, lserver = LServer, lresource = LResource} = To,
     #xmlel{name = Name, attrs = Attrs} = Packet,
+    Lang = fxml:get_attr_s(<<"xml:lang">>, Attrs),
     case LResource of
       <<"">> ->
 	  case Name of
@@ -496,8 +540,9 @@ do_route(From, To, #xmlel{} = Packet) ->
 		  <<"headline">> -> route_message(From, To, Packet, headline);
 		  <<"error">> -> ok;
 		  <<"groupchat">> ->
-		      Err = jlib:make_error_reply(Packet,
-						  ?ERR_SERVICE_UNAVAILABLE),
+		      ErrTxt = <<"User session not found">>,
+		      Err = jlib:make_error_reply(
+			      Packet, ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
 		      ejabberd_router:route(To, From, Err);
 		  _ ->
 		      route_message(From, To, Packet, normal)
@@ -506,28 +551,33 @@ do_route(From, To, #xmlel{} = Packet) ->
 	    _ -> ok
 	  end;
       _ ->
-	  Mod = get_sm_backend(LServer),
-	  case Mod:get_sessions(LUser, LServer, LResource) of
+	Mod = get_sm_backend(LServer),
+	case online(Mod:get_sessions(LUser, LServer, LResource)) of
 	    [] ->
 		case Name of
 		  <<"message">> ->
 		      case fxml:get_attr_s(<<"type">>, Attrs) of
 			<<"chat">> -> route_message(From, To, Packet, chat);
-			<<"normal">> -> route_message(From, To, Packet, normal);
-			<<"">> -> route_message(From, To, Packet, normal);
+			<<"headline">> -> ok;
 			<<"error">> -> ok;
+			<<"groupchat">> ->
+			    ErrTxt = <<"User session not found">>,
+			    Err = jlib:make_error_reply(
+				    Packet,
+				    ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
+			    ejabberd_router:route(To, From, Err);
 			_ ->
-			    Err = jlib:make_error_reply(Packet,
-							?ERR_SERVICE_UNAVAILABLE),
-			    ejabberd_router:route(To, From, Err)
+			    route_message(From, To, Packet, normal)
 		      end;
 		  <<"iq">> ->
 		      case fxml:get_attr_s(<<"type">>, Attrs) of
 			<<"error">> -> ok;
 			<<"result">> -> ok;
 			_ ->
-			    Err = jlib:make_error_reply(Packet,
-							?ERR_SERVICE_UNAVAILABLE),
+			    ErrTxt = <<"User session not found">>,
+			    Err = jlib:make_error_reply(
+				    Packet,
+				    ?ERRT_SERVICE_UNAVAILABLE(Lang, ErrTxt)),
 			    ejabberd_router:route(To, From, Err)
 		      end;
 		  _ -> ?DEBUG("packet dropped~n", [])
@@ -574,8 +624,8 @@ route_message(From, To, Packet, Type) ->
 					  (P >= 0) and (Type == headline) ->
 				LResource = jid:resourceprep(R),
 				Mod = get_sm_backend(LServer),
-				case Mod:get_sessions(LUser, LServer,
-						      LResource) of
+				case online(Mod:get_sessions(LUser, LServer,
+							     LResource)) of
 				  [] ->
 				      ok; % Race condition
 				  Ss ->
@@ -592,15 +642,12 @@ route_message(From, To, Packet, Type) ->
 	  case Type of
 	    headline -> ok;
 	    _ ->
-		case ejabberd_auth:is_user_exists(LUser, LServer) of
+		case ejabberd_auth:is_user_exists(LUser, LServer) andalso
+		    is_privacy_allow(From, To, Packet) of
 		  true ->
-		      case is_privacy_allow(From, To, Packet) of
-			true ->
-			    ejabberd_hooks:run(offline_message_hook, LServer,
-					       [From, To, Packet]);
-			false -> ok
-		      end;
-		  _ ->
+		      ejabberd_hooks:run(offline_message_hook, LServer,
+					 [From, To, Packet]);
+		  false ->
 		      Err = jlib:make_error_reply(Packet,
 						  ?ERR_SERVICE_UNAVAILABLE),
 		      ejabberd_router:route(To, From, Err)
@@ -635,9 +682,15 @@ check_for_sessions_to_replace(User, Server, Resource) ->
     check_max_sessions(LUser, LServer).
 
 check_existing_resources(LUser, LServer, LResource) ->
-    SIDs = get_resource_sessions(LUser, LServer, LResource),
-    if SIDs == [] -> ok;
+    Mod = get_sm_backend(LServer),
+    Ss = Mod:get_sessions(LUser, LServer, LResource),
+    {OnlineSs, OfflineSs} = lists:partition(fun is_online/1, Ss),
+    lists:foreach(fun(#session{sid = S}) ->
+			  Mod:delete_session(LUser, LServer, LResource, S)
+		  end, OfflineSs),
+    if OnlineSs == [] -> ok;
        true ->
+	   SIDs = [SID || #session{sid = SID} <- OnlineSs],
 	   MaxSID = lists:max(SIDs),
 	   lists:foreach(fun ({_, Pid} = S) when S /= MaxSID ->
 				 Pid ! replaced;
@@ -656,11 +709,11 @@ get_resource_sessions(User, Server, Resource) ->
     LServer = jid:nameprep(Server),
     LResource = jid:resourceprep(Resource),
     Mod = get_sm_backend(LServer),
-    [S#session.sid || S <- Mod:get_sessions(LUser, LServer, LResource)].
+    [S#session.sid || S <- online(Mod:get_sessions(LUser, LServer, LResource))].
 
 check_max_sessions(LUser, LServer) ->
     Mod = get_sm_backend(LServer),
-    SIDs = [S#session.sid || S <- Mod:get_sessions(LUser, LServer)],
+    SIDs = [S#session.sid || S <- online(Mod:get_sessions(LUser, LServer))],
     MaxSessions = get_max_user_sessions(LUser, LServer),
     if length(SIDs) =< MaxSessions -> ok;
        true -> {_, Pid} = lists:min(SIDs), Pid ! replaced
@@ -684,7 +737,7 @@ get_max_user_sessions(LUser, Host) ->
 process_iq(From, To, Packet) ->
     IQ = jlib:iq_query_info(Packet),
     case IQ of
-      #iq{xmlns = XMLNS} ->
+      #iq{xmlns = XMLNS, lang = Lang} ->
 	  Host = To#jid.lserver,
 	  case ets:lookup(sm_iqtable, {XMLNS, Host}) of
 	    [{_, Module, Function}] ->
@@ -697,8 +750,10 @@ process_iq(From, To, Packet) ->
 		gen_iq_handler:handle(Host, Module, Function, Opts,
 				      From, To, IQ);
 	    [] ->
-		Err = jlib:make_error_reply(Packet,
-					    ?ERR_SERVICE_UNAVAILABLE),
+		Txt = <<"No module is handling this query">>,
+		Err = jlib:make_error_reply(
+			Packet,
+			?ERRT_SERVICE_UNAVAILABLE(Lang, Txt)),
 		ejabberd_router:route(To, From, Err)
 	  end;
       reply -> ok;
@@ -712,7 +767,7 @@ process_iq(From, To, Packet) ->
 
 force_update_presence({LUser, LServer}) ->
     Mod = get_sm_backend(LServer),
-    Ss = Mod:get_sessions(LUser, LServer),
+    Ss = online(Mod:get_sessions(LUser, LServer)),
     lists:foreach(fun (#session{sid = {_, Pid}}) ->
 			  Pid ! {force_update_presence, LUser, LServer}
 		  end,
@@ -721,12 +776,10 @@ force_update_presence({LUser, LServer}) ->
 -spec get_sm_backend(binary()) -> module().
 
 get_sm_backend(Host) ->
-    DBType = ejabberd_config:get_option({sm_db_type, Host},
-					fun(mnesia) -> mnesia;
-					   (internal) -> mnesia;
-					   (odbc) -> odbc;
-					   (redis) -> redis
-					end, mnesia),
+    DBType = ejabberd_config:get_option(
+	       {sm_db_type, Host},
+	       fun(T) -> ejabberd_config:v_db(?MODULE, T) end,
+	       mnesia),
     list_to_atom("ejabberd_sm_" ++ atom_to_list(DBType)).
 
 -spec get_sm_backends() -> [module()].
@@ -796,10 +849,8 @@ kick_user(User, Server) ->
 	end, Resources),
     length(Resources).
 
-opt_type(sm_db_type) ->
-    fun (mnesia) -> mnesia;
-	(internal) -> mnesia;
-	(odbc) -> odbc;
-	(redis) -> redis
-    end;
+make_sid() ->
+    {p1_time_compat:unique_timestamp(), self()}.
+
+opt_type(sm_db_type) -> fun(T) -> ejabberd_config:v_db(?MODULE, T) end;
 opt_type(_) -> [sm_db_type].

src/ejabberd_sm_redis.erl

@@ -21,48 +21,12 @@
 -include("logger.hrl").
 -include("jlib.hrl").
 
--define(PROCNAME, 'ejabberd_redis_client').
-
 %%%===================================================================
 %%% API
 %%%===================================================================
 -spec init() -> ok | {error, any()}.
 init() ->
-    Server = ejabberd_config:get_option(redis_server,
-					fun iolist_to_list/1,
-					"localhost"),
-    Port = ejabberd_config:get_option(redis_port,
-				      fun(P) when is_integer(P),
-						  P>0, P<65536 ->
-					      P
-				      end, 6379),
-    DB = ejabberd_config:get_option(redis_db,
-				    fun(I) when is_integer(I), I >= 0 ->
-					    I
-				    end, 0),
-    Pass = ejabberd_config:get_option(redis_password,
-				      fun iolist_to_list/1,
-				      ""),
-    ReconnTimeout = timer:seconds(
-		      ejabberd_config:get_option(
-			redis_reconnect_timeout,
-			fun(I) when is_integer(I), I>0 -> I end,
-			1)),
-    ConnTimeout = timer:seconds(
-		    ejabberd_config:get_option(
-		      redis_connect_timeout,
-		      fun(I) when is_integer(I), I>0 -> I end,
-		      1)),
-    case eredis:start_link(Server, Port, DB, Pass,
-			   ReconnTimeout, ConnTimeout) of
-	{ok, Client} ->
-	    register(?PROCNAME, Client),
-	    clean_table(),
-	    ok;
-	{error, _} = Err ->
-	    ?ERROR_MSG("failed to start redis client: ~p", [Err]),
-	    Err
-    end.
+    clean_table().
 
 -spec set_session(#session{}) -> ok.
 set_session(Session) ->
@@ -71,8 +35,8 @@ set_session(Session) ->
     SIDKey = sid_to_key(Session#session.sid),
     ServKey = server_to_key(element(2, Session#session.us)),
     USSIDKey = us_sid_to_key(Session#session.us, Session#session.sid),
-    case eredis:qp(?PROCNAME, [["HSET", USKey, SIDKey, T],
-			       ["HSET", ServKey, USSIDKey, T]]) of
+    case ejabberd_redis:qp([["HSET", USKey, SIDKey, T],
+			    ["HSET", ServKey, USSIDKey, T]]) of
 	[{ok, _}, {ok, _}] ->
 	    ok;
 	Err ->
@@ -83,7 +47,7 @@ set_session(Session) ->
 			    {ok, #session{}} | {error, notfound}.
 delete_session(LUser, LServer, _LResource, SID) ->
     USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} ->
 	    Ss = decode_session_list(Vals),
 	    case lists:keyfind(SID, #session.sid, Ss) of
@@ -93,8 +57,8 @@ delete_session(LUser, LServer, _LResource, SID) ->
 		    SIDKey = sid_to_key(SID),
 		    ServKey = server_to_key(element(2, Session#session.us)),
 		    USSIDKey = us_sid_to_key(Session#session.us, SID),
-		    eredis:qp(?PROCNAME, [["HDEL", USKey, SIDKey],
-					  ["HDEL", ServKey, USSIDKey]]),
+		    ejabberd_redis:qp([["HDEL", USKey, SIDKey],
+				       ["HDEL", ServKey, USSIDKey]]),
 		    {ok, Session}
 	    end;
 	Err ->
@@ -112,7 +76,7 @@ get_sessions() ->
 -spec get_sessions(binary()) -> [#session{}].
 get_sessions(LServer) ->
     ServKey = server_to_key(LServer),
-    case eredis:q(?PROCNAME, ["HGETALL", ServKey]) of
+    case ejabberd_redis:q(["HGETALL", ServKey]) of
 	{ok, Vals} ->
 	    decode_session_list(Vals);
 	Err ->
@@ -123,7 +87,7 @@ get_sessions(LServer) ->
 -spec get_sessions(binary(), binary()) -> [#session{}].
 get_sessions(LUser, LServer) ->
     USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} when is_list(Vals) ->
 	    decode_session_list(Vals);
 	Err ->
@@ -135,7 +99,7 @@ get_sessions(LUser, LServer) ->
     [#session{}].
 get_sessions(LUser, LServer, LResource) ->
     USKey = us_to_key({LUser, LServer}),
-    case eredis:q(?PROCNAME, ["HGETALL", USKey]) of
+    case ejabberd_redis:q(["HGETALL", USKey]) of
 	{ok, Vals} when is_list(Vals) ->
 	    [S || S <- decode_session_list(Vals),
 		  element(3, S#session.usr) == LResource];
@@ -172,7 +136,7 @@ clean_table() ->
     lists:foreach(
       fun(LServer) ->
 	      ServKey = server_to_key(LServer),
-	      case eredis:q(?PROCNAME, ["HKEYS", ServKey]) of
+	      case ejabberd_redis:q(["HKEYS", ServKey]) of
 		  {ok, []} ->
 		      ok;
 		  {ok, Vals} ->
@@ -181,7 +145,10 @@ clean_table() ->
 					{_, SID} = binary_to_term(USSIDKey),
 					node(element(2, SID)) == node()
 				end, Vals),
-		      Q1 = ["HDEL", ServKey | Vals1],
+				Q1 = case Vals1 of
+					[] -> [];
+					_ -> ["HDEL", ServKey | Vals1]
+				end,
 		      Q2 = lists:map(
 			     fun(USSIDKey) ->
 				     {US, SID} = binary_to_term(USSIDKey),
@@ -189,7 +156,7 @@ clean_table() ->
 				     SIDKey = sid_to_key(SID),
 				     ["HDEL", USKey, SIDKey]
 			     end, Vals1),
-		      Res = eredis:qp(?PROCNAME, [Q1|Q2]),
+		      Res = ejabberd_redis:qp(lists:delete([], [Q1|Q2])),
 		      case lists:filter(
 			     fun({ok, _}) -> false;
 				(_) -> true

src/ejabberd_sm_sql.erl

@@ -6,7 +6,9 @@
 %%% @end
 %%% Created :  9 Mar 2015 by Evgeny Khramtsov <ekhramtsov@process-one.net>
 %%%-------------------------------------------------------------------
--module(ejabberd_sm_odbc).
+-module(ejabberd_sm_sql).
+
+-compile([{parse_transform, ejabberd_sql_pt}]).
 
 -behaviour(ejabberd_sm).
 
@@ -23,18 +25,19 @@
 -include("ejabberd_sm.hrl").
 -include("logger.hrl").
 -include("jlib.hrl").
+-include("ejabberd_sql_pt.hrl").
 
 %%%===================================================================
 %%% API
 %%%===================================================================
 -spec init() -> ok | {error, any()}.
 init() ->
-    Node = ejabberd_odbc:escape(jlib:atom_to_binary(node())),
+    Node = jlib:atom_to_binary(node()),
     ?INFO_MSG("Cleaning SQL SM table...", []),
     lists:foldl(
       fun(Host, ok) ->
-	      case ejabberd_odbc:sql_query(
-		     Host, [<<"delete from sm where node='">>, Node, <<"'">>]) of
+	      case ejabberd_sql:sql_query(
+		     Host, ?SQL("delete from sm where node=%(Node)s")) of
 		  {updated, _} ->
 		      ok;
 		  Err ->
@@ -47,20 +50,19 @@ init() ->
 
 set_session(#session{sid = {Now, Pid}, usr = {U, LServer, R},
 		     priority = Priority, info = Info}) ->
-    Username = ejabberd_odbc:escape(U),
-    Resource = ejabberd_odbc:escape(R),
-    InfoS = ejabberd_odbc:encode_term(Info),
+    InfoS = jlib:term_to_expr(Info),
     PrioS = enc_priority(Priority),
     TS = now_to_timestamp(Now),
     PidS = list_to_binary(erlang:pid_to_list(Pid)),
-    Node = ejabberd_odbc:escape(jlib:atom_to_binary(node(Pid))),
-    case odbc_queries:update(
-	   LServer,
-	   <<"sm">>,
-	   [<<"usec">>, <<"pid">>, <<"node">>, <<"username">>,
-	    <<"resource">>, <<"priority">>, <<"info">>],
-	   [TS, PidS, Node, Username, Resource, PrioS, InfoS],
-	   [<<"usec='">>, TS, <<"' and pid='">>, PidS, <<"'">>]) of
+    Node = jlib:atom_to_binary(node(Pid)),
+    case ?SQL_UPSERT(LServer, "sm",
+                     ["!usec=%(TS)d",
+                      "!pid=%(PidS)s",
+                      "node=%(Node)s",
+                      "username=%(U)s",
+                      "resource=%(R)s",
+                      "priority=%(PrioS)s",
+                      "info=%(InfoS)s"]) of
 	ok ->
 	    ok;
 	Err ->
@@ -70,16 +72,18 @@ set_session(#session{sid = {Now, Pid}, usr = {U, LServer, R},
 delete_session(_LUser, LServer, _LResource, {Now, Pid}) ->
     TS = now_to_timestamp(Now),
     PidS = list_to_binary(erlang:pid_to_list(Pid)),
-    case ejabberd_odbc:sql_query(
+    case ejabberd_sql:sql_query(
 	   LServer,
-	   [<<"select usec, pid, username, resource, priority, info ">>,
-	    <<"from sm where usec='">>, TS, <<"' and pid='">>,PidS, <<"'">>]) of
-	{selected, _, [Row]} ->
-	    ejabberd_odbc:sql_query(
-	      LServer, [<<"delete from sm where usec='">>,
-			TS, <<"' and pid='">>, PidS, <<"'">>]),
+	   ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s "
+                "from sm where usec=%(TS)d and pid=%(PidS)s")) of
+	{selected, [Row]} ->
+            ejabberd_sql:sql_query(
+              LServer,
+              ?SQL("delete from sm"
+                   " where usec=%(TS)d and pid=%(PidS)s")),
 	    {ok, row_to_session(LServer, Row)};
-	{selected, _, []} ->
+	{selected, []} ->
 	    {error, notfound};
 	Err ->
 	    ?ERROR_MSG("failed to delete from 'sm' table: ~p", [Err]),
@@ -93,10 +97,11 @@ get_sessions() ->
       end, ejabberd_sm:get_vh_by_backend(?MODULE)).
 
 get_sessions(LServer) ->
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -104,12 +109,12 @@ get_sessions(LServer) ->
     end.
 
 get_sessions(LUser, LServer) ->
-    Username = ejabberd_odbc:escape(LUser),
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm where ">>,
-		     <<"username='">>, Username, <<"'">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm"
+                " where username=%(LUser)s")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -117,14 +122,12 @@ get_sessions(LUser, LServer) ->
     end.
 
 get_sessions(LUser, LServer, LResource) ->
-    Username = ejabberd_odbc:escape(LUser),
-    Resource = ejabberd_odbc:escape(LResource),
-    case ejabberd_odbc:sql_query(
-	   LServer, [<<"select usec, pid, username, ">>,
-		     <<"resource, priority, info from sm where ">>,
-		     <<"username='">>, Username, <<"' and resource='">>,
-		     Resource, <<"'">>]) of
-	{selected, _, Rows} ->
+    case ejabberd_sql:sql_query(
+	   LServer,
+           ?SQL("select @(usec)d, @(pid)s, @(username)s,"
+                " @(resource)s, @(priority)s, @(info)s from sm"
+                " where username=%(LUser)s and resource=%(LResource)s")) of
+	{selected, Rows} ->
 	    [row_to_session(LServer, Row) || Row <- Rows];
 	Err ->
 	    ?ERROR_MSG("failed to select from 'sm' table: ~p", [Err]),
@@ -135,10 +138,9 @@ get_sessions(LUser, LServer, LResource) ->
 %%% Internal functions
 %%%===================================================================
 now_to_timestamp({MSec, Sec, USec}) ->
-    jlib:integer_to_binary((MSec * 1000000 + Sec) * 1000000 + USec).
+    (MSec * 1000000 + Sec) * 1000000 + USec.
 
-timestamp_to_now(TS) ->
-    I = jlib:binary_to_integer(TS),
+timestamp_to_now(I) ->
     Head = I div 1000000,
     USec = I rem 1000000,
     MSec = Head div 1000000,
@@ -158,11 +160,11 @@ enc_priority(undefined) ->
 enc_priority(Int) when is_integer(Int) ->
     jlib:integer_to_binary(Int).
 
-row_to_session(LServer, [USec, PidS, User, Resource, PrioS, InfoS]) ->
+row_to_session(LServer, {USec, PidS, User, Resource, PrioS, InfoS}) ->
     Now = timestamp_to_now(USec),
     Pid = erlang:list_to_pid(binary_to_list(PidS)),
     Priority = dec_priority(PrioS),
-    Info = ejabberd_odbc:decode_term(InfoS),
+    Info = ejabberd_sql:decode_term(InfoS),
     #session{sid = {Now, Pid}, us = {User, LServer},
 	     usr = {User, LServer, Resource},
 	     priority = Priority,

src/ejabberd_sql.erl

@@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_odbc.erl
+%%% File    : ejabberd_sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
-%%% Purpose : Serve ODBC connection
+%%% Purpose : Serve SQL connection
 %%% Created :  8 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
 %%%
 %%%
@@ -23,7 +23,7 @@
 %%%
 %%%----------------------------------------------------------------------
 
--module(ejabberd_odbc).
+-module(ejabberd_sql).
 
 -behaviour(ejabberd_config).
 
@@ -39,9 +39,12 @@
 	 sql_query_t/1,
 	 sql_transaction/2,
 	 sql_bloc/2,
+         sql_query_to_iolist/1,
 	 escape/1,
+         standard_escape/1,
 	 escape_like/1,
 	 escape_like_arg/1,
+	 escape_like_arg_circumflex/1,
 	 to_bool/1,
 	 sqlite_db/1,
 	 sqlite_file/1,
@@ -75,9 +78,9 @@
 	 max_pending_requests_len            :: non_neg_integer(),
 	 pending_requests = {0, queue:new()} :: {non_neg_integer(), ?TQUEUE}}).
 
--define(STATE_KEY, ejabberd_odbc_state).
+-define(STATE_KEY, ejabberd_sql_state).
 
--define(NESTING_KEY, ejabberd_odbc_nesting_level).
+-define(NESTING_KEY, ejabberd_sql_nesting_level).
 
 -define(TOP_LEVEL_TXN, 0).
 
@@ -95,7 +98,7 @@
 
 -define(KEEPALIVE_QUERY, [<<"SELECT 1;">>]).
 
--define(PREPARE_KEY, ejabberd_odbc_prepare).
+-define(PREPARE_KEY, ejabberd_sql_prepare).
 
 %%-define(DBGFSM, true).
 
@@ -113,11 +116,11 @@
 %%% API
 %%%----------------------------------------------------------------------
 start(Host) ->
-    (?GEN_FSM):start(ejabberd_odbc, [Host],
+    (?GEN_FSM):start(ejabberd_sql, [Host],
 		     fsm_limit_opts() ++ (?FSMOPTS)).
 
 start_link(Host, StartInterval) ->
-    (?GEN_FSM):start_link(ejabberd_odbc,
+    (?GEN_FSM):start_link(ejabberd_sql,
 			  [Host, StartInterval],
 			  fsm_limit_opts() ++ (?FSMOPTS)).
 
@@ -157,7 +160,7 @@ sql_bloc(Host, F) -> sql_call(Host, {sql_bloc, F}).
 sql_call(Host, Msg) ->
     case get(?STATE_KEY) of
       undefined ->
-        case ejabberd_odbc_sup:get_random_pid(Host) of
+        case ejabberd_sql_sup:get_random_pid(Host) of
           none -> {error, <<"Unknown Host">>};
           Pid ->
             (?GEN_FSM):sync_send_event(Pid,{sql_cmd, Msg,
@@ -190,7 +193,7 @@ sql_query_t(Query) ->
 
 %% Escape character that will confuse an SQL engine
 escape(S) ->
-	<<  <<(odbc_queries:escape(Char))/binary>> || <<Char>> <= S >>.
+	<<  <<(sql_queries:escape(Char))/binary>> || <<Char>> <= S >>.
 
 %% Escape character that will confuse an SQL engine
 %% Percent and underscore only need to be escaped for pattern matching like
@@ -199,7 +202,8 @@ escape_like(S) when is_binary(S) ->
     << <<(escape_like(C))/binary>> || <<C>> <= S >>;
 escape_like($%) -> <<"\\%">>;
 escape_like($_) -> <<"\\_">>;
-escape_like(C) when is_integer(C), C >= 0, C =< 255 -> odbc_queries:escape(C).
+escape_like($\\) -> <<"\\\\\\\\">>;
+escape_like(C) when is_integer(C), C >= 0, C =< 255 -> sql_queries:escape(C).
 
 escape_like_arg(S) when is_binary(S) ->
     << <<(escape_like_arg(C))/binary>> || <<C>> <= S >>;
@@ -208,6 +212,15 @@ escape_like_arg($_) -> <<"\\_">>;
 escape_like_arg($\\) -> <<"\\\\">>;
 escape_like_arg(C) when is_integer(C), C >= 0, C =< 255 -> <<C>>.
 
+escape_like_arg_circumflex(S) when is_binary(S) ->
+    << <<(escape_like_arg_circumflex(C))/binary>> || <<C>> <= S >>;
+escape_like_arg_circumflex($%) -> <<"^%">>;
+escape_like_arg_circumflex($_) -> <<"^_">>;
+escape_like_arg_circumflex($^) -> <<"^^">>;
+escape_like_arg_circumflex($[) -> <<"^[">>;     % For MSSQL
+escape_like_arg_circumflex($]) -> <<"^]">>;
+escape_like_arg_circumflex(C) when is_integer(C), C >= 0, C =< 255 -> <<C>>.
+
 to_bool(<<"t">>) -> true;
 to_bool(<<"true">>) -> true;
 to_bool(<<"1">>) -> true;
@@ -232,7 +245,7 @@ sqlite_db(Host) ->
 
 -spec sqlite_file(binary()) -> string().
 sqlite_file(Host) ->
-    case ejabberd_config:get_option({odbc_database, Host},
+    case ejabberd_config:get_option({sql_database, Host},
 				    fun iolist_to_binary/1) of
 	undefined ->
 	    {ok, Cwd} = file:get_cwd(),
@@ -247,7 +260,7 @@ sqlite_file(Host) ->
 %%%----------------------------------------------------------------------
 init([Host, StartInterval]) ->
     case ejabberd_config:get_option(
-           {odbc_keepalive_interval, Host},
+           {sql_keepalive_interval, Host},
            fun(I) when is_integer(I), I>0 -> I end) of
         undefined ->
             ok;
@@ -257,7 +270,7 @@ init([Host, StartInterval]) ->
     end,
     [DBType | _] = db_opts(Host),
     (?GEN_FSM):send_event(self(), connect),
-    ejabberd_odbc_sup:add_pid(Host, self()),
+    ejabberd_sql_sup:add_pid(Host, self()),
     {ok, connecting,
      #state{db_type = DBType, host = Host,
 	    max_pending_requests_len = max_fsm_queue(),
@@ -371,7 +384,7 @@ handle_info(Info, StateName, State) ->
     {next_state, StateName, State}.
 
 terminate(_Reason, _StateName, State) ->
-    ejabberd_odbc_sup:remove_pid(State#state.host, self()),
+    ejabberd_sql_sup:remove_pid(State#state.host, self()),
     case State#state.db_type of
         mysql -> catch p1_mysql_conn:stop(State#state.db_ref);
         sqlite -> catch sqlite3:close(sqlite_db(State#state.host));
@@ -507,7 +520,7 @@ sql_query_internal(#sql_query{} = Query) ->
                 odbc ->
                     generic_sql_query(Query);
 		mssql ->
-		    generic_sql_query(Query);
+		    mssql_sql_query(Query);
                 pgsql ->
                     Key = {?PREPARE_KEY, Query#sql_query.hash},
                     case get(Key) of
@@ -533,7 +546,7 @@ sql_query_internal(#sql_query{} = Query) ->
                 mysql ->
                     generic_sql_query(Query);
                 sqlite ->
-                    generic_sql_query(Query)
+                    sqlite_sql_query(Query)
             end
         catch
             Class:Reason ->
@@ -622,6 +635,32 @@ generic_escape() ->
                           end
                }.
 
+sqlite_sql_query(SQLQuery) ->
+    sql_query_format_res(
+      sql_query_internal(sqlite_sql_query_format(SQLQuery)),
+      SQLQuery).
+
+sqlite_sql_query_format(SQLQuery) ->
+    Args = (SQLQuery#sql_query.args)(sqlite_escape()),
+    (SQLQuery#sql_query.format_query)(Args).
+
+sqlite_escape() ->
+    #sql_escape{string = fun(X) -> <<"'", (standard_escape(X))/binary, "'">> end,
+                integer = fun(X) -> integer_to_binary(X) end,
+                boolean = fun(true) -> <<"1">>;
+                             (false) -> <<"0">>
+                          end
+               }.
+
+standard_escape(S) ->
+    << <<(case Char of
+              $' -> << "''" >>;
+              _ -> << Char >>
+          end)/binary>> || <<Char>> <= S >>.
+
+mssql_sql_query(SQLQuery) ->
+    sqlite_sql_query(SQLQuery).
+
 pgsql_prepare(SQLQuery, State) ->
     Escape = #sql_escape{_ = fun(X) -> X end},
     N = length((SQLQuery#sql_query.args)(Escape)),
@@ -668,6 +707,9 @@ sql_query_format_res({selected, _, Rows}, SQLQuery) ->
 sql_query_format_res(Res, _SQLQuery) ->
     Res.
 
+sql_query_to_iolist(SQLQuery) ->
+    generic_sql_query_format(SQLQuery).
+
 %% Generate the OTP callback return tuple depending on the driver result.
 abort_on_driver_error({error, <<"query timed out">>} =
 			  Reply,
@@ -748,7 +790,7 @@ pgsql_connect(Server, Port, DB, Username, Password) ->
                         {port, Port},
                         {as_binary, true}]) of
         {ok, Ref} ->
-            pgsql:squery(Ref, [<<"alter database ">>, DB, <<" set ">>,
+            pgsql:squery(Ref, [<<"alter database \"">>, DB, <<"\" set ">>,
                                <<"standard_conforming_strings='off';">>]),
             pgsql:squery(Ref, [<<"set standard_conforming_strings to 'off';">>]),
             {ok, Ref};
@@ -869,14 +911,14 @@ log(Level, Format, Args) ->
     end.
 
 db_opts(Host) ->
-    Type = ejabberd_config:get_option({odbc_type, Host},
+    Type = ejabberd_config:get_option({sql_type, Host},
                                       fun(mysql) -> mysql;
                                          (pgsql) -> pgsql;
                                          (sqlite) -> sqlite;
 					 (mssql) -> mssql;
                                          (odbc) -> odbc
                                       end, odbc),
-    Server = ejabberd_config:get_option({odbc_server, Host},
+    Server = ejabberd_config:get_option({sql_server, Host},
                                         fun iolist_to_binary/1,
                                         <<"localhost">>),
     case Type of
@@ -886,20 +928,20 @@ db_opts(Host) ->
             [sqlite, Host];
         _ ->
             Port = ejabberd_config:get_option(
-                     {odbc_port, Host},
+                     {sql_port, Host},
                      fun(P) when is_integer(P), P > 0, P < 65536 -> P end,
                      case Type of
 			 mssql -> ?MSSQL_PORT;
                          mysql -> ?MYSQL_PORT;
                          pgsql -> ?PGSQL_PORT
                      end),
-            DB = ejabberd_config:get_option({odbc_database, Host},
+            DB = ejabberd_config:get_option({sql_database, Host},
                                             fun iolist_to_binary/1,
                                             <<"ejabberd">>),
-            User = ejabberd_config:get_option({odbc_username, Host},
+            User = ejabberd_config:get_option({sql_username, Host},
                                               fun iolist_to_binary/1,
                                               <<"ejabberd">>),
-            Pass = ejabberd_config:get_option({odbc_password, Host},
+            Pass = ejabberd_config:get_option({sql_password, Host},
                                               fun iolist_to_binary/1,
                                               <<"">>),
 	    case Type of
@@ -912,14 +954,14 @@ db_opts(Host) ->
     end.
 
 init_mssql(Host) ->
-    Server = ejabberd_config:get_option({odbc_server, Host},
+    Server = ejabberd_config:get_option({sql_server, Host},
                                         fun iolist_to_binary/1,
                                         <<"localhost">>),
     Port = ejabberd_config:get_option(
-	     {odbc_port, Host},
+	     {sql_port, Host},
 	     fun(P) when is_integer(P), P > 0, P < 65536 -> P end,
 	     ?MSSQL_PORT),
-    DB = ejabberd_config:get_option({odbc_database, Host},
+    DB = ejabberd_config:get_option({sql_database, Host},
 				    fun iolist_to_binary/1,
 				    <<"ejabberd">>),
     FreeTDS = io_lib:fwrite("[~s]~n"
@@ -1004,22 +1046,22 @@ check_error(Result, _Query) ->
 
 opt_type(max_fsm_queue) ->
     fun (N) when is_integer(N), N > 0 -> N end;
-opt_type(odbc_database) -> fun iolist_to_binary/1;
-opt_type(odbc_keepalive_interval) ->
+opt_type(sql_database) -> fun iolist_to_binary/1;
+opt_type(sql_keepalive_interval) ->
     fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_password) -> fun iolist_to_binary/1;
-opt_type(odbc_port) ->
+opt_type(sql_password) -> fun iolist_to_binary/1;
+opt_type(sql_port) ->
     fun (P) when is_integer(P), P > 0, P < 65536 -> P end;
-opt_type(odbc_server) -> fun iolist_to_binary/1;
-opt_type(odbc_type) ->
+opt_type(sql_server) -> fun iolist_to_binary/1;
+opt_type(sql_type) ->
     fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
 	(mssql) -> mssql;
 	(odbc) -> odbc
     end;
-opt_type(odbc_username) -> fun iolist_to_binary/1;
+opt_type(sql_username) -> fun iolist_to_binary/1;
 opt_type(_) ->
-    [max_fsm_queue, odbc_database, odbc_keepalive_interval,
-     odbc_password, odbc_port, odbc_server, odbc_type,
-     odbc_username].
+    [max_fsm_queue, sql_database, sql_keepalive_interval,
+     sql_password, sql_port, sql_server, sql_type,
+     sql_username].

src/ejabberd_sql_pt.erl

@@ -163,7 +163,7 @@ parse1([$@, $( | S], Acc, State) ->
                 EVar;
             boolean ->
                 erl_syntax:application(
-                  erl_syntax:atom(ejabberd_odbc),
+                  erl_syntax:atom(ejabberd_sql),
                   erl_syntax:atom(to_bool),
                   [EVar])
         end,
@@ -305,20 +305,24 @@ parse_upsert(Fields) ->
                                  "a constant string"})
                   end
           end, {[], 0}, Fields),
-    %io:format("asd ~p~n", [{Fields, Fs}]),
+    %io:format("upsert ~p~n", [{Fields, Fs}]),
     Fs.
 
+%% key | {Update}
 parse_upsert_field([$! | S], ParamPos, Loc) ->
     {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
-    {Name, true, ParseState};
+    {Name, key, ParseState};
+parse_upsert_field([$- | S], ParamPos, Loc) ->
+    {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
+    {Name, {false}, ParseState};
 parse_upsert_field(S, ParamPos, Loc) ->
     {Name, ParseState} = parse_upsert_field1(S, [], ParamPos, Loc),
-    {Name, false, ParseState}.
+    {Name, {true}, ParseState}.
 
 parse_upsert_field1([], _Acc, _ParamPos, Loc) ->
     throw({error, Loc,
            "?SQL_UPSERT fields must have the "
-           "following form: \"[!]name=value\""});
+           "following form: \"[!-]name=value\""});
 parse_upsert_field1([$= | S], Acc, ParamPos, Loc) ->
     {lists:reverse(Acc), parse(S, ParamPos, Loc)};
 parse_upsert_field1([C | S], Acc, ParamPos, Loc) ->
@@ -348,7 +352,7 @@ make_sql_upsert_generic(Table, ParseRes) ->
     InsertBranch =
         erl_syntax:case_expr(
           erl_syntax:application(
-            erl_syntax:atom(ejabberd_odbc),
+            erl_syntax:atom(ejabberd_sql),
             erl_syntax:atom(sql_query_t),
             [Insert]),
           [erl_syntax:clause(
@@ -361,7 +365,7 @@ make_sql_upsert_generic(Table, ParseRes) ->
              [erl_syntax:variable("__UpdateRes")])]),
     erl_syntax:case_expr(
       erl_syntax:application(
-        erl_syntax:atom(ejabberd_odbc),
+        erl_syntax:atom(ejabberd_sql),
         erl_syntax:atom(sql_query_t),
         [Update]),
       [erl_syntax:clause(
@@ -376,9 +380,9 @@ make_sql_upsert_generic(Table, ParseRes) ->
 make_sql_upsert_update(Table, ParseRes) ->
     WPairs =
         lists:flatmap(
-          fun({_Field, false, _ST}) ->
+          fun({_Field, {_}, _ST}) ->
                   [];
-             ({Field, true, ST}) ->
+             ({Field, key, ST}) ->
                   [ST#state{
                      'query' = [{str, Field}, {str, "="}] ++ ST#state.'query'
                     }]
@@ -386,9 +390,11 @@ make_sql_upsert_update(Table, ParseRes) ->
     Where = join_states(WPairs, " AND "),
     SPairs =
         lists:flatmap(
-          fun({_Field, true, _ST}) ->
+          fun({_Field, key, _ST}) ->
                   [];
-             ({Field, false, ST}) ->
+             ({_Field, {false}, _ST}) ->
+                  [];
+             ({Field, {true}, ST}) ->
                   [ST#state{
                      'query' = [{str, Field}, {str, "="}] ++ ST#state.'query'
                     }]
@@ -453,7 +459,7 @@ make_sql_upsert_pgsql901(Table, ParseRes) ->
           ]),
     Upsert = make_sql_query(State),
     erl_syntax:application(
-      erl_syntax:atom(ejabberd_odbc),
+      erl_syntax:atom(ejabberd_sql),
       erl_syntax:atom(sql_query_t),
       [Upsert]).
 
@@ -462,7 +468,7 @@ check_upsert(ParseRes, Pos) ->
     Set =
         lists:filter(
           fun({_Field, Match, _ST}) ->
-                  not Match
+                  Match /= key
           end, ParseRes),
     case Set of
         [] ->

src/ejabberd_sql_sup.erl

@@ -1,7 +1,7 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejabberd_odbc_sup.erl
+%%% File    : ejabberd_sql_sup.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
-%%% Purpose : ODBC connections supervisor
+%%% Purpose : SQL connections supervisor
 %%% Created : 22 Dec 2004 by Alexey Shchepin <alexey@process-one.net>
 %%%
 %%%
@@ -23,7 +23,7 @@
 %%%
 %%%----------------------------------------------------------------------
 
--module(ejabberd_odbc_sup).
+-module(ejabberd_sql_sup).
 
 -behaviour(ejabberd_config).
 
@@ -42,7 +42,7 @@
 
 -define(DEFAULT_POOL_SIZE, 10).
 
--define(DEFAULT_ODBC_START_INTERVAL, 30).
+-define(DEFAULT_SQL_START_INTERVAL, 30).
 
 -define(CONNECT_TIMEOUT, 500).
 
@@ -62,14 +62,14 @@ start_link(Host) ->
 
 init([Host]) ->
     PoolSize = ejabberd_config:get_option(
-                 {odbc_pool_size, Host},
+                 {sql_pool_size, Host},
                  fun(I) when is_integer(I), I>0 -> I end,
                  ?DEFAULT_POOL_SIZE),
     StartInterval = ejabberd_config:get_option(
-                      {odbc_start_interval, Host},
+                      {sql_start_interval, Host},
                       fun(I) when is_integer(I), I>0 -> I end,
-                      ?DEFAULT_ODBC_START_INTERVAL),
-    Type = ejabberd_config:get_option({odbc_type, Host},
+                      ?DEFAULT_SQL_START_INTERVAL),
+    Type = ejabberd_config:get_option({sql_type, Host},
                                       fun(mysql) -> mysql;
                                          (pgsql) -> pgsql;
                                          (sqlite) -> sqlite;
@@ -80,7 +80,7 @@ init([Host]) ->
         sqlite ->
             check_sqlite_db(Host);
 	mssql ->
-	    ejabberd_odbc:init_mssql(Host);
+	    ejabberd_sql:init_mssql(Host);
         _ ->
             ok
     end,
@@ -89,7 +89,7 @@ init([Host]) ->
      {{one_for_one, PoolSize * 10, 1},
       lists:map(fun (I) ->
 			{I,
-			 {ejabberd_odbc, start_link,
+			 {ejabberd_sql, start_link,
 			  [Host, StartInterval * 1000]},
 			 transient, 2000, worker, [?MODULE]}
 		end,
@@ -121,12 +121,12 @@ transform_options(Opts) ->
     lists:foldl(fun transform_options/2, [], Opts).
 
 transform_options({odbc_server, {Type, Server, Port, DB, User, Pass}}, Opts) ->
-    [{odbc_type, Type},
-     {odbc_server, Server},
-     {odbc_port, Port},
-     {odbc_database, DB},
-     {odbc_username, User},
-     {odbc_password, Pass}|Opts];
+    [{sql_type, Type},
+     {sql_server, Server},
+     {sql_port, Port},
+     {sql_database, DB},
+     {sql_username, User},
+     {sql_password, Pass}|Opts];
 transform_options({odbc_server, {mysql, Server, DB, User, Pass}}, Opts) ->
     transform_options({odbc_server, {mysql, Server, ?MYSQL_PORT, DB, User, Pass}}, Opts);
 transform_options({odbc_server, {pgsql, Server, DB, User, Pass}}, Opts) ->
@@ -137,8 +137,8 @@ transform_options(Opt, Opts) ->
     [Opt|Opts].
 
 check_sqlite_db(Host) ->
-    DB = ejabberd_odbc:sqlite_db(Host),
-    File = ejabberd_odbc:sqlite_file(Host),
+    DB = ejabberd_sql:sqlite_db(Host),
+    File = ejabberd_sql:sqlite_file(Host),
     Ret = case filelib:ensure_dir(File) of
 	      ok ->
 		  case sqlite3:open(DB, [{file, File}]) of
@@ -211,11 +211,11 @@ read_lines(Fd, File, Acc) ->
             []
     end.
 
-opt_type(odbc_pool_size) ->
+opt_type(sql_pool_size) ->
     fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_start_interval) ->
+opt_type(sql_start_interval) ->
     fun (I) when is_integer(I), I > 0 -> I end;
-opt_type(odbc_type) ->
+opt_type(sql_type) ->
     fun (mysql) -> mysql;
 	(pgsql) -> pgsql;
 	(sqlite) -> sqlite;
@@ -223,4 +223,4 @@ opt_type(odbc_type) ->
 	(odbc) -> odbc
     end;
 opt_type(_) ->
-    [odbc_pool_size, odbc_start_interval, odbc_type].
+    [sql_pool_size, sql_start_interval, sql_type].

src/ejabberd_web_admin.erl

@@ -74,20 +74,27 @@ get_acl_rule([<<"vhosts">>], _) ->
 %% The pages of a vhost are only accesible if the user is admin of that vhost:
 get_acl_rule([<<"server">>, VHost | _RPath], Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {VHost, [configure, webadmin_view]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {VHost, [AC, ACR]};
 get_acl_rule([<<"server">>, VHost | _RPath], 'POST') ->
-    {VHost, [configure]};
+    AC = gen_mod:get_module_opt(VHost, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {VHost, [AC]};
 %% Default rule: only global admins can access any other random page
 get_acl_rule(_RPath, Method)
     when Method =:= 'GET' orelse Method =:= 'HEAD' ->
-    {global, [configure, webadmin_view]};
-get_acl_rule(_RPath, 'POST') -> {global, [configure]}.
-
-is_acl_match(Host, Rules, Jid) ->
-    lists:any(fun (Rule) ->
-		      allow == acl:match_rule(Host, Rule, Jid)
-	      end,
-	      Rules).
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    ACR = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				 access_readonly, fun(A) -> A end, webadmin_view),
+    {global, [AC, ACR]};
+get_acl_rule(_RPath, 'POST') ->
+    AC = gen_mod:get_module_opt(global, ejabberd_web_admin,
+				access, fun(A) -> A end, configure),
+    {global, [AC]}.
 
 %%%==================================
 %%%% Menu Items Access
@@ -138,7 +145,7 @@ is_allowed_path([<<"admin">> | Path], JID) ->
     is_allowed_path(Path, JID);
 is_allowed_path(Path, JID) ->
     {HostOfRule, AccessRule} = get_acl_rule(Path, 'GET'),
-    is_acl_match(HostOfRule, AccessRule, JID).
+    acl:any_rules_allowed(HostOfRule, AccessRule, JID).
 
 %% @spec(Path) -> URL
 %% where Path = [string()]
@@ -266,8 +273,8 @@ get_auth_account(HostOfRule, AccessRule, User, Server,
 		 Pass) ->
     case ejabberd_auth:check_password(User, <<"">>, Server, Pass) of
       true ->
-	  case is_acl_match(HostOfRule, AccessRule,
-			    jid:make(User, Server, <<"">>))
+	  case acl:any_rules_allowed(HostOfRule, AccessRule,
+                               jid:make(User, Server, <<"">>))
 	      of
 	    false -> {unauthorized, <<"unprivileged-account">>};
 	    true -> {ok, {User, Server}}
@@ -1333,7 +1340,7 @@ parse_access_rule(Text) ->
 list_vhosts(Lang, JID) ->
     Hosts = (?MYHOSTS),
     HostsAllowed = lists:filter(fun (Host) ->
-					is_acl_match(Host,
+					acl:any_rules_allowed(Host,
 						     [configure, webadmin_view],
 						     JID)
 				end,
@@ -2414,7 +2421,7 @@ node_backup_parse_query(Node, Query) ->
                                                     lists:keysearch(<<Action/binary,
                                                                       "host">>,
                                                                     1, Query),
-                                                ejabberd_cluster:call(Node, ejd2odbc,
+                                                ejabberd_cluster:call(Node, ejd2sql,
                                                          export, [Host, Path]);
 					    <<"import_file">> ->
 						ejabberd_cluster:call(Node, ejabberd_admin,
@@ -2965,7 +2972,8 @@ make_menu_item(item, 3, URI, Name, Lang) ->
 %%%==================================
 
 
-opt_type(access) -> fun (V) -> V end;
-opt_type(_) -> [access].
+opt_type(access) -> fun acl:access_rules_validator/1;
+opt_type(access_readonly) -> fun acl:access_rules_validator/1;
+opt_type(_) -> [access, access_readonly].
 
 %%% vim: set foldmethod=marker foldmarker=%%%%,%%%=:

src/ejabberd_xmlrpc.erl

@@ -373,6 +373,10 @@ try_do_command(AccessCommands, Auth, Command, AttrL,
 			       "The call provided additional unused "
 				 "arguments:~n~p",
 			       [ExitAtL]);
+      exit:{invalid_arg_type, Arg, Type} ->
+	  build_fault_response(-122,
+			       "Parameter '~p' can't be coerced to type '~p'",
+			       [Arg, Type]);
       Why ->
 	  build_fault_response(-118,
 			       "A problem '~p' occurred executing the "
@@ -472,7 +476,7 @@ format_arg(undefined, binary) -> <<>>;
 format_arg(undefined, string) -> "";
 format_arg(Arg, Format) ->
     ?ERROR_MSG("don't know how to format Arg ~p for format ~p", [Arg, Format]),
-    error.
+    exit({invalid_arg_type, Arg, Format}).
 
 process_unicode_codepoints(Str) ->
     iolist_to_binary(lists:map(fun(X) when X > 255 -> unicode:characters_to_binary([X]);

src/ejd2sql.erl

@@ -1,5 +1,5 @@
 %%%----------------------------------------------------------------------
-%%% File    : ejd2odbc.erl
+%%% File    : ejd2sql.erl
 %%% Author  : Alexey Shchepin <alexey@process-one.net>
 %%% Purpose : Export some mnesia tables to SQL DB
 %%% Created : 22 Aug 2005 by Alexey Shchepin <alexey@process-one.net>
@@ -23,11 +23,12 @@
 %%%
 %%%----------------------------------------------------------------------
 
--module(ejd2odbc).
+-module(ejd2sql).
 
 -author('alexey@process-one.net').
 
 -include("logger.hrl").
+-include("ejabberd_sql_pt.hrl").
 
 -export([export/2, export/3, import_file/2, import/2,
 	 import/3, delete/1]).
@@ -43,7 +44,7 @@
 %%% A table can be converted from Mnesia to an ODBC database by calling
 %%% one of the API function with the following parameters:
 %%% - Server is the server domain you want to convert
-%%% - Output can be either odbc to export to the configured relational
+%%% - Output can be either sql to export to the configured relational
 %%%   database or "Filename" to export to text file.
 
 modules() ->
@@ -76,7 +77,12 @@ export(Server, Output, Module) ->
     IO = prepare_output(Output),
     lists:foreach(
       fun({Table, ConvertFun}) ->
-              export(LServer, Table, IO, ConvertFun)
+              case export(LServer, Table, IO, ConvertFun) of
+                  {atomic, ok} -> ok;
+                  {aborted, Reason} ->
+                      ?ERROR_MSG("Failed export for module ~p: ~p",
+                                 [Module, Reason])
+              end
       end, Module:export(Server)),
     close_output(Output, IO).
 
@@ -104,7 +110,7 @@ import_file(Server, FileName) ->
             LServer = jid:nameprep(Server),
             Mods = [{Mod, gen_mod:db_type(LServer, Mod)}
                     || Mod <- modules(), gen_mod:is_loaded(LServer, Mod)],
-            AuthMods = case lists:member(ejabberd_auth_internal,
+            AuthMods = case lists:member(ejabberd_auth_mnesia,
                                          ejabberd_auth:auth_modules(LServer)) of
                            true ->
                                [{ejabberd_auth, mnesia}];
@@ -150,7 +156,8 @@ export(LServer, Table, IO, ConvertFun) ->
                               case ConvertFun(LServer, R) of
                                   [] ->
                                       Acc;
-                                  SQL ->
+                                  SQL1 ->
+                                      SQL = format_queries(SQL1),
                                       if N < (?MAX_RECORDS_PER_TRANSACTION) - 1 ->
                                               {N + 1, [SQL | SQLs]};
                                          true ->
@@ -168,8 +175,8 @@ export(LServer, Table, IO, ConvertFun) ->
 
 output(_LServer, _Table, _IO, []) ->
     ok;
-output(LServer, _Table, odbc, SQLs) ->
-    ejabberd_odbc:sql_transaction(LServer, SQLs);
+output(LServer, _Table, sql, SQLs) ->
+    ejabberd_sql:sql_transaction(LServer, SQLs);
 output(_LServer, Table, Fd, SQLs) ->
     file:write(Fd, ["-- \n-- Mnesia table: ", atom_to_list(Table),
                     "\n--\n", SQLs]).
@@ -179,7 +186,7 @@ delete(LServer, Table, ConvertFun) ->
                 mnesia:write_lock_table(Table),
                 {_N, SQLs} =
                     mnesia:foldl(
-                      fun(R, {N, SQLs} = Acc) ->
+                      fun(R, Acc) ->
                               case ConvertFun(LServer, R) of
                                   [] ->
                                       Acc;
@@ -197,7 +204,7 @@ import(LServer, SelectQuery, IO, ConvertFun, Opts) ->
     F = case proplists:get_bool(fast, Opts) of
             true ->
                 fun() ->
-                        case ejabberd_odbc:sql_query_t(SelectQuery) of
+                        case ejabberd_sql:sql_query_t(SelectQuery) of
                             {selected, _, Rows} ->
                                 lists:foldl(fun process_sql_row/2,
                                             {IO, ConvertFun, undefined}, Rows);
@@ -207,16 +214,16 @@ import(LServer, SelectQuery, IO, ConvertFun, Opts) ->
                 end;
             false ->
                 fun() ->
-                        ejabberd_odbc:sql_query_t(
+                        ejabberd_sql:sql_query_t(
                           [iolist_to_binary(
                              [<<"declare c cursor for ">>, SelectQuery])]),
                         fetch(IO, ConvertFun, undefined)
                 end
         end,
-    ejabberd_odbc:sql_transaction(LServer, F).
+    ejabberd_sql:sql_transaction(LServer, F).
 
 fetch(IO, ConvertFun, PrevRow) ->
-    case ejabberd_odbc:sql_query_t([<<"fetch c;">>]) of
+    case ejabberd_sql:sql_query_t([<<"fetch c;">>]) of
         {selected, _, [Row]} ->
             process_sql_row(Row, {IO, ConvertFun, PrevRow}),
             fetch(IO, ConvertFun, Row);
@@ -313,3 +320,11 @@ flatten1([H|T], Acc) ->
     flatten1(T, [[H, $\n]|Acc]);
 flatten1([], Acc) ->
     Acc.
+
+format_queries(SQLs) ->
+    lists:map(
+      fun(#sql_query{} = SQL) ->
+              ejabberd_sql:sql_query_to_iolist(SQL);
+         (SQL) ->
+              SQL
+      end, SQLs).

src/ext_mod.erl

@@ -271,7 +271,7 @@ geturl(Url, Hdrs, UsrOpts) ->
         [U, Pass] -> [{proxy_user, U}, {proxy_password, Pass}];
         _ -> []
     end,
-    case httpc:request(get, {Url, Hdrs}, Host++User++UsrOpts, []) of
+    case httpc:request(get, {Url, Hdrs}, Host++User++UsrOpts++[{version, "HTTP/1.0"}], []) of
         {ok, {{_, 200, _}, Headers, Response}} ->
             {ok, Headers, Response};
         {ok, {{_, Code, _}, _Headers, Response}} ->
@@ -484,17 +484,28 @@ compile_deps(_Module, _Spec, DestDir) ->
     filelib:ensure_dir(filename:join(Ebin, ".")),
     Result = lists:foldl(fun(Dep, Acc) ->
                 Inc = filename:join(Dep, "include"),
+                Lib = filename:join(Dep, "lib"),
                 Src = filename:join(Dep, "src"),
                 Options = [{outdir, Ebin}, {i, Inc}],
                 [file:copy(App, Ebin) || App <- filelib:wildcard(Src++"/*.app")],
-                Acc++[case compile:file(File, Options) of
+
+                %% Compile erlang files
+                Acc1 = Acc ++ [case compile:file(File, Options) of
                         {ok, _} -> ok;
                         {ok, _, _} -> ok;
                         {ok, _, _, _} -> ok;
                         error -> {error, {compilation_failed, File}};
                         Error -> Error
                     end
-                     || File <- filelib:wildcard(Src++"/*.erl")]
+                     || File <- filelib:wildcard(Src++"/*.erl")],
+
+                %% Compile elixir files
+                Acc1 ++ [case compile_elixir_file(Ebin, File) of
+                  {ok, _} -> ok;
+                  {error, File} -> {error, {compilation_failed, File}}
+                end
+                 || File <- filelib:wildcard(Lib ++ "/*.ex")]
+
         end, [], filelib:wildcard("deps/*")),
     case lists:dropwhile(
             fun(ok) -> true;
@@ -515,6 +526,8 @@ compile(_Module, _Spec, DestDir) ->
                verbose, report_errors, report_warnings]
               ++ ExtLib,
     [file:copy(App, Ebin) || App <- filelib:wildcard("src/*.app")],
+
+    %% Compile erlang files
     Result = [case compile:file(File, Options) of
             {ok, _} -> ok;
             {ok, _, _} -> ok;
@@ -523,14 +536,32 @@ compile(_Module, _Spec, DestDir) ->
             Error -> Error
         end
         || File <- filelib:wildcard("src/*.erl")],
+
+    %% Compile elixir files
+    Result1 = Result ++ [case compile_elixir_file(Ebin, File) of
+      {ok, _} -> ok;
+      {error, File} -> {error, {compilation_failed, File}}
+    end
+    || File <- filelib:wildcard("lib/*.ex")],
+
     case lists:dropwhile(
             fun(ok) -> true;
                 (_) -> false
-            end, Result) of
+            end, Result1) of
         [] -> ok;
         [Error|_] -> Error
     end.
 
+compile_elixir_file(Dest, File) when is_list(Dest) and is_list(File) ->
+  compile_elixir_file(list_to_binary(Dest), list_to_binary(File));
+
+compile_elixir_file(Dest, File) ->
+  try 'Elixir.Kernel.ParallelCompiler':files_to_path([File], Dest, []) of
+    [Module] -> {ok, Module}
+  catch
+    _ -> {error, File}
+  end.
+
 install(Module, Spec, DestDir) ->
     Errors = lists:dropwhile(fun({_, {ok, _}}) -> true;
                                 (_) -> false

src/gen_mod.erl

@@ -31,12 +31,12 @@
 
 -export([start/0, start_module/2, start_module/3,
 	 stop_module/2, stop_module_keep_config/2, get_opt/3,
-	 get_opt/4, get_opt_host/3, db_type/1, db_type/2,
+	 get_opt/4, get_opt_host/3, db_type/2, db_type/3,
 	 get_module_opt/4, get_module_opt/5, get_module_opt_host/3,
 	 loaded_modules/1, loaded_modules_with_opts/1,
 	 get_hosts/2, get_module_proc/2, is_loaded/2,
 	 start_modules/0, start_modules/1, stop_modules/0, stop_modules/1,
-	 default_db/1, v_db/1, opt_type/1]).
+	 opt_type/1, db_mod/2, db_mod/3]).
 
 %%-export([behaviour_info/1]).
 
@@ -48,10 +48,12 @@
          opts = [] :: opts() | '_' | '$2'}).
 
 -type opts() :: [{atom(), any()}].
--type db_type() :: odbc | mnesia | riak.
+-type db_type() :: sql | mnesia | riak.
 
 -callback start(binary(), opts()) -> any().
 -callback stop(binary()) -> any().
+-callback mod_opt_type(atom()) -> fun((term()) -> term()) | [atom()].
+-callback depends(binary(), opts()) -> [{module(), hard | soft}].
 
 -export_type([opts/0]).
 -export_type([db_type/0]).
@@ -76,18 +78,56 @@ start_modules() ->
 
 get_modules_options(Host) ->
     ejabberd_config:get_option(
-	{modules, Host},
-	fun(Mods) ->
-	    lists:map(
+      {modules, Host},
+      fun(Mods) ->
+	      lists:map(
 		fun({M, A}) when is_atom(M), is_list(A) ->
-		    {M, A}
+			{M, A}
 		end, Mods)
-	end, []).
+      end, []).
+
+sort_modules(Host, ModOpts) ->
+    G = digraph:new([acyclic]),
+    lists:foreach(
+      fun({Mod, Opts}) ->
+	      digraph:add_vertex(G, Mod, Opts),
+	      Deps = try Mod:depends(Host, Opts) catch _:undef -> [] end,
+	      lists:foreach(
+		fun({DepMod, Type}) ->
+			case lists:keyfind(DepMod, 1, ModOpts) of
+			    false when Type == hard ->
+				ErrTxt = io_lib:format(
+					   "failed to load module '~s' "
+					   "because it depends on module '~s' "
+					   "which is not found in the config",
+					   [Mod, DepMod]),
+				?ERROR_MSG(ErrTxt, []),
+				digraph:del_vertex(G, Mod),
+				maybe_halt_ejabberd(ErrTxt);
+			    false when Type == soft ->
+				?WARNING_MSG("module '~s' is recommended for "
+					     "module '~s' but is not found in "
+					     "the config",
+					     [DepMod, Mod]);
+			    {DepMod, DepOpts} ->
+				digraph:add_vertex(G, DepMod, DepOpts),
+				case digraph:add_edge(G, DepMod, Mod) of
+				    {error, {bad_edge, Path}} ->
+					?WARNING_MSG("cyclic dependency detected "
+						     "between modules: ~p",
+						     [Path]);
+				    _ ->
+					ok
+				end
+			end
+		end, Deps)
+      end, ModOpts),
+    [digraph:vertex(G, V) || V <- digraph_utils:topsort(G)].
 
 -spec start_modules(binary()) -> any().
 
 start_modules(Host) ->
-    Modules = get_modules_options(Host),
+    Modules = sort_modules(Host, get_modules_options(Host)),
     lists:foreach(
 	fun({Module, Opts}) ->
 	    start_module(Host, Module, Opts)
@@ -120,16 +160,20 @@ start_module(Host, Module, Opts0) ->
 			    [Module, Host, Opts, Class, Reason,
 			     erlang:get_stacktrace()]),
 	  ?CRITICAL_MSG(ErrorText, []),
-	  case is_app_running(ejabberd) of
-	    true ->
-		erlang:raise(Class, Reason, erlang:get_stacktrace());
-	    false ->
-		?CRITICAL_MSG("ejabberd initialization was aborted "
-			      "because a module start failed.",
-			      []),
-		timer:sleep(3000),
-		erlang:halt(string:substr(lists:flatten(ErrorText), 1, 199))
-	  end
+          maybe_halt_ejabberd(ErrorText),
+	  erlang:raise(Class, Reason, erlang:get_stacktrace())
+    end.
+
+maybe_halt_ejabberd(ErrorText) ->
+    case is_app_running(ejabberd) of
+	false ->
+	    ?CRITICAL_MSG("ejabberd initialization was aborted "
+			  "because a module start failed.",
+			  []),
+	    timer:sleep(3000),
+	    erlang:halt(string:substr(lists:flatten(ErrorText), 1, 199));
+	true ->
+	    ok
     end.
 
 is_app_running(AppName) ->
@@ -265,18 +309,25 @@ get_opt_host(Host, Opts, Default) ->
     ejabberd_regexp:greplace(Val, <<"@HOST@">>, Host).
 
 validate_opts(Module, Opts) ->
-    lists:filter(
+    lists:filtermap(
       fun({Opt, Val}) ->
 	      case catch Module:mod_opt_type(Opt) of
 		  VFun when is_function(VFun) ->
-		      case catch VFun(Val) of
-			  {'EXIT', _} ->
+		      try VFun(Val) of
+			  _ ->
+			      true
+		      catch {replace_with, NewVal} ->
+			      {true, {Opt, NewVal}};
+			    {invalid_syntax, Error} ->
+			      ?ERROR_MSG("ignoring invalid value '~p' for "
+					 "option '~s' of module '~s': ~s",
+					 [Val, Opt, Module, Error]),
+			      false;
+			    _:_ ->
 			      ?ERROR_MSG("ignoring invalid value '~p' for "
 					 "option '~s' of module '~s'",
 					 [Val, Opt, Module]),
-			      false;
-			  _ ->
-			      true
+			      false
 		      end;
 		  L when is_list(L) ->
 		      SOpts = str:join([[$', atom_to_list(A), $'] || A <- L], <<", ">>),
@@ -295,29 +346,46 @@ validate_opts(Module, Opts) ->
 	      false
       end, Opts).
 
--spec v_db(db_type() | internal) -> db_type().
-
-v_db(odbc) -> odbc;
-v_db(internal) -> mnesia;
-v_db(mnesia) -> mnesia;
-v_db(riak) -> riak.
-
--spec db_type(opts()) -> db_type().
-
-db_type(Opts) ->
-    db_type(global, Opts).
-
--spec db_type(binary() | global, atom() | opts()) -> db_type().
+-spec db_type(binary() | global, module()) -> db_type();
+	     (opts(), module()) -> db_type().
 
+db_type(Opts, Module) when is_list(Opts) ->
+    db_type(global, Opts, Module);
 db_type(Host, Module) when is_atom(Module) ->
-    get_module_opt(Host, Module, db_type, fun v_db/1, default_db(Host));
-db_type(Host, Opts) when is_list(Opts) ->
-    get_opt(db_type, Opts, fun v_db/1, default_db(Host)).
+    case catch Module:mod_opt_type(db_type) of
+	F when is_function(F) ->
+	    case get_module_opt(Host, Module, db_type, F) of
+		undefined -> ejabberd_config:default_db(Host, Module);
+		Type -> Type
+	    end;
+	_ ->
+	    undefined
+    end.
 
--spec default_db(binary() | global) -> db_type().
+-spec db_type(binary(), opts(), module()) -> db_type().
 
-default_db(Host) ->
-    ejabberd_config:get_option({default_db, Host}, fun v_db/1, mnesia).
+db_type(Host, Opts, Module) ->
+    case catch Module:mod_opt_type(db_type) of
+	F when is_function(F) ->
+	    case get_opt(db_type, Opts, F) of
+		undefined -> ejabberd_config:default_db(Host, Module);
+		Type -> Type
+	    end;
+	_ ->
+	    undefined
+    end.
+
+-spec db_mod(binary() | global | db_type(), module()) -> module().
+
+db_mod(Type, Module) when is_atom(Type) ->
+    list_to_atom(atom_to_list(Module) ++ "_" ++ atom_to_list(Type));
+db_mod(Host, Module) when is_binary(Host) orelse Host == global ->
+    db_mod(db_type(Host, Module), Module).
+
+-spec db_mod(binary() | global, opts(), module()) -> module().
+
+db_mod(Host, Opts, Module) when is_list(Opts) ->
+    db_mod(db_type(Host, Opts, Module), Module).
 
 -spec loaded_modules(binary()) -> [atom()].
 
@@ -365,6 +433,6 @@ get_module_proc(Host, Base) ->
 is_loaded(Host, Module) ->
     ets:member(ejabberd_modules, {Module, Host}).
 
-opt_type(default_db) -> fun v_db/1;
+opt_type(default_db) -> fun(T) when is_atom(T) -> T end;
 opt_type(modules) -> fun (L) when is_list(L) -> L end;
 opt_type(_) -> [default_db, modules].